Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Needed - winrscmde


  • Please log in to reply
5 replies to this topic

#1 Willi136

Willi136

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 18 November 2012 - 06:54 PM

Hello All,

I picked up the winrscmde bug somehwere in the past two days. Can anyone assist with removal before I format the HD and start fresh? I'm running Windows 7. Tried one of the "quick fix" sites, but all it did was run a scanner and ask me to buy a registration code. Hopefully I didn't mess anything up further.

I see a couple of posts on here about how to beat this thing, but I've heard that every case is different. Please help if you can - I'm ready to get to work.

Thank you in advance,

Evan

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:21 AM

Posted 18 November 2012 - 06:57 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Willi136

Willi136
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 18 November 2012 - 11:56 PM

Narenxp,

Here are the logs. Sorry it took so long, computer is running incredibly slow. I restarted the computer after the scans, and unfortunately, I still have the problem. What next?

TDSS Killer Log:

16:08:03.0162 4428 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:08:03.0521 4428 ============================================================
16:08:03.0521 4428 Current date / time: 2012/11/18 16:08:03.0521
16:08:03.0521 4428 SystemInfo:
16:08:03.0521 4428
16:08:03.0521 4428 OS Version: 6.1.7600 ServicePack: 0.0
16:08:03.0521 4428 Product type: Workstation
16:08:03.0521 4428 ComputerName: EVANWILLIAMS
16:08:03.0521 4428 UserName: Evan Williams
16:08:03.0521 4428 Windows directory: C:\Windows
16:08:03.0521 4428 System windows directory: C:\Windows
16:08:03.0521 4428 Running under WOW64
16:08:03.0521 4428 Processor architecture: Intel x64
16:08:03.0521 4428 Number of processors: 4
16:08:03.0521 4428 Page size: 0x1000
16:08:03.0521 4428 Boot type: Normal boot
16:08:03.0521 4428 ============================================================
16:08:03.0973 4428 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:08:03.0973 4428 ============================================================
16:08:03.0973 4428 \Device\Harddisk0\DR0:
16:08:03.0973 4428 MBR partitions:
16:08:03.0973 4428 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
16:08:03.0973 4428 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x239FB800
16:08:03.0973 4428 ============================================================
16:08:04.0004 4428 C: <-> \Device\Harddisk0\DR0\Partition2
16:08:04.0004 4428 ============================================================
16:08:04.0004 4428 Initialize success
16:08:04.0004 4428 ============================================================
16:08:24.0690 1636 ============================================================
16:08:24.0690 1636 Scan started
16:08:24.0690 1636 Mode: Manual; TDLFS;
16:08:24.0690 1636 ============================================================
16:08:25.0704 1636 ================ Scan system memory ========================
16:08:25.0704 1636 System memory - ok
16:08:25.0704 1636 ================ Scan services =============================
16:08:26.0858 1636 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
16:08:26.0858 1636 1394ohci - ok
16:08:26.0968 1636 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
16:08:26.0983 1636 ACPI - ok
16:08:27.0077 1636 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
16:08:27.0077 1636 AcpiPmi - ok
16:08:27.0295 1636 [ 63AB43534CBF5D7F3EB81DFDC8161490 ] AdobeActiveFileMonitor5.0 C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
16:08:27.0295 1636 AdobeActiveFileMonitor5.0 - ok
16:08:27.0545 1636 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:08:27.0545 1636 AdobeARMservice - ok
16:08:27.0701 1636 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:08:27.0716 1636 AdobeFlashPlayerUpdateSvc - ok
16:08:27.0763 1636 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:08:27.0763 1636 adp94xx - ok
16:08:27.0810 1636 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:08:27.0810 1636 adpahci - ok
16:08:27.0841 1636 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:08:27.0841 1636 adpu320 - ok
16:08:27.0872 1636 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:08:27.0872 1636 AeLookupSvc - ok
16:08:27.0997 1636 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
16:08:27.0997 1636 AFD - ok
16:08:28.0060 1636 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
16:08:28.0060 1636 agp440 - ok
16:08:28.0091 1636 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:08:28.0091 1636 ALG - ok
16:08:28.0122 1636 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
16:08:28.0122 1636 aliide - ok
16:08:28.0153 1636 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
16:08:28.0153 1636 amdide - ok
16:08:28.0184 1636 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:08:28.0184 1636 AmdK8 - ok
16:08:28.0216 1636 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:08:28.0216 1636 AmdPPM - ok
16:08:28.0262 1636 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:08:28.0262 1636 amdsata - ok
16:08:28.0294 1636 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:08:28.0294 1636 amdsbs - ok
16:08:28.0340 1636 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:08:28.0340 1636 amdxata - ok
16:08:28.0387 1636 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
16:08:28.0387 1636 AppID - ok
16:08:28.0403 1636 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:08:28.0403 1636 AppIDSvc - ok
16:08:28.0418 1636 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
16:08:28.0418 1636 Appinfo - ok
16:08:28.0481 1636 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:08:28.0481 1636 Apple Mobile Device - ok
16:08:28.0512 1636 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
16:08:28.0512 1636 arc - ok
16:08:28.0528 1636 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:08:28.0528 1636 arcsas - ok
16:08:28.0574 1636 ASPI - ok
16:08:28.0606 1636 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:08:28.0606 1636 AsyncMac - ok
16:08:28.0621 1636 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
16:08:28.0621 1636 atapi - ok
16:08:28.0684 1636 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys
16:08:28.0715 1636 athr - ok
16:08:28.0777 1636 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:08:28.0793 1636 AudioEndpointBuilder - ok
16:08:28.0793 1636 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:08:28.0808 1636 AudioSrv - ok
16:08:28.0840 1636 [ 594931A6353318EE9D77A9CEAFDDEE21 ] AX88772 C:\Windows\system32\DRIVERS\ax88772.sys
16:08:28.0840 1636 AX88772 - ok
16:08:28.0855 1636 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:08:28.0855 1636 AxInstSV - ok
16:08:28.0902 1636 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
16:08:28.0918 1636 b06bdrv - ok
16:08:28.0964 1636 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:08:28.0964 1636 b57nd60a - ok
16:08:29.0011 1636 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:08:29.0011 1636 BDESVC - ok
16:08:29.0042 1636 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:08:29.0042 1636 Beep - ok
16:08:29.0074 1636 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:08:29.0074 1636 blbdrive - ok
16:08:29.0198 1636 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:08:29.0214 1636 Bonjour Service - ok
16:08:29.0276 1636 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:08:29.0276 1636 bowser - ok
