Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan:Win/Sisproc


  • Please log in to reply
11 replies to this topic

#1 Edwardh

Edwardh

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 25 January 2013 - 04:59 AM

Hey there,

basically I used Microsoft Security Essentials (I hran a full scan and it found the trojan hourse it then tried to remove it) but it ecountered an error and Quarentied it when i re-scan it still shows in the scan. I also used microsoft security scanner but that could only partally remove it, any idears how i could manually remove it? i was recomended here by the microsoft community support :) the Trojon hourse my computer comes up with is Trojan:Win/Sisproc. i must also mention i am Dislexic and thus my spelling is attrocius :)

i am new so i have no idea if i need to post logs or anything like i have seen on a few other sites, this is the one i thought could really help me :)

thanks again

Edwardh


*Moderator Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Queen-Evie*

Edited by Queen-Evie, 25 January 2013 - 09:28 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:54 PM

Posted 25 January 2013 - 11:24 AM

Hello Edward,dont fret your spelling.
Lets looks at some more scan logs and see.

MiniToolBox
Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.



Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When the scan is complete, click OK, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).





Now I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Edwardh

Edwardh
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 25 January 2013 - 11:38 AM

Hear is the report from MiniToolBox
iniToolBox by Farbar Version:10-01-2013
Ran by Edward Hollands (administrator) on 25-01-2013 at 16:35:15
Running from "C:\Users\Edward Hollands\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek RTL8723AE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : WIN-97N62ECF2IM
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : customer.nunnery.uod.lan

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : customer.nunnery.uod.lan
Description . . . . . . . . . . . : Realtek RTL8723AE Wireless LAN 802.11n PCI-E NIC
Physical Address. . . . . . . . . : 44-6D-57-10-34-DD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::2d6b:b732:786b:bb1e%13(Preferred)
IPv4 Address. . . . . . . . . . . : 10.157.196.61(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.240.0
Lease Obtained. . . . . . . . . . : 25 January 2013 15:01:43
Lease Expires . . . . . . . . . . : 25 January 2013 16:46:43
Default Gateway . . . . . . . . . : 10.157.192.1
DHCP Server . . . . . . . . . . . : 10.157.192.1
DHCPv6 IAID . . . . . . . . . . . : 222588247
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-D0-FC-50-E8-40-F2-9F-CA-90
DNS Servers . . . . . . . . . . . : 10.157.192.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : customer.nunnery.uod.lan
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : E8-40-F2-9F-CA-90
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.customer.nunnery.uod.lan:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : customer.nunnery.uod.lan
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:472:2cdf:e032:bf41(Preferred)
Link-local IPv6 Address . . . . . : fe80::472:2cdf:e032:bf41%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: gw.customer.nunnery.uod.lan
Address: 10.157.192.1

Name: google.com
Addresses: 2a00:1450:4009:808::1004
173.194.41.135
173.194.41.136
173.194.41.137
173.194.41.142
173.194.41.128
173.194.41.129
173.194.41.130
173.194.41.131
173.194.41.132
173.194.41.133
173.194.41.134


Pinging google.com [173.194.41.134] with 32 bytes of data:
Reply from 173.194.41.134: bytes=32 time=13ms TTL=57
Reply from 173.194.41.134: bytes=32 time=12ms TTL=57

Ping statistics for 173.194.41.134:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 12ms, Maximum = 13ms, Average = 12ms
Server: gw.customer.nunnery.uod.lan
Address: 10.157.192.1

Name: yahoo.com
Addresses: 206.190.36.45
98.138.253.109
98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=914ms TTL=49
Reply from 98.139.183.24: bytes=32 time=955ms TTL=48

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 914ms, Maximum = 955ms, Average = 934ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
13...44 6d 57 10 34 dd ......Realtek RTL8723AE Wireless LAN 802.11n PCI-E NIC
11...e8 40 f2 9f ca 90 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.157.192.1 10.157.196.61 25
10.157.192.0 255.255.240.0 On-link 10.157.196.61 281
10.157.196.61 255.255.255.255 On-link 10.157.196.61 281
10.157.207.255 255.255.255.255 On-link 10.157.196.61 281
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.157.196.61 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.157.196.61 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:5ef5:79fd:472:2cdf:e032:bf41/128
On-link
13 281 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::472:2cdf:e032:bf41/128
On-link
13 281 fe80::2d6b:b732:786b:bb1e/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
13 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/25/2013 03:03:24 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/25/2013 10:29:29 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/25/2013 10:04:55 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/25/2013 09:07:04 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2013 08:57:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2013 05:20:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2013 01:32:09 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 8.0.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f40

Start Time: 01cdfa21a0082208

Termination Time: 200

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: 6f88fc87-662a-11e2-97ac-e840f29fca90

Error: (01/24/2013 10:58:59 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2013 09:47:53 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2013 09:24:00 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/25/2013 09:46:44 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 9 for Windows 7 for x64-based Systems.

Error: (01/24/2013 09:45:14 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.143.531.0

Update Source: %NT AUTHORITY59

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (01/23/2013 05:10:30 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 9 for Windows 7 for x64-based Systems.

Error: (01/23/2013 00:02:00 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (01/23/2013 11:33:03 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/23/2013 08:52:59 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.143.620.0).

Error: (01/23/2013 08:52:53 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.143.531.0

Update Source: %NT AUTHORITY59

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (01/22/2013 05:31:04 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (01/22/2013 05:25:36 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \...\DR1.

Error: (01/20/2013 00:47:10 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.


Microsoft Office Sessions:
=========================
Error: (01/25/2013 03:03:24 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/25/2013 10:29:29 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/25/2013 10:04:55 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/25/2013 09:07:04 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2013 08:57:04 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2013 05:20:30 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2013 01:32:09 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.7601.17514f4001cdfa21a0082208200C:\Program Files (x86)\Internet Explorer\iexplore.exe6f88fc87-662a-11e2-97ac-e840f29fca90

