Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Zeroaccess rootkit, and couple other trojans


  • This topic is locked This topic is locked
32 replies to this topic

#1 jdneo

jdneo

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 21 September 2012 - 11:23 PM

I was instructed to create a new topic here, original post: http://www.bleepingcomputer.com/forums/topic469441.html

My computer was infected 2 days ago and took control of everything, it disabled Microsoft security essentials, firewall, windows update, and defender. I couldnt enable any of them. Luckily I was able to run on safe mode and do a system restore and was able to remove microsoft security essentials and installed AVG free instead. AVG caught the rootkit and few other trojans like Agent_R.BLB, Generic_R.BAT, and win32/sirefef.ev. I also tried ESET online scanner and detected same problem and removed, one wasnt remove due to memory and it stated it was impossible to remove. I also noticed when I go to forums for removal help or download antivirus, the browser will redirect me to a random site and ends up with scour.com or something. When I run AVG, it also detects svchost as a threat and moves it to vault. I was able to manually fix firewall and defender back so its working right now. The only problem is windows update is not working anymore. I will post a screenshot below.

As instructed, here are the logs:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:19 on 21/09/2012 (testpc)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

DDS LOG .
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by testpc at 19:24:12 on 2012-09-21
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\nvwmi.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\nvwmi.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Windows\system32\mqsvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\mqtgsvc.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\Explorer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\testpc\Desktop\dds.com
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
BHO: AutorunsDisabled - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{289D8A6E-7C48-46F5-9609-B455487BC34C} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{410AB6BC-47C0-4E76-B7BC-1497E0A1D07C} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7DD16170-DAAE-44EE-B24F-D4298B464F52} : DhcpNameServer = 10.10.1.229 10.10.1.5
.
============= SERVICES / DRIVERS ===============
.
R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service
R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? NisDrv;Microsoft Network Inspection System
R? RdpVideoMiniport;Remote Desktop Video Miniport Driver
R? SandraAgentSrv;SiSoftware Deployment Agent Service
R? Synth3dVsc;Synth3dVsc
R? TsUsbFlt;TsUsbFlt
R? tsusbhub;tsusbhub
R? VGPU;VGPU
R? vToolbarUpdater12.2.6;vToolbarUpdater12.2.6
R? WatAdminSvc;Windows Activation Technologies Service
S? AVGIDSAgent;AVGIDSAgent
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSHX;AVGIDSHX
S? AVGIDSShim;AVGIDSShim
S? Avgldx86;AVG AVI Loader Driver
S? Avglogx;AVG Logging Driver
S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx86;AVG Anti-Rootkit Driver
S? Avgtdix;AVG TDI Driver
S? avgtp;avgtp
S? avgwd;AVG WatchDog
S? e1yexpress;Intel® Gigabit Network Connections Driver
S? netr28u;RT2870 USB Extensible Wireless LAN Card Driver
S? NVWMI;NVIDIA WMI Provider
S? RTL8167;Realtek 8167 NT Driver
S? vwififlt;Virtual WiFi Filter Driver
S? vwifimp;Microsoft Virtual WiFi Miniport Service
.
=============== Created Last 30 ================
.
2012-09-22 01:04:35 -------- d-----w- c:\users\testpc\appdata\roaming\Malwarebytes
2012-09-22 00:55:29 -------- d-----w- c:\users\testpc\appdata\roaming\SUPERAntiSpyware.com
2012-09-22 00:51:43 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-21 23:50:28 -------- d-----w- c:\users\testpc\appdata\local\temp
2012-09-21 19:09:20 -------- d-----w- c:\users\testpc\appdata\local\Google
2012-09-21 19:06:09 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 05:14:53 -------- d-----w- c:\users\testpc\appdata\local\{4831AB16-BDA1-C638-B421-42DE93ED5BBE}
2012-09-21 03:33:53 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c7eb2120-e5c2-4a2b-9356-37b231ae10c7}\offreg.dll
2012-09-21 00:52:06 2342400 ----a-w- c:\windows\system32\msi.dll
2012-09-21 00:37:57 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-09-21 00:33:23 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-09-21 00:33:20 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-09-20 18:21:51 7022536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c7eb2120-e5c2-4a2b-9356-37b231ae10c7}\mpengine.dll
2012-09-20 07:40:19 -------- d-----w- c:\users\testpc\appdata\roaming\AVG
2012-09-20 07:39:50 -------- d-----w- c:\programdata\AVG
2012-09-20 07:39:43 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-09-20 07:25:44 -------- d-----w- c:\users\testpc\appdata\roaming\AVG2013
2012-09-20 07:24:53 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-09-20 07:24:47 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-09-20 07:24:22 -------- d-----w- c:\programdata\AVG2013
2012-09-20 07:24:22 -------- d-----w- C:\$AVG
2012-09-20 07:24:01 -------- d-----w- c:\program files\AVG
2012-09-20 07:22:34 -------- d--h--w- c:\programdata\Common Files
2012-09-20 07:22:34 -------- d-----w- c:\users\testpc\appdata\local\MFAData
2012-09-20 07:22:34 -------- d-----w- c:\users\testpc\appdata\local\Avg2013
2012-09-20 07:22:34 -------- d-----w- c:\programdata\MFAData
2012-09-20 05:09:45 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-09-20 04:26:00 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-20 04:26:00 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-20 04:26:00 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-18 01:58:56 51936 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-09-12 18:47:22 164704 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-12 18:47:04 151648 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-09-01 18:36:54 -------- d--h--w- c:\users\testpc\appdata\roaming\Unity
.
==================== Find3M ====================
.
2012-09-21 19:09:10 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-22 17:16:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-13 23:40:54 176096 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-08-10 11:52:28 19808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-08-10 11:52:18 35168 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-08-09 20:56:44 178656 ----a-w- c:\windows\system32\drivers\avglogx.sys
2012-08-02 16:57:20 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-07-18 17:47:53 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 21:14:34 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14:34 102912 ----a-w- c:\windows\system32\browser.dll
2012-07-04 19:45:31 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
.
============= FINISH: 19:29:54.88 ===============

GMER LOG
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-21 19:52:29
Windows 6.1.7601 Service Pack 1
Running: gmer.exe; Driver: C:\Users\testpc\AppData\Local\Temp\uwdiypod.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000d3aa5d142
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000d3aa5d142 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

I also get an error on gmer and heres the screenshot:
Attached File  gmer error.jpg   25.27KB   2 downloads

and was able to run the gmer but didnt have the option to check the boxes:
Attached File  gmer.JPG   43.64KB   4 downloads

Here's the error on windows update which was caused by the virus:
Attached File  windows update.JPG   24.57KB   4 downloads

Attached Files



BC AdBot (Login to Remove)

 


#2 jdneo

jdneo
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 22 September 2012 - 08:15 PM

This just got detected right now with AVG:

"";"IRP hook, \Driver\atapi IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x85D4EFA9, <unknown>";"Infected"
"";"Trojan horse Downloader.Generic13.CAM, C:\Windows\System32\svchost.exe (1540)";"Secured"

"";"IDP.Trojan.A3185C53, C:\Users\testpc\crpiqsvjuv.exe";"Reboot is required to finish the action"
"";"Trojan horse PSW.Generic10.SHK, c:\Users\testpc\ctinqkoxfyvfhfiakpm.exe";"Successfully removed
Moved to Virus Vault"
"";"Unknown, C:\Users\testpc\lhvjaghtjvttz.exe";"Reboot is required to finish the action"

I also noticed that I cant change my desktop background, I tried using easy bcd to add boot entry and it says I have no boot record.