16:08:29.0292 1636 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:08:29.0292 1636 BrFiltLo - ok
16:08:29.0308 1636 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:08:29.0308 1636 BrFiltUp - ok
16:08:29.0354 1636 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
16:08:29.0354 1636 Browser - ok
16:08:29.0370 1636 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:08:29.0370 1636 Brserid - ok
16:08:29.0417 1636 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:08:29.0417 1636 BrSerWdm - ok
16:08:29.0432 1636 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:08:29.0432 1636 BrUsbMdm - ok
16:08:29.0448 1636 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:08:29.0448 1636 BrUsbSer - ok
16:08:29.0510 1636 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
16:08:29.0510 1636 BthEnum - ok
16:08:29.0542 1636 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:08:29.0542 1636 BTHMODEM - ok
16:08:29.0573 1636 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:08:29.0573 1636 BthPan - ok
16:08:29.0620 1636 [ D59773C7FDD3D795D6FE402EEEA8D71E ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
16:08:29.0635 1636 BTHPORT - ok
16:08:29.0698 1636 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:08:29.0698 1636 bthserv - ok
16:08:29.0744 1636 [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
16:08:29.0744 1636 BTHUSB - ok
16:08:29.0760 1636 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:08:29.0760 1636 cdfs - ok
16:08:29.0807 1636 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:08:29.0807 1636 cdrom - ok
16:08:29.0854 1636 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
16:08:29.0854 1636 CertPropSvc - ok
16:08:29.0885 1636 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:08:29.0885 1636 circlass - ok
16:08:29.0900 1636 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:08:29.0916 1636 CLFS - ok
16:08:30.0010 1636 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:08:30.0010 1636 clr_optimization_v2.0.50727_32 - ok
16:08:30.0056 1636 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:08:30.0056 1636 clr_optimization_v2.0.50727_64 - ok
16:08:30.0119 1636 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:08:30.0212 1636 clr_optimization_v4.0.30319_32 - ok
16:08:30.0244 1636 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:08:30.0244 1636 clr_optimization_v4.0.30319_64 - ok
16:08:30.0275 1636 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:08:30.0275 1636 CmBatt - ok
16:08:30.0290 1636 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
16:08:30.0306 1636 cmdide - ok
16:08:30.0353 1636 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
16:08:30.0353 1636 CNG - ok
16:08:30.0400 1636 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:08:30.0400 1636 Compbatt - ok
16:08:30.0415 1636 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:08:30.0415 1636 CompositeBus - ok
16:08:30.0431 1636 COMSysApp - ok
16:08:30.0446 1636 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:08:30.0446 1636 crcdisk - ok
16:08:30.0509 1636 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:08:30.0509 1636 CryptSvc - ok
16:08:30.0540 1636 [ 7AF9DAC504FBD047CBC3E64AE52C92BF ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
16:08:30.0556 1636 dc3d - ok
16:08:30.0587 1636 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:08:30.0602 1636 DcomLaunch - ok
16:08:30.0665 1636 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:08:30.0665 1636 defragsvc - ok
16:08:30.0727 1636 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:08:30.0727 1636 DfsC - ok
16:08:30.0774 1636 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
16:08:30.0774 1636 Dhcp - ok
16:08:30.0790 1636 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:08:30.0790 1636 discache - ok
16:08:30.0805 1636 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:08:30.0805 1636 Disk - ok
16:08:31.0008 1636 [ 214CF29D013B96B8AAA0C31682349D92 ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
16:08:31.0195 1636 DisplayLinkService - ok
16:08:31.0289 1636 [ 1FAE14F2CB2F1C1CBDBC17EFB63D5845 ] DisplayLinkUsbPort C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys
16:08:31.0289 1636 DisplayLinkUsbPort - ok
16:08:31.0336 1636 [ 5D5B9E1E45B1EB727EFEAB0F44C7E4EF ] dlkmd C:\Windows\system32\drivers\dlkmd.sys
16:08:31.0336 1636 dlkmd - ok
16:08:31.0367 1636 [ B701A03D4C256A288D89D615E139CB7C ] dlkmdldr C:\Windows\system32\drivers\dlkmdldr.sys
16:08:31.0367 1636 dlkmdldr - ok
16:08:31.0414 1636 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:08:31.0414 1636 Dnscache - ok
16:08:31.0445 1636 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
16:08:31.0445 1636 dot3svc - ok
16:08:31.0492 1636 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
16:08:31.0492 1636 Dot4 - ok
16:08:31.0507 1636 [ 85135AD27E79B689335C08167D917CDE ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:08:31.0507 1636 Dot4Print - ok
16:08:31.0507 1636 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
16:08:31.0507 1636 dot4usb - ok
16:08:31.0523 1636 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
16:08:31.0523 1636 DPS - ok
16:08:31.0570 1636 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:08:31.0570 1636 drmkaud - ok
16:08:31.0616 1636 [ E2B2853A0210D6EDAB2261870BD80C1A ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
16:08:31.0616 1636 DsiWMIService - ok
16:08:31.0679 1636 [ 24CE1ECF9D0AE0301775B07F5FEA175B ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:08:31.0694 1636 DXGKrnl - ok
16:08:31.0726 1636 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:08:31.0726 1636 EapHost - ok
16:08:31.0804 1636 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
16:08:31.0882 1636 ebdrv - ok
16:08:31.0928 1636 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
16:08:31.0944 1636 EFS - ok
16:08:32.0006 1636 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:08:32.0006 1636 ehRecvr - ok
16:08:32.0084 1636 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:08:32.0084 1636 ehSched - ok
16:08:32.0100 1636 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:08:32.0116 1636 elxstor - ok
16:08:32.0178 1636 [ 91C2E6234F6884C6FEEF9658D8EDE6B6 ] ePowerSvc C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
16:08:32.0194 1636 ePowerSvc - ok
16:08:32.0240 1636 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
16:08:32.0240 1636 ErrDev - ok
16:08:32.0287 1636 [ 0975BF32399A24117E317B5BF1D5D0AA ] ETD C:\Windows\system32\DRIVERS\ETD.sys
16:08:32.0287 1636 ETD - ok
16:08:32.0318 1636 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:08:32.0318 1636 EventSystem - ok
16:08:32.0365 1636 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:08:32.0365 1636 exfat - ok
16:08:32.0381 1636 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:08:32.0396 1636 fastfat - ok
16:08:32.0443 1636 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
16:08:32.0443 1636 Fax - ok
16:08:32.0506 1636 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:08:32.0506 1636 fdc - ok
16:08:32.0537 1636 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:08:32.0537 1636 fdPHost - ok
16:08:32.0552 1636 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:08:32.0552 1636 FDResPub - ok
16:08:32.0568 1636 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:08:32.0568 1636 FileInfo - ok
16:08:32.0599 1636 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:08:32.0599 1636 Filetrace - ok