Error: (01/24/2013 10:58:59 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2013 09:47:53 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2013 09:24:00 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
Date: 2012-08-30 16:40:28.530
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tosrfcom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-08-30 16:40:28.499
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tosrfcom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.5.502.146)
Adobe Reader X (10.1.5) (Version: 10.1.5)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
Apple Application Support (Version: 2.0.1)
Bluetooth Stack for Windows by Toshiba (Version: v9.00.00(T))
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 4.0
Canon MP280 series MP Drivers
Canon MP280 series User Registration
Claro ScreenMarker (Version: 1.1.0)
ClaroCapture (Version: 2.0.7)
ClaroIdeas (Version: 2.1.0)
ClaroRead Plus (Version: 6.1.8)
ClaroView (Version: 1.0.12)
Colour Explorer 9,0
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dragon NaturallySpeaking 11 (Version: 11.50.100)
Dropbox (Version: 1.6.16)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Google Drive (Version: 1.7.4018.3496)
Google Update Helper (Version: 1.3.21.123)
Inspiration 9 IE
Inspiration 9 PDF Driver (novaPDF 7.3 printer)
Intel® Processor Graphics (Version: 8.15.10.2752)
Java Auto Updater (Version: 2.0.7.2)
Java™ 6 Update 37 (Version: 6.0.370)
Java™ 7 Update 1 (64-bit) (Version: 7.0.10)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Olympus Sonority (Version: 1.4.0)
Premium Sound HD (Version: 1.12.0300)
QuickTime (Version: 7.70.80.34)
Realtek High Definition Audio Driver (Version: 6.0.1.6559)
RtkClassFilter (Version: 1.2.1.4)
ScreenRuler (Version: 3.0.2)
Skype™ 6.0 (Version: 6.0.126)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 15.3.38.2)
TOSHIBA Assist (Version: 4.2.3.0)
TOSHIBA eco Utility (Version: 1.3.10.64)
TOSHIBA Value Added Package (Version: 1.6.0021.640203)
TOSHIBA Web Camera Application (Version: 2.0.3.33)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Vista TN3270
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (Version: 11.0.200)
Vocalizer Daniel from Claro Software (Version: 1.2.1.0)
Vocalizer Fiona from Claro Software (Version: 1.2.1.0)
Vocalizer Karen from Claro Software (Version: 1.2.1.0)
Vocalizer Lee from Claro Software (Version: 1.2.1.0)
Vocalizer Moira from Claro Software (Version: 1.2.1.0)
Vocalizer Sangeeta from Claro Software (Version: 1.2.1.0)
Vocalizer Serena from Claro Software (Version: 1.2.1.0)
Vocalizer Tom from Claro Software (Version: 1.2.1.0)

========================= Memory info: ===================================

Percentage of memory in use: 56%
Total physical RAM: 3985.8 MB
Available physical RAM: 1726.91 MB
Total Pagefile: 7969.8 MB
Available Pagefile: 5499.36 MB
Total Virtual: 4095.88 MB
Available Virtual: 3972.89 MB

========================= Partitions: =====================================

1 Drive c: (System Disk) (Fixed) (Total:80 GB) (Free:23.11 GB) NTFS
2 Drive d: (Data Disk) (Fixed) (Total:385.76 GB) (Free:359.43 GB) NTFS
4 Drive f: (BACKUP) (Fixed) (Total:465.76 GB) (Free:390.09 GB) NTFS

========================= Users: ========================================

User accounts for \\WIN-97N62ECF2IM

Administrator Edward Hollands Guest


**** End of log ****
ill get on with doing the other stuff now and leave you to look at the report :)

Thanks so much

Edwardh

#4 Edwardh

Edwardh
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 25 January 2013 - 11:42 AM

