Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Laptop and Trojan Emerging


  • This topic is locked This topic is locked
5 replies to this topic

#1 mypcisdead

mypcisdead

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 19 January 2013 - 08:47 AM

Hi guys, it's been a while since I've been here. You helped me awesomely, so with my girlfriend complaining about her laptop, this is the first place I thought of to look for help.

The Problems:
- The laptop is running very slow; it also freezes a lot when playing e.g. World of Warcraft on lowest resolution (which she always ran it on).
- She mentioned a Trojan warning (she did not remember which one), and the laptop freezing when she clicked "move to vault".

What was already done:
I did a re-install of her laptop using the Packard-Bell restore software (not back to a restore point, but back to original). The laptop seems a bit faster, but it is still slower than it used to be. I did not notice any Trojans for the time I was on her computer; the Trojan seems to have emerged this morning. All she did was facebook and WOW.

System:
Make: Packard-Bell
Processor: Intel Pentium Dual CPU T2390 @ 1.87 GHz
Memory (RAM): 3.00 GB
System type: 32-bit Operating System

Operating System: Windows Vista Home Basic, Service Pack 1

Please advise; any help would be greatly appreciated!

Kind Regards,
Frank

Edited by hamluis, 19 January 2013 - 01:45 PM.
Moved from Vista to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:26 AM

Posted 19 January 2013 - 08:59 AM

Hello, although factory reset should have cleaned all there is a possibility of MBR infection and did you reload you files without scanning them as you may have put malware back on.



Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.



Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.

Edited by boopme, 19 January 2013 - 09:00 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 mypcisdead

mypcisdead
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 20 January 2013 - 11:44 AM

Hi boopme, thanks for the help. See the logs you requested below.

Additional remark: the laptop fan makes a lot of noise as well.



aswMBR:

- When I ran it the first time, my girlfriend stopped it, thinking it was done. This is the log from that run:
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-20 13:40:25
-----------------------------
13:40:25.248 OS Version: Windows 6.0.6001 Service Pack 1
13:40:25.248 Number of processors: 2 586 0xF0D
13:40:25.248 ComputerName: LAILA-PC UserName: Laila
13:40:34.095 Initialize success
13:42:07.555 AVAST engine defs: 13012000
13:42:16.010 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
13:42:16.025 Disk 0 Vendor: Hitachi_HTS543216L9A300 FB2OC40C Size: 152627MB BusType: 3
13:42:16.072 Disk 0 MBR read successfully
13:42:16.088 Disk 0 MBR scan
13:42:16.103 Disk 0 Windows VISTA default MBR code
13:42:16.103 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10244 MB offset 63
13:42:16.150 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 142382 MB offset 20980890
13:42:16.181 Disk 0 scanning sectors +312579760
13:42:16.307 Disk 0 scanning C:\Windows\system32\drivers
13:42:39.630 Service scanning
13:43:10.231 Modules scanning
13:43:21.808 Disk 0 trace - called modules:
13:43:21.839 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
13:43:22.354 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85252ac8]
13:43:22.354 3 CLASSPNP.SYS[89bcc745] -> nt!IofCallDriver -> [0x84a2a408]
13:43:22.370 5 acpi.sys[8949a6a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x84a4c5e8]
13:43:23.711 AVAST engine scan C:\Windows
13:43:27.720 AVAST engine scan C:\Windows\system32
13:50:21.692 AVAST engine scan C:\Windows\system32\drivers
13:50:37.744 AVAST engine scan C:\Users\Laila
14:06:20.040 Disk 0 MBR has been saved successfully to "C:\Users\Laila\Desktop\MBR.dat"
14:06:20.071 The log file has been saved successfully to "C:\Users\Laila\Desktop\aswMBR.txt"

- I ran it again, as I did not think it ran fully (and I was right). Thid is the log from that run:
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-20 14:07:23
-----------------------------
14:07:23.921 OS Version: Windows 6.0.6001 Service Pack 1
14:07:23.921 Number of processors: 2 586 0xF0D
14:07:23.921 ComputerName: LAILA-PC UserName: Laila
14:07:24.904 Initialize success
14:07:42.564 AVAST engine defs: 13012000
14:08:04.920 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
14:08:04.920 Disk 0 Vendor: Hitachi_HTS543216L9A300 FB2OC40C Size: 152627MB BusType: 3
14:08:05.122 Disk 0 MBR read successfully
14:08:05.122 Disk 0 MBR scan
14:08:05.138 Disk 0 Windows VISTA default MBR code
14:08:05.154 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10244 MB offset 63
14:08:05.200 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 142382 MB offset 20980890
14:08:05.247 Disk 0 scanning sectors +312579760
14:08:05.481 Disk 0 scanning C:\Windows\system32\drivers
14:08:33.861 Service scanning
14:09:05.126 Modules scanning
14:09:17.546 Disk 0 trace - called modules:
14:09:17.577 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
14:09:18.092 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85252ac8]
14:09:18.092 3 CLASSPNP.SYS[89bcc745] -> nt!IofCallDriver -> [0x84a2a408]
14:09:18.107 5 acpi.sys[8949a6a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x84a4c5e8]
14:09:19.215 AVAST engine scan C:\Windows
14:09:24.878 AVAST engine scan C:\Windows\system32
14:13:25.321 AVAST engine scan C:\Windows\system32\drivers
14:13:43.065 AVAST engine scan C:\Users\Laila
14:37:26.699 AVAST engine scan C:\ProgramData
14:48:31.424 Scan finished successfully
14:49:58.396 Disk 0 MBR has been saved successfully to "C:\Users\Laila\Desktop\MBR.dat"
14:49:58.411 The log file has been saved successfully to "C:\Users\Laila\Desktop\aswMBR.txt"