16:08:32.0599 1636 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:08:32.0599 1636 flpydisk - ok
16:08:32.0615 1636 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:08:32.0630 1636 FltMgr - ok
16:08:32.0677 1636 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
16:08:32.0708 1636 FontCache - ok
16:08:32.0802 1636 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:08:32.0802 1636 FontCache3.0.0.0 - ok
16:08:32.0849 1636 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:08:32.0849 1636 FsDepends - ok
16:08:32.0896 1636 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:08:32.0896 1636 Fs_Rec - ok
16:08:32.0942 1636 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:08:32.0942 1636 fvevol - ok
16:08:32.0974 1636 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:08:32.0974 1636 gagp30kx - ok
16:08:33.0052 1636 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:08:33.0052 1636 GEARAspiWDM - ok
16:08:33.0083 1636 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
16:08:33.0083 1636 gpsvc - ok
16:08:33.0176 1636 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
16:08:33.0176 1636 GREGService - ok
16:08:33.0254 1636 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:08:33.0270 1636 gusvc - ok
16:08:33.0286 1636 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:08:33.0286 1636 hcw85cir - ok
16:08:33.0317 1636 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:08:33.0332 1636 HdAudAddService - ok
16:08:33.0364 1636 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:08:33.0364 1636 HDAudBus - ok
16:08:33.0395 1636 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
16:08:33.0395 1636 HECIx64 - ok
16:08:33.0410 1636 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:08:33.0410 1636 HidBatt - ok
16:08:33.0410 1636 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:08:33.0426 1636 HidBth - ok
16:08:33.0426 1636 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:08:33.0442 1636 HidIr - ok
16:08:33.0457 1636 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
16:08:33.0457 1636 hidserv - ok
16:08:33.0488 1636 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:08:33.0488 1636 HidUsb - ok
16:08:33.0520 1636 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:08:33.0520 1636 hkmsvc - ok
16:08:33.0551 1636 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:08:33.0551 1636 HomeGroupListener - ok
16:08:33.0582 1636 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:08:33.0598 1636 HomeGroupProvider - ok
16:08:33.0676 1636 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
16:08:33.0676 1636 hpqcxs08 - ok
16:08:33.0691 1636 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
16:08:33.0691 1636 hpqddsvc - ok
16:08:33.0691 1636 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
16:08:33.0707 1636 HpSAMD - ok
16:08:33.0754 1636 [ 7F57926169C1B8ABA9274EA7D4B70F18 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
16:08:33.0769 1636 HPSLPSVC - ok
16:08:33.0832 1636 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:08:33.0832 1636 HTTP - ok
16:08:33.0863 1636 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:08:33.0863 1636 hwpolicy - ok
16:08:33.0910 1636 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:08:33.0910 1636 i8042prt - ok
16:08:33.0941 1636 [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
16:08:33.0941 1636 iaStor - ok
16:08:34.0019 1636 [ 6B24D1C3096DE796D15571079EA5E98C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
16:08:34.0019 1636 IAStorDataMgrSvc - ok
16:08:34.0066 1636 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:08:34.0081 1636 iaStorV - ok
16:08:34.0159 1636 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:08:34.0159 1636 idsvc - ok
16:08:34.0424 1636 [ 09CE164AFA8483E41808784D7FCA154E ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
16:08:34.0580 1636 igfx - ok
16:08:34.0627 1636 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:08:34.0627 1636 iirsp - ok
16:08:34.0690 1636 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
16:08:34.0690 1636 IKEEXT - ok
16:08:34.0768 1636 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
16:08:34.0768 1636 Impcd - ok
16:08:34.0861 1636 [ 51C98815721B44BF70E8AEB3FF3F57D6 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:08:34.0861 1636 IntcAzAudAddService - ok
16:08:34.0955 1636 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
16:08:34.0955 1636 IntcDAud - ok
16:08:35.0002 1636 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
16:08:35.0002 1636 intelide - ok
16:08:35.0033 1636 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:08:35.0033 1636 intelppm - ok
16:08:35.0064 1636 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:08:35.0064 1636 IPBusEnum - ok
16:08:35.0080 1636 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:08:35.0080 1636 IpFilterDriver - ok
16:08:35.0095 1636 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:08:35.0095 1636 IPMIDRV - ok
16:08:35.0111 1636 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:08:35.0111 1636 IPNAT - ok
16:08:35.0204 1636 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:08:35.0204 1636 iPod Service - ok
16:08:35.0267 1636 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:08:35.0267 1636 IRENUM - ok
16:08:35.0282 1636 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
16:08:35.0282 1636 isapnp - ok
16:08:35.0298 1636 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:08:35.0298 1636 iScsiPrt - ok
16:08:35.0345 1636 [ C9B4ECC187581E5BF3F76648884B7829 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
16:08:35.0345 1636 k57nd60a - ok
16:08:35.0376 1636 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:08:35.0376 1636 kbdclass - ok
16:08:35.0407 1636 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:08:35.0407 1636 kbdhid - ok
16:08:35.0423 1636 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
16:08:35.0423 1636 KeyIso - ok
16:08:35.0470 1636 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:08:35.0470 1636 KSecDD - ok
16:08:35.0485 1636 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:08:35.0485 1636 KSecPkg - ok
16:08:35.0501 1636 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:08:35.0501 1636 ksthunk - ok
16:08:35.0532 1636 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:08:35.0532 1636 KtmRm - ok
16:08:35.0594 1636 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:08:35.0610 1636 LanmanServer - ok
16:08:35.0626 1636 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:08:35.0626 1636 LanmanWorkstation - ok
16:08:35.0704 1636 [ 2331CEE3E37FE139E222EEDA535C4455 ] LGE NDIS Connection Service C:\Program Files (x86)\LG Electronics\LGE LTE Driver\LGVL600SVC.exe
16:08:35.0719 1636 LGE NDIS Connection Service - ok
16:08:35.0750 1636 [ 669FCF8E2D012FDB6C81EDB03487DA03 ] LGELTEBus C:\Windows\system32\DRIVERS\LGELTEBus.sys
16:08:35.0766 1636 LGELTEBus - ok
16:08:35.0828 1636 [ 5DDD5198D1C8C91FF72EE1DCAB9F6DB9 ] LGELTEmdm C:\Windows\system32\DRIVERS\LGELTEmdm.sys
16:08:35.0828 1636 LGELTEmdm - ok
16:08:35.0844 1636 [ D7D49FD2561F71F4B9DD2F773F565B51 ] LGELTEMux C:\Windows\system32\DRIVERS\LGELTEMux.sys
16:08:35.0860 1636 LGELTEMux - ok
16:08:35.0891 1636 [ 398340CFFFA04250967EAAFF6A6184BA ] LGELTENdis C:\Windows\system32\DRIVERS\LGELTENdis.sys
16:08:35.0891 1636 LGELTENdis - ok
16:08:35.0938 1636 [ 16EAA04EE37DA1410485EC6667EF1EEE ] LGELTEprt C:\Windows\system32\DRIVERS\LGELTEprt.sys
16:08:35.0938 1636 LGELTEprt - ok