the report from TDSSkiller

16:39:18.0833 9572 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:39:19.0013 9572 ============================================================
16:39:19.0013 9572 Current date / time: 2013/01/25 16:39:19.0013
16:39:19.0013 9572 SystemInfo:
16:39:19.0013 9572
16:39:19.0013 9572 OS Version: 6.1.7601 ServicePack: 1.0
16:39:19.0013 9572 Product type: Workstation
16:39:19.0013 9572 ComputerName: WIN-97N62ECF2IM
16:39:19.0013 9572 UserName: Edward Hollands
16:39:19.0013 9572 Windows directory: C:\Windows
16:39:19.0013 9572 System windows directory: C:\Windows
16:39:19.0013 9572 Running under WOW64
16:39:19.0013 9572 Processor architecture: Intel x64
16:39:19.0013 9572 Number of processors: 4
16:39:19.0023 9572 Page size: 0x1000
16:39:19.0023 9572 Boot type: Normal boot
16:39:19.0023 9572 ============================================================
16:39:19.0913 9572 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:39:19.0923 9572 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:39:19.0923 9572 ============================================================
16:39:19.0923 9572 \Device\Harddisk0\DR0:
16:39:19.0923 9572 MBR partitions:
16:39:19.0933 9572 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xA000000
16:39:19.0933 9572 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xA000800, BlocksNum 0x30385000
16:39:19.0933 9572 \Device\Harddisk1\DR1:
16:39:19.0933 9572 MBR partitions:
16:39:19.0933 9572 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
16:39:19.0933 9572 ============================================================
16:39:19.0953 9572 C: <-> \Device\Harddisk0\DR0\Partition1
16:39:19.0973 9572 D: <-> \Device\Harddisk0\DR0\Partition2
16:39:20.0003 9572 F: <-> \Device\Harddisk1\DR1\Partition1
16:39:20.0003 9572 ============================================================
16:39:20.0003 9572 Initialize success
16:39:20.0003 9572 ============================================================
16:39:55.0703 2004 ============================================================
16:39:55.0703 2004 Scan started
16:39:55.0703 2004 Mode: Manual; TDLFS;
16:39:55.0703 2004 ============================================================
16:39:55.0893 2004 ================ Scan system memory ========================
16:39:55.0893 2004 System memory - ok
16:39:55.0893 2004 ================ Scan services =============================
16:39:56.0113 2004 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:39:56.0113 2004 1394ohci - ok
16:39:56.0133 2004 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:39:56.0143 2004 ACPI - ok
16:39:56.0173 2004 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:39:56.0173 2004 AcpiPmi - ok
16:39:56.0243 2004 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:39:56.0303 2004 AdobeARMservice - ok
16:39:56.0343 2004 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:39:56.0353 2004 adp94xx - ok
16:39:56.0383 2004 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:39:56.0383 2004 adpahci - ok
16:39:56.0413 2004 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:39:56.0413 2004 adpu320 - ok
16:39:56.0443 2004 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:39:56.0443 2004 AeLookupSvc - ok
16:39:56.0493 2004 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:39:56.0493 2004 AFD - ok
16:39:56.0513 2004 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:39:56.0513 2004 agp440 - ok
16:39:56.0523 2004 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:39:56.0523 2004 ALG - ok
16:39:56.0543 2004 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:39:56.0543 2004 aliide - ok
16:39:56.0553 2004 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:39:56.0553 2004 amdide - ok
16:39:56.0563 2004 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:39:56.0563 2004 AmdK8 - ok
16:39:56.0583 2004 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
16:39:56.0583 2004 AmdPPM - ok
16:39:56.0603 2004 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:39:56.0603 2004 amdsata - ok
16:39:56.0623 2004 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:39:56.0623 2004 amdsbs - ok
16:39:56.0633 2004 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:39:56.0633 2004 amdxata - ok
16:39:56.0663 2004 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:39:56.0663 2004 AppID - ok
16:39:56.0683 2004 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:39:56.0683 2004 AppIDSvc - ok
16:39:56.0693 2004 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:39:56.0693 2004 Appinfo - ok
16:39:56.0703 2004 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
16:39:56.0703 2004 arc - ok
16:39:56.0713 2004 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:39:56.0723 2004 arcsas - ok
16:39:56.0723 2004 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:39:56.0733 2004 AsyncMac - ok
16:39:56.0743 2004 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:39:56.0743 2004 atapi - ok
16:39:56.0773 2004 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:39:56.0783 2004 AudioEndpointBuilder - ok
16:39:56.0813 2004 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:39:56.0823 2004 AudioSrv - ok
16:39:56.0833 2004 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:39:56.0833 2004 AxInstSV - ok
16:39:56.0853 2004 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
16:39:56.0863 2004 b06bdrv - ok
16:39:56.0873 2004 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:39:56.0873 2004 b57nd60a - ok
16:39:56.0893 2004 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:39:56.0893 2004 BDESVC - ok
16:39:56.0893 2004 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:39:56.0903 2004 Beep - ok
16:39:56.0933 2004 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:39:56.0943 2004 BFE - ok
16:39:56.0973 2004 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
16:39:56.0983 2004 BITS - ok
16:39:57.0003 2004 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
16:39:57.0003 2004 blbdrive - ok
16:39:57.0023 2004 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:39:57.0023 2004 bowser - ok
16:39:57.0043 2004 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:39:57.0043 2004 BrFiltLo - ok
16:39:57.0063 2004 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:39:57.0063 2004 BrFiltUp - ok
16:39:57.0083 2004 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:39:57.0093 2004 Browser - ok
16:39:57.0103 2004 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:39:57.0113 2004 Brserid - ok
16:39:57.0133 2004 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:39:57.0133 2004 BrSerWdm - ok
16:39:57.0143 2004 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:39:57.0143 2004 BrUsbMdm - ok
16:39:57.0163 2004 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:39:57.0163 2004 BrUsbSer - ok
16:39:57.0183 2004 [ 23262EA2DB4BA812F61FE2FFECFC2164 ] BthAvrcp.sys C:\Windows\system32\drivers\BthAvrcp.sys
16:39:57.0183 2004 BthAvrcp.sys - ok
16:39:57.0223 2004 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
16:39:57.0233 2004 BthEnum - ok
16:39:57.0243 2004 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:39:57.0253 2004 BTHMODEM - ok
16:39:57.0283 2004 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:39:57.0283 2004 BthPan - ok
16:39:57.0323 2004 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
16:39:57.0343 2004 BTHPORT - ok
16:39:57.0373 2004 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:39:57.0373 2004 bthserv - ok
16:39:57.0393 2004 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
16:39:57.0393 2004 BTHUSB - ok
16:39:57.0423 2004 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:39:57.0433 2004 cdfs - ok
16:39:57.0453 2004 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
16:39:57.0463 2004 cdrom - ok
16:39:57.0483 2004 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:39:57.0493 2004 CertPropSvc - ok
16:39:57.0513 2004 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
16:39:57.0523 2004 circlass - ok
16:39:57.0543 2004 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:39:57.0553 2004 CLFS - ok
