Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDSS File System Found, Need Advice


  • Please log in to reply
7 replies to this topic

#1 wiuenright

wiuenright

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 28 October 2012 - 01:55 PM

Hello,

I am having some problems and I hope someone here can at least guide me in the right direction. I just built a new Windows 7 64 bit computer after having issues with my very old dell. Everything went smoothly and I have been running it about a week. However after I just installed malwarebytes it began detecting an svchost.exe trojan. It would show up even after quarantine each scan so then I moved to TDSSkiller. Without checking any extra options, the scan found a threat and cured it. The threat was Rootkit.Boot.Pihar I believe from looking at the log. Then I checked all options and now it is finding this:

Unsigned File ---- Service:ASGT Suspicious object, medium risk skip

TDSS File System ---- Physical drive: \Device\Harddisk2\DR2 Suspicious object, medium risk Skip

TDSS File System ---- Physical drive: \Device\Harddisk0\DR0 Suspicious object, medium risk Skip

The svchost.exe virus is not coming up in Malwarebytes any longer. I don't know what I should do or if these threats are serious or not. I also should note that I am using two old harddrives out of the old computer. I guess its possible that I had a lingering virus on one of them from the old computer but MSE is not finding anything on either of them, nor is Malwarebytes. I have done searching online but can't find enough info specific to this warning. Any help would be greatly appreciated.

Edited by wiuenright, 28 October 2012 - 02:02 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:36 AM

Posted 28 October 2012 - 02:12 PM

Hello, they may not be an issue... but let double check.

Please Download

TDSSkiller


Launch it. Click on change parameters-Select TDLFS file system

Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.



Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.








Finally,I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 wiuenright

wiuenright
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 28 October 2012 - 02:40 PM

Ok I ran TDSS Killer again with those settings and the adwcleaner as well. Here are the logs. After I post them will run the virus scan.

TDSS Killer:

14:31:06.0597 2760 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
14:31:07.0986 2760 ============================================================
14:31:07.0986 2760 Current date / time: 2012/10/28 14:31:07.0986
14:31:07.0986 2760 SystemInfo:
14:31:07.0986 2760
14:31:07.0986 2760 OS Version: 6.1.7601 ServicePack: 1.0
14:31:07.0986 2760 Product type: Workstation
14:31:07.0986 2760 ComputerName: BADASSRIG
14:31:07.0986 2760 UserName: Kyle and Tracy
14:31:07.0986 2760 Windows directory: C:\Windows
14:31:07.0986 2760 System windows directory: C:\Windows
14:31:07.0986 2760 Running under WOW64
14:31:07.0986 2760 Processor architecture: Intel x64
14:31:07.0986 2760 Number of processors: 4
14:31:07.0986 2760 Page size: 0x1000
14:31:07.0986 2760 Boot type: Normal boot
14:31:07.0986 2760 ============================================================
14:31:08.0189 2760 BG loaded
14:31:08.0345 2760 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:31:08.0360 2760 Drive \Device\Harddisk2\DR2 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:31:08.0376 2760 Drive \Device\Harddisk0\DR0 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:31:08.0438 2760 ============================================================
14:31:08.0438 2760 \Device\Harddisk1\DR1:
14:31:08.0454 2760 MBR partitions:
14:31:08.0454 2760 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
14:31:08.0454 2760 \Device\Harddisk2\DR2:
14:31:08.0454 2760 MBR partitions:
14:31:08.0454 2760 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x2000, BlocksNum 0x1DCF0000
14:31:08.0454 2760 \Device\Harddisk0\DR0:
14:31:08.0454 2760 MBR partitions:
14:31:08.0454 2760 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22EEAD02
14:31:08.0454 2760 ============================================================
14:31:08.0454 2760 C: <-> \Device\Harddisk2\DR2\Partition1
14:31:08.0516 2760 E: <-> \Device\Harddisk1\DR1\Partition1
14:31:08.0532 2760 F: <-> \Device\Harddisk0\DR0\Partition1
14:31:08.0532 2760 ============================================================
14:31:08.0532 2760 Initialize success
14:31:08.0532 2760 ============================================================
14:31:26.0597 5024 ============================================================
14:31:26.0597 5024 Scan started
14:31:26.0597 5024 Mode: Manual; TDLFS;
14:31:26.0597 5024 ============================================================
14:31:27.0845 5024 ================ Scan system memory ========================
14:31:27.0845 5024 System memory - ok
14:31:27.0845 5024 ================ Scan services =============================
14:31:27.0876 5024 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:31:27.0876 5024 1394ohci - ok
14:31:27.0891 5024 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:31:27.0891 5024 ACPI - ok
14:31:27.0891 5024 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:31:27.0891 5024 AcpiPmi - ok
14:31:27.0891 5024 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:31:27.0891 5024 adp94xx - ok
14:31:27.0907 5024 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:31:27.0907 5024 adpahci - ok
14:31:27.0907 5024 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:31:27.0907 5024 adpu320 - ok
14:31:27.0907 5024 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:31:27.0907 5024 AeLookupSvc - ok
14:31:27.0923 5024 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:31:27.0923 5024 AFD - ok
14:31:27.0923 5024 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:31:27.0923 5024 agp440 - ok
14:31:27.0923 5024 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:31:27.0923 5024 ALG - ok
14:31:27.0923 5024 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:31:27.0923 5024 aliide - ok
14:31:28.0203 5024 ALSysIO - ok
14:31:28.0203 5024 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
14:31:28.0203 5024 amdide - ok
14:31:28.0203 5024 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:31:28.0203 5024 AmdK8 - ok
14:31:28.0219 5024 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
14:31:28.0219 5024 AmdPPM - ok
14:31:28.0219 5024 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:31:28.0219 5024 amdsata - ok
14:31:28.0219 5024 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
14:31:28.0219 5024 amdsbs - ok
14:31:28.0219 5024 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:31:28.0219 5024 amdxata - ok
14:31:28.0219 5024 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
14:31:28.0219 5024 AppID - ok
14:31:28.0235 5024 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:31:28.0235 5024 AppIDSvc - ok
14:31:28.0235 5024 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
14:31:28.0235 5024 Appinfo - ok
14:31:28.0235 5024 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
14:31:28.0235 5024 arc - ok
14:31:28.0235 5024 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:31:28.0235 5024 arcsas - ok
14:31:28.0235 5024 [ 4DFF4312661F54EE87DC9A13CAEE60E0 ] asahci64 C:\Windows\system32\DRIVERS\asahci64.sys
14:31:28.0235 5024 asahci64 - ok
14:31:28.0266 5024 [ E536856E96A7605EBF580D62A868E5FE ] ASGT C:\Windows\SysWOW64\ASGT.exe
14:31:28.0281 5024 ASGT - ok
14:31:28.0281 5024 [ 6FE3237C1177E66437E7AD0E8AC1A6E5 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
14:31:28.0281 5024 asmthub3 - ok
14:31:28.0281 5024 [ C4043E39A2ABBC56581CA25DF161E9F7 ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
14:31:28.0281 5024 asmtxhci - ok
14:31:28.0297 5024 [ E1AFEE1584C74050DE0DD16DE2A54BF3 ] AsrAppCharger C:\Windows\system32\DRIVERS\AsrAppCharger.sys
14:31:28.0313 5024 AsrAppCharger - ok
14:31:28.0313 5024 [ 0C3F9E39C0B10D351026D580D9FF6F86 ] AsrRamDisk C:\Windows\system32\DRIVERS\AsrRamDisk.sys
14:31:28.0313 5024 AsrRamDisk - ok
14:31:28.0313 5024 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:31:28.0313 5024 AsyncMac - ok
14:31:28.0313 5024 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
14:31:28.0313 5024 atapi - ok
14:31:28.0328 5024 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:31:28.0328 5024 AudioEndpointBuilder - ok
14:31:28.0328 5024 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:31:28.0328 5024 AudioSrv - ok
14:31:28.0328 5024 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:31:28.0344 5024 AxInstSV - ok
14:31:28.0344 5024 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
14:31:28.0344 5024 b06bdrv - ok
14:31:28.0344 5024 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:31:28.0344 5024 b57nd60a - ok
14:31:28.0359 5024 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:31:28.0359 5024 BDESVC - ok
14:31:28.0359 5024 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:31:28.0359 5024 Beep - ok
14:31:28.0359 5024 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
14:31:28.0375 5024 BFE - ok
14:31:28.0375 5024 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
14:31:28.0375 5024 BITS - ok
14:31:28.0391 5024 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:31:28.0391 5024 blbdrive - ok
14:31:28.0391 5024 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:31:28.0391 5024 bowser - ok
14:31:28.0391 5024 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
14:31:28.0391 5024 BrFiltLo - ok
14:31:28.0391 5024 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
14:31:28.0391 5024 BrFiltUp - ok
14:31:28.0391 5024 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
14:31:28.0391 5024 Browser - ok
14:31:28.0406 5024 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:31:28.0406 5024 Brserid - ok
14:31:28.0406 5024 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:31:28.0406 5024 BrSerWdm - ok
14:31:28.0406 5024 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:31:28.0406 5024 BrUsbMdm - ok
14:31:28.0406 5024 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:31:28.0406 5024 BrUsbSer - ok
14:31:28.0406 5024 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:31:28.0406 5024 BTHMODEM - ok
14:31:28.0422 5024 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:31:28.0422 5024 bthserv - ok
14:31:28.0422 5024 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:31:28.0422 5024 cdfs - ok
14:31:28.0422 5024 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:31:28.0422 5024 cdrom - ok
14:31:28.0437 5024 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
14:31:28.0437 5024 CertPropSvc - ok
14:31:28.0453 5024 [ 33B82CF69E41B38A2EC0C3CABDE80D6E ] cFosSpeed C:\Windows\system32\DRIVERS\cfosspeed6.sys
14:31:28.0453 5024 cFosSpeed - ok
14:31:28.0453 5024 [ A469854CD303A39162931FA770EA45A2 ] cFosSpeedS C:\Program Files\ASRock\XFast LAN\spd.exe
14:31:28.0469 5024 cFosSpeedS - ok
14:31:28.0469 5024 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
14:31:28.0469 5024 circlass - ok
14:31:28.0469 5024 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:31:28.0469 5024 CLFS - ok
14:31:28.0484 5024 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:31:28.0484 5024 clr_optimization_v2.0.50727_32 - ok
14:31:28.0484 5024 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:31:28.0484 5024 clr_optimization_v2.0.50727_64 - ok
14:31:28.0484 5024 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:31:28.0484 5024 clr_optimization_v4.0.30319_32 - ok
14:31:28.0500 5024 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:31:28.0500 5024 clr_optimization_v4.0.30319_64 - ok
14:31:28.0500 5024 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
14:31:28.0500 5024 CmBatt - ok
14:31:28.0500 5024 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:31:28.0500 5024 cmdide - ok
14:31:28.0515 5024 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
14:31:28.0515 5024 CNG - ok
14:31:28.0515 5024 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
14:31:28.0515 5024 Compbatt - ok
14:31:28.0515 5024 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
14:31:28.0515 5024 CompositeBus - ok
14:31:28.0515 5024 COMSysApp - ok