Edited by jdneo, 23 September 2012 - 12:15 AM.


#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:01 PM

Posted 23 September 2012 - 07:30 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 jdneo

jdneo
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 23 September 2012 - 11:10 AM

Hello Gringo, thank you for helping me. Before I post the logs below, I would like to keep you aware of the condition of the computer. Yesterday, I uninstalled a program(game) which I dont play anymore and after uninstalling it I checked how much space was freed so I checked "my computer" showing I have 31gb used out of 60gb. After rebooting the computer, the space thats being used jumped to 36gb. 5gb added instantly and I didnt install anything. Also when the computer is not being used, no programs open or running, it will start making sounds out of the speaker. It talks about Barrack Obama campaign and just today it started doing it but with the Tide commercial. I have no browser open and it started doing it. I still get redirected to gethotresults and scour.

Here are the logs,

Security check:

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java™ 6 Update 31
Java version out of Date!
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 6%
````````````````````End of Log``````````````````````


ADWcleaner:

# AdwCleaner v2.002 - Logfile created 09/23/2012 at 08:51:04
# Updated 16/09/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : testpc - ZODIAC-PC
# Boot Mode : Normal
# Running from : C:\Users\testpc\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Common Files\AVG Secure Search

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

*************************

AdwCleaner[S1].txt - [815 octets] - [23/09/2012 08:51:04]

########## EOF - C:\AdwCleaner[S1].txt - [874 octets] ##########


2 logs showed on RougeKiller,

Log 1:
RogueKiller V8.0.5 [09/23/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : testpc [Admin rights]
Mode : Scan -- Date : 09/23/2012 08:55:24

Bad processes : 0

Registry Entries : 9
[TASK][SUSP PATH] {029D7896-C866-44EA-AB60-B23FD0D1964B} : C:\Users\testpc\Desktop\tdsskiller\bleh.exe -> FOUND
[TASK][SUSP PATH] {1BF33FD2-C085-422B-8CE5-42CED5C5F679} : C:\Users\testpc\Desktop\tdsskiller\bleh.exe -> FOUND
[TASK][SUSP PATH] {ACD65449-507F-427E-96DE-41A277CB80C9} : C:\Users\testpc\Desktop\tdsskiller\bleh.exe -> FOUND
[TASK][SUSP PATH] {D1509FBF-CDCA-4402-A639-EE7EA16F626B} : C:\Users\testpc\Desktop\tdsskiller\bleh.exe -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:

Driver : [LOADED]
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x85D4EFA9)

Extern Hives:

Infection : Root.MBR

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: TS64GSSD25S-M ATA Device +++++
--- User ---
[MBR] e1512701ca9cb2a2a48dbc49307deef1
[BSP] b55f8318b5063338a244ac42a7dda50e : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 61041 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] d55e610021ece36bd4515556e0e02395
[BSP] b55f8318b5063338a244ac42a7dda50e : Windows 7 MBR Code [possible maxSST in 1!]
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 61041 Mo
1 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 125016064 | Size: 10 Mo

Finished : << RKreport[1].txt >>
RKreport[1].txt



Log 2:
RogueKiller V8.0.5 [09/23/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : testpc [Admin rights]
Mode : Remove -- Date : 09/23/2012 08:56:11

Bad processes : 0

Registry Entries : 9
[TASK][SUSP PATH] {029D7896-C866-44EA-AB60-B23FD0D1964B} : C:\Users\testpc\Desktop\tdsskiller\bleh.exe -> DELETED
[TASK][SUSP PATH] {1BF33FD2-C085-422B-8CE5-42CED5C5F679} : C:\Users\testpc\Desktop\tdsskiller\bleh.exe -> DELETED
[TASK][SUSP PATH] {ACD65449-507F-427E-96DE-41A277CB80C9} : C:\Users\testpc\Desktop\tdsskiller\bleh.exe -> DELETED
[TASK][SUSP PATH] {D1509FBF-CDCA-4402-A639-EE7EA16F626B} : C:\Users\testpc\Desktop\tdsskiller\bleh.exe -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:

Driver : [LOADED]
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x85D4EFA9)

Extern Hives:

Infection : Root.MBR

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: TS64GSSD25S-M ATA Device +++++
--- User ---
[MBR] e1512701ca9cb2a2a48dbc49307deef1
[BSP] b55f8318b5063338a244ac42a7dda50e : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 61041 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] d55e610021ece36bd4515556e0e02395
[BSP] b55f8318b5063338a244ac42a7dda50e : Windows 7 MBR Code [possible maxSST in 1!]
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 61041 Mo
1 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 125016064 | Size: 10 Mo

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:01 PM

Posted 23 September 2012 - 03:35 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 jdneo

jdneo
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 23 September 2012 - 06:29 PM

I downloaded TDSSKiller and aswMBR and saved both on desktop. After running each file, UAC pops up and I hit YES and nothing happens. Both files dont run.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:01 PM

Posted 23 September 2012 - 09:23 PM

Greetings

I need you to make a bootable usb and to make a screenshot for me - follow the instructions below to do this

How to create a bootable Puppy USB Drive

  • Download and save a copy of the latest Puppy ISO file
  • Download and save a copy of Unetbootin for Windows.
  • Insert an empty formatted USB drive into a USB port on the computer that's being used to create the bootable USB.
  • Launch Unetbootin ....
  • Ensure that Disk Image is selected.
  • Using the browse button ... browse to and select the Puppy ISO file.
  • Ensure that Type: is set to USB Drive and that the Drive: letter corresponds to the USB drive.
  • Click OK
Unetbootin will now copy the Puppy files to the USB and make it a bootable device.

Next

You need to change the boot order of the computer to boot from a USB drive ....

  • Read HERE for instructions how to do this.

Now boot into Puppylinux

when you get to the desktop Click on each of the drive items found in the bottom left corner to mount them (when mounted they will have a red cross next to them)

Next - Launch GParted which is found at Menu > System > GParted partition manager,
Click to select All Drives then click Okay
I need you to take a screenshot of the window that opens up - to do this follow these instructions

To take a screenshot in Puppy ....

With the GParted window open ...

  • Click menu > Graphic > mtPaint-snapshot screen capture
  • A small window will open ....

    • Click Capture Now
    • Click OK
  • The mtPaint program will open ....
    • Click File > Save
    • Double click on ../
    • Double click on mnt/
    • Double click on sdb1/
    • Set File Format to JPEG
    • Enter screenshot1 into the text box
    • Click OK

This will save a file screenshot1.jpeg into the USB drive, paste or attach this to your next post

Next

  • Click menu > shutdown > power off computer
  • If prompted to save the session click on No

Puppy will now close down.

remove the usb and save it - we will use it again - boot back into windows and send me the screen capture

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 jdneo

jdneo
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 24 September 2012 - 12:02 AM

Here's the requested screenshot:
Attached File  screenshot1.jpg   291.58KB   8 downloads

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:01 PM

Posted 24 September 2012 - 12:06 AM

greetings


very good job


I want you to boot back into GParted and right click on the first partition (SDA1) and select manage flags and then select boot

exit out of GParted saving as you go and boot back into windows and report back to me



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 jdneo

jdneo
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 24 September 2012 - 12:19 AM

Done, flagged and selected boot on SDA1.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:01 PM

Posted 24 September 2012 - 12:27 AM

Good now that that is done I need you to boot back into gparted and right click on the hidden partition and select delete


boot back into windows and let me know how things are working



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 jdneo