TDSSKiller:

14:51:17.0109 0852 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:51:17.0265 0852 ============================================================
14:51:17.0265 0852 Current date / time: 2013/01/20 14:51:17.0265
14:51:17.0265 0852 SystemInfo:
14:51:17.0265 0852
14:51:17.0265 0852 OS Version: 6.0.6001 ServicePack: 1.0
14:51:17.0265 0852 Product type: Workstation
14:51:17.0265 0852 ComputerName: LAILA-PC
14:51:17.0265 0852 UserName: Laila
14:51:17.0265 0852 Windows directory: C:\Windows
14:51:17.0265 0852 System windows directory: C:\Windows
14:51:17.0265 0852 Processor architecture: Intel x86
14:51:17.0265 0852 Number of processors: 2
14:51:17.0265 0852 Page size: 0x1000
14:51:17.0265 0852 Boot type: Normal boot
14:51:17.0265 0852 ============================================================
14:51:18.0981 0852 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:51:19.0043 0852 ============================================================
14:51:19.0043 0852 \Device\Harddisk0\DR0:
14:51:19.0074 0852 MBR partitions:
14:51:19.0074 0852 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x140249A, BlocksNum 0x11617216
14:51:19.0074 0852 ============================================================
14:51:19.0152 0852 C: <-> \Device\Harddisk0\DR0\Partition1
14:51:19.0152 0852 ============================================================
14:51:19.0152 0852 Initialize success
14:51:19.0152 0852 ============================================================
14:51:54.0378 1040 ============================================================
14:51:54.0378 1040 Scan started
14:51:54.0378 1040 Mode: Manual; TDLFS;
14:51:54.0378 1040 ============================================================
14:51:55.0002 1040 ================ Scan system memory ========================
14:51:55.0002 1040 System memory - ok
14:51:55.0002 1040 ================ Scan services =============================
14:51:55.0189 1040 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys
14:51:55.0189 1040 ACPI - ok
14:51:55.0267 1040 [ E8FE4FCE23D2809BD88BCC1D0F8408CE ] AdobeActiveFileMonitor6.0 C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
14:51:55.0267 1040 AdobeActiveFileMonitor6.0 - ok
14:51:55.0330 1040 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:51:55.0330 1040 adp94xx - ok
14:51:55.0377 1040 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:51:55.0377 1040 adpahci - ok
14:51:55.0423 1040 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
14:51:55.0423 1040 adpu160m - ok
14:51:55.0439 1040 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:51:55.0439 1040 adpu320 - ok
14:51:55.0501 1040 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:51:55.0501 1040 AeLookupSvc - ok
14:51:55.0564 1040 [ 48EB99503533C27AC6135648E5474457 ] AFD C:\Windows\system32\drivers\afd.sys
14:51:55.0579 1040 AFD - ok
14:51:55.0626 1040 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
14:51:55.0626 1040 aic78xx - ok
14:51:55.0657 1040 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
14:51:55.0657 1040 ALG - ok
14:51:55.0689 1040 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
14:51:55.0689 1040 aliide - ok
14:51:55.0704 1040 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
14:51:55.0704 1040 amdagp - ok
14:51:55.0720 1040 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
14:51:55.0735 1040 amdide - ok
14:51:55.0782 1040 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
14:51:55.0782 1040 AmdK7 - ok
14:51:55.0798 1040 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:51:55.0798 1040 AmdK8 - ok
14:51:55.0860 1040 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
14:51:55.0860 1040 Appinfo - ok
14:51:56.0001 1040 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:51:56.0001 1040 Apple Mobile Device - ok
14:51:56.0063 1040 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
14:51:56.0063 1040 arc - ok
14:51:56.0094 1040 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:51:56.0094 1040 arcsas - ok
14:51:56.0172 1040 [ 66597AD6098352D11239C0C42100B176 ] ASLDRService C:\Program Files\ATK Hotkey\ASLDRSrv.exe
14:51:56.0172 1040 ASLDRService - ok
14:51:56.0250 1040 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:51:56.0250 1040 AsyncMac - ok
14:51:56.0281 1040 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
14:51:56.0281 1040 atapi - ok
14:51:56.0344 1040 [ D5ABEB24A3A3138B35F88931FB04E100 ] athr C:\Windows\system32\DRIVERS\athr.sys
14:51:56.0363 1040 athr - ok
14:51:56.0445 1040 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:51:56.0445 1040 AudioEndpointBuilder - ok
14:51:56.0461 1040 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll
14:51:56.0477 1040 Audiosrv - ok
14:51:56.0586 1040 [ B9AE3C63A53396CD669EF8AE9C9CBD85 ] avg8emc C:\PROGRA~1\AVG\AVG8\avgemc.exe
14:51:56.0601 1040 avg8emc - ok
14:51:56.0633 1040 [ DB338A6BD3976904EB0F8343F51E64EB ] avg8wd C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
14:51:56.0648 1040 avg8wd - ok
14:51:56.0679 1040 [ BC12F2404BB6F2B6B2FF3C4C246CB752 ] AvgLdx86 C:\Windows\System32\Drivers\avgldx86.sys
14:51:56.0742 1040 AvgLdx86 - ok
14:51:56.0773 1040 [ 5903D729D4F0C5BCA74123C96A1B29E0 ] AvgMfx86 C:\Windows\System32\Drivers\avgmfx86.sys
14:51:56.0804 1040 AvgMfx86 - ok
14:51:56.0835 1040 [ 92D8E1E8502E649B60E70074EB29C380 ] AvgTdiX C:\Windows\System32\Drivers\avgtdix.sys
14:51:56.0867 1040 AvgTdiX - ok
14:51:56.0945 1040 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
14:51:56.0945 1040 Beep - ok
14:51:56.0991 1040 [ 8582E233C346AEFE759833E8A30DD697 ] BFE C:\Windows\System32\bfe.dll
14:51:57.0007 1040 BFE - ok
14:51:57.0069 1040 [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS C:\Windows\System32\qmgr.dll
14:51:57.0101 1040 BITS - ok
14:51:57.0132 1040 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
14:51:57.0132 1040 blbdrive - ok
14:51:57.0257 1040 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:51:57.0272 1040 Bonjour Service - ok
14:51:57.0335 1040 [ 8153396D5551276227FA146900F734E6 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:51:57.0335 1040 bowser - ok
14:51:57.0350 1040 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