16:39:57.0613 2004 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:39:57.0623 2004 clr_optimization_v2.0.50727_32 - ok
16:39:57.0673 2004 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:39:57.0673 2004 clr_optimization_v2.0.50727_64 - ok
16:39:57.0823 2004 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:39:57.0833 2004 clr_optimization_v4.0.30319_32 - ok
16:39:57.0913 2004 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:39:57.0923 2004 clr_optimization_v4.0.30319_64 - ok
16:39:57.0943 2004 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
16:39:57.0943 2004 CmBatt - ok
16:39:57.0963 2004 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:39:57.0963 2004 cmdide - ok
16:39:58.0003 2004 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
16:39:58.0023 2004 CNG - ok
16:39:58.0043 2004 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
16:39:58.0053 2004 Compbatt - ok
16:39:58.0083 2004 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:39:58.0083 2004 CompositeBus - ok
16:39:58.0093 2004 COMSysApp - ok
16:39:58.0303 2004 [ 723E3512D6D1FF75E5398981B38FCEF7 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
16:39:58.0313 2004 cphs - ok
16:39:58.0343 2004 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:39:58.0343 2004 crcdisk - ok
16:39:58.0393 2004 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:39:58.0403 2004 CryptSvc - ok
16:39:58.0453 2004 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:39:58.0463 2004 DcomLaunch - ok
16:39:58.0493 2004 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:39:58.0503 2004 defragsvc - ok
16:39:58.0523 2004 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:39:58.0533 2004 DfsC - ok
16:39:58.0563 2004 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:39:58.0573 2004 Dhcp - ok
16:39:58.0573 2004 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:39:58.0583 2004 discache - ok
16:39:58.0603 2004 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
16:39:58.0603 2004 Disk - ok
16:39:58.0633 2004 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:39:58.0633 2004 Dnscache - ok
16:39:58.0663 2004 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:39:58.0663 2004 dot3svc - ok
16:39:58.0683 2004 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:39:58.0683 2004 DPS - ok
16:39:58.0743 2004 [ B123656688D67DF3A08FE5912203F71B ] DragonSvc C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
16:39:58.0753 2004 DragonSvc - ok
16:39:58.0773 2004 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:39:58.0783 2004 drmkaud - ok
16:39:58.0843 2004 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:39:58.0863 2004 DXGKrnl - ok
16:39:58.0873 2004 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:39:58.0883 2004 EapHost - ok
16:39:58.0973 2004 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
16:39:59.0033 2004 ebdrv - ok
16:39:59.0063 2004 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:39:59.0063 2004 EFS - ok
16:39:59.0133 2004 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:39:59.0153 2004 ehRecvr - ok
16:39:59.0163 2004 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:39:59.0163 2004 ehSched - ok
16:39:59.0203 2004 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:39:59.0213 2004 elxstor - ok
16:39:59.0223 2004 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:39:59.0223 2004 ErrDev - ok
16:39:59.0253 2004 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:39:59.0263 2004 EventSystem - ok
16:39:59.0273 2004 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:39:59.0283 2004 exfat - ok
16:39:59.0293 2004 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:39:59.0293 2004 fastfat - ok
16:39:59.0333 2004 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:39:59.0343 2004 Fax - ok
16:39:59.0363 2004 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
16:39:59.0363 2004 fdc - ok
16:39:59.0383 2004 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:39:59.0383 2004 fdPHost - ok
16:39:59.0383 2004 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:39:59.0393 2004 FDResPub - ok
16:39:59.0393 2004 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:39:59.0393 2004 FileInfo - ok
16:39:59.0403 2004 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:39:59.0403 2004 Filetrace - ok
16:39:59.0423 2004 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
16:39:59.0423 2004 flpydisk - ok
16:39:59.0433 2004 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:39:59.0443 2004 FltMgr - ok
16:39:59.0483 2004 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
16:39:59.0513 2004 FontCache - ok
16:39:59.0543 2004 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:39:59.0543 2004 FontCache3.0.0.0 - ok
16:39:59.0553 2004 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:39:59.0553 2004 FsDepends - ok
16:39:59.0573 2004 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:39:59.0573 2004 Fs_Rec - ok
16:39:59.0593 2004 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:39:59.0593 2004 fvevol - ok
16:39:59.0633 2004 [ 6D06B5EEBBA23C16789EFC820EE1F253 ] FwLnk C:\Windows\system32\drivers\FwLnk.sys
16:39:59.0633 2004 FwLnk - ok
16:39:59.0653 2004 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:39:59.0653 2004 gagp30kx - ok
16:39:59.0683 2004 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:39:59.0703 2004 gpsvc - ok
16:39:59.0773 2004 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:39:59.0773 2004 gupdate - ok
16:39:59.0803 2004 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:39:59.0813 2004 gupdatem - ok
16:39:59.0843 2004 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:39:59.0843 2004 hcw85cir - ok
16:39:59.0873 2004 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:39:59.0873 2004 HDAudBus - ok
16:39:59.0893 2004 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
16:39:59.0893 2004 HidBatt - ok
16:39:59.0913 2004 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:39:59.0913 2004 HidBth - ok
16:39:59.0923 2004 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
16:39:59.0923 2004 HidIr - ok
16:39:59.0943 2004 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
16:39:59.0943 2004 hidserv - ok
16:39:59.0973 2004 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:39:59.0993 2004 HidUsb - ok
16:40:00.0003 2004 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:40:00.0013 2004 hkmsvc - ok
16:40:00.0023 2004 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:40:00.0023 2004 HomeGroupListener - ok
16:40:00.0053 2004 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:40:00.0063 2004 HomeGroupProvider - ok
16:40:00.0083 2004 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:40:00.0093 2004 HpSAMD - ok
16:40:00.0133 2004 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:40:00.0163 2004 HTTP - ok
16:40:00.0173 2004 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:40:00.0173 2004 hwpolicy - ok
16:40:00.0193 2004 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:40:00.0193 2004 i8042prt - ok
16:40:00.0233 2004 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\drivers\iaStor.sys
16:40:00.0233 2004 iaStor - ok
16:40:00.0253 2004 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:40:00.0263 2004 iaStorV - ok
16:40:00.0313 2004 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:40:00.0343 2004 idsvc - ok
16:40:00.0693 2004 [ 9AA61DC7AA32C1D1260C4267FF07E0C1 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
16:40:01.0023 2004 igfx - ok
16:40:01.0063 2004 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:40:01.0063 2004 iirsp - ok
16:40:01.0153 2004 [ AD5DF6F4FBBC798636EDC66BFEC7D0DE ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
16:40:01.0153 2004 IJPLMSVC - ok
16:40:01.0203 2004 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:40:01.0233 2004 IKEEXT - ok
16:40:01.0373 2004 [ F242E36CDA231701CFA702641C20FAEC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:40:01.0413 2004 IntcAzAudAddService - ok
16:40:01.0433 2004 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
16:40:01.0433 2004 IntcDAud - ok
16:40:01.0463 2004 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:40:01.0463 2004 intelide - ok