jdneo
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 24 September 2012 - 12:45 AM

Done, deleted hidden partition and rebooted back to windows. AVG made a quick scan and didnt detect the rootkit like it normally does but still unable to change the background and windows update not working. tdsskiller and aswMBR executes now but I didnt run it. Should I run and post the logs? Id rather wait for your response before running them. Thank you.

Edited by jdneo, 24 September 2012 - 12:59 AM.


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:01 PM

Posted 24 September 2012 - 01:02 AM

yes I want you to run them now

also I have attached a file - I want you to download it and then right click to run as admin

restart the computer and check for updates


gringo

Attached Files


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 jdneo

jdneo
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 24 September 2012 - 01:12 AM

Gringo,

Thank you so much! Here are the logs:

tdsskiller:
23:00:33.0927 2464 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
23:00:34.0410 2464 ============================================================
23:00:34.0410 2464 Current date / time: 2012/09/23 23:00:34.0410
23:00:34.0410 2464 SystemInfo:
23:00:34.0410 2464
23:00:34.0410 2464 OS Version: 6.1.7601 ServicePack: 1.0
23:00:34.0410 2464 Product type: Workstation
23:00:34.0410 2464 ComputerName: ZODIAC-PC
23:00:34.0410 2464 UserName: testpc
23:00:34.0410 2464 Windows directory: C:\Windows
23:00:34.0410 2464 System windows directory: C:\Windows
23:00:34.0410 2464 Processor architecture: Intel x86
23:00:34.0410 2464 Number of processors: 2
23:00:34.0410 2464 Page size: 0x1000
23:00:34.0410 2464 Boot type: Normal boot
23:00:34.0410 2464 ============================================================
23:00:34.0707 2464 Drive \Device\Harddisk0\DR0 - Size: 0xEE8156000 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:00:34.0707 2464 ============================================================
23:00:34.0707 2464 \Device\Harddisk0\DR0:
23:00:34.0707 2464 MBR partitions:
23:00:34.0707 2464 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x7738AB0
23:00:34.0707 2464 ============================================================
23:00:34.0707 2464 C: <-> \Device\Harddisk0\DR0\Partition1
23:00:34.0707 2464 ============================================================
23:00:34.0707 2464 Initialize success
23:00:34.0707 2464 ============================================================
23:01:15.0299 3896 ============================================================
23:01:15.0299 3896 Scan started
23:01:15.0299 3896 Mode: Manual;
23:01:15.0299 3896 ============================================================
23:01:15.0470 3896 ================ Scan system memory ========================
23:01:15.0470 3896 System memory - ok
23:01:15.0470 3896 ================ Scan services =============================
23:01:15.0502 3896 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:01:15.0533 3896 1394ohci - ok
23:01:15.0533 3896 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:01:15.0533 3896 ACPI - ok
23:01:15.0548 3896 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:01:15.0548 3896 AcpiPmi - ok
23:01:15.0564 3896 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:01:15.0564 3896 AdobeFlashPlayerUpdateSvc - ok
23:01:15.0580 3896 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:01:15.0595 3896 adp94xx - ok
23:01:15.0595 3896 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:01:15.0611 3896 adpahci - ok
23:01:15.0626 3896 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:01:15.0642 3896 adpu320 - ok
23:01:15.0642 3896 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:01:15.0642 3896 AeLookupSvc - ok
23:01:15.0658 3896 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
23:01:15.0658 3896 AFD - ok
23:01:15.0658 3896 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
23:01:15.0673 3896 agp440 - ok
23:01:15.0673 3896 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
23:01:15.0689 3896 aic78xx - ok
23:01:15.0704 3896 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
23:01:15.0704 3896 ALG - ok
23:01:15.0704 3896 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
23:01:15.0720 3896 aliide - ok
23:01:15.0720 3896 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
23:01:15.0736 3896 amdagp - ok
23:01:15.0736 3896 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
23:01:15.0751 3896 amdide - ok
23:01:15.0751 3896 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:01:15.0767 3896 AmdK8 - ok
23:01:15.0767 3896 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:01:15.0782 3896 AmdPPM - ok
23:01:15.0782 3896 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:01:15.0798 3896 amdsata - ok
23:01:15.0798 3896 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:01:15.0814 3896 amdsbs - ok
23:01:15.0814 3896 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:01:15.0814 3896 amdxata - ok
23:01:15.0829 3896 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
23:01:15.0829 3896 AppID - ok
23:01:15.0845 3896 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:01:15.0845 3896 AppIDSvc - ok
23:01:15.0845 3896 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
23:01:15.0845 3896 Appinfo - ok
23:01:15.0860 3896 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
23:01:15.0860 3896 AppMgmt - ok
23:01:15.0860 3896 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
23:01:15.0876 3896 arc - ok
23:01:15.0876 3896 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:01:15.0892 3896 arcsas - ok
23:01:15.0907 3896 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:01:15.0907 3896 AsyncMac - ok
23:01:15.0907 3896 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
23:01:15.0907 3896 atapi - ok
23:01:15.0923 3896 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:01:15.0923 3896 AudioEndpointBuilder - ok
23:01:15.0923 3896 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
23:01:15.0938 3896 Audiosrv - ok
23:01:16.0001 3896 [ 1D7D0D5D33D8B1507EC5FBFE332E5657 ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
23:01:16.0063 3896 AVGIDSAgent - ok
23:01:16.0079 3896 [ 9E42E8B6BB7FD68F840003A9FC8F24C8 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
23:01:16.0079 3896 AVGIDSDriver - ok
23:01:16.0079 3896 [ CB77A9743A033E33F8409D235C683D99 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
23:01:16.0079 3896 AVGIDSHX - ok
23:01:16.0094 3896 [ 240F106B07CD9B522E2CD9E621618367 ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
23:01:16.0094 3896 AVGIDSShim - ok
23:01:16.0094 3896 [ 7023142C545896D3538C9D36DDC57406 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
23:01:16.0094 3896 Avgldx86 - ok
23:01:16.0110 3896 [ 87E88A36279C8E5869270CC87F5BB7CD ] Avglogx C:\Windows\system32\DRIVERS\avglogx.sys
23:01:16.0110 3896 Avglogx - ok
23:01:16.0110 3896 [ DACC0743F5313045D5CCA23F8A7CDF68 ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
23:01:16.0110 3896 Avgmfx86 - ok
23:01:16.0126 3896 [ B8392B63D795A3DE866793220D3559EF ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
23:01:16.0126 3896 Avgrkx86 - ok
23:01:16.0126 3896 [ 69A4DF4CD2A15AACC0E8D2005D6A04BA ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
23:01:16.0126 3896 Avgtdix - ok
23:01:16.0141 3896 [ 3001E24F340D400BFF85935E5777FC5B ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
23:01:16.0141 3896 avgtp - ok
23:01:16.0157 3896 [ 42F11F37CC06D9AB6528AF2E215B8799 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
23:01:16.0157 3896 avgwd - ok
23:01:16.0157 3896 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:01:16.0157 3896 AxInstSV - ok
23:01:16.0172 3896 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
23:01:16.0188 3896 b06bdrv - ok
23:01:16.0204 3896 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
23:01:16.0219 3896 b57nd60x - ok
23:01:16.0219 3896 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
23:01:16.0219 3896 BDESVC - ok
23:01:16.0235 3896 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
23:01:16.0235 3896 Beep - ok
23:01:16.0250 3896 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
23:01:16.0266 3896 BFE - ok
23:01:16.0266 3896 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