14:31:28.0531 5024 [ 46609CA1A73B8045764E488EA8C73439 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
14:31:28.0531 5024 cphs - ok
14:31:28.0531 5024 [ 3CA734CE373E5675FBC15CA2C45228E5 ] cpudrv64 C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
14:31:28.0531 5024 cpudrv64 - ok
14:31:28.0531 5024 cpuz135 - ok
14:31:28.0547 5024 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:31:28.0547 5024 crcdisk - ok
14:31:28.0547 5024 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:31:28.0547 5024 CryptSvc - ok
14:31:28.0547 5024 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:31:28.0562 5024 DcomLaunch - ok
14:31:28.0562 5024 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:31:28.0562 5024 defragsvc - ok
14:31:28.0562 5024 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:31:28.0562 5024 DfsC - ok
14:31:28.0562 5024 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
14:31:28.0578 5024 Dhcp - ok
14:31:28.0578 5024 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
14:31:28.0578 5024 discache - ok
14:31:28.0578 5024 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
14:31:28.0578 5024 Disk - ok
14:31:28.0578 5024 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:31:28.0578 5024 Dnscache - ok
14:31:28.0593 5024 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:31:28.0593 5024 dot3svc - ok
14:31:28.0593 5024 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
14:31:28.0593 5024 DPS - ok
14:31:28.0593 5024 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:31:28.0593 5024 drmkaud - ok
14:31:28.0593 5024 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:31:28.0593 5024 dtsoftbus01 - ok
14:31:28.0609 5024 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:31:28.0609 5024 DXGKrnl - ok
14:31:28.0609 5024 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:31:28.0625 5024 EapHost - ok
14:31:28.0640 5024 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
14:31:28.0656 5024 ebdrv - ok
14:31:28.0671 5024 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
14:31:28.0671 5024 EFS - ok
14:31:28.0671 5024 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:31:28.0671 5024 ehRecvr - ok
14:31:28.0687 5024 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
14:31:28.0687 5024 ehSched - ok
14:31:28.0687 5024 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:31:28.0687 5024 elxstor - ok
14:31:28.0687 5024 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:31:28.0687 5024 ErrDev - ok
14:31:28.0703 5024 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:31:28.0703 5024 EventSystem - ok
14:31:28.0703 5024 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:31:28.0703 5024 exfat - ok
14:31:28.0703 5024 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:31:28.0718 5024 fastfat - ok
14:31:28.0718 5024 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
14:31:28.0718 5024 Fax - ok
14:31:28.0718 5024 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
14:31:28.0718 5024 fdc - ok
14:31:28.0734 5024 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:31:28.0734 5024 fdPHost - ok
14:31:28.0734 5024 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:31:28.0734 5024 FDResPub - ok
14:31:28.0734 5024 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:31:28.0734 5024 FileInfo - ok
14:31:28.0734 5024 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:31:28.0734 5024 Filetrace - ok
14:31:28.0734 5024 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
14:31:28.0734 5024 flpydisk - ok
14:31:28.0749 5024 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:31:28.0749 5024 FltMgr - ok
14:31:28.0749 5024 [ 508401A63E6B1CBF0B9C9A011498731F ] FNETTBOH_305 C:\Windows\system32\drivers\FNETTBOH_305.SYS
14:31:28.0749 5024 FNETTBOH_305 - ok
14:31:28.0749 5024 [ 7C3C4B4C951EC1BDFD4F769D05E2CC68 ] FNETURPX C:\Windows\system32\drivers\FNETURPX.SYS
14:31:28.0765 5024 FNETURPX - ok
14:31:28.0765 5024 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
14:31:28.0781 5024 FontCache - ok
14:31:28.0781 5024 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:31:28.0781 5024 FontCache3.0.0.0 - ok
14:31:28.0781 5024 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:31:28.0781 5024 FsDepends - ok
14:31:28.0781 5024 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:31:28.0781 5024 Fs_Rec - ok
14:31:28.0796 5024 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:31:28.0796 5024 fvevol - ok
14:31:28.0796 5024 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:31:28.0796 5024 gagp30kx - ok
14:31:28.0796 5024 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
14:31:28.0812 5024 gpsvc - ok
14:31:28.0812 5024 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:31:28.0812 5024 hcw85cir - ok
14:31:28.0812 5024 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:31:28.0812 5024 HdAudAddService - ok
14:31:28.0812 5024 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:31:28.0812 5024 HDAudBus - ok
14:31:28.0827 5024 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
14:31:28.0827 5024 HidBatt - ok
14:31:28.0827 5024 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:31:28.0827 5024 HidBth - ok
14:31:28.0827 5024 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
14:31:28.0827 5024 HidIr - ok
14:31:28.0827 5024 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
14:31:28.0827 5024 hidserv - ok
14:31:28.0827 5024 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:31:28.0843 5024 HidUsb - ok
14:31:28.0843 5024 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:31:28.0843 5024 hkmsvc - ok
14:31:28.0843 5024 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:31:28.0843 5024 HomeGroupListener - ok
14:31:28.0859 5024 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:31:28.0859 5024 HomeGroupProvider - ok
14:31:28.0859 5024 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:31:28.0859 5024 HpSAMD - ok
14:31:28.0859 5024 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:31:28.0874 5024 HTTP - ok
14:31:28.0874 5024 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:31:28.0874 5024 hwpolicy - ok
14:31:28.0874 5024 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:31:28.0874 5024 i8042prt - ok
14:31:28.0874 5024 [ CCFA835960E35F30D28A868E0B3B8722 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
14:31:28.0890 5024 iaStor - ok
14:31:28.0890 5024 [ 1F35EFEC56CD1BF62435EAF97EABC3B3 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
14:31:28.0890 5024 IAStorDataMgrSvc - ok
14:31:28.0890 5024 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:31:28.0890 5024 iaStorV - ok
14:31:28.0905 5024 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:31:28.0905 5024 idsvc - ok
14:31:28.0999 5024 [ 72A89FFAB63239771DEE03C15AE7CAFD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
14:31:29.0046 5024 igfx - ok
14:31:29.0046 5024 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:31:29.0046 5024 iirsp - ok
14:31:29.0061 5024 [ 67999A9D34A0B2479381E7A61AFC37AB ] ikbevent C:\Windows\system32\DRIVERS\ikbevent.sys
14:31:29.0061 5024 ikbevent - ok
14:31:29.0077 5024 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
14:31:29.0077 5024 IKEEXT - ok
14:31:29.0077 5024 [ DDAE90DD5BDAC53C8C5CD5B82FC1F1B4 ] imsevent C:\Windows\system32\DRIVERS\imsevent.sys
14:31:29.0077 5024 imsevent - ok
14:31:29.0124 5024 [ F242E36CDA231701CFA702641C20FAEC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:31:29.0139 5024 IntcAzAudAddService - ok
14:31:29.0139 5024 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
14:31:29.0139 5024 IntcDAud - ok
14:31:29.0155 5024 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
14:31:29.0701 5024 Intel® Capability Licensing Service Interface - ok
14:31:29.0701 5024 [ 896AA2F1D79662B17D5DBBE588E24E30 ] Intel® ME Service C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
14:31:29.0701 5024 Intel® ME Service - ok
14:31:29.0701 5024 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
14:31:29.0701 5024 intelide - ok
14:31:29.0717 5024 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:31:29.0717 5024 intelppm - ok
14:31:29.0717 5024 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:31:29.0717 5024 IPBusEnum - ok
14:31:29.0717 5024 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:31:29.0717 5024 IpFilterDriver - ok
14:31:29.0732 5024 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:31:29.0732 5024 iphlpsvc - ok
14:31:29.0732 5024 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:31:29.0732 5024 IPMIDRV - ok
14:31:29.0732 5024 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:31:29.0732 5024 IPNAT - ok
14:31:29.0732 5024 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:31:29.0732 5024 IRENUM - ok
14:31:29.0732 5024 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:31:29.0732 5024 isapnp - ok
14:31:29.0748 5024 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:31:29.0748 5024 iScsiPrt - ok
14:31:29.0748 5024 [ 970995B7C36F4408ED31C3BF204FE1F5 ] ISCT C:\Windows\system32\DRIVERS\ISCTD64.sys
14:31:29.0748 5024 ISCT - ok
14:31:29.0748 5024 [ 6F60B7AD044924B8C1E32D692C593612 ] ISCTAgent C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
14:31:29.0763 5024 ISCTAgent - ok
14:31:29.0763 5024 [ 846354992EBB373F452EB9182D501B08 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
14:31:29.0763 5024 iusb3hcs - ok
14:31:29.0763 5024 [ 1D88A23853387D34D52CC8F9DDBFC56C ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
14:31:29.0763 5024 iusb3hub - ok
14:31:29.0779 5024 [ FC5EFD7C797DF19DFB999F0605A7924E ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
14:31:29.0779 5024 iusb3xhc - ok
14:31:29.0795 5024 [ 3C6630473DD42FFC57D9F5564F533127 ] jhi_service C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
14:31:29.0795 5024 jhi_service - ok
14:31:29.0795 5024 [ 455B75C19BF3F1F2EE3AC10E1169826C ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
14:31:29.0795 5024 k57nd60a - ok