16:40:01.0483 2004 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
16:40:01.0483 2004 intelppm - ok
16:40:01.0493 2004 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:40:01.0493 2004 IPBusEnum - ok
16:40:01.0513 2004 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:40:01.0523 2004 IpFilterDriver - ok
16:40:01.0553 2004 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:40:01.0563 2004 iphlpsvc - ok
16:40:01.0593 2004 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:40:01.0603 2004 IPMIDRV - ok
16:40:01.0613 2004 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:40:01.0613 2004 IPNAT - ok
16:40:01.0623 2004 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:40:01.0623 2004 IRENUM - ok
16:40:01.0643 2004 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:40:01.0643 2004 isapnp - ok
16:40:01.0683 2004 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:40:01.0683 2004 iScsiPrt - ok
16:40:01.0713 2004 [ 8E4577C6E0D3114170509159DE658907 ] iusb3hcs C:\Windows\system32\drivers\iusb3hcs.sys
16:40:01.0713 2004 iusb3hcs - ok
16:40:01.0743 2004 [ FE76346E9B57DA575BD1B3BD0CCAD7FF ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
16:40:01.0753 2004 iusb3hub - ok
16:40:01.0783 2004 [ 1008CD90DA2198FFD250298DEB9DF160 ] iusb3xhc C:\Windows\system32\drivers\iusb3xhc.sys
16:40:01.0793 2004 iusb3xhc - ok
16:40:01.0803 2004 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
16:40:01.0803 2004 kbdclass - ok
16:40:01.0813 2004 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
16:40:01.0813 2004 kbdhid - ok
16:40:01.0833 2004 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:40:01.0833 2004 KeyIso - ok
16:40:01.0853 2004 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:40:01.0853 2004 KSecDD - ok
16:40:01.0883 2004 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:40:01.0883 2004 KSecPkg - ok
16:40:01.0893 2004 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:40:01.0893 2004 ksthunk - ok
16:40:01.0913 2004 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:40:01.0923 2004 KtmRm - ok
16:40:01.0943 2004 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:40:01.0953 2004 LanmanServer - ok
16:40:01.0963 2004 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:40:01.0963 2004 LanmanWorkstation - ok
16:40:01.0973 2004 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:40:01.0973 2004 lltdio - ok
16:40:01.0993 2004 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:40:02.0003 2004 lltdsvc - ok
16:40:02.0003 2004 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:40:02.0003 2004 lmhosts - ok
16:40:02.0023 2004 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:40:02.0033 2004 LSI_FC - ok
16:40:02.0043 2004 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:40:02.0043 2004 LSI_SAS - ok
16:40:02.0053 2004 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:40:02.0053 2004 LSI_SAS2 - ok
16:40:02.0063 2004 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:40:02.0073 2004 LSI_SCSI - ok
16:40:02.0083 2004 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:40:02.0083 2004 luafv - ok
16:40:02.0103 2004 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:40:02.0103 2004 Mcx2Svc - ok
16:40:02.0123 2004 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
16:40:02.0133 2004 megasas - ok
16:40:02.0153 2004 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:40:02.0163 2004 MegaSR - ok
16:40:02.0203 2004 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
16:40:02.0203 2004 MEIx64 - ok
16:40:02.0213 2004 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:40:02.0223 2004 MMCSS - ok
16:40:02.0233 2004 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:40:02.0233 2004 Modem - ok
16:40:02.0243 2004 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:40:02.0243 2004 monitor - ok
16:40:02.0263 2004 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:40:02.0263 2004 mouclass - ok
16:40:02.0293 2004 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:40:02.0313 2004 mouhid - ok
16:40:02.0323 2004 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:40:02.0323 2004 mountmgr - ok
16:40:02.0373 2004 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
16:40:02.0383 2004 MpFilter - ok
16:40:02.0403 2004 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:40:02.0403 2004 mpio - ok
16:40:02.0413 2004 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:40:02.0413 2004 mpsdrv - ok
16:40:02.0433 2004 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:40:02.0453 2004 MpsSvc - ok
16:40:02.0453 2004 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:40:02.0453 2004 MRxDAV - ok
16:40:02.0483 2004 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:40:02.0483 2004 mrxsmb - ok
16:40:02.0503 2004 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:40:02.0503 2004 mrxsmb10 - ok
16:40:02.0513 2004 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:40:02.0513 2004 mrxsmb20 - ok
16:40:02.0523 2004 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
16:40:02.0523 2004 msahci - ok
16:40:02.0543 2004 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:40:02.0553 2004 msdsm - ok
16:40:02.0563 2004 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:40:02.0573 2004 MSDTC - ok
16:40:02.0593 2004 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:40:02.0593 2004 Msfs - ok
16:40:02.0593 2004 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:40:02.0603 2004 mshidkmdf - ok
16:40:02.0623 2004 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:40:02.0633 2004 msisadrv - ok
16:40:02.0653 2004 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:40:02.0653 2004 MSiSCSI - ok
16:40:02.0663 2004 msiserver - ok
16:40:02.0673 2004 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:40:02.0673 2004 MSKSSRV - ok
16:40:02.0753 2004 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
16:40:02.0763 2004 MsMpSvc - ok
16:40:02.0763 2004 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:40:02.0773 2004 MSPCLOCK - ok
16:40:02.0773 2004 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:40:02.0783 2004 MSPQM - ok
16:40:02.0803 2004 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:40:02.0813 2004 MsRPC - ok
16:40:02.0833 2004 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:40:02.0833 2004 mssmbios - ok
16:40:02.0843 2004 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:40:02.0843 2004 MSTEE - ok
16:40:02.0863 2004 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
16:40:02.0863 2004 MTConfig - ok
16:40:02.0873 2004 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:40:02.0873 2004 Mup - ok
16:40:02.0903 2004 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:40:02.0913 2004 napagent - ok
16:40:02.0933 2004 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:40:02.0943 2004 NativeWifiP - ok
16:40:02.0993 2004 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:40:03.0013 2004 NDIS - ok
16:40:03.0033 2004 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:40:03.0033 2004 NdisCap - ok
16:40:03.0043 2004 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:40:03.0043 2004 NdisTapi - ok
16:40:03.0053 2004 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:40:03.0053 2004 Ndisuio - ok
16:40:03.0053 2004 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:40:03.0063 2004 NdisWan - ok
16:40:03.0073 2004 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:40:03.0073 2004 NDProxy - ok
16:40:03.0083 2004 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:40:03.0083 2004 NetBIOS - ok
16:40:03.0093 2004 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:40:03.0093 2004 NetBT - ok
16:40:03.0103 2004 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:40:03.0103 2004 Netlogon - ok
16:40:03.0133 2004 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:40:03.0133 2004 Netman - ok
16:40:03.0153 2004 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:40:03.0173 2004 netprofm - ok
16:40:03.0183 2004 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:40:03.0193 2004 NetTcpPortSharing - ok
16:40:03.0213 2004 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:40:03.0213 2004 nfrd960 - ok