23:01:16.0282 3896 BITS - ok
23:01:16.0282 3896 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:01:16.0297 3896 blbdrive - ok
23:01:16.0297 3896 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:01:16.0297 3896 bowser - ok
23:01:16.0313 3896 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:01:16.0313 3896 BrFiltLo - ok
23:01:16.0328 3896 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:01:16.0328 3896 BrFiltUp - ok
23:01:16.0344 3896 [ 77361D72A04F18809D0EFB6CCEB74D4B ] Bridge C:\Windows\system32\DRIVERS\bridge.sys
23:01:16.0344 3896 Bridge - ok
23:01:16.0360 3896 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
23:01:16.0360 3896 BridgeMP - ok
23:01:16.0360 3896 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
23:01:16.0360 3896 Browser - ok
23:01:16.0375 3896 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:01:16.0391 3896 Brserid - ok
23:01:16.0391 3896 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:01:16.0406 3896 BrSerWdm - ok
23:01:16.0406 3896 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:01:16.0422 3896 BrUsbMdm - ok
23:01:16.0422 3896 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:01:16.0438 3896 BrUsbSer - ok
23:01:16.0438 3896 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
23:01:16.0438 3896 BthEnum - ok
23:01:16.0453 3896 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:01:16.0453 3896 BTHMODEM - ok
23:01:16.0469 3896 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
23:01:16.0469 3896 BthPan - ok
23:01:16.0484 3896 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
23:01:16.0500 3896 BTHPORT - ok
23:01:16.0516 3896 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
23:01:16.0516 3896 bthserv - ok
23:01:16.0516 3896 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
23:01:16.0531 3896 BTHUSB - ok
23:01:16.0547 3896 catchme - ok
23:01:16.0547 3896 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:01:16.0547 3896 cdfs - ok
23:01:16.0547 3896 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:01:16.0562 3896 cdrom - ok
23:01:16.0562 3896 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
23:01:16.0562 3896 CertPropSvc - ok
23:01:16.0562 3896 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:01:16.0578 3896 circlass - ok
23:01:16.0594 3896 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
23:01:16.0594 3896 CLFS - ok
23:01:16.0594 3896 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:01:16.0609 3896 clr_optimization_v2.0.50727_32 - ok
23:01:16.0609 3896 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:01:16.0609 3896 clr_optimization_v4.0.30319_32 - ok
23:01:16.0625 3896 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:01:16.0625 3896 CmBatt - ok
23:01:16.0640 3896 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:01:16.0640 3896 cmdide - ok
23:01:16.0656 3896 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
23:01:16.0656 3896 CNG - ok
23:01:16.0656 3896 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:01:16.0656 3896 Compbatt - ok
23:01:16.0672 3896 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
23:01:16.0672 3896 CompositeBus - ok
23:01:16.0687 3896 COMSysApp - ok
23:01:16.0687 3896 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:01:16.0703 3896 crcdisk - ok
23:01:16.0703 3896 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:01:16.0718 3896 CryptSvc - ok
23:01:16.0718 3896 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
23:01:16.0734 3896 CSC - ok
23:01:16.0750 3896 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
23:01:16.0750 3896 CscService - ok
23:01:16.0765 3896 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
23:01:16.0765 3896 DcomLaunch - ok
23:01:16.0781 3896 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
23:01:16.0781 3896 defragsvc - ok
23:01:16.0781 3896 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:01:16.0781 3896 DfsC - ok
23:01:16.0796 3896 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
23:01:16.0796 3896 Dhcp - ok
23:01:16.0812 3896 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
23:01:16.0812 3896 discache - ok
23:01:16.0812 3896 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:01:16.0812 3896 Disk - ok
23:01:16.0812 3896 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:01:16.0828 3896 Dnscache - ok
23:01:16.0828 3896 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
23:01:16.0828 3896 dot3svc - ok
23:01:16.0843 3896 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
23:01:16.0843 3896 DPS - ok
23:01:16.0843 3896 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:01:16.0859 3896 drmkaud - ok
23:01:16.0859 3896 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:01:16.0874 3896 DXGKrnl - ok
23:01:16.0890 3896 [ 8EEF52AD831471E323EE7364A8656D35 ] e1yexpress C:\Windows\system32\DRIVERS\e1y6032.sys
23:01:16.0906 3896 e1yexpress - ok
23:01:16.0906 3896 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
23:01:16.0906 3896 EapHost - ok
23:01:16.0937 3896 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
23:01:16.0984 3896 ebdrv - ok
23:01:16.0999 3896 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
23:01:16.0999 3896 EFS - ok
23:01:16.0999 3896 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:01:17.0015 3896 ehRecvr - ok
23:01:17.0015 3896 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
23:01:17.0015 3896 ehSched - ok
23:01:17.0030 3896 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:01:17.0046 3896 elxstor - ok
23:01:17.0062 3896 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:01:17.0062 3896 ErrDev - ok
23:01:17.0077 3896 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
23:01:17.0077 3896 EventSystem - ok
23:01:17.0093 3896 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
23:01:17.0093 3896 exfat - ok
23:01:17.0108 3896 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:01:17.0108 3896 fastfat - ok
23:01:17.0124 3896 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
23:01:17.0124 3896 Fax - ok
23:01:17.0124 3896 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:01:17.0140 3896 fdc - ok
23:01:17.0140 3896 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
23:01:17.0140 3896 fdPHost - ok
23:01:17.0155 3896 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
23:01:17.0155 3896 FDResPub - ok
23:01:17.0155 3896 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:01:17.0155 3896 FileInfo - ok
23:01:17.0155 3896 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:01:17.0171 3896 Filetrace - ok
23:01:17.0171 3896 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:01:17.0171 3896 flpydisk - ok
23:01:17.0186 3896 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:01:17.0186 3896 FltMgr - ok
23:01:17.0202 3896 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
23:01:17.0202 3896 FontCache - ok
23:01:17.0218 3896 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:01:17.0218 3896 FontCache3.0.0.0 - ok
23:01:17.0218 3896 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:01:17.0218 3896 FsDepends - ok
23:01:17.0233 3896 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:01:17.0233 3896 Fs_Rec - ok
23:01:17.0233 3896 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:01:17.0233 3896 fvevol - ok
23:01:17.0233 3896 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:01:17.0249 3896 gagp30kx - ok
23:01:17.0264 3896 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
23:01:17.0264 3896 gpsvc - ok
23:01:17.0280 3896 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:01:17.0280 3896 hcw85cir - ok
23:01:17.0296 3896 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:01:17.0311 3896 HdAudAddService - ok
23:01:17.0327 3896 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
23:01:17.0327 3896 HDAudBus - ok
23:01:17.0327 3896 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:01:17.0342 3896 HidBatt - ok
23:01:17.0342 3896 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:01:17.0358 3896 HidBth - ok
23:01:17.0358 3896 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:01:17.0374 3896 HidIr - ok
23:01:17.0374 3896 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
23:01:17.0374 3896 hidserv - ok
23:01:17.0374 3896 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:01:17.0374 3896 HidUsb - ok