16:08:35.0984 1636 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:08:35.0984 1636 lltdio - ok
16:08:36.0031 1636 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:08:36.0031 1636 lltdsvc - ok
16:08:36.0062 1636 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:08:36.0062 1636 lmhosts - ok
16:08:36.0156 1636 [ DBC1136A62BD4DECC3632DF650284C2E ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
16:08:36.0156 1636 LMS - ok
16:08:36.0187 1636 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:08:36.0187 1636 LSI_FC - ok
16:08:36.0203 1636 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:08:36.0203 1636 LSI_SAS - ok
16:08:36.0218 1636 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:08:36.0218 1636 LSI_SAS2 - ok
16:08:36.0218 1636 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:08:36.0234 1636 LSI_SCSI - ok
16:08:36.0250 1636 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:08:36.0265 1636 luafv - ok
16:08:36.0281 1636 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:08:36.0281 1636 Mcx2Svc - ok
16:08:36.0296 1636 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:08:36.0296 1636 megasas - ok
16:08:36.0312 1636 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:08:36.0328 1636 MegaSR - ok
16:08:36.0390 1636 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:08:36.0390 1636 MMCSS - ok
16:08:36.0406 1636 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:08:36.0406 1636 Modem - ok
16:08:36.0437 1636 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:08:36.0437 1636 monitor - ok
16:08:36.0452 1636 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:08:36.0452 1636 mouclass - ok
16:08:36.0468 1636 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:08:36.0468 1636 mouhid - ok
16:08:36.0499 1636 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:08:36.0499 1636 mountmgr - ok
16:08:36.0515 1636 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
16:08:36.0515 1636 mpio - ok
16:08:36.0530 1636 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:08:36.0530 1636 mpsdrv - ok
16:08:36.0562 1636 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:08:36.0562 1636 MRxDAV - ok
16:08:36.0608 1636 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:08:36.0608 1636 mrxsmb - ok
16:08:36.0655 1636 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:08:36.0671 1636 mrxsmb10 - ok
16:08:36.0686 1636 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:08:36.0686 1636 mrxsmb20 - ok
16:08:36.0702 1636 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
16:08:36.0702 1636 msahci - ok
16:08:36.0733 1636 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
16:08:36.0733 1636 msdsm - ok
16:08:36.0764 1636 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:08:36.0764 1636 MSDTC - ok
16:08:36.0796 1636 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:08:36.0811 1636 Msfs - ok
16:08:36.0827 1636 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:08:36.0827 1636 mshidkmdf - ok
16:08:36.0827 1636 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
16:08:36.0827 1636 msisadrv - ok
16:08:36.0874 1636 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:08:36.0874 1636 MSiSCSI - ok
16:08:36.0874 1636 msiserver - ok
16:08:36.0905 1636 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:08:36.0920 1636 MSKSSRV - ok
16:08:36.0936 1636 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:08:36.0936 1636 MSPCLOCK - ok
16:08:36.0952 1636 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:08:36.0952 1636 MSPQM - ok
16:08:36.0983 1636 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:08:36.0983 1636 MsRPC - ok
16:08:37.0014 1636 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:08:37.0014 1636 mssmbios - ok
16:08:37.0030 1636 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:08:37.0030 1636 MSTEE - ok
16:08:37.0045 1636 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:08:37.0045 1636 MTConfig - ok
16:08:37.0076 1636 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:08:37.0076 1636 Mup - ok
16:08:37.0123 1636 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
16:08:37.0123 1636 napagent - ok
16:08:37.0217 1636 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:08:37.0217 1636 NativeWifiP - ok
16:08:37.0248 1636 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
16:08:37.0264 1636 NDIS - ok
16:08:37.0310 1636 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:08:37.0310 1636 NdisCap - ok
16:08:37.0342 1636 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:08:37.0342 1636 NdisTapi - ok
16:08:37.0373 1636 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:08:37.0373 1636 Ndisuio - ok
16:08:37.0388 1636 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:08:37.0388 1636 NdisWan - ok
16:08:37.0404 1636 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:08:37.0404 1636 NDProxy - ok
16:08:37.0498 1636 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
16:08:37.0498 1636 Nero BackItUp Scheduler 4.0 - ok
16:08:37.0576 1636 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
16:08:37.0576 1636 Net Driver HPZ12 - ok
16:08:37.0576 1636 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:08:37.0591 1636 NetBIOS - ok
16:08:37.0607 1636 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:08:37.0607 1636 NetBT - ok
16:08:37.0607 1636 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
16:08:37.0622 1636 Netlogon - ok
16:08:37.0669 1636 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:08:37.0669 1636 Netman - ok
16:08:37.0732 1636 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:08:37.0732 1636 netprofm - ok
16:08:37.0794 1636 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:08:37.0794 1636 NetTcpPortSharing - ok
16:08:37.0825 1636 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:08:37.0841 1636 nfrd960 - ok
16:08:37.0872 1636 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:08:37.0872 1636 NlaSvc - ok
16:08:37.0888 1636 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:08:37.0888 1636 Npfs - ok
16:08:37.0903 1636 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:08:37.0903 1636 nsi - ok
16:08:37.0903 1636 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:08:37.0903 1636 nsiproxy - ok
16:08:37.0981 1636 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:08:38.0012 1636 Ntfs - ok
16:08:38.0075 1636 [ 5B3CE960C62DBE864BE9A0BD043A3E30 ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
16:08:38.0075 1636 NTI IScheduleSvc - ok
16:08:38.0090 1636 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
16:08:38.0106 1636 NTIDrvr - ok
16:08:38.0137 1636 [ 4C08A14D04E62963E96E0BB57BBC953B ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
16:08:38.0137 1636 NuidFltr - ok
16:08:38.0153 1636 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:08:38.0153 1636 Null - ok
16:08:38.0215 1636 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:08:38.0215 1636 nvraid - ok
16:08:38.0262 1636 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:08:38.0262 1636 nvstor - ok
16:08:38.0293 1636 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
16:08:38.0309 1636 nv_agp - ok
16:08:38.0324 1636 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:08:38.0340 1636 ohci1394 - ok
16:08:38.0387 1636 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:08:38.0387 1636 ose - ok
16:08:38.0418 1636 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:08:38.0418 1636 p2pimsvc - ok