14:51:57.0350 1040 BrFiltLo - ok
14:51:57.0381 1040 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
14:51:57.0381 1040 BrFiltUp - ok
14:51:57.0428 1040 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
14:51:57.0428 1040 Browser - ok
14:51:57.0475 1040 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
14:51:57.0506 1040 Brserid - ok
14:51:57.0522 1040 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
14:51:57.0522 1040 BrSerWdm - ok
14:51:57.0553 1040 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
14:51:57.0553 1040 BrUsbMdm - ok
14:51:57.0569 1040 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
14:51:57.0600 1040 BrUsbSer - ok
14:51:57.0631 1040 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:51:57.0631 1040 BTHMODEM - ok
14:51:57.0678 1040 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:51:57.0693 1040 cdfs - ok
14:51:57.0709 1040 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:51:57.0709 1040 cdrom - ok
14:51:57.0756 1040 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll
14:51:57.0756 1040 CertPropSvc - ok
14:51:57.0771 1040 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
14:51:57.0771 1040 circlass - ok
14:51:57.0818 1040 [ 0703B9DEE7EEC6D6370EDEBD43D0F5C2 ] CLFS C:\Windows\system32\CLFS.sys
14:51:57.0818 1040 CLFS - ok
14:51:57.0912 1040 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:51:57.0927 1040 clr_optimization_v2.0.50727_32 - ok
14:51:58.0068 1040 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:51:58.0099 1040 clr_optimization_v4.0.30319_32 - ok
14:51:58.0161 1040 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:51:58.0177 1040 CmBatt - ok
14:51:58.0208 1040 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:51:58.0208 1040 cmdide - ok
14:51:58.0239 1040 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:51:58.0239 1040 Compbatt - ok
14:51:58.0255 1040 COMSysApp - ok
14:51:58.0302 1040 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:51:58.0302 1040 crcdisk - ok
14:51:58.0317 1040 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
14:51:58.0333 1040 Crusoe - ok
14:51:58.0395 1040 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:51:58.0395 1040 CryptSvc - ok
14:51:58.0505 1040 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:51:58.0505 1040 DcomLaunch - ok
14:51:58.0567 1040 [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:51:58.0567 1040 DfsC - ok
14:51:58.0801 1040 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe
14:51:58.0895 1040 DFSR - ok
14:51:59.0019 1040 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
14:51:59.0019 1040 Dhcp - ok
14:51:59.0066 1040 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys
14:51:59.0066 1040 disk - ok
14:51:59.0129 1040 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:51:59.0160 1040 Dnscache - ok
14:51:59.0207 1040 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll
14:51:59.0207 1040 dot3svc - ok
14:51:59.0238 1040 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
14:51:59.0253 1040 DPS - ok
14:51:59.0285 1040 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:51:59.0300 1040 drmkaud - ok
14:51:59.0378 1040 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:51:59.0394 1040 DXGKrnl - ok
14:51:59.0441 1040 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
14:51:59.0441 1040 E1G60 - ok
14:51:59.0503 1040 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
14:51:59.0503 1040 EapHost - ok
14:51:59.0534 1040 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys
14:51:59.0550 1040 Ecache - ok
14:51:59.0612 1040 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:51:59.0628 1040 elxstor - ok
14:51:59.0706 1040 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll
14:51:59.0721 1040 EMDMgmt - ok
14:51:59.0768 1040 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:51:59.0799 1040 ErrDev - ok
14:51:59.0909 1040 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll
14:51:59.0924 1040 EventSystem - ok
14:51:59.0955 1040 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys
14:51:59.0955 1040 exfat - ok
14:52:00.0002 1040 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:52:00.0002 1040 fastfat - ok
14:52:00.0049 1040 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:52:00.0049 1040 fdc - ok
14:52:00.0096 1040 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
14:52:00.0096 1040 fdPHost - ok
14:52:00.0111 1040 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
14:52:00.0111 1040 FDResPub - ok
14:52:00.0143 1040 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:52:00.0143 1040 FileInfo - ok
14:52:00.0174 1040 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:52:00.0174 1040 Filetrace - ok
14:52:00.0267 1040 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:52:00.0345 1040 FLEXnet Licensing Service - ok
14:52:00.0423 1040 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:52:00.0439 1040 flpydisk - ok
14:52:00.0486 1040 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:52:00.0486 1040 FltMgr - ok
14:52:00.0595 1040 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:52:00.0642 1040 FontCache3.0.0.0 - ok
14:52:00.0673 1040 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:52:00.0704 1040 Fs_Rec - ok
14:52:00.0735 1040 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:52:00.0735 1040 gagp30kx - ok
14:52:00.0798 1040 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:52:00.0813 1040 GEARAspiWDM - ok
14:52:00.0923 1040 [ FF0E0E6E5768B82BEAD44BFBCB9BDFE6 ] GoogleDesktopManager-010708-104812 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
14:52:00.0923 1040 GoogleDesktopManager-010708-104812 - ok
14:52:01.0016 1040 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll
14:52:01.0032 1040 gpsvc - ok
14:52:01.0157 1040 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
14:52:01.0157 1040 gupdate - ok
14:52:01.0172 1040 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
14:52:01.0188 1040 gupdatem - ok
14:52:01.0235 1040 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:52:01.0281 1040 gusvc - ok
14:52:01.0328 1040 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:52:01.0344 1040 HdAudAddService - ok