23:01:17.0389 3896 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:01:17.0389 3896 hkmsvc - ok
23:01:17.0389 3896 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:01:17.0405 3896 HomeGroupListener - ok
23:01:17.0405 3896 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:01:17.0405 3896 HomeGroupProvider - ok
23:01:17.0420 3896 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:01:17.0420 3896 HpSAMD - ok
23:01:17.0436 3896 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:01:17.0436 3896 HTTP - ok
23:01:17.0452 3896 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:01:17.0452 3896 hwpolicy - ok
23:01:17.0452 3896 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
23:01:17.0467 3896 i8042prt - ok
23:01:17.0467 3896 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:01:17.0483 3896 iaStorV - ok
23:01:17.0498 3896 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:01:17.0514 3896 idsvc - ok
23:01:17.0561 3896 [ AD626F6964F4D364D226C39E06872DD3 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
23:01:17.0623 3896 igfx - ok
23:01:17.0639 3896 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:01:17.0654 3896 iirsp - ok
23:01:17.0654 3896 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
23:01:17.0670 3896 IKEEXT - ok
23:01:17.0670 3896 IntcAzAudAddService - ok
23:01:17.0686 3896 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
23:01:17.0686 3896 intelide - ok
23:01:17.0701 3896 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:01:17.0701 3896 intelppm - ok
23:01:17.0701 3896 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:01:17.0701 3896 IPBusEnum - ok
23:01:17.0717 3896 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:01:17.0717 3896 IpFilterDriver - ok
23:01:17.0732 3896 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:01:17.0732 3896 IPMIDRV - ok
23:01:17.0748 3896 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:01:17.0748 3896 IPNAT - ok
23:01:17.0764 3896 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:01:17.0764 3896 IRENUM - ok
23:01:17.0764 3896 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:01:17.0779 3896 isapnp - ok
23:01:17.0779 3896 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:01:17.0795 3896 iScsiPrt - ok
23:01:17.0810 3896 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:01:17.0810 3896 kbdclass - ok
23:01:17.0810 3896 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:01:17.0810 3896 kbdhid - ok
23:01:17.0810 3896 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
23:01:17.0810 3896 KeyIso - ok
23:01:17.0826 3896 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:01:17.0826 3896 KSecDD - ok
23:01:17.0826 3896 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:01:17.0826 3896 KSecPkg - ok
23:01:17.0842 3896 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
23:01:17.0857 3896 KtmRm - ok
23:01:17.0857 3896 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
23:01:17.0873 3896 LanmanServer - ok
23:01:17.0873 3896 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:01:17.0873 3896 LanmanWorkstation - ok
23:01:17.0888 3896 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:01:17.0888 3896 lltdio - ok
23:01:17.0888 3896 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:01:17.0904 3896 lltdsvc - ok
23:01:17.0904 3896 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
23:01:17.0904 3896 lmhosts - ok
23:01:17.0920 3896 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:01:17.0920 3896 LSI_FC - ok
23:01:17.0935 3896 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:01:17.0951 3896 LSI_SAS - ok
23:01:17.0951 3896 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:01:17.0966 3896 LSI_SAS2 - ok
23:01:17.0966 3896 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:01:17.0982 3896 LSI_SCSI - ok
23:01:17.0982 3896 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
23:01:17.0982 3896 luafv - ok
23:01:17.0998 3896 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:01:17.0998 3896 Mcx2Svc - ok
23:01:18.0013 3896 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:01:18.0013 3896 megasas - ok
23:01:18.0029 3896 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:01:18.0044 3896 MegaSR - ok
23:01:18.0044 3896 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
23:01:18.0044 3896 MMCSS - ok
23:01:18.0044 3896 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
23:01:18.0060 3896 Modem - ok
23:01:18.0060 3896 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:01:18.0060 3896 monitor - ok
23:01:18.0076 3896 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:01:18.0076 3896 mouclass - ok
23:01:18.0076 3896 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:01:18.0076 3896 mouhid - ok
23:01:18.0076 3896 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:01:18.0091 3896 mountmgr - ok
23:01:18.0091 3896 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
23:01:18.0107 3896 mpio - ok
23:01:18.0107 3896 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:01:18.0107 3896 mpsdrv - ok
23:01:18.0122 3896 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:01:18.0138 3896 MpsSvc - ok
23:01:18.0138 3896 [ A5888C609EFCC07B060DD823FA3D474A ] MQAC C:\Windows\system32\drivers\mqac.sys
23:01:18.0138 3896 MQAC - ok
23:01:18.0154 3896 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:01:18.0154 3896 MRxDAV - ok
23:01:18.0169 3896 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:01:18.0169 3896 mrxsmb - ok
23:01:18.0169 3896 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:01:18.0185 3896 mrxsmb10 - ok
23:01:18.0185 3896 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:01:18.0185 3896 mrxsmb20 - ok
23:01:18.0185 3896 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
23:01:18.0200 3896 msahci - ok
23:01:18.0200 3896 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:01:18.0216 3896 msdsm - ok
23:01:18.0232 3896 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
23:01:18.0247 3896 MSDTC - ok
23:01:18.0247 3896 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:01:18.0263 3896 Msfs - ok
23:01:18.0263 3896 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:01:18.0263 3896 mshidkmdf - ok
23:01:18.0263 3896 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:01:18.0263 3896 msisadrv - ok
23:01:18.0278 3896 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:01:18.0294 3896 MSiSCSI - ok
23:01:18.0294 3896 msiserver - ok
23:01:18.0294 3896 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:01:18.0310 3896 MSKSSRV - ok
23:01:18.0310 3896 [ E582B9E88EF4980C3B76276620FE667B ] MSMQ C:\Windows\system32\mqsvc.exe
23:01:18.0310 3896 MSMQ - ok
23:01:18.0325 3896 [ 9CCED9B5AD63BECE2F8BC75A5E04CDAB ] MSMQTriggers C:\Windows\system32\mqtgsvc.exe
23:01:18.0325 3896 MSMQTriggers - ok
23:01:18.0325 3896 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:01:18.0341 3896 MSPCLOCK - ok
23:01:18.0341 3896 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:01:18.0356 3896 MSPQM - ok
23:01:18.0356 3896 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:01:18.0356 3896 MsRPC - ok
23:01:18.0372 3896 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
23:01:18.0372 3896 mssmbios - ok
23:01:18.0372 3896 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:01:18.0388 3896 MSTEE - ok
23:01:18.0388 3896 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:01:18.0403 3896 MTConfig - ok
23:01:18.0403 3896 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
23:01:18.0403 3896 Mup - ok
23:01:18.0419 3896 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
23:01:18.0419 3896 napagent - ok
23:01:18.0419 3896 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:01:18.0434 3896 NativeWifiP - ok
23:01:18.0434 3896 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:01:18.0450 3896 NDIS - ok
23:01:18.0450 3896 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:01:18.0466 3896 NdisCap - ok
23:01:18.0466 3896 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:01:18.0481 3896 NdisTapi - ok
23:01:18.0481 3896 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:01:18.0481 3896 Ndisuio - ok
23:01:18.0481 3896 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:01:18.0497 3896 NdisWan - ok
23:01:18.0512 3896 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:01:18.0512 3896 NDProxy - ok