16:08:38.0465 1636 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:08:38.0465 1636 p2psvc - ok
16:08:38.0496 1636 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:08:38.0496 1636 Parport - ok
16:08:38.0543 1636 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:08:38.0543 1636 partmgr - ok
16:08:38.0558 1636 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:08:38.0558 1636 PcaSvc - ok
16:08:38.0574 1636 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
16:08:38.0574 1636 pci - ok
16:08:38.0590 1636 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
16:08:38.0590 1636 pciide - ok
16:08:38.0621 1636 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:08:38.0621 1636 pcmcia - ok
16:08:38.0683 1636 [ AF7CE12C4F3DC8CB2B07685C916BBCFE ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
16:08:38.0683 1636 pcouffin - ok
16:08:38.0683 1636 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:08:38.0683 1636 pcw - ok
16:08:38.0714 1636 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:08:38.0730 1636 PEAUTH - ok
16:08:38.0855 1636 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:08:38.0870 1636 PerfHost - ok
16:08:38.0917 1636 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
16:08:38.0933 1636 pla - ok
16:08:39.0011 1636 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:08:39.0026 1636 PlugPlay - ok
16:08:39.0058 1636 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
16:08:39.0073 1636 Pml Driver HPZ12 - ok
16:08:39.0073 1636 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:08:39.0089 1636 PNRPAutoReg - ok
16:08:39.0089 1636 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:08:39.0089 1636 PNRPsvc - ok
16:08:39.0136 1636 [ B8D8EC78B0F9ED8E220506181274F3D3 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
16:08:39.0136 1636 Point64 - ok
16:08:39.0167 1636 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:08:39.0182 1636 PolicyAgent - ok
16:08:39.0245 1636 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:08:39.0260 1636 Power - ok
16:08:39.0276 1636 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:08:39.0276 1636 PptpMiniport - ok
16:08:39.0292 1636 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:08:39.0292 1636 Processor - ok
16:08:39.0354 1636 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
16:08:39.0354 1636 ProfSvc - ok
16:08:39.0370 1636 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:08:39.0370 1636 ProtectedStorage - ok
16:08:39.0401 1636 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:08:39.0401 1636 Psched - ok
16:08:39.0494 1636 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:08:39.0510 1636 ql2300 - ok
16:08:39.0572 1636 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:08:39.0572 1636 ql40xx - ok
16:08:39.0604 1636 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:08:39.0604 1636 QWAVE - ok
16:08:39.0619 1636 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:08:39.0619 1636 QWAVEdrv - ok
16:08:39.0635 1636 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:08:39.0635 1636 RasAcd - ok
16:08:39.0666 1636 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:08:39.0666 1636 RasAgileVpn - ok
16:08:39.0682 1636 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:08:39.0682 1636 RasAuto - ok
16:08:39.0697 1636 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:08:39.0697 1636 Rasl2tp - ok
16:08:39.0728 1636 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
16:08:39.0744 1636 RasMan - ok
16:08:39.0760 1636 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:08:39.0760 1636 RasPppoe - ok
16:08:39.0760 1636 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:08:39.0760 1636 RasSstp - ok
16:08:39.0791 1636 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:08:39.0791 1636 rdbss - ok
16:08:39.0838 1636 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:08:39.0838 1636 rdpbus - ok
16:08:39.0853 1636 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:08:39.0853 1636 RDPCDD - ok
16:08:39.0884 1636 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:08:39.0884 1636 RDPENCDD - ok
16:08:39.0900 1636 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:08:39.0900 1636 RDPREFMP - ok
16:08:39.0962 1636 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:08:39.0962 1636 RDPWD - ok
16:08:39.0978 1636 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:08:39.0978 1636 rdyboost - ok
16:08:40.0009 1636 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:08:40.0009 1636 RemoteAccess - ok
16:08:40.0025 1636 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:08:40.0040 1636 RemoteRegistry - ok
16:08:40.0072 1636 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
16:08:40.0072 1636 RFCOMM - ok
16:08:40.0103 1636 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
16:08:40.0103 1636 RimUsb - ok
16:08:40.0134 1636 [ C903D49655B4AAE46673F0AAA6BE0F58 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
16:08:40.0134 1636 RimVSerPort - ok
16:08:40.0150 1636 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
16:08:40.0150 1636 ROOTMODEM - ok
16:08:40.0165 1636 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:08:40.0165 1636 RpcEptMapper - ok
16:08:40.0212 1636 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:08:40.0212 1636 RpcLocator - ok
16:08:40.0243 1636 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
16:08:40.0243 1636 RpcSs - ok
16:08:40.0259 1636 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:08:40.0259 1636 rspndr - ok
16:08:40.0306 1636 [ CE2EF8030932B98832EB2F9580C5B1DD ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
16:08:40.0321 1636 RSUSBSTOR - ok
16:08:40.0368 1636 [ A5986B46C4348CB35EBB98F220948DF7 ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
16:08:40.0368 1636 rtl8192se - ok
16:08:40.0399 1636 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
16:08:40.0399 1636 SamSs - ok
16:08:40.0415 1636 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
16:08:40.0415 1636 sbp2port - ok
16:08:40.0430 1636 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:08:40.0430 1636 SCardSvr - ok
16:08:40.0446 1636 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:08:40.0446 1636 scfilter - ok
16:08:40.0524 1636 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
16:08:40.0540 1636 Schedule - ok
16:08:40.0618 1636 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:08:40.0618 1636 SCPolicySvc - ok
16:08:40.0649 1636 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:08:40.0649 1636 SDRSVC - ok
16:08:40.0680 1636 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:08:40.0680 1636 secdrv - ok
16:08:40.0696 1636 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
16:08:40.0711 1636 seclogon - ok
16:08:40.0727 1636 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
16:08:40.0727 1636 SENS - ok
16:08:40.0742 1636 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:08:40.0742 1636 SensrSvc - ok
16:08:40.0758 1636 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:08:40.0758 1636 Serenum - ok
16:08:40.0789 1636 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:08:40.0789 1636 Serial - ok
16:08:40.0820 1636 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:08:40.0820 1636 sermouse - ok
16:08:40.0836 1636 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
16:08:40.0836 1636 SessionEnv - ok
16:08:40.0852 1636 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
16:08:40.0852 1636 sffdisk - ok
16:08:40.0867 1636 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:08:40.0867 1636 sffp_mmc - ok