16:40:03.0243 2004 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:40:03.0243 2004 NisDrv - ok
16:40:03.0273 2004 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
16:40:03.0273 2004 NisSrv - ok
16:40:03.0293 2004 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:40:03.0293 2004 NlaSvc - ok
16:40:03.0303 2004 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:40:03.0303 2004 Npfs - ok
16:40:03.0323 2004 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:40:03.0323 2004 nsi - ok
16:40:03.0333 2004 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:40:03.0333 2004 nsiproxy - ok
16:40:03.0393 2004 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:40:03.0443 2004 Ntfs - ok
16:40:03.0463 2004 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:40:03.0463 2004 Null - ok
16:40:03.0483 2004 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:40:03.0483 2004 nvraid - ok
16:40:03.0513 2004 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:40:03.0513 2004 nvstor - ok
16:40:03.0543 2004 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:40:03.0553 2004 nv_agp - ok
16:40:03.0563 2004 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:40:03.0563 2004 ohci1394 - ok
16:40:03.0633 2004 [ E25EB3B5C2B22F311189FFC9AF695B78 ] Olympus DVR Service C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe
16:40:03.0743 2004 Olympus DVR Service - ok
16:40:03.0783 2004 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:40:03.0793 2004 ose - ok
16:40:03.0933 2004 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:40:04.0043 2004 osppsvc - ok
16:40:04.0073 2004 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:40:04.0083 2004 p2pimsvc - ok
16:40:04.0103 2004 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:40:04.0113 2004 p2psvc - ok
16:40:04.0133 2004 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
16:40:04.0133 2004 Parport - ok
16:40:04.0153 2004 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:40:04.0153 2004 partmgr - ok
16:40:04.0163 2004 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:40:04.0173 2004 PcaSvc - ok
16:40:04.0193 2004 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:40:04.0203 2004 pci - ok
16:40:04.0223 2004 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
16:40:04.0223 2004 pciide - ok
16:40:04.0243 2004 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:40:04.0253 2004 pcmcia - ok
16:40:04.0273 2004 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:40:04.0273 2004 pcw - ok
16:40:04.0293 2004 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:40:04.0303 2004 PEAUTH - ok
16:40:04.0333 2004 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:40:04.0333 2004 PerfHost - ok
16:40:04.0383 2004 [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys
16:40:04.0383 2004 PGEffect - ok
16:40:04.0433 2004 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:40:04.0463 2004 pla - ok
16:40:04.0513 2004 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:40:04.0523 2004 PlugPlay - ok
16:40:04.0533 2004 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:40:04.0533 2004 PNRPAutoReg - ok
16:40:04.0543 2004 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:40:04.0553 2004 PNRPsvc - ok
16:40:04.0583 2004 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:40:04.0593 2004 PolicyAgent - ok
16:40:04.0623 2004 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:40:04.0633 2004 Power - ok
16:40:04.0653 2004 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:40:04.0653 2004 PptpMiniport - ok
16:40:04.0683 2004 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
16:40:04.0683 2004 Processor - ok
16:40:04.0713 2004 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:40:04.0713 2004 ProfSvc - ok
16:40:04.0733 2004 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:40:04.0743 2004 ProtectedStorage - ok
16:40:04.0763 2004 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:40:04.0773 2004 Psched - ok
16:40:04.0823 2004 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:40:04.0883 2004 ql2300 - ok
16:40:04.0903 2004 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:40:04.0913 2004 ql40xx - ok
16:40:04.0943 2004 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:40:04.0943 2004 QWAVE - ok
16:40:04.0963 2004 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:40:04.0963 2004 QWAVEdrv - ok
16:40:04.0973 2004 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:40:04.0973 2004 RasAcd - ok
16:40:04.0993 2004 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:40:04.0993 2004 RasAgileVpn - ok
16:40:05.0003 2004 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:40:05.0003 2004 RasAuto - ok
16:40:05.0013 2004 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:40:05.0013 2004 Rasl2tp - ok
16:40:05.0033 2004 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:40:05.0043 2004 RasMan - ok
16:40:05.0053 2004 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:40:05.0053 2004 RasPppoe - ok
16:40:05.0063 2004 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:40:05.0063 2004 RasSstp - ok
16:40:05.0073 2004 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:40:05.0083 2004 rdbss - ok
16:40:05.0103 2004 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
16:40:05.0103 2004 rdpbus - ok
16:40:05.0103 2004 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:40:05.0113 2004 RDPCDD - ok
16:40:05.0123 2004 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:40:05.0123 2004 RDPENCDD - ok
16:40:05.0133 2004 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:40:05.0133 2004 RDPREFMP - ok
16:40:05.0163 2004 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:40:05.0163 2004 RdpVideoMiniport - ok
16:40:05.0193 2004 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:40:05.0203 2004 RDPWD - ok
16:40:05.0223 2004 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:40:05.0223 2004 rdyboost - ok
16:40:05.0253 2004 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:40:05.0263 2004 RemoteAccess - ok
16:40:05.0273 2004 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:40:05.0273 2004 RemoteRegistry - ok
16:40:05.0303 2004 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
16:40:05.0313 2004 RFCOMM - ok
16:40:05.0323 2004 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:40:05.0333 2004 RpcEptMapper - ok
16:40:05.0343 2004 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:40:05.0353 2004 RpcLocator - ok
16:40:05.0373 2004 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:40:05.0383 2004 RpcSs - ok
16:40:05.0383 2004 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:40:05.0393 2004 rspndr - ok
16:40:05.0413 2004 [ BB1C3DF1D6CC0972E9C7268A19E62D2E ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
16:40:05.0413 2004 RSUSBSTOR - ok
16:40:05.0453 2004 [ B708BBAB80C60EE613DEE52A1A0A8538 ] RtkBtFilter C:\Windows\system32\DRIVERS\RtkBtfilter.sys
16:40:05.0453 2004 RtkBtFilter - ok
16:40:05.0493 2004 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
16:40:05.0503 2004 RTL8167 - ok
16:40:05.0523 2004 [ 84C1838582945E40DD9A1AF598FB815D ] RTL8192Ce C:\Windows\system32\DRIVERS\rtwlane.sys
16:40:05.0533 2004 RTL8192Ce - ok
16:40:05.0553 2004 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:40:05.0553 2004 SamSs - ok
16:40:05.0573 2004 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:40:05.0573 2004 sbp2port - ok
16:40:05.0583 2004 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:40:05.0593 2004 SCardSvr - ok
16:40:05.0593 2004 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:40:05.0593 2004 scfilter - ok
16:40:05.0623 2004 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:40:05.0653 2004 Schedule - ok
16:40:05.0673 2004 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:40:05.0673 2004 SCPolicySvc - ok
16:40:05.0693 2004 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:40:05.0693 2004 SDRSVC - ok
16:40:05.0703 2004 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:40:05.0713 2004 secdrv - ok
16:40:05.0723 2004 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:40:05.0723 2004 seclogon - ok