23:01:18.0528 3896 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:01:18.0528 3896 NetBIOS - ok
23:01:18.0544 3896 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:01:18.0544 3896 NetBT - ok
23:01:18.0544 3896 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
23:01:18.0544 3896 Netlogon - ok
23:01:18.0559 3896 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
23:01:18.0559 3896 Netman - ok
23:01:18.0575 3896 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
23:01:18.0575 3896 netprofm - ok
23:01:18.0590 3896 [ E411455F4427AA7C63C4B487E94FC315 ] netr28u C:\Windows\system32\DRIVERS\netr28u.sys
23:01:18.0606 3896 netr28u - ok
23:01:18.0606 3896 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:01:18.0606 3896 NetTcpPortSharing - ok
23:01:18.0622 3896 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:01:18.0622 3896 nfrd960 - ok
23:01:18.0637 3896 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:01:18.0637 3896 NisDrv - ok
23:01:18.0637 3896 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:01:18.0653 3896 NlaSvc - ok
23:01:18.0653 3896 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:01:18.0668 3896 Npfs - ok
23:01:18.0668 3896 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
23:01:18.0668 3896 nsi - ok
23:01:18.0668 3896 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:01:18.0668 3896 nsiproxy - ok
23:01:18.0684 3896 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:01:18.0700 3896 Ntfs - ok
23:01:18.0700 3896 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
23:01:18.0715 3896 Null - ok
23:01:18.0824 3896 [ 847B1755F7757F825305A1FFE6DAC3E9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:01:18.0871 3896 nvlddmkm - ok
23:01:18.0887 3896 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:01:18.0902 3896 nvraid - ok
23:01:18.0902 3896 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:01:18.0918 3896 nvstor - ok
23:01:18.0934 3896 [ 7C732AFF202DCD06C3D262966D71604C ] NVSvc C:\Windows\system32\nvvsvc.exe
23:01:18.0934 3896 NVSvc - ok
23:01:18.0949 3896 [ C2A550AB21CBAB564BCF38C73FFDD5AD ] NVWMI C:\Windows\system32\nvwmi.exe
23:01:18.0949 3896 NVWMI - ok
23:01:18.0949 3896 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:01:18.0965 3896 nv_agp - ok
23:01:18.0980 3896 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:01:18.0980 3896 ohci1394 - ok
23:01:18.0996 3896 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:01:18.0996 3896 p2pimsvc - ok
23:01:19.0012 3896 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
23:01:19.0012 3896 p2psvc - ok
23:01:19.0027 3896 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:01:19.0027 3896 Parport - ok
23:01:19.0027 3896 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:01:19.0027 3896 partmgr - ok
23:01:19.0027 3896 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
23:01:19.0043 3896 Parvdm - ok
23:01:19.0043 3896 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:01:19.0058 3896 PcaSvc - ok
23:01:19.0058 3896 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
23:01:19.0058 3896 pci - ok
23:01:19.0058 3896 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
23:01:19.0058 3896 pciide - ok
23:01:19.0074 3896 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:01:19.0090 3896 pcmcia - ok
23:01:19.0090 3896 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
23:01:19.0090 3896 pcw - ok
23:01:19.0105 3896 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:01:19.0105 3896 PEAUTH - ok
23:01:19.0121 3896 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
23:01:19.0136 3896 PeerDistSvc - ok
23:01:19.0168 3896 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
23:01:19.0183 3896 pla - ok
23:01:19.0183 3896 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:01:19.0199 3896 PlugPlay - ok
23:01:19.0199 3896 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:01:19.0199 3896 PNRPAutoReg - ok
23:01:19.0199 3896 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:01:19.0214 3896 PNRPsvc - ok
23:01:19.0214 3896 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:01:19.0214 3896 PolicyAgent - ok
23:01:19.0230 3896 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
23:01:19.0230 3896 Power - ok
23:01:19.0230 3896 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:01:19.0246 3896 PptpMiniport - ok
23:01:19.0261 3896 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:01:19.0261 3896 Processor - ok
23:01:19.0277 3896 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
23:01:19.0277 3896 ProfSvc - ok
23:01:19.0277 3896 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:01:19.0277 3896 ProtectedStorage - ok
23:01:19.0292 3896 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:01:19.0292 3896 Psched - ok
23:01:19.0308 3896 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:01:19.0339 3896 ql2300 - ok
23:01:19.0339 3896 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:01:19.0355 3896 ql40xx - ok
23:01:19.0370 3896 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
23:01:19.0370 3896 QWAVE - ok
23:01:19.0386 3896 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:01:19.0386 3896 QWAVEdrv - ok
23:01:19.0386 3896 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:01:19.0386 3896 RasAcd - ok
23:01:19.0402 3896 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:01:19.0417 3896 RasAgileVpn - ok
23:01:19.0417 3896 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
23:01:19.0417 3896 RasAuto - ok
23:01:19.0417 3896 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:01:19.0433 3896 Rasl2tp - ok
23:01:19.0448 3896 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
23:01:19.0448 3896 RasMan - ok
23:01:19.0448 3896 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:01:19.0464 3896 RasPppoe - ok
23:01:19.0464 3896 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:01:19.0480 3896 RasSstp - ok
23:01:19.0495 3896 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:01:19.0511 3896 rdbss - ok
23:01:19.0511 3896 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:01:19.0526 3896 rdpbus - ok
23:01:19.0526 3896 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:01:19.0526 3896 RDPCDD - ok
23:01:19.0526 3896 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
23:01:19.0542 3896 RDPDR - ok
23:01:19.0558 3896 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:01:19.0558 3896 RDPENCDD - ok
23:01:19.0558 3896 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:01:19.0558 3896 RDPREFMP - ok
23:01:19.0573 3896 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
23:01:19.0573 3896 RdpVideoMiniport - ok
23:01:19.0589 3896 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:01:19.0604 3896 RDPWD - ok
23:01:19.0604 3896 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:01:19.0604 3896 rdyboost - ok
23:01:19.0620 3896 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
23:01:19.0620 3896 RemoteAccess - ok
23:01:19.0620 3896 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:01:19.0620 3896 RemoteRegistry - ok
23:01:19.0636 3896 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
23:01:19.0636 3896 RFCOMM - ok
23:01:19.0651 3896 [ 906DCFC5EBF4EC0433F8D4FFFB0BA334 ] RMCAST C:\Windows\system32\DRIVERS\RMCAST.sys
23:01:19.0651 3896 RMCAST - ok
23:01:19.0651 3896 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:01:19.0651 3896 RpcEptMapper - ok
23:01:19.0667 3896 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
23:01:19.0667 3896 RpcLocator - ok
23:01:19.0667 3896 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\System32\rpcss.dll
23:01:19.0667 3896 RpcSs - ok
23:01:19.0682 3896 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:01:19.0682 3896 rspndr - ok
23:01:19.0682 3896 [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
23:01:19.0698 3896 RTL8167 - ok
23:01:19.0698 3896 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
23:01:19.0714 3896 s3cap - ok
23:01:19.0714 3896 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
23:01:19.0714 3896 SamSs - ok
23:01:19.0714 3896 SANDRA - ok
23:01:19.0729 3896 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:01:19.0729 3896 sbp2port - ok
23:01:19.0745 3896 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:01:19.0745 3896 SCardSvr - ok
23:01:19.0745 3896 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:01:19.0745 3896 scfilter - ok