16:08:40.0867 1636 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
16:08:40.0867 1636 sffp_sd - ok
16:08:40.0883 1636 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:08:40.0883 1636 sfloppy - ok
16:08:40.0930 1636 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:08:40.0930 1636 ShellHWDetection - ok
16:08:41.0008 1636 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:08:41.0008 1636 SiSRaid2 - ok
16:08:41.0023 1636 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:08:41.0023 1636 SiSRaid4 - ok
16:08:41.0101 1636 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
16:08:41.0117 1636 SkypeUpdate - ok
16:08:41.0132 1636 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:08:41.0132 1636 Smb - ok
16:08:41.0164 1636 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:08:41.0179 1636 SNMPTRAP - ok
16:08:41.0179 1636 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:08:41.0179 1636 spldr - ok
16:08:41.0226 1636 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
16:08:41.0242 1636 Spooler - ok
16:08:41.0351 1636 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
16:08:41.0413 1636 sppsvc - ok
16:08:41.0460 1636 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:08:41.0460 1636 sppuinotify - ok
16:08:41.0538 1636 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:08:41.0538 1636 srv - ok
16:08:41.0569 1636 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:08:41.0569 1636 srv2 - ok
16:08:41.0647 1636 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:08:41.0647 1636 srvnet - ok
16:08:41.0678 1636 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:08:41.0678 1636 SSDPSRV - ok
16:08:41.0741 1636 [ 4B8CDC023E8A7EBABFEFCD2DE67FD488 ] SSLDrv C:\Windows\system32\DRIVERS\SSLDrv.sys
16:08:41.0741 1636 SSLDrv - ok
16:08:41.0756 1636 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:08:41.0756 1636 SstpSvc - ok
16:08:41.0788 1636 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:08:41.0788 1636 stexstor - ok
16:08:41.0819 1636 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
16:08:41.0834 1636 stisvc - ok
16:08:41.0897 1636 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:08:41.0897 1636 swenum - ok
16:08:41.0928 1636 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:08:41.0928 1636 swprv - ok
16:08:42.0037 1636 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
16:08:42.0068 1636 SysMain - ok
16:08:42.0084 1636 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:08:42.0100 1636 TabletInputService - ok
16:08:42.0115 1636 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
16:08:42.0115 1636 TapiSrv - ok
16:08:42.0146 1636 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:08:42.0146 1636 TBS - ok
16:08:42.0224 1636 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:08:42.0271 1636 Tcpip - ok
16:08:42.0318 1636 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:08:42.0334 1636 TCPIP6 - ok
16:08:42.0349 1636 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:08:42.0349 1636 tcpipreg - ok
16:08:42.0365 1636 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:08:42.0365 1636 TDPIPE - ok
16:08:42.0427 1636 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:08:42.0427 1636 TDTCP - ok
16:08:42.0443 1636 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:08:42.0443 1636 tdx - ok
16:08:42.0458 1636 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:08:42.0458 1636 TermDD - ok
16:08:42.0490 1636 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
16:08:42.0490 1636 TermService - ok
16:08:42.0521 1636 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:08:42.0521 1636 Themes - ok
16:08:42.0521 1636 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:08:42.0521 1636 THREADORDER - ok
16:08:42.0552 1636 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:08:42.0552 1636 TrkWks - ok
16:08:42.0614 1636 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:08:42.0614 1636 TrustedInstaller - ok
16:08:42.0630 1636 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:08:42.0630 1636 tssecsrv - ok
16:08:42.0646 1636 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:08:42.0646 1636 tunnel - ok
16:08:42.0661 1636 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:08:42.0661 1636 uagp35 - ok
16:08:42.0692 1636 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
16:08:42.0692 1636 UBHelper - ok
16:08:42.0708 1636 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:08:42.0724 1636 udfs - ok
16:08:42.0739 1636 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:08:42.0739 1636 UI0Detect - ok
16:08:42.0786 1636 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
16:08:42.0786 1636 uliagpkx - ok
16:08:42.0802 1636 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:08:42.0817 1636 umbus - ok
16:08:42.0817 1636 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:08:42.0817 1636 UmPass - ok
16:08:42.0895 1636 [ 7466809E6DA561D60C2F1CE8EDE3C73F ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
16:08:42.0942 1636 UNS - ok
16:08:43.0004 1636 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
16:08:43.0004 1636 Updater Service - ok
16:08:43.0036 1636 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:08:43.0036 1636 upnphost - ok
16:08:43.0098 1636 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
16:08:43.0098 1636 USBAAPL64 - ok
16:08:43.0129 1636 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:08:43.0129 1636 usbccgp - ok
16:08:43.0145 1636 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
16:08:43.0145 1636 usbcir - ok
16:08:43.0176 1636 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\drivers\usbehci.sys
16:08:43.0176 1636 usbehci - ok
16:08:43.0207 1636 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:08:43.0223 1636 usbhub - ok
16:08:43.0270 1636 [ 957EC5620FB055E9DF2250D6FA4188E1 ] USBMULCD C:\Windows\system32\drivers\CM10664.sys
16:08:43.0301 1636 USBMULCD - ok
16:08:43.0332 1636 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:08:43.0332 1636 usbohci - ok
16:08:43.0363 1636 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:08:43.0363 1636 usbprint - ok
16:08:43.0394 1636 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:08:43.0394 1636 usbscan - ok
16:08:43.0441 1636 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:08:43.0441 1636 USBSTOR - ok
16:08:43.0472 1636 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:08:43.0472 1636 usbuhci - ok
16:08:43.0519 1636 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
16:08:43.0519 1636 usbvideo - ok
16:08:43.0535 1636 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:08:43.0535 1636 UxSms - ok
16:08:43.0566 1636 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
16:08:43.0566 1636 VaultSvc - ok
16:08:43.0597 1636 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
16:08:43.0597 1636 vdrvroot - ok
16:08:43.0613 1636 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
16:08:43.0628 1636 vds - ok
16:08:43.0644 1636 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:08:43.0644 1636 vga - ok
16:08:43.0660 1636 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:08:43.0660 1636 VgaSave - ok
16:08:43.0691 1636 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
16:08:43.0691 1636 vhdmp - ok
16:08:43.0722 1636 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
16:08:43.0722 1636 viaide - ok
16:08:43.0738 1636 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
16:08:43.0738 1636 volmgr - ok