14:52:01.0359 1040 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:52:01.0359 1040 HDAudBus - ok
14:52:01.0375 1040 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:52:01.0391 1040 HidBth - ok
14:52:01.0406 1040 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
14:52:01.0407 1040 HidIr - ok
14:52:01.0454 1040 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\system32\hidserv.dll
14:52:01.0485 1040 hidserv - ok
14:52:01.0532 1040 [ E2B5BD48AFCC0F0974FB44641B223250 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:52:01.0532 1040 HidUsb - ok
14:52:01.0579 1040 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:52:01.0579 1040 hkmsvc - ok
14:52:01.0626 1040 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
14:52:01.0641 1040 HpCISSs - ok
14:52:01.0704 1040 [ 33B02459E86D0A2B86A6B9FE19139390 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:52:01.0704 1040 HTTP - ok
14:52:01.0719 1040 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
14:52:01.0719 1040 i2omp - ok
14:52:01.0766 1040 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:52:01.0782 1040 i8042prt - ok
14:52:01.0860 1040 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
14:52:01.0906 1040 iaStorV - ok
14:52:02.0110 1040 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:52:02.0141 1040 idsvc - ok
14:52:02.0173 1040 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:52:02.0188 1040 iirsp - ok
14:52:02.0235 1040 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT C:\Windows\System32\ikeext.dll
14:52:02.0251 1040 IKEEXT - ok
14:52:02.0703 1040 [ 2967E9C168CB5E0108A8A243AE179BAD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
14:52:02.0797 1040 IntcAzAudAddService - ok
14:52:02.0843 1040 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
14:52:02.0875 1040 intelide - ok
14:52:02.0906 1040 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:52:02.0906 1040 intelppm - ok
14:52:02.0937 1040 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:52:02.0937 1040 IPBusEnum - ok
14:52:02.0953 1040 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:52:02.0953 1040 IpFilterDriver - ok
14:52:03.0062 1040 [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:52:03.0140 1040 iphlpsvc - ok
14:52:03.0155 1040 IpInIp - ok
14:52:03.0202 1040 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
14:52:03.0218 1040 IPMIDRV - ok
14:52:03.0233 1040 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
14:52:03.0233 1040 IPNAT - ok
14:52:03.0327 1040 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:52:03.0343 1040 iPod Service - ok
14:52:03.0374 1040 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:52:03.0374 1040 IRENUM - ok
14:52:03.0405 1040 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:52:03.0405 1040 isapnp - ok
14:52:03.0421 1040 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
14:52:03.0436 1040 iScsiPrt - ok
14:52:03.0452 1040 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
14:52:03.0452 1040 iteatapi - ok
14:52:03.0467 1040 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
14:52:03.0467 1040 iteraid - ok
14:52:03.0499 1040 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:52:03.0499 1040 kbdclass - ok
14:52:03.0530 1040 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:52:03.0530 1040 kbdhid - ok
14:52:03.0592 1040 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso C:\Windows\system32\lsass.exe
14:52:03.0592 1040 KeyIso - ok
14:52:03.0670 1040 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:52:03.0686 1040 KSecDD - ok
14:52:03.0748 1040 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
14:52:03.0764 1040 KtmRm - ok
14:52:03.0826 1040 [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer C:\Windows\system32\srvsvc.dll
14:52:03.0842 1040 LanmanServer - ok
14:52:03.0904 1040 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:52:03.0920 1040 LanmanWorkstation - ok
14:52:03.0951 1040 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:52:03.0967 1040 lltdio - ok
14:52:04.0045 1040 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:52:04.0060 1040 lltdsvc - ok
14:52:04.0091 1040 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:52:04.0091 1040 lmhosts - ok
14:52:04.0138 1040 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:52:04.0138 1040 LSI_FC - ok
14:52:04.0154 1040 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:52:04.0154 1040 LSI_SAS - ok
14:52:04.0185 1040 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:52:04.0201 1040 LSI_SCSI - ok
14:52:04.0216 1040 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
14:52:04.0232 1040 luafv - ok
14:52:04.0263 1040 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
14:52:04.0263 1040 megasas - ok
14:52:04.0372 1040 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
14:52:04.0388 1040 MegaSR - ok
14:52:04.0435 1040 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
14:52:04.0435 1040 MMCSS - ok
14:52:04.0450 1040 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
14:52:04.0450 1040 Modem - ok
14:52:04.0481 1040 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:52:04.0481 1040 monitor - ok
14:52:04.0528 1040 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:52:04.0559 1040 mouclass - ok
14:52:04.0591 1040 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:52:04.0591 1040 mouhid - ok
14:52:04.0622 1040 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
14:52:04.0622 1040 MountMgr - ok
14:52:04.0653 1040 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
14:52:04.0653 1040 mpio - ok
14:52:04.0700 1040 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:52:04.0700 1040 mpsdrv - ok
14:52:04.0731 1040 [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc C:\Windows\system32\mpssvc.dll
14:52:04.0747 1040 MpsSvc - ok
14:52:04.0747 1040 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
14:52:04.0747 1040 Mraid35x - ok
14:52:04.0793 1040 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:52:04.0793 1040 MRxDAV - ok
14:52:04.0871 1040 [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:52:04.0918 1040 mrxsmb - ok
14:52:04.0949 1040 [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:52:04.0949 1040 mrxsmb10 - ok