23:01:19.0760 3896 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
23:01:19.0776 3896 Schedule - ok
23:01:19.0776 3896 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:01:19.0776 3896 SCPolicySvc - ok
23:01:19.0792 3896 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:01:19.0792 3896 SDRSVC - ok
23:01:19.0792 3896 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:01:19.0792 3896 secdrv - ok
23:01:19.0792 3896 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
23:01:19.0807 3896 seclogon - ok
23:01:19.0807 3896 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
23:01:19.0807 3896 SENS - ok
23:01:19.0807 3896 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:01:19.0823 3896 SensrSvc - ok
23:01:19.0823 3896 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:01:19.0823 3896 Serenum - ok
23:01:19.0838 3896 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:01:19.0838 3896 Serial - ok
23:01:19.0854 3896 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:01:19.0854 3896 sermouse - ok
23:01:19.0870 3896 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
23:01:19.0870 3896 SessionEnv - ok
23:01:19.0870 3896 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:01:19.0885 3896 sffdisk - ok
23:01:19.0885 3896 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:01:19.0901 3896 sffp_mmc - ok
23:01:19.0901 3896 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:01:19.0916 3896 sffp_sd - ok
23:01:19.0916 3896 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:01:19.0932 3896 sfloppy - ok
23:01:19.0948 3896 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:01:19.0948 3896 SharedAccess - ok
23:01:19.0963 3896 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:01:19.0963 3896 ShellHWDetection - ok
23:01:19.0963 3896 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
23:01:19.0979 3896 sisagp - ok
23:01:19.0979 3896 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:01:19.0994 3896 SiSRaid2 - ok
23:01:19.0994 3896 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:01:20.0010 3896 SiSRaid4 - ok
23:01:20.0010 3896 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:01:20.0026 3896 Smb - ok
23:01:20.0041 3896 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:01:20.0041 3896 SNMPTRAP - ok
23:01:20.0041 3896 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
23:01:20.0041 3896 spldr - ok
23:01:20.0057 3896 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
23:01:20.0057 3896 Spooler - ok
23:01:20.0088 3896 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
23:01:20.0104 3896 sppsvc - ok
23:01:20.0119 3896 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:01:20.0119 3896 sppuinotify - ok
23:01:20.0135 3896 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:01:20.0135 3896 srv - ok
23:01:20.0135 3896 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:01:20.0150 3896 srv2 - ok
23:01:20.0150 3896 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:01:20.0150 3896 srvnet - ok
23:01:20.0166 3896 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:01:20.0166 3896 SSDPSRV - ok
23:01:20.0166 3896 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:01:20.0166 3896 SstpSvc - ok
23:01:20.0182 3896 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:01:20.0182 3896 stexstor - ok
23:01:20.0197 3896 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
23:01:20.0197 3896 StiSvc - ok
23:01:20.0213 3896 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
23:01:20.0213 3896 storflt - ok
23:01:20.0213 3896 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
23:01:20.0228 3896 storvsc - ok
23:01:20.0228 3896 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
23:01:20.0244 3896 swenum - ok
23:01:20.0244 3896 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
23:01:20.0260 3896 swprv - ok
23:01:20.0260 3896 Synth3dVsc - ok
23:01:20.0275 3896 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
23:01:20.0291 3896 SysMain - ok
23:01:20.0291 3896 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:01:20.0291 3896 TabletInputService - ok
23:01:20.0306 3896 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
23:01:20.0306 3896 TapiSrv - ok
23:01:20.0322 3896 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
23:01:20.0322 3896 TBS - ok
23:01:20.0338 3896 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:01:20.0353 3896 Tcpip - ok
23:01:20.0369 3896 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:01:20.0369 3896 TCPIP6 - ok
23:01:20.0384 3896 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:01:20.0384 3896 tcpipreg - ok
23:01:20.0384 3896 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:01:20.0400 3896 TDPIPE - ok
23:01:20.0400 3896 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:01:20.0416 3896 TDTCP - ok
23:01:20.0416 3896 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:01:20.0431 3896 tdx - ok
23:01:20.0431 3896 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
23:01:20.0447 3896 TermDD - ok
23:01:20.0447 3896 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
23:01:20.0462 3896 TermService - ok
23:01:20.0462 3896 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
23:01:20.0462 3896 Themes - ok
23:01:20.0478 3896 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
23:01:20.0478 3896 THREADORDER - ok
23:01:20.0478 3896 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
23:01:20.0478 3896 TrkWks - ok
23:01:20.0494 3896 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:01:20.0494 3896 TrustedInstaller - ok
23:01:20.0494 3896 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:01:20.0494 3896 tssecsrv - ok
23:01:20.0509 3896 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:01:20.0509 3896 TsUsbFlt - ok
23:01:20.0525 3896 tsusbhub - ok
23:01:20.0525 3896 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:01:20.0540 3896 tunnel - ok
23:01:20.0540 3896 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:01:20.0556 3896 uagp35 - ok
23:01:20.0556 3896 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:01:20.0572 3896 udfs - ok
23:01:20.0587 3896 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:01:20.0587 3896 UI0Detect - ok
23:01:20.0587 3896 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:01:20.0603 3896 uliagpkx - ok
23:01:20.0603 3896 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
23:01:20.0618 3896 umbus - ok
23:01:20.0618 3896 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:01:20.0634 3896 UmPass - ok
23:01:20.0650 3896 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
23:01:20.0650 3896 UmRdpService - ok
23:01:20.0650 3896 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
23:01:20.0665 3896 upnphost - ok
23:01:20.0665 3896 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
23:01:20.0665 3896 usbaudio - ok
23:01:20.0681 3896 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:01:20.0681 3896 usbccgp - ok
23:01:20.0681 3896 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:01:20.0696 3896 usbcir - ok
23:01:20.0696 3896 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:01:20.0696 3896 usbehci - ok
23:01:20.0712 3896 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:01:20.0728 3896 usbhub - ok
23:01:20.0728 3896 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
23:01:20.0743 3896 usbohci - ok
23:01:20.0743 3896 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:01:20.0743 3896 usbprint - ok
23:01:20.0759 3896 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:01:20.0759 3896 USBSTOR - ok
23:01:20.0759 3896 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:01:20.0774 3896 usbuhci - ok
23:01:20.0774 3896 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
23:01:20.0774 3896 UxSms - ok
23:01:20.0774 3896 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
23:01:20.0790 3896 VaultSvc - ok
23:01:20.0790 3896 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:01:20.0790 3896 vdrvroot - ok
23:01:20.0790 3896 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
23:01:20.0806 3896 vds - ok
23:01:20.0806 3896 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:01:20.0821 3896 vga - ok
23:01:20.0821 3896 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
23:01:20.0837 3896 VgaSave - ok
23:01:20.0837 3896 VGPU - ok