16:40:05.0733 2004 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
16:40:05.0743 2004 SENS - ok
16:40:05.0763 2004 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:40:05.0763 2004 SensrSvc - ok
16:40:05.0783 2004 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
16:40:05.0793 2004 Serenum - ok
16:40:05.0803 2004 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
16:40:05.0803 2004 Serial - ok
16:40:05.0813 2004 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:40:05.0813 2004 sermouse - ok
16:40:05.0833 2004 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:40:05.0843 2004 SessionEnv - ok
16:40:05.0853 2004 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:40:05.0853 2004 sffdisk - ok
16:40:05.0873 2004 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:40:05.0873 2004 sffp_mmc - ok
16:40:05.0893 2004 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:40:05.0893 2004 sffp_sd - ok
16:40:05.0913 2004 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:40:05.0913 2004 sfloppy - ok
16:40:05.0923 2004 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:40:05.0933 2004 SharedAccess - ok
16:40:05.0943 2004 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:40:05.0953 2004 ShellHWDetection - ok
16:40:05.0963 2004 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:40:05.0963 2004 SiSRaid2 - ok
16:40:05.0983 2004 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:40:05.0983 2004 SiSRaid4 - ok
16:40:06.0063 2004 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
16:40:06.0063 2004 SkypeUpdate - ok
16:40:06.0093 2004 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:40:06.0093 2004 Smb - ok
16:40:06.0123 2004 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:40:06.0123 2004 SNMPTRAP - ok
16:40:06.0133 2004 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:40:06.0133 2004 spldr - ok
16:40:06.0173 2004 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:40:06.0203 2004 Spooler - ok
16:40:06.0303 2004 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:40:06.0403 2004 sppsvc - ok
16:40:06.0413 2004 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:40:06.0413 2004 sppuinotify - ok
16:40:06.0443 2004 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:40:06.0453 2004 srv - ok
16:40:06.0473 2004 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:40:06.0473 2004 srv2 - ok
16:40:06.0493 2004 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:40:06.0493 2004 srvnet - ok
16:40:06.0523 2004 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:40:06.0523 2004 SSDPSRV - ok
16:40:06.0533 2004 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:40:06.0533 2004 SstpSvc - ok
16:40:06.0563 2004 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:40:06.0563 2004 stexstor - ok
16:40:06.0593 2004 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:40:06.0613 2004 stisvc - ok
16:40:06.0623 2004 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
16:40:06.0623 2004 swenum - ok
16:40:06.0643 2004 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:40:06.0653 2004 swprv - ok
16:40:06.0683 2004 [ B868E292FBA5B62B9FC71572A5FAEF5C ] SynTP C:\Windows\system32\drivers\SynTP.sys
16:40:06.0683 2004 SynTP - ok
16:40:06.0733 2004 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:40:06.0803 2004 SysMain - ok
16:40:06.0823 2004 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:40:06.0833 2004 TabletInputService - ok
16:40:06.0853 2004 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:40:06.0853 2004 TapiSrv - ok
16:40:06.0873 2004 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:40:06.0873 2004 TBS - ok
16:40:06.0933 2004 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:40:06.0973 2004 Tcpip - ok
16:40:07.0013 2004 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:40:07.0033 2004 TCPIP6 - ok
16:40:07.0043 2004 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:40:07.0043 2004 tcpipreg - ok
16:40:07.0073 2004 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:40:07.0073 2004 TDPIPE - ok
16:40:07.0093 2004 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:40:07.0093 2004 TDTCP - ok
16:40:07.0103 2004 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:40:07.0113 2004 tdx - ok
16:40:07.0123 2004 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:40:07.0123 2004 TermDD - ok
16:40:07.0163 2004 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:40:07.0183 2004 TermService - ok
16:40:07.0203 2004 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:40:07.0203 2004 Themes - ok
16:40:07.0223 2004 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:40:07.0223 2004 THREADORDER - ok
16:40:07.0293 2004 [ 4AE80C5F7772C4FB2A762F70AD4A111E ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
16:40:07.0303 2004 TosCoSrv - ok
16:40:07.0453 2004 [ A22DEB5EC05FEBFDCA1D3FF70FA1FF46 ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
16:40:07.0463 2004 TOSHIBA Bluetooth Service - ok
16:40:07.0523 2004 [ 6E2330FB032ED3EBEFC1349AD7081A98 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
16:40:07.0533 2004 TOSHIBA eco Utility Service - ok
16:40:07.0563 2004 [ 8021F63311797085949FA387F7C83583 ] tosporte C:\Windows\system32\DRIVERS\tosporte.sys
16:40:07.0563 2004 tosporte - ok
16:40:07.0603 2004 [ B9FA0498F6CC596FFA5CF47A04CD1785 ] tosrfbd C:\Windows\system32\DRIVERS\tosrfbd.sys
16:40:07.0603 2004 tosrfbd - ok
16:40:07.0613 2004 [ 90F0B1745ABF13F44C2A6ED79F7CE9FB ] tosrfbnp C:\Windows\system32\Drivers\tosrfbnp.sys
16:40:07.0623 2004 tosrfbnp - ok
16:40:07.0653 2004 [ 9E4E65EA51E34647340BD6007467AC54 ] Tosrfcom C:\Windows\system32\Drivers\tosrfcom.sys
16:40:07.0653 2004 Tosrfcom - ok
16:40:07.0663 2004 [ F5E3AC4CBCD154EE80849B21887FD0B0 ] tosrfec C:\Windows\system32\DRIVERS\tosrfec.sys
16:40:07.0663 2004 tosrfec - ok
16:40:07.0683 2004 [ 7D2467D3EB9BAA4B69AE4A28C83DE57A ] Tosrfhid C:\Windows\system32\DRIVERS\Tosrfhid.sys
16:40:07.0683 2004 Tosrfhid - ok
16:40:07.0693 2004 [ B6FDC3C76FFE9C5171EEA9C37EA367C2 ] tosrfnds C:\Windows\system32\DRIVERS\tosrfnds.sys
16:40:07.0693 2004 tosrfnds - ok
16:40:07.0703 2004 [ 7052B10E54B48AF12BD5606596A8E039 ] TosRfSnd C:\Windows\system32\drivers\tosrfsnd.sys
16:40:07.0703 2004 TosRfSnd - ok
16:40:07.0733 2004 [ AF8A0D2E2A41043A77CA77CCBDB8D9C2 ] Tosrfusb C:\Windows\system32\DRIVERS\tosrfusb.sys
16:40:07.0743 2004 Tosrfusb - ok
16:40:07.0763 2004 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:40:07.0763 2004 TrkWks - ok
16:40:07.0813 2004 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:40:07.0823 2004 TrustedInstaller - ok
16:40:07.0833 2004 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:40:07.0843 2004 tssecsrv - ok
16:40:07.0873 2004 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:40:07.0873 2004 TsUsbFlt - ok
16:40:07.0893 2004 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
16:40:07.0893 2004 TsUsbGD - ok
16:40:07.0933 2004 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:40:07.0933 2004 tunnel - ok
16:40:07.0953 2004 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\Windows\system32\drivers\TVALZ_O.SYS
16:40:07.0953 2004 TVALZ - ok
16:40:07.0973 2004 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:40:07.0983 2004 uagp35 - ok
16:40:08.0003 2004 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:40:08.0013 2004 udfs - ok
16:40:08.0033 2004 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:40:08.0043 2004 UI0Detect - ok
16:40:08.0073 2004 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:40:08.0073 2004 uliagpkx - ok
16:40:08.0093 2004 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:40:08.0093 2004 umbus - ok
16:40:08.0103 2004 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
16:40:08.0103 2004 UmPass - ok
16:40:08.0133 2004 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:40:08.0143 2004 upnphost - ok
16:40:08.0183 2004 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
16:40:08.0183 2004 usbaudio - ok
16:40:08.0213 2004 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:40:08.0213 2004 usbccgp - ok
16:40:08.0243 2004 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:40:08.0243 2004 usbcir - ok