14:52:04.0965 1040 [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:52:04.0981 1040 mrxsmb20 - ok
14:52:05.0059 1040 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
14:52:05.0074 1040 msahci - ok
14:52:05.0105 1040 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:52:05.0105 1040 msdsm - ok
14:52:05.0152 1040 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
14:52:05.0152 1040 MSDTC - ok
14:52:05.0215 1040 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:52:05.0215 1040 Msfs - ok
14:52:05.0246 1040 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:52:05.0246 1040 msisadrv - ok
14:52:05.0308 1040 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:52:05.0324 1040 MSiSCSI - ok
14:52:05.0339 1040 msiserver - ok
14:52:05.0402 1040 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:52:05.0402 1040 MSKSSRV - ok
14:52:05.0449 1040 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:52:05.0449 1040 MSPCLOCK - ok
14:52:05.0464 1040 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:52:05.0464 1040 MSPQM - ok
14:52:05.0511 1040 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:52:05.0542 1040 MsRPC - ok
14:52:05.0573 1040 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:52:05.0605 1040 mssmbios - ok
14:52:05.0667 1040 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:52:05.0667 1040 MSTEE - ok
14:52:05.0714 1040 [ 97AFFA9D95FFE20EEE6229BC6BE166CF ] MTsensor C:\Windows\system32\DRIVERS\ATKACPI.sys
14:52:05.0729 1040 MTsensor - ok
14:52:05.0761 1040 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys
14:52:05.0792 1040 Mup - ok
14:52:05.0901 1040 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll
14:52:05.0932 1040 napagent - ok
14:52:05.0963 1040 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:52:05.0963 1040 NativeWifiP - ok
14:52:06.0041 1040 [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:52:06.0057 1040 NDIS - ok
14:52:06.0073 1040 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:52:06.0073 1040 NdisTapi - ok
14:52:06.0119 1040 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:52:06.0135 1040 Ndisuio - ok
14:52:06.0166 1040 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:52:06.0166 1040 NdisWan - ok
14:52:06.0182 1040 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:52:06.0182 1040 NDProxy - ok
14:52:06.0307 1040 [ C5052FB77AA42ED440F9F6B4E37145A9 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
14:52:06.0338 1040 Nero BackItUp Scheduler 3 - ok
14:52:06.0369 1040 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:52:06.0369 1040 NetBIOS - ok
14:52:06.0416 1040 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
14:52:06.0416 1040 netbt - ok
14:52:06.0432 1040 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon C:\Windows\system32\lsass.exe
14:52:06.0432 1040 Netlogon - ok
14:52:06.0510 1040 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
14:52:06.0510 1040 Netman - ok
14:52:06.0557 1040 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
14:52:06.0557 1040 netprofm - ok
14:52:06.0620 1040 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:52:06.0620 1040 NetTcpPortSharing - ok
14:52:06.0651 1040 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:52:06.0651 1040 nfrd960 - ok
14:52:06.0698 1040 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:52:06.0713 1040 NlaSvc - ok
14:52:06.0838 1040 [ 4999D340B0D6B3E47666CF5E25C9C8F3 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
14:52:07.0275 1040 NMIndexingService - ok
14:52:07.0290 1040 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:52:07.0290 1040 Npfs - ok
14:52:07.0337 1040 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
14:52:07.0337 1040 nsi - ok
14:52:07.0384 1040 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:52:07.0400 1040 nsiproxy - ok
14:52:07.0462 1040 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:52:07.0493 1040 Ntfs - ok
14:52:07.0540 1040 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
14:52:07.0540 1040 ntrigdigi - ok
14:52:07.0571 1040 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
14:52:07.0571 1040 Null - ok
14:52:07.0587 1040 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:52:07.0602 1040 nvraid - ok
14:52:07.0618 1040 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:52:07.0618 1040 nvstor - ok
14:52:07.0649 1040 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:52:07.0680 1040 nv_agp - ok
14:52:07.0680 1040 NwlnkFlt - ok
14:52:07.0696 1040 NwlnkFwd - ok
14:52:07.0712 1040 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:52:07.0727 1040 ohci1394 - ok
14:52:07.0946 1040 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll
14:52:07.0961 1040 p2pimsvc - ok
14:52:08.0070 1040 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll
14:52:08.0070 1040 p2psvc - ok
14:52:08.0148 1040 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
14:52:08.0164 1040 Parport - ok
14:52:08.0195 1040 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:52:08.0195 1040 partmgr - ok
14:52:08.0226 1040 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
14:52:08.0226 1040 Parvdm - ok
14:52:08.0273 1040 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
14:52:08.0273 1040 PcaSvc - ok
14:52:08.0289 1040 [ 01B94418DEB235DFF777CC80076354B4 ] pci C:\Windows\system32\drivers\pci.sys
14:52:08.0304 1040 pci - ok
14:52:08.0351 1040 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
14:52:08.0367 1040 pciide - ok
14:52:08.0445 1040 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:52:08.0460 1040 pcmcia - ok
14:52:08.0538 1040 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:52:08.0554 1040 PEAUTH - ok
14:52:08.0757 1040 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
14:52:08.0835 1040 pla - ok
14:52:08.0882 1040 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
14:52:08.0882 1040 PLFlash DeviceIoControl Service - ok
14:52:08.0975 1040 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:52:09.0022 1040 PlugPlay - ok
14:52:09.0069 1040 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
14:52:09.0084 1040 PNRPAutoReg - ok