16:08:43.0753 1636 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:08:43.0753 1636 volmgrx - ok
16:08:43.0784 1636 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
16:08:43.0784 1636 volsnap - ok
16:08:43.0878 1636 [ 34756733F0480D68E519E80E22E05D12 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
16:08:43.0878 1636 vpnagent - ok
16:08:43.0972 1636 [ E526A69D932538AE8BC96B3F4A5A90B1 ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
16:08:43.0972 1636 vpnva - ok
16:08:44.0003 1636 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:08:44.0003 1636 vsmraid - ok
16:08:44.0050 1636 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
16:08:44.0081 1636 VSS - ok
16:08:44.0096 1636 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:08:44.0112 1636 vwifibus - ok
16:08:44.0128 1636 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:08:44.0128 1636 vwififlt - ok
16:08:44.0159 1636 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:08:44.0159 1636 W32Time - ok
16:08:44.0159 1636 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:08:44.0159 1636 WacomPen - ok
16:08:44.0190 1636 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:08:44.0190 1636 WANARP - ok
16:08:44.0190 1636 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:08:44.0190 1636 Wanarpv6 - ok
16:08:44.0268 1636 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:08:44.0299 1636 WatAdminSvc - ok
16:08:44.0346 1636 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
16:08:44.0377 1636 wbengine - ok
16:08:44.0408 1636 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:08:44.0408 1636 WbioSrvc - ok
16:08:44.0455 1636 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:08:44.0471 1636 wcncsvc - ok
16:08:44.0486 1636 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:08:44.0486 1636 WcsPlugInService - ok
16:08:44.0486 1636 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:08:44.0502 1636 Wd - ok
16:08:44.0549 1636 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:08:44.0549 1636 Wdf01000 - ok
16:08:44.0580 1636 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:08:44.0580 1636 WdiServiceHost - ok
16:08:44.0596 1636 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:08:44.0596 1636 WdiSystemHost - ok
16:08:44.0642 1636 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
16:08:44.0642 1636 WebClient - ok
16:08:44.0658 1636 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:08:44.0658 1636 Wecsvc - ok
16:08:44.0674 1636 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:08:44.0689 1636 wercplsupport - ok
16:08:44.0720 1636 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:08:44.0720 1636 WerSvc - ok
16:08:44.0736 1636 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:08:44.0736 1636 WfpLwf - ok
16:08:44.0752 1636 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:08:44.0752 1636 WIMMount - ok
16:08:44.0752 1636 WinHttpAutoProxySvc - ok
16:08:44.0798 1636 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:08:44.0814 1636 Winmgmt - ok
16:08:44.0876 1636 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
16:08:44.0908 1636 WinRM - ok
16:08:44.0986 1636 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:08:44.0986 1636 WinUsb - ok
16:08:45.0017 1636 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:08:45.0032 1636 Wlansvc - ok
16:08:45.0142 1636 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:08:45.0188 1636 wlidsvc - ok
16:08:45.0204 1636 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:08:45.0204 1636 WmiAcpi - ok
16:08:45.0220 1636 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:08:45.0220 1636 wmiApSrv - ok
16:08:45.0235 1636 WMPNetworkSvc - ok
16:08:45.0251 1636 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:08:45.0251 1636 WPCSvc - ok
16:08:45.0266 1636 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:08:45.0266 1636 WPDBusEnum - ok
16:08:45.0282 1636 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:08:45.0282 1636 ws2ifsl - ok
16:08:45.0282 1636 WSearch - ok
16:08:45.0329 1636 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:08:45.0329 1636 WudfPf - ok
16:08:45.0391 1636 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:08:45.0391 1636 WUDFRd - ok
16:08:45.0438 1636 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:08:45.0438 1636 wudfsvc - ok
16:08:45.0469 1636 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:08:45.0469 1636 WwanSvc - ok
16:08:45.0516 1636 ================ Scan global ===============================
16:08:45.0547 1636 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:08:45.0594 1636 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\system32\winsrv.dll
16:08:45.0610 1636 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\system32\winsrv.dll
16:08:45.0641 1636 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:08:45.0672 1636 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:08:45.0672 1636 [Global] - ok
16:08:45.0672 1636 ================ Scan MBR ==================================
16:08:45.0688 1636 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:08:45.0688 1636 Suspicious mbr (Forged): \Device\Harddisk0\DR0
16:08:45.0750 1636 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
16:08:45.0750 1636 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
16:08:45.0844 1636 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
16:08:45.0844 1636 \Device\Harddisk0\DR0 - detected TDSS File System (1)
16:08:45.0844 1636 ================ Scan VBR ==================================
16:08:45.0844 1636 [ F9F9348EFC3BD7F277C71C43C14EED78 ] \Device\Harddisk0\DR0\Partition1
16:08:45.0844 1636 \Device\Harddisk0\DR0\Partition1 - ok
16:08:45.0906 1636 [ 3B70DBE9BED50254DD67E4E487893981 ] \Device\Harddisk0\DR0\Partition2
16:08:45.0906 1636 \Device\Harddisk0\DR0\Partition2 - ok
16:08:45.0906 1636 ============================================================
16:08:45.0906 1636 Scan finished
16:08:45.0906 1636 ============================================================
16:08:45.0906 2388 Detected object count: 2
16:08:45.0906 2388 Actual detected object count: 2
16:08:58.0963 2388 \Device\Harddisk0\DR0\# - copied to quarantine
16:08:58.0963 2388 \Device\Harddisk0\DR0 - copied to quarantine
16:08:59.0041 2388 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
16:08:59.0041 2388 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
16:08:59.0057 2388 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
16:08:59.0072 2388 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
16:08:59.0072 2388 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
16:08:59.0072 2388 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
16:08:59.0072 2388 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
16:08:59.0088 2388 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
16:08:59.0088 2388 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
16:08:59.0088 2388 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
16:08:59.0088 2388 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
16:08:59.0088 2388 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
16:08:59.0119 2388 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
16:08:59.0119 2388 \Device\Harddisk0\DR0 - ok
16:08:59.0244 2388 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
16:08:59.0244 2388 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
16:08:59.0244 2388 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
16:09:08.0557 4444 Deinitialize success