14:31:29.0795 5024 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:31:29.0795 5024 kbdclass - ok
14:31:29.0795 5024 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:31:29.0810 5024 kbdhid - ok
14:31:29.0810 5024 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
14:31:29.0810 5024 KeyIso - ok
14:31:29.0810 5024 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:31:29.0810 5024 KSecDD - ok
14:31:29.0810 5024 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:31:29.0826 5024 KSecPkg - ok
14:31:29.0826 5024 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:31:29.0826 5024 ksthunk - ok
14:31:29.0826 5024 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:31:29.0826 5024 KtmRm - ok
14:31:29.0826 5024 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
14:31:29.0841 5024 LanmanServer - ok
14:31:29.0841 5024 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:31:29.0841 5024 LanmanWorkstation - ok
14:31:29.0841 5024 [ B6552D382FF070B4ED34CBD6737277C0 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
14:31:29.0841 5024 LHidFilt - ok
14:31:29.0841 5024 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:31:29.0841 5024 lltdio - ok
14:31:29.0857 5024 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:31:29.0857 5024 lltdsvc - ok
14:31:29.0857 5024 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:31:29.0857 5024 lmhosts - ok
14:31:29.0857 5024 [ 73C1F563AB73D459DFFE682D66476558 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
14:31:29.0857 5024 LMouFilt - ok
14:31:29.0857 5024 [ 2B23FAA39D8F949ED5EEE03ECA50BCD5 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:31:29.0857 5024 LMS - ok
14:31:29.0873 5024 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:31:29.0873 5024 LSI_FC - ok
14:31:29.0873 5024 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:31:29.0873 5024 LSI_SAS - ok
14:31:29.0873 5024 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
14:31:29.0873 5024 LSI_SAS2 - ok
14:31:29.0873 5024 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:31:29.0873 5024 LSI_SCSI - ok
14:31:29.0873 5024 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:31:29.0888 5024 luafv - ok
14:31:29.0888 5024 [ 9D9714E78EAC9E5368208649489C920E ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
14:31:29.0888 5024 LUsbFilt - ok
14:31:29.0888 5024 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
14:31:29.0888 5024 MBAMProtector - ok
14:31:29.0982 5024 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:31:30.0013 5024 MBAMScheduler - ok
14:31:30.0107 5024 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:31:30.0138 5024 MBAMService - ok
14:31:30.0138 5024 [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt C:\Windows\system32\drivers\MBfilt64.sys
14:31:30.0153 5024 MBfilt - ok
14:31:30.0153 5024 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:31:30.0153 5024 Mcx2Svc - ok
14:31:30.0153 5024 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
14:31:30.0153 5024 megasas - ok
14:31:30.0153 5024 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
14:31:30.0153 5024 MegaSR - ok
14:31:30.0153 5024 [ D71FD7A4FDB01C554AE144037B688DF1 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
14:31:30.0169 5024 MEIx64 - ok
14:31:30.0169 5024 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:31:30.0169 5024 MMCSS - ok
14:31:30.0169 5024 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:31:30.0169 5024 Modem - ok
14:31:30.0169 5024 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:31:30.0169 5024 monitor - ok
14:31:30.0169 5024 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:31:30.0169 5024 mouclass - ok
14:31:30.0169 5024 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:31:30.0185 5024 mouhid - ok
14:31:30.0185 5024 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:31:30.0185 5024 mountmgr - ok
14:31:30.0185 5024 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
14:31:30.0185 5024 MpFilter - ok
14:31:30.0200 5024 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
14:31:30.0200 5024 mpio - ok
14:31:30.0200 5024 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:31:30.0200 5024 mpsdrv - ok
14:31:30.0216 5024 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:31:30.0216 5024 MpsSvc - ok
14:31:30.0216 5024 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:31:30.0216 5024 MRxDAV - ok
14:31:30.0216 5024 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:31:30.0216 5024 mrxsmb - ok
14:31:30.0231 5024 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:31:30.0231 5024 mrxsmb10 - ok
14:31:30.0231 5024 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:31:30.0231 5024 mrxsmb20 - ok
14:31:30.0231 5024 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
14:31:30.0231 5024 msahci - ok
14:31:30.0231 5024 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:31:30.0231 5024 msdsm - ok
14:31:30.0231 5024 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:31:30.0247 5024 MSDTC - ok
14:31:30.0247 5024 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:31:30.0247 5024 Msfs - ok
14:31:30.0247 5024 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:31:30.0247 5024 mshidkmdf - ok
14:31:30.0247 5024 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:31:30.0247 5024 msisadrv - ok
14:31:30.0247 5024 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:31:30.0247 5024 MSiSCSI - ok
14:31:30.0263 5024 msiserver - ok
14:31:30.0263 5024 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:31:30.0263 5024 MSKSSRV - ok
14:31:30.0263 5024 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
14:31:30.0263 5024 MsMpSvc - ok
14:31:30.0263 5024 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:31:30.0263 5024 MSPCLOCK - ok
14:31:30.0263 5024 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:31:30.0263 5024 MSPQM - ok
14:31:30.0278 5024 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:31:30.0278 5024 MsRPC - ok
14:31:30.0278 5024 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:31:30.0278 5024 mssmbios - ok
14:31:30.0278 5024 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:31:30.0278 5024 MSTEE - ok
14:31:30.0278 5024 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
14:31:30.0278 5024 MTConfig - ok
14:31:30.0278 5024 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:31:30.0278 5024 Mup - ok
14:31:30.0294 5024 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
14:31:30.0294 5024 napagent - ok
14:31:30.0294 5024 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:31:30.0294 5024 NativeWifiP - ok
14:31:30.0309 5024 [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
14:31:30.0309 5024 NAUpdate - ok
14:31:30.0325 5024 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:31:30.0325 5024 NDIS - ok
14:31:30.0325 5024 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:31:30.0325 5024 NdisCap - ok
14:31:30.0325 5024 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:31:30.0325 5024 NdisTapi - ok
14:31:30.0325 5024 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:31:30.0341 5024 Ndisuio - ok
14:31:30.0341 5024 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:31:30.0341 5024 NdisWan - ok
14:31:30.0341 5024 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:31:30.0341 5024 NDProxy - ok
14:31:30.0341 5024 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:31:30.0341 5024 NetBIOS - ok
14:31:30.0341 5024 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:31:30.0341 5024 NetBT - ok
14:31:30.0356 5024 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
14:31:30.0356 5024 Netlogon - ok
14:31:30.0356 5024 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:31:30.0356 5024 Netman - ok
14:31:30.0372 5024 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:31:30.0372 5024 netprofm - ok
14:31:30.0372 5024 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:31:30.0372 5024 NetTcpPortSharing - ok
14:31:30.0372 5024 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:31:30.0372 5024 nfrd960 - ok
14:31:30.0372 5024 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:31:30.0372 5024 NisDrv - ok
14:31:30.0387 5024 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
14:31:30.0387 5024 NisSrv - ok
14:31:30.0387 5024 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:31:30.0387 5024 NlaSvc - ok
14:31:30.0387 5024 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:31:30.0387 5024 Npfs - ok
14:31:30.0387 5024 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:31:30.0403 5024 nsi - ok
14:31:30.0403 5024 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:31:30.0403 5024 nsiproxy - ok
14:31:30.0419 5024 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:31:30.0419 5024 Ntfs - ok
14:31:30.0419 5024 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:31:30.0434 5024 Null - ok
14:31:30.0434 5024 [ 102806B360D0E6BC6E55BF47EF655D43 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
14:31:30.0434 5024 NVHDA - ok
14:31:30.0528 5024 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:31:30.0559 5024 nvlddmkm - ok
14:31:30.0575 5024 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:31:30.0575 5024 nvraid - ok
14:31:30.0575 5024 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:31:30.0575 5024 nvstor - ok
14:31:30.0590 5024 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\Windows\system32\nvvsvc.exe
14:31:30.0590 5024 nvsvc - ok
14:31:30.0606 5024 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:31:30.0606 5024 nvUpdatusService - ok
14:31:30.0606 5024 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:31:30.0606 5024 nv_agp - ok
14:31:30.0606 5024 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:31:30.0606 5024 ohci1394 - ok
14:31:30.0621 5024 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:31:30.0621 5024 p2pimsvc - ok
14:31:30.0621 5024 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:31:30.0621 5024 p2psvc - ok