14:52:09.0147 1040 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll
14:52:09.0162 1040 PNRPsvc - ok
14:52:09.0240 1040 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:52:09.0240 1040 PolicyAgent - ok
14:52:09.0287 1040 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:52:09.0287 1040 PptpMiniport - ok
14:52:09.0334 1040 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
14:52:09.0334 1040 Processor - ok
14:52:09.0381 1040 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll
14:52:09.0381 1040 ProfSvc - ok
14:52:09.0412 1040 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:52:09.0412 1040 ProtectedStorage - ok
14:52:09.0490 1040 [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched C:\Windows\system32\DRIVERS\pacer.sys
14:52:09.0506 1040 PSched - ok
14:52:09.0537 1040 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
14:52:09.0537 1040 PxHelp20 - ok
14:52:09.0693 1040 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:52:09.0740 1040 ql2300 - ok
14:52:09.0755 1040 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:52:09.0755 1040 ql40xx - ok
14:52:09.0802 1040 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
14:52:09.0833 1040 QWAVE - ok
14:52:09.0880 1040 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:52:09.0880 1040 QWAVEdrv - ok
14:52:09.0911 1040 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:52:09.0911 1040 RasAcd - ok
14:52:09.0942 1040 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
14:52:09.0942 1040 RasAuto - ok
14:52:09.0974 1040 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:52:09.0974 1040 Rasl2tp - ok
14:52:10.0020 1040 [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan C:\Windows\System32\rasmans.dll
14:52:10.0020 1040 RasMan - ok
14:52:10.0036 1040 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:52:10.0052 1040 RasPppoe - ok
14:52:10.0083 1040 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:52:10.0083 1040 RasSstp - ok
14:52:10.0114 1040 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:52:10.0114 1040 rdbss - ok
14:52:10.0130 1040 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:52:10.0145 1040 RDPCDD - ok
14:52:10.0192 1040 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
14:52:10.0192 1040 rdpdr - ok
14:52:10.0208 1040 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:52:10.0208 1040 RDPENCDD - ok
14:52:10.0239 1040 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:52:10.0239 1040 RDPWD - ok
14:52:10.0301 1040 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:52:10.0317 1040 RemoteAccess - ok
14:52:10.0348 1040 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:52:10.0364 1040 RemoteRegistry - ok
14:52:10.0395 1040 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
14:52:10.0395 1040 RpcLocator - ok
14:52:10.0442 1040 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\system32\rpcss.dll
14:52:10.0442 1040 RpcSs - ok
14:52:10.0535 1040 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:52:10.0566 1040 rspndr - ok
14:52:10.0598 1040 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs C:\Windows\system32\lsass.exe
14:52:10.0598 1040 SamSs - ok
14:52:10.0629 1040 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:52:10.0644 1040 sbp2port - ok
14:52:10.0691 1040 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:52:10.0691 1040 SCardSvr - ok
14:52:10.0847 1040 [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule C:\Windows\system32\schedsvc.dll
14:52:10.0894 1040 Schedule - ok
14:52:10.0910 1040 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll
14:52:10.0910 1040 SCPolicySvc - ok
14:52:10.0956 1040 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:52:10.0972 1040 SDRSVC - ok
14:52:11.0003 1040 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:52:11.0003 1040 secdrv - ok
14:52:11.0019 1040 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
14:52:11.0034 1040 seclogon - ok
14:52:11.0066 1040 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
14:52:11.0081 1040 SENS - ok
14:52:11.0112 1040 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
14:52:11.0128 1040 Serenum - ok
14:52:11.0159 1040 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
14:52:11.0159 1040 Serial - ok
14:52:11.0175 1040 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:52:11.0175 1040 sermouse - ok
14:52:11.0253 1040 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
14:52:11.0268 1040 SessionEnv - ok
14:52:11.0284 1040 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:52:11.0284 1040 sffdisk - ok
14:52:11.0300 1040 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:52:11.0300 1040 sffp_mmc - ok
14:52:11.0315 1040 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:52:11.0315 1040 sffp_sd - ok
14:52:11.0331 1040 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:52:11.0331 1040 sfloppy - ok
14:52:11.0378 1040 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:52:11.0393 1040 SharedAccess - ok
14:52:11.0440 1040 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:52:11.0487 1040 ShellHWDetection - ok
14:52:11.0502 1040 [ 6BA9C92029070D92774BAB7DBBF06763 ] SiS6350 C:\Windows\system32\DRIVERS\SISGRKMD.sys
14:52:11.0518 1040 SiS6350 - ok
14:52:11.0565 1040 [ DF1AF7F5F1EC7800B3AC398ACC06C754 ] SISAGP C:\Windows\system32\DRIVERS\SISAGPX.sys
14:52:11.0565 1040 SISAGP - ok
14:52:11.0580 1040 [ A029482BE40DEF54DF02FCE751AA16DC ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSGB6.sys
14:52:11.0596 1040 SiSGbeLH - ok
14:52:11.0643 1040 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
14:52:11.0658 1040 SiSRaid2 - ok
14:52:11.0674 1040 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:52:11.0674 1040 SiSRaid4 - ok
14:52:11.0830 1040 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
14:52:11.0830 1040 SkypeUpdate - ok
14:52:12.0126 1040 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe
14:52:12.0236 1040 slsvc - ok
14:52:12.0298 1040 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll
14:52:12.0314 1040 SLUINotify - ok
14:52:12.0360 1040 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:52:12.0360 1040 Smb - ok
14:52:12.0407 1040 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:52:12.0423 1040 SNMPTRAP - ok