aswMBR Log

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-18 17:14:59
-----------------------------
17:14:59.319 OS Version: Windows x64 6.1.7600
17:14:59.319 Number of processors: 4 586 0x2505
17:14:59.319 ComputerName: EVANWILLIAMS UserName:
17:15:00.021 Initialize success
17:15:13.047 AVAST engine defs: 12111801
17:15:49.254 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:15:49.254 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
17:15:49.254 Disk 0 MBR read successfully
17:15:49.254 Disk 0 MBR scan
17:15:49.270 Disk 0 Windows 7 default MBR code
17:15:49.270 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
17:15:49.285 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27265024
17:15:49.317 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 291831 MB offset 27469824
17:15:49.332 Disk 0 scanning C:\Windows\system32\drivers
17:15:58.583 Service scanning
17:16:17.771 Modules scanning
17:16:17.771 Disk 0 trace - called modules:
17:16:17.787 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
17:16:17.802 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005f94060]
17:16:17.802 3 CLASSPNP.SYS[fffff88001b4343f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004f52050]
17:16:19.253 AVAST engine scan C:\Windows
17:16:21.515 AVAST engine scan C:\Windows\system32
17:17:44.226 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
17:17:46.208 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
17:19:49.588 AVAST engine scan C:\Windows\system32\drivers
17:20:14.767 AVAST engine scan C:\Users\Evan Williams
17:53:23.146 AVAST engine scan C:\ProgramData
17:57:04.994 Scan finished successfully
18:04:24.529 Disk 0 MBR has been saved successfully to "C:\Users\Evan Williams\Documents\MBR.dat"
18:04:24.534 The log file has been saved successfully to "C:\Users\Evan Williams\Documents\aswMBR.txt"



ESET Log

C:\TDSSKiller_Quarantine\18.11.2012_16.08.03\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.11.2012_16.08.03\mbr0000\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.11.2012_16.08.03\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.11.2012_16.08.03\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.11.2012_16.08.03\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\Users\Evan Williams\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NYV32GLB\firstload_com[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\Evan Williams\AppData\Roaming\wumdtf.dll a variant of Win32/Medfos.FI trojan cleaned by deleting (after the next restart) - quarantined
Operating memory multiple threats

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:21 AM

Posted 19 November 2012 - 08:28 AM

Run TDSSkiller again and select DELETE for this

16:08:59.0244 2388 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

Post the new log

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#5 Willi136

Willi136
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 20 November 2012 - 06:29 PM

Narenxp,

I decided to do a clean wipe and start from scratch. Everything is working fine now.

Thanks for your help,

Evan

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:21 AM

Posted 20 November 2012 - 09:59 PM

Thankyou for letting us know :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users