23:01:20.0852 3896 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:01:20.0868 3896 vhdmp - ok
23:01:20.0868 3896 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
23:01:20.0884 3896 viaagp - ok
23:01:20.0884 3896 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
23:01:20.0899 3896 ViaC7 - ok
23:01:20.0899 3896 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
23:01:20.0915 3896 viaide - ok
23:01:20.0915 3896 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
23:01:20.0915 3896 vmbus - ok
23:01:20.0915 3896 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
23:01:20.0930 3896 VMBusHID - ok
23:01:20.0930 3896 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:01:20.0946 3896 volmgr - ok
23:01:20.0946 3896 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:01:20.0946 3896 volmgrx - ok
23:01:20.0962 3896 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:01:20.0962 3896 volsnap - ok
23:01:20.0962 3896 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:01:20.0977 3896 vsmraid - ok
23:01:20.0993 3896 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
23:01:21.0008 3896 VSS - ok
23:01:21.0008 3896 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
23:01:21.0008 3896 vwifibus - ok
23:01:21.0024 3896 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:01:21.0024 3896 vwififlt - ok
23:01:21.0040 3896 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
23:01:21.0040 3896 vwifimp - ok
23:01:21.0040 3896 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
23:01:21.0055 3896 W32Time - ok
23:01:21.0055 3896 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:01:21.0071 3896 WacomPen - ok
23:01:21.0071 3896 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:01:21.0086 3896 WANARP - ok
23:01:21.0086 3896 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:01:21.0086 3896 Wanarpv6 - ok
23:01:21.0102 3896 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
23:01:21.0118 3896 WatAdminSvc - ok
23:01:21.0133 3896 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
23:01:21.0149 3896 wbengine - ok
23:01:21.0149 3896 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:01:21.0164 3896 WbioSrvc - ok
23:01:21.0164 3896 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:01:21.0180 3896 wcncsvc - ok
23:01:21.0180 3896 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:01:21.0180 3896 WcsPlugInService - ok
23:01:21.0180 3896 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:01:21.0196 3896 Wd - ok
23:01:21.0211 3896 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:01:21.0211 3896 Wdf01000 - ok
23:01:21.0211 3896 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:01:21.0227 3896 WdiServiceHost - ok
23:01:21.0227 3896 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:01:21.0227 3896 WdiSystemHost - ok
23:01:21.0227 3896 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
23:01:21.0242 3896 WebClient - ok
23:01:21.0242 3896 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:01:21.0242 3896 Wecsvc - ok
23:01:21.0258 3896 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:01:21.0258 3896 wercplsupport - ok
23:01:21.0258 3896 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
23:01:21.0258 3896 WerSvc - ok
23:01:21.0274 3896 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:01:21.0274 3896 WfpLwf - ok
23:01:21.0289 3896 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:01:21.0289 3896 WIMMount - ok
23:01:21.0305 3896 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
23:01:21.0320 3896 WinDefend - ok
23:01:21.0336 3896 WinHttpAutoProxySvc - ok
23:01:21.0336 3896 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:01:21.0352 3896 Winmgmt - ok
23:01:21.0367 3896 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
23:01:21.0383 3896 WinRM - ok
23:01:21.0398 3896 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:01:21.0398 3896 Wlansvc - ok
23:01:21.0414 3896 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:01:21.0414 3896 WmiAcpi - ok
23:01:21.0430 3896 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:01:21.0430 3896 wmiApSrv - ok
23:01:21.0445 3896 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:01:21.0445 3896 WMPNetworkSvc - ok
23:01:21.0461 3896 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:01:21.0461 3896 WPCSvc - ok
23:01:21.0461 3896 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:01:21.0476 3896 WPDBusEnum - ok
23:01:21.0476 3896 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:01:21.0476 3896 ws2ifsl - ok
23:01:21.0492 3896 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
23:01:21.0492 3896 wscsvc - ok
23:01:21.0492 3896 WSearch - ok
23:01:21.0523 3896 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
23:01:21.0539 3896 wuauserv - ok
23:01:21.0554 3896 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:01:21.0554 3896 WudfPf - ok
23:01:21.0554 3896 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:01:21.0554 3896 WUDFRd - ok
23:01:21.0570 3896 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:01:21.0570 3896 wudfsvc - ok
23:01:21.0570 3896 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
23:01:21.0586 3896 WwanSvc - ok
23:01:21.0601 3896 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
23:01:21.0601 3896 YahooAUService - ok
23:01:21.0632 3896 ================ Scan global ===============================
23:01:21.0632 3896 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
23:01:21.0648 3896 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
23:01:21.0648 3896 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
23:01:21.0664 3896 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
23:01:21.0664 3896 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
23:01:21.0679 3896 [Global] - ok
23:01:21.0679 3896 ================ Scan MBR ==================================
23:01:21.0679 3896 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:01:21.0742 3896 \Device\Harddisk0\DR0 - ok
23:01:21.0742 3896 ================ Scan VBR ==================================
23:01:21.0742 3896 [ 9BCA8153E9DA122A3BCAC2C70142DCAF ] \Device\Harddisk0\DR0\Partition1
23:01:21.0757 3896 \Device\Harddisk0\DR0\Partition1 - ok
23:01:21.0757 3896 ============================================================
23:01:21.0757 3896 Scan finished
23:01:21.0757 3896 ============================================================
23:01:21.0757 0900 Detected object count: 0
23:01:21.0757 0900 Actual detected object count: 0



aswMBR log:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-23 23:02:49
-----------------------------
23:02:49.851 OS Version: Windows 6.1.7600
23:02:49.851 Number of processors: 2 586 0x170A
23:02:49.851 ComputerName: ZODIAC-PC UserName: testpc
23:02:49.992 Initialize success
23:04:12.875 AVAST engine defs: 12092301
23:05:07.606 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:05:07.606 Disk 0 Vendor: TS64GSSD25S-M 101028 Size: 61057MB BusType: 3
23:05:07.621 Disk 0 MBR read successfully
23:05:07.621 Disk 0 MBR scan
23:05:07.621 Disk 0 Windows 7 default MBR code
23:05:07.621 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 61041 MB offset 2048
23:05:07.637 Disk 0 scanning sectors +125014704
23:05:07.637 Disk 0 scanning C:\Windows\system32\drivers
23:05:11.786 Service scanning
23:05:21.989 Modules scanning
23:05:24.111 Disk 0 trace - called modules:
23:05:24.126 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
23:05:24.126 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85937030]
23:05:24.641 3 CLASSPNP.SYS[8b59159e] -> nt!IofCallDriver -> [0x8589c328]
23:05:24.641 5 ACPI.sys[8b0bf3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x853a3908]
23:05:24.813 AVAST engine scan C:\Windows
23:05:26.388 AVAST engine scan C:\Windows\system32
23:07:57.116 AVAST engine scan C:\Windows\system32\drivers
23:08:02.420 AVAST engine scan C:\Users\testpc
23:08:43.494 AVAST engine scan C:\ProgramData
23:08:49.079 Scan finished successfully
23:12:04.610 Disk 0 MBR has been saved successfully to "C:\Users\testpc\Desktop\MBR.dat"
23:12:04.610 The log file has been saved successfully to "C:\Users\testpc\Desktop\aswMBR.txt"

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:01 PM

Posted 24 September 2012 - 01:18 AM

did you run the file for windows update?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users