14:52:12.0454 1040 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
14:52:12.0454 1040 spldr - ok
14:52:12.0516 1040 [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler C:\Windows\System32\spoolsv.exe
14:52:12.0532 1040 Spooler - ok
14:52:12.0610 1040 [ 2252AEF839B1093D16761189F45AF885 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:52:12.0626 1040 srv - ok
14:52:12.0672 1040 [ B7FF59408034119476B00A81BB53D5D1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:52:12.0688 1040 srv2 - ok
14:52:12.0704 1040 [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:52:12.0719 1040 srvnet - ok
14:52:12.0750 1040 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:52:12.0782 1040 SSDPSRV - ok
14:52:12.0828 1040 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:52:12.0828 1040 SstpSvc - ok
14:52:12.0953 1040 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll
14:52:13.0000 1040 stisvc - ok
14:52:13.0031 1040 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:52:13.0047 1040 swenum - ok
14:52:13.0062 1040 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll
14:52:13.0078 1040 swprv - ok
14:52:13.0109 1040 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
14:52:13.0109 1040 Symc8xx - ok
14:52:13.0156 1040 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
14:52:13.0156 1040 Sym_hi - ok
14:52:13.0172 1040 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
14:52:13.0172 1040 Sym_u3 - ok
14:52:13.0281 1040 [ 760E4F5A1E754BBE4A1BD2A0B54F6AA6 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
14:52:13.0281 1040 SynTP - ok
14:52:13.0328 1040 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll
14:52:13.0359 1040 SysMain - ok
14:52:13.0390 1040 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:52:13.0390 1040 TabletInputService - ok
14:52:13.0437 1040 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll
14:52:13.0452 1040 TapiSrv - ok
14:52:13.0468 1040 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
14:52:13.0484 1040 TBS - ok
14:52:13.0671 1040 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:52:13.0733 1040 Tcpip - ok
14:52:13.0780 1040 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
14:52:13.0796 1040 Tcpip6 - ok
14:52:13.0842 1040 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:52:13.0858 1040 tcpipreg - ok
14:52:13.0889 1040 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:52:13.0889 1040 TDPIPE - ok
14:52:13.0905 1040 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:52:13.0905 1040 TDTCP - ok
14:52:13.0967 1040 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:52:13.0967 1040 tdx - ok
14:52:13.0998 1040 [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:52:13.0998 1040 TermDD - ok
14:52:14.0108 1040 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll
14:52:14.0154 1040 TermService - ok
14:52:14.0170 1040 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes C:\Windows\system32\shsvcs.dll
14:52:14.0186 1040 Themes - ok
14:52:14.0217 1040 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
14:52:14.0217 1040 THREADORDER - ok
14:52:14.0279 1040 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
14:52:14.0279 1040 TrkWks - ok
14:52:14.0342 1040 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:52:14.0357 1040 TrustedInstaller - ok
14:52:14.0404 1040 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:52:14.0404 1040 tssecsrv - ok
14:52:14.0435 1040 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
14:52:14.0451 1040 tunmp - ok
14:52:14.0498 1040 [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:52:14.0498 1040 tunnel - ok
14:52:14.0529 1040 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:52:14.0529 1040 uagp35 - ok
14:52:14.0607 1040 [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:52:14.0654 1040 udfs - ok
14:52:14.0716 1040 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:52:14.0732 1040 UI0Detect - ok
14:52:14.0747 1040 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:52:14.0747 1040 uliagpkx - ok
14:52:14.0794 1040 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
14:52:14.0810 1040 uliahci - ok
14:52:14.0841 1040 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
14:52:14.0841 1040 UlSata - ok
14:52:14.0872 1040 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
14:52:14.0872 1040 ulsata2 - ok
14:52:14.0903 1040 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:52:14.0903 1040 umbus - ok
14:52:14.0934 1040 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
14:52:14.0966 1040 upnphost - ok
14:52:15.0028 1040 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
14:52:15.0028 1040 USBAAPL - ok
14:52:15.0044 1040 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:52:15.0044 1040 usbccgp - ok
14:52:15.0075 1040 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:52:15.0090 1040 usbcir - ok
14:52:15.0168 1040 [ CEBE90821810E76320155BEBA722FCF9 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:52:15.0168 1040 usbehci - ok
14:52:15.0200 1040 [ CC6B28E4CE39951357963119CE47B143 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:52:15.0200 1040 usbhub - ok
14:52:15.0246 1040 [ 7BDB7B0E7D45AC0402D78B90789EF47C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:52:15.0278 1040 usbohci - ok
14:52:15.0293 1040 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
14:52:15.0309 1040 usbprint - ok
14:52:15.0356 1040 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:52:15.0371 1040 USBSTOR - ok
14:52:15.0402 1040 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
14:52:15.0402 1040 usbuhci - ok
14:52:15.0449 1040 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll
14:52:15.0449 1040 UxSms - ok
14:52:15.0480 1040 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe
14:52:15.0496 1040 vds - ok
14:52:15.0543 1040 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:52:15.0543 1040 vga - ok
14:52:15.0574 1040 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
14:52:15.0574 1040 VgaSave - ok
14:52:15.0590 1040 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
14:52:15.0605 1040 viaagp - ok
14:52:15.0621 1040 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