14:31:30.0637 5024 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
14:31:30.0637 5024 Parport - ok
14:31:30.0637 5024 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:31:30.0637 5024 partmgr - ok
14:31:30.0637 5024 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:31:30.0637 5024 PcaSvc - ok
14:31:30.0637 5024 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
14:31:30.0637 5024 pci - ok
14:31:30.0637 5024 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
14:31:30.0637 5024 pciide - ok
14:31:30.0653 5024 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:31:30.0653 5024 pcmcia - ok
14:31:30.0653 5024 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:31:30.0653 5024 pcw - ok
14:31:30.0653 5024 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:31:30.0668 5024 PEAUTH - ok
14:31:30.0684 5024 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:31:30.0684 5024 PerfHost - ok
14:31:30.0699 5024 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
14:31:30.0699 5024 pla - ok
14:31:30.0715 5024 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:31:30.0715 5024 PlugPlay - ok
14:31:30.0715 5024 PnkBstrA - ok
14:31:30.0715 5024 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:31:30.0715 5024 PNRPAutoReg - ok
14:31:30.0731 5024 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:31:30.0731 5024 PNRPsvc - ok
14:31:30.0731 5024 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:31:30.0731 5024 PolicyAgent - ok
14:31:30.0746 5024 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
14:31:30.0746 5024 Power - ok
14:31:30.0746 5024 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:31:30.0746 5024 PptpMiniport - ok
14:31:30.0746 5024 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
14:31:30.0746 5024 Processor - ok
14:31:30.0746 5024 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
14:31:30.0746 5024 ProfSvc - ok
14:31:30.0746 5024 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:31:30.0762 5024 ProtectedStorage - ok
14:31:30.0762 5024 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:31:30.0762 5024 Psched - ok
14:31:30.0777 5024 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:31:30.0777 5024 ql2300 - ok
14:31:30.0777 5024 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:31:30.0777 5024 ql40xx - ok
14:31:30.0793 5024 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:31:30.0793 5024 QWAVE - ok
14:31:30.0793 5024 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:31:30.0793 5024 QWAVEdrv - ok
14:31:30.0793 5024 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:31:30.0793 5024 RasAcd - ok
14:31:30.0793 5024 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:31:30.0793 5024 RasAgileVpn - ok
14:31:30.0809 5024 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:31:30.0809 5024 RasAuto - ok
14:31:30.0809 5024 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:31:30.0809 5024 Rasl2tp - ok
14:31:30.0809 5024 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
14:31:30.0809 5024 RasMan - ok
14:31:30.0809 5024 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:31:30.0809 5024 RasPppoe - ok
14:31:30.0824 5024 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:31:30.0824 5024 RasSstp - ok
14:31:30.0824 5024 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:31:30.0824 5024 rdbss - ok
14:31:30.0824 5024 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
14:31:30.0824 5024 rdpbus - ok
14:31:30.0824 5024 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:31:30.0824 5024 RDPCDD - ok
14:31:30.0840 5024 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:31:30.0840 5024 RDPENCDD - ok
14:31:30.0840 5024 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:31:30.0840 5024 RDPREFMP - ok
14:31:30.0840 5024 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:31:30.0840 5024 RDPWD - ok
14:31:30.0840 5024 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:31:30.0840 5024 rdyboost - ok
14:31:30.0855 5024 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:31:30.0855 5024 RemoteAccess - ok
14:31:30.0855 5024 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:31:30.0855 5024 RemoteRegistry - ok
14:31:30.0855 5024 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:31:30.0855 5024 RpcEptMapper - ok
14:31:30.0855 5024 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:31:30.0855 5024 RpcLocator - ok
14:31:30.0871 5024 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
14:31:30.0871 5024 RpcSs - ok
14:31:30.0871 5024 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:31:30.0871 5024 rspndr - ok
14:31:30.0871 5024 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
14:31:30.0871 5024 SamSs - ok
14:31:30.0871 5024 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:31:30.0871 5024 sbp2port - ok
14:31:30.0887 5024 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:31:30.0887 5024 SCardSvr - ok
14:31:30.0887 5024 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:31:30.0887 5024 scfilter - ok
14:31:30.0902 5024 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
14:31:30.0902 5024 Schedule - ok
14:31:30.0902 5024 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:31:30.0902 5024 SCPolicySvc - ok
14:31:30.0902 5024 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:31:30.0902 5024 SDRSVC - ok
14:31:30.0902 5024 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:31:30.0902 5024 secdrv - ok
14:31:30.0918 5024 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
14:31:30.0918 5024 seclogon - ok
14:31:30.0918 5024 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
14:31:30.0918 5024 SENS - ok
14:31:30.0918 5024 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:31:30.0918 5024 SensrSvc - ok
14:31:30.0918 5024 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:31:30.0918 5024 Serenum - ok
14:31:30.0918 5024 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:31:30.0933 5024 Serial - ok
14:31:30.0933 5024 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:31:30.0933 5024 sermouse - ok
14:31:30.0933 5024 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:31:30.0933 5024 SessionEnv - ok
14:31:30.0933 5024 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:31:30.0933 5024 sffdisk - ok
14:31:30.0933 5024 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:31:30.0933 5024 sffp_mmc - ok
14:31:30.0949 5024 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:31:30.0949 5024 sffp_sd - ok
14:31:30.0949 5024 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:31:30.0949 5024 sfloppy - ok
14:31:30.0949 5024 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:31:30.0949 5024 SharedAccess - ok
14:31:30.0949 5024 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:31:30.0965 5024 ShellHWDetection - ok
14:31:30.0965 5024 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
14:31:30.0965 5024 SiSRaid2 - ok
14:31:30.0965 5024 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:31:30.0965 5024 SiSRaid4 - ok
14:31:30.0965 5024 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:31:30.0965 5024 Smb - ok
14:31:30.0965 5024 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:31:30.0965 5024 SNMPTRAP - ok
14:31:30.0980 5024 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:31:30.0980 5024 spldr - ok
14:31:30.0980 5024 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
14:31:30.0980 5024 Spooler - ok
14:31:31.0011 5024 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
14:31:31.0011 5024 sppsvc - ok
14:31:31.0027 5024 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:31:31.0027 5024 sppuinotify - ok
14:31:31.0027 5024 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
14:31:31.0027 5024 srv - ok
14:31:31.0043 5024 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:31:31.0043 5024 srv2 - ok
14:31:31.0043 5024 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:31:31.0043 5024 srvnet - ok
14:31:31.0043 5024 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:31:31.0043 5024 SSDPSRV - ok
14:31:31.0043 5024 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:31:31.0043 5024 SstpSvc - ok
14:31:31.0058 5024 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:31:31.0058 5024 Stereo Service - ok
14:31:31.0058 5024 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
14:31:31.0058 5024 stexstor - ok
14:31:31.0074 5024 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
14:31:31.0074 5024 stisvc - ok
14:31:31.0074 5024 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:31:31.0074 5024 swenum - ok
14:31:31.0074 5024 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:31:31.0089 5024 swprv - ok
14:31:31.0089 5024 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
14:31:31.0105 5024 SysMain - ok
14:31:31.0105 5024 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:31:31.0105 5024 TabletInputService - ok
14:31:31.0121 5024 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:31:31.0121 5024 TapiSrv - ok
14:31:31.0121 5024 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:31:31.0121 5024 TBS - ok
14:31:31.0136 5024 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:31:31.0152 5024 Tcpip - ok
14:31:31.0167 5024 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:31:31.0167 5024 TCPIP6 - ok
14:31:31.0167 5024 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:31:31.0167 5024 tcpipreg - ok
14:31:31.0183 5024 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:31:31.0183 5024 TDPIPE - ok
14:31:31.0183 5024 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:31:31.0183 5024 TDTCP - ok
14:31:31.0183 5024 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:31:31.0183 5024 tdx - ok
14:31:31.0183 5024 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:31:31.0183 5024 TermDD - ok
14:31:31.0199 5024 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
14:31:31.0199 5024 TermService - ok
14:31:31.0199 5024 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
14:31:31.0199 5024 Themes - ok
14:31:31.0199 5024 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:31:31.0199 5024 THREADORDER - ok
14:31:31.0214 5024 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:31:31.0214 5024 TrkWks - ok
14:31:31.0214 5024 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:31:31.0214 5024 TrustedInstaller - ok
14:31:31.0214 5024 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:31:31.0214 5024 tssecsrv - ok
14:31:31.0214 5024 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:31:31.0214 5024 TsUsbFlt - ok
14:31:31.0230 5024 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
14:31:31.0230 5024 TsUsbGD - ok
14:31:31.0230 5024 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:31:31.0230 5024 tunnel - ok
14:31:31.0230 5024 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:31:31.0230 5024 uagp35 - ok
14:31:31.0230 5024 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:31:31.0230 5024 udfs - ok
14:31:31.0245 5024 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:31:31.0245 5024 UI0Detect - ok
14:31:31.0245 5024 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:31:31.0245 5024 uliagpkx - ok
14:31:31.0245 5024 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:31:31.0245 5024 umbus - ok
14:31:31.0245 5024 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
14:31:31.0245 5024 UmPass - ok
14:31:31.0261 5024 [ 3C5405EF78576E8E4D791EB18F6856A8 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:31:31.0261 5024 UNS - ok
14:31:31.0261 5024 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:31:31.0261 5024 upnphost - ok
14:31:31.0261 5024 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:31:31.0261 5024 usbccgp - ok
14:31:31.0277 5024 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:31:31.0277 5024 usbcir - ok
14:31:31.0277 5024 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
14:31:31.0277 5024 usbehci - ok
14:31:31.0277 5024 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:31:31.0277 5024 usbhub - ok
14:31:31.0277 5024 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:31:31.0277 5024 usbohci - ok
14:31:31.0277 5024 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
14:31:31.0277 5024 usbprint - ok
14:31:31.0292 5024 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
14:31:31.0292 5024 USBSTOR - ok
14:31:31.0292 5024 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:31:31.0292 5024 usbuhci - ok
14:31:31.0292 5024 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:31:31.0292 5024 UxSms - ok
14:31:31.0292 5024 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
14:31:31.0292 5024 VaultSvc - ok
14:31:31.0292 5024 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:31:31.0292 5024 vdrvroot - ok
14:31:31.0308 5024 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
14:31:31.0308 5024 vds - ok
14:31:31.0308 5024 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:31:31.0308 5024 vga - ok
14:31:31.0308 5024 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:31:31.0308 5024 VgaSave - ok
14:31:31.0323 5024 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:31:31.0323 5024 vhdmp - ok
14:31:31.0323 5024 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:31:31.0323 5024 viaide - ok
14:31:31.0323 5024 [ 0CDB2633712FF61A7DC486A78A807842 ] VirtuWDDM C:\Windows\system32\DRIVERS\VirtuWDDM.sys
14:31:31.0339 5024 VirtuWDDM - ok
14:31:31.0339 5024 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:31:31.0339 5024 volmgr - ok
14:31:31.0339 5024 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:31:31.0339 5024 volmgrx - ok
14:31:31.0339 5024 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:31:31.0355 5024 volsnap - ok
14:31:31.0355 5024 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:31:31.0355 5024 vsmraid - ok
14:31:31.0370 5024 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
14:31:31.0370 5024 VSS - ok
14:31:31.0370 5024 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
14:31:31.0370 5024 vwifibus - ok
14:31:31.0386 5024 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:31:31.0386 5024 W32Time - ok
14:31:31.0386 5024 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:31:31.0386 5024 WacomPen - ok
14:31:31.0386 5024 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:31:31.0386 5024 WANARP - ok
14:31:31.0386 5024 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:31:31.0386 5024 Wanarpv6 - ok
14:31:31.0401 5024 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:31:31.0417 5024 WatAdminSvc - ok
14:31:31.0417 5024 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
14:31:31.0433 5024 wbengine - ok
14:31:31.0433 5024 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:31:31.0433 5024 WbioSrvc - ok
14:31:31.0448 5024 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:31:31.0448 5024 wcncsvc - ok
14:31:31.0448 5024 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:31:31.0448 5024 WcsPlugInService - ok
14:31:31.0448 5024 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
14:31:31.0448 5024 Wd - ok
14:31:31.0464 5024 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:31:31.0464 5024 Wdf01000 - ok
14:31:31.0464 5024 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:31:31.0464 5024 WdiServiceHost - ok
14:31:31.0464 5024 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:31:31.0464 5024 WdiSystemHost - ok
14:31:31.0479 5024 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:31:31.0479 5024 WebClient - ok
14:31:31.0479 5024 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:31:31.0479 5024 Wecsvc - ok
14:31:31.0479 5024 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:31:31.0479 5024 wercplsupport - ok
14:31:31.0495 5024 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:31:31.0495 5024 WerSvc - ok
14:31:31.0495 5024 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:31:31.0495 5024 WfpLwf - ok
14:31:31.0495 5024 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:31:31.0495 5024 WIMMount - ok
14:31:31.0495 5024 WinDefend - ok
14:31:31.0495 5024 WinHttpAutoProxySvc - ok
14:31:31.0511 5024 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:31:31.0511 5024 Winmgmt - ok
14:31:31.0526 5024 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
14:31:31.0542 5024 WinRM - ok
14:31:31.0542 5024 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:31:31.0557 5024 Wlansvc - ok
14:31:31.0557 5024 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
14:31:31.0557 5024 WmiAcpi - ok
14:31:31.0557 5024 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:31:31.0557 5024 wmiApSrv - ok
14:31:31.0573 5024 WMPNetworkSvc - ok
14:31:31.0573 5024 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:31:31.0573 5024 WPCSvc - ok
14:31:31.0573 5024 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:31:31.0573 5024 WPDBusEnum - ok
14:31:31.0573 5024 [ 7CA09731EB7FC99B910C7F239E57720F ] WPRO_41_2001 C:\Windows\system32\drivers\WPRO_41_2001.sys
14:31:31.0589 5024 WPRO_41_2001 - ok
14:31:31.0589 5024 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:31:31.0589 5024 ws2ifsl - ok
14:31:31.0589 5024 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
14:31:31.0589 5024 wscsvc - ok
14:31:31.0589 5024 WSearch - ok
14:31:31.0604 5024 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:31:31.0620 5024 wuauserv - ok
14:31:31.0620 5024 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:31:31.0620 5024 WudfPf - ok
14:31:31.0620 5024 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:31:31.0620 5024 wudfsvc - ok
14:31:31.0635 5024 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
14:31:31.0635 5024 WwanSvc - ok
14:31:31.0635 5024 ================ Scan global ===============================
14:31:31.0635 5024 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:31:31.0635 5024 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
14:31:31.0651 5024 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
14:31:31.0651 5024 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:31:31.0651 5024 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:31:31.0651 5024 [Global] - ok
14:31:31.0651 5024 ================ Scan MBR ==================================
14:31:31.0667 5024 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
14:31:32.0743 5024 \Device\Harddisk1\DR1 - ok
14:31:32.0743 5024 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
14:31:32.0837 5024 \Device\Harddisk2\DR2 ( TDSS File System ) - warning
14:31:32.0837 5024 \Device\Harddisk2\DR2 - detected TDSS File System (1)
14:31:32.0852 5024 [ 35C6B2FCDE68FACBEFE0A4A7200BAE58 ] \Device\Harddisk0\DR0
14:31:33.0975 5024 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:31:33.0975 5024 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:31:33.0975 5024 ================ Scan VBR ==================================
14:31:33.0975 5024 [ BF92E40C449DD81C1F8444FA1B1CE75E ] \Device\Harddisk1\DR1\Partition1
14:31:33.0991 5024 \Device\Harddisk1\DR1\Partition1 - ok
14:31:33.0991 5024 [ A4118131DA708136707EDA0D68706A24 ] \Device\Harddisk2\DR2\Partition1
14:31:33.0991 5024 \Device\Harddisk2\DR2\Partition1 - ok
14:31:33.0991 5024 [ 467DBC064CD80FA846E7972F96B8281C ] \Device\Harddisk0\DR0\Partition1
14:31:33.0991 5024 \Device\Harddisk0\DR0\Partition1 - ok
14:31:33.0991 5024 ============================================================
14:31:33.0991 5024 Scan finished
14:31:33.0991 5024 ============================================================
14:31:33.0991 3628 Detected object count: 2
14:31:33.0991 3628 Actual detected object count: 2
14:31:43.0944 3628 \Device\Harddisk2\DR2 ( TDSS File System ) - skipped by user
14:31:43.0944 3628 \Device\Harddisk2\DR2 ( TDSS File System ) - User select action: Skip
14:31:43.0944 3628 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
14:31:43.0944 3628 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip


And the ADW

# AdwCleaner v2.005 - Logfile created 10/28/2012 at 14:34:26
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Kyle and Tracy - BADASSRIG
# Boot Mode : Normal
# Running from : E:\Users\Kyle and Tracy\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [808 octets] - [28/10/2012 14:34:26]

########## EOF - E:\AdwCleaner[S1].txt - [867 octets] ##########

Running the ESET scanner now. Thanks again for your response and time.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:36 AM

Posted 28 October 2012 - 02:53 PM

Ok these sre bad. Rerun TDSS and change the option on thse to Cure or Delete.
14:31:43.0944 3628 \Device\Harddisk2\DR2 ( TDSS File System ) - skipped by user
14:31:43.0944 3628 \Device\Harddisk2\DR2 ( TDSS File System ) - User select action: Skip
14:31:43.0944 3628 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
14:31:43.0944 3628 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Reboot.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 wiuenright

wiuenright
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 28 October 2012 - 03:47 PM

ESET Log from scan. I also am going to delete the TDSS ones and reboot now

C:\TDSSKiller_Quarantine\28.10.2012_13.18.42\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\28.10.2012_13.18.42\mbr0000\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\28.10.2012_13.18.42\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\Users\Kyle Enright\Downloads\coretemp_1236.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
E:\Users\Kyle and Tracy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JEQWDKIJ\cbsidlm-tr1_7-Daemon_Tools_Lite-SEO2-10778842.exe Win32/DownloadAdmin.D application cleaned by deleting - quarantined
E:\Users\Kyle and Tracy\Desktop\coretemp_1236.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
E:\Users\Kyle and Tracy\Desktop\Users\Kyle Enright\Downloads\coretemp_1236.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
E:\Users\Kyle and Tracy\Downloads\cbsidlm-tr1_7-Daemon_Tools_Lite-SEO2-10778842.exe Win32/DownloadAdmin.D application cleaned by deleting - quarantined
E:\Users\Kyle and Tracy\Downloads\DTLite4454-0315.exe Win32/OpenCandy application cleaned by deleting - quarantined

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:36 AM

Posted 28 October 2012 - 03:57 PM

OK after that we'll make sure there are no other rootkits.