14:52:15.0621 1040 ViaC7 - ok
14:52:15.0636 1040 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
14:52:15.0652 1040 viaide - ok
14:52:15.0683 1040 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:52:15.0699 1040 volmgr - ok
14:52:15.0730 1040 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:52:15.0746 1040 volmgrx - ok
14:52:15.0761 1040 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:52:15.0777 1040 volsnap - ok
14:52:15.0808 1040 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:52:15.0808 1040 vsmraid - ok
14:52:16.0026 1040 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe
14:52:16.0073 1040 VSS - ok
14:52:16.0104 1040 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll
14:52:16.0104 1040 W32Time - ok
14:52:16.0151 1040 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:52:16.0151 1040 WacomPen - ok
14:52:16.0182 1040 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
14:52:16.0198 1040 Wanarp - ok
14:52:16.0198 1040 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:52:16.0198 1040 Wanarpv6 - ok
14:52:16.0229 1040 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:52:16.0229 1040 wcncsvc - ok
14:52:16.0260 1040 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:52:16.0276 1040 WcsPlugInService - ok
14:52:16.0292 1040 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
14:52:16.0292 1040 Wd - ok
14:52:16.0338 1040 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:52:16.0354 1040 Wdf01000 - ok
14:52:16.0370 1040 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:52:16.0370 1040 WdiServiceHost - ok
14:52:16.0385 1040 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:52:16.0385 1040 WdiSystemHost - ok
14:52:16.0401 1040 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll
14:52:16.0401 1040 WebClient - ok
14:52:16.0448 1040 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:52:16.0448 1040 Wecsvc - ok
14:52:16.0463 1040 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:52:16.0494 1040 wercplsupport - ok
14:52:16.0557 1040 [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc C:\Windows\System32\WerSvc.dll
14:52:16.0604 1040 WerSvc - ok
14:52:16.0728 1040 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
14:52:16.0744 1040 WinDefend - ok
14:52:16.0744 1040 WinHttpAutoProxySvc - ok
14:52:16.0838 1040 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:52:16.0838 1040 Winmgmt - ok
14:52:16.0931 1040 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
14:52:16.0947 1040 WinRM - ok
14:52:17.0103 1040 [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:52:17.0118 1040 Wlansvc - ok
14:52:17.0181 1040 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:52:17.0181 1040 WmiAcpi - ok
14:52:17.0243 1040 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:52:17.0306 1040 wmiApSrv - ok
14:52:17.0493 1040 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
14:52:17.0540 1040 WMPNetworkSvc - ok
14:52:17.0586 1040 [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:52:17.0586 1040 WPCSvc - ok
14:52:17.0602 1040 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:52:17.0618 1040 WPDBusEnum - ok
14:52:18.0413 1040 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:52:18.0507 1040 WPFFontCache_v0400 - ok
14:52:18.0554 1040 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:52:18.0569 1040 ws2ifsl - ok
14:52:18.0632 1040 [ 683DD16B590372F2C9661D277F35E49C ] wscsvc C:\Windows\System32\wscsvc.dll
14:52:18.0647 1040 wscsvc - ok
14:52:18.0663 1040 WSearch - ok
14:52:19.0209 1040 [ D79538B67FA641E986855DEF651E78FE ] wuauserv C:\Windows\system32\wuaueng.dll
14:52:19.0287 1040 wuauserv - ok
14:52:19.0334 1040 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:52:19.0334 1040 WUDFRd - ok
14:52:19.0365 1040 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:52:19.0365 1040 wudfsvc - ok
14:52:19.0458 1040 [ 5867CE254625645345C833510D24F124 ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files\CyberLink\PlayMovie\000.fcl
14:52:19.0490 1040 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
14:52:19.0490 1040 ================ Scan global ===============================
14:52:19.0552 1040 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
14:52:19.0692 1040 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
14:52:19.0724 1040 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
14:52:19.0817 1040 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
14:52:19.0817 1040 [Global] - ok
14:52:19.0817 1040 ================ Scan MBR ==================================
14:52:19.0864 1040 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
14:52:21.0174 1040 \Device\Harddisk0\DR0 - ok
14:52:21.0174 1040 ================ Scan VBR ==================================
14:52:21.0206 1040 [ 725D86E438199811BBDD8212401DF75B ] \Device\Harddisk0\DR0\Partition1
14:52:21.0221 1040 \Device\Harddisk0\DR0\Partition1 - ok
14:52:21.0221 1040 ============================================================
14:52:21.0221 1040 Scan finished
14:52:21.0221 1040 ============================================================
14:52:21.0252 5020 Detected object count: 0
14:52:21.0252 5020 Actual detected object count: 0
14:52:51.0750 4304 Deinitialize success



ESET Online:

No infections; total scan time 02:43:03



Please advise, thanks!

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:26 AM

Posted 20 January 2013 - 02:45 PM

I think I may see a rootkit in that Asw log, but will need a deeper look to be sure. We need to make a new topic. Include the last aswMBR log with the DDS log from the instructions here.

Please follow this Preparation Guide and post in a new topic.

Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 mypcisdead

mypcisdead
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 20 January 2013 - 06:20 PM

Thanks for the help so far. I created a new topic here, as instructed.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:26 AM

Posted 20 January 2013 - 07:21 PM

You're welcome,we will find it.

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 2 days and ALL logs are answered.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users