Let me knowif it running well now.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 wiuenright

wiuenright
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 28 October 2012 - 04:28 PM

Here is that log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-28 16:05:17
-----------------------------
16:05:17.892 OS Version: Windows x64 6.1.7601 Service Pack 1
16:05:17.892 Number of processors: 4 586 0x3A09
16:05:17.892 ComputerName: BADASSRIG UserName:
16:05:18.110 Initialize success
16:05:23.601 AVAST engine defs: 12102800
16:05:32.337 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:05:32.337 Disk 0 Vendor: ST330062 3.AA Size: 286168MB BusType: 3
16:05:32.337 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
16:05:32.337 Disk 1 Vendor: ST3320620AS 3.AAK Size: 305245MB BusType: 11
16:05:32.337 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T0L0-1
16:05:32.337 Disk 2 Vendor: SAMSUNG_SSD_830_Series CXM03B1Q Size: 244198MB BusType: 11
16:05:32.337 Disk 2 MBR read successfully
16:05:32.353 Disk 2 MBR scan
16:05:32.353 Disk 2 Windows 7 default MBR code
16:05:32.353 Disk 2 Partition 1 80 (A) 07 HPFS/NTFS NTFS 244192 MB offset 8192
16:05:32.384 Disk 2 scanning C:\Windows\system32\drivers
16:05:36.268 Service scanning
16:05:46.533 Modules scanning
16:05:46.533 Disk 2 trace - called modules:
16:05:46.533 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll asahci64.sys
16:05:46.533 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0xfffffa800952c060]
16:05:46.549 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8006ddd680]
16:05:46.720 AVAST engine scan C:\Windows
16:05:47.625 AVAST engine scan C:\Windows\system32
16:07:03.114 AVAST engine scan C:\Windows\system32\drivers
16:07:08.293 AVAST engine scan E:\Users\Kyle and Tracy
16:07:47.043 Disk 2 MBR has been saved successfully to "E:\Users\Kyle and Tracy\Desktop\Removal Files\MBR.dat"
16:07:47.043 The log file has been saved successfully to "E:\Users\Kyle and Tracy\Desktop\Removal Files\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-28 16:08:06
-----------------------------
16:08:06.084 OS Version: Windows x64 6.1.7601 Service Pack 1
16:08:06.084 Number of processors: 4 586 0x3A09
16:08:06.084 ComputerName: BADASSRIG UserName:
16:08:06.287 Initialize success
16:08:10.717 AVAST engine defs: 12102800
16:08:11.529 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:08:11.529 Disk 0 Vendor: ST330062 3.AA Size: 286168MB BusType: 3
16:08:11.529 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
16:08:11.529 Disk 1 Vendor: ST3320620AS 3.AAK Size: 305245MB BusType: 11
16:08:11.529 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T0L0-1
16:08:11.529 Disk 2 Vendor: SAMSUNG_SSD_830_Series CXM03B1Q Size: 244198MB BusType: 11
16:08:11.529 Disk 2 MBR read successfully
16:08:11.544 Disk 2 MBR scan
16:08:11.544 Disk 2 Windows 7 default MBR code
16:08:11.544 Disk 2 Partition 1 80 (A) 07 HPFS/NTFS NTFS 244192 MB offset 8192
16:08:11.560 Disk 2 scanning C:\Windows\system32\drivers
16:08:15.881 Service scanning
16:08:26.739 Modules scanning
16:08:27.238 Disk 2 trace - called modules:
16:08:27.238 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll asahci64.sys
16:08:27.238 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0xfffffa800952c060]
16:08:27.238 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8006ddd680]
16:08:27.441 AVAST engine scan C:\Windows
16:08:28.330 AVAST engine scan C:\Windows\system32
16:09:39.341 AVAST engine scan C:\Windows\system32\drivers
16:09:44.567 AVAST engine scan E:\Users\Kyle and Tracy
16:14:34.244 AVAST engine scan C:\ProgramData
16:14:39.361 Scan finished successfully
16:26:24.643 Disk 2 MBR has been saved successfully to "E:\Users\Kyle and Tracy\Desktop\Removal Files\MBR.dat"
16:26:24.674 The log file has been saved successfully to "E:\Users\Kyle and Tracy\Desktop\Removal Files\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-28 16:08:06
-----------------------------
16:08:06.084 OS Version: Windows x64 6.1.7601 Service Pack 1
16:08:06.084 Number of processors: 4 586 0x3A09
16:08:06.084 ComputerName: BADASSRIG UserName:
16:08:06.287 Initialize success
16:08:10.717 AVAST engine defs: 12102800
16:08:11.529 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:08:11.529 Disk 0 Vendor: ST330062 3.AA Size: 286168MB BusType: 3
16:08:11.529 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
16:08:11.529 Disk 1 Vendor: ST3320620AS 3.AAK Size: 305245MB BusType: 11
16:08:11.529 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T0L0-1
16:08:11.529 Disk 2 Vendor: SAMSUNG_SSD_830_Series CXM03B1Q Size: 244198MB BusType: 11
16:08:11.529 Disk 2 MBR read successfully
16:08:11.544 Disk 2 MBR scan
16:08:11.544 Disk 2 Windows 7 default MBR code
16:08:11.544 Disk 2 Partition 1 80 (A) 07 HPFS/NTFS NTFS 244192 MB offset 8192
16:08:11.560 Disk 2 scanning C:\Windows\system32\drivers
16:08:15.881 Service scanning
16:08:26.739 Modules scanning
16:08:27.238 Disk 2 trace - called modules:
16:08:27.238 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll asahci64.sys
16:08:27.238 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0xfffffa800952c060]
16:08:27.238 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8006ddd680]
16:08:27.441 AVAST engine scan C:\Windows
16:08:28.330 AVAST engine scan C:\Windows\system32
16:09:39.341 AVAST engine scan C:\Windows\system32\drivers
16:09:44.567 AVAST engine scan E:\Users\Kyle and Tracy
16:14:34.244 AVAST engine scan C:\ProgramData
16:14:39.361 Scan finished successfully
16:26:24.643 Disk 2 MBR has been saved successfully to "E:\Users\Kyle and Tracy\Desktop\Removal Files\MBR.dat"
16:26:24.674 The log file has been saved successfully to "E:\Users\Kyle and Tracy\Desktop\Removal Files\aswMBR.txt"
16:26:33.981 Disk 2 MBR has been saved successfully to "E:\Users\Kyle and Tracy\Desktop\Removal Files\MBR.dat"
16:26:33.996 The log file has been saved successfully to "E:\Users\Kyle and Tracy\Desktop\Removal Files\aswMBR.txt"


I am so grateful for your help. I just don't want my brand new decked out computer to be off to a screwed up start. I never noticed anything wrong except that all that was coming up in the malwarebytes scan. Next I am going to run that, MSE and another ESET to verify and hopefully know everything is gone.

Kyle

Edited by wiuenright, 28 October 2012 - 04:29 PM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:36 AM

Posted 28 October 2012 - 04:37 PM

Looks good and you're welcome. If all's good after those scans then... Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users