16:40:08.0263 2004 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
16:40:08.0263 2004 usbehci - ok
16:40:08.0293 2004 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:40:08.0303 2004 usbhub - ok
16:40:08.0333 2004 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:40:08.0333 2004 usbohci - ok
16:40:08.0383 2004 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:40:08.0383 2004 usbprint - ok
16:40:08.0413 2004 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:40:08.0423 2004 usbscan - ok
16:40:08.0433 2004 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:40:08.0473 2004 USBSTOR - ok
16:40:08.0483 2004 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:40:08.0493 2004 usbuhci - ok
16:40:08.0533 2004 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
16:40:08.0533 2004 usbvideo - ok
16:40:08.0553 2004 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:40:08.0553 2004 UxSms - ok
16:40:08.0573 2004 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:40:08.0583 2004 VaultSvc - ok
16:40:08.0603 2004 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:40:08.0603 2004 vdrvroot - ok
16:40:08.0633 2004 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:40:08.0663 2004 vds - ok
16:40:08.0673 2004 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:40:08.0673 2004 vga - ok
16:40:08.0683 2004 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:40:08.0693 2004 VgaSave - ok
16:40:08.0723 2004 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:40:08.0723 2004 vhdmp - ok
16:40:08.0773 2004 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:40:08.0773 2004 viaide - ok
16:40:08.0793 2004 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:40:08.0793 2004 volmgr - ok
16:40:08.0823 2004 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:40:08.0833 2004 volmgrx - ok
16:40:08.0873 2004 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:40:08.0883 2004 volsnap - ok
16:40:08.0903 2004 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:40:08.0903 2004 vsmraid - ok
16:40:08.0963 2004 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:40:09.0003 2004 VSS - ok
16:40:09.0023 2004 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
16:40:09.0023 2004 vwifibus - ok
16:40:09.0043 2004 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:40:09.0053 2004 W32Time - ok
16:40:09.0073 2004 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:40:09.0083 2004 WacomPen - ok
16:40:09.0103 2004 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:40:09.0103 2004 WANARP - ok
16:40:09.0113 2004 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:40:09.0123 2004 Wanarpv6 - ok
16:40:09.0183 2004 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:40:09.0223 2004 WatAdminSvc - ok
16:40:09.0273 2004 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:40:09.0323 2004 wbengine - ok
16:40:09.0333 2004 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:40:09.0343 2004 WbioSrvc - ok
16:40:09.0363 2004 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:40:09.0373 2004 wcncsvc - ok
16:40:09.0383 2004 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:40:09.0393 2004 WcsPlugInService - ok
16:40:09.0423 2004 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
16:40:09.0423 2004 Wd - ok
16:40:09.0463 2004 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:40:09.0503 2004 Wdf01000 - ok
16:40:09.0523 2004 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:40:09.0533 2004 WdiServiceHost - ok
16:40:09.0543 2004 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:40:09.0543 2004 WdiSystemHost - ok
16:40:09.0573 2004 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:40:09.0583 2004 WebClient - ok
16:40:09.0593 2004 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:40:09.0603 2004 Wecsvc - ok
16:40:09.0623 2004 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:40:09.0633 2004 wercplsupport - ok
16:40:09.0643 2004 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:40:09.0653 2004 WerSvc - ok
16:40:09.0673 2004 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:40:09.0673 2004 WfpLwf - ok
16:40:09.0683 2004 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:40:09.0683 2004 WIMMount - ok
16:40:09.0703 2004 WinDefend - ok
16:40:09.0713 2004 WinHttpAutoProxySvc - ok
16:40:09.0813 2004 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:40:09.0823 2004 Winmgmt - ok
16:40:09.0893 2004 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:40:09.0943 2004 WinRM - ok
16:40:10.0023 2004 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:40:10.0023 2004 WinUsb - ok
16:40:10.0083 2004 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:40:10.0103 2004 Wlansvc - ok
16:40:10.0133 2004 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:40:10.0133 2004 WmiAcpi - ok
16:40:10.0153 2004 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:40:10.0153 2004 wmiApSrv - ok
16:40:10.0163 2004 WMPNetworkSvc - ok
16:40:10.0183 2004 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:40:10.0193 2004 WPCSvc - ok
16:40:10.0193 2004 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:40:10.0193 2004 WPDBusEnum - ok
16:40:10.0203 2004 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:40:10.0203 2004 ws2ifsl - ok
16:40:10.0213 2004 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
16:40:10.0223 2004 wscsvc - ok
16:40:10.0223 2004 WSearch - ok
16:40:10.0273 2004 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:40:10.0343 2004 wuauserv - ok
16:40:10.0373 2004 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:40:10.0373 2004 WudfPf - ok
16:40:10.0413 2004 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:40:10.0413 2004 WUDFRd - ok
16:40:10.0443 2004 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:40:10.0453 2004 wudfsvc - ok
16:40:10.0473 2004 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:40:10.0483 2004 WwanSvc - ok
16:40:10.0523 2004 ================ Scan global ===============================
16:40:10.0543 2004 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:40:10.0573 2004 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
16:40:10.0583 2004 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
16:40:10.0623 2004 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:40:10.0653 2004 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:40:10.0653 2004 [Global] - ok
16:40:10.0663 2004 ================ Scan MBR ==================================
16:40:10.0663 2004 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:40:11.0103 2004 \Device\Harddisk0\DR0 - ok
16:40:11.0103 2004 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
16:40:11.0343 2004 \Device\Harddisk1\DR1 - ok
16:40:11.0343 2004 ================ Scan VBR ==================================
16:40:11.0343 2004 [ 780479F365C47E28482959A7131D176E ] \Device\Harddisk0\DR0\Partition1
16:40:11.0353 2004 \Device\Harddisk0\DR0\Partition1 - ok
16:40:11.0383 2004 [ B14A3FEDA3882CEA0420319E18CEC752 ] \Device\Harddisk0\DR0\Partition2
16:40:11.0383 2004 \Device\Harddisk0\DR0\Partition2 - ok
16:40:11.0393 2004 [ 5C652C1E34937357281D50F94D0E52FD ] \Device\Harddisk1\DR1\Partition1
16:40:11.0393 2004 \Device\Harddisk1\DR1\Partition1 - ok
16:40:11.0393 2004 ============================================================
16:40:11.0393 2004 Scan finished
16:40:11.0393 2004 ============================================================
16:40:11.0413 9972 Detected object count: 0
16:40:11.0413 9972 Actual detected object count: 0

#5 Edwardh

Edwardh
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 25 January 2013 - 12:14 PM

the report from malwarebytes

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.25.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Edward Hollands :: WIN-97N62ECF2IM [administrator]

Protection: Disabled

25/01/2013 16:46:35
mbam-log-2013-01-25 (16-46-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 244035
Time elapsed: 25 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
thankas you for for all your help ill jsut conplete the last task :)

Edwardh

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:54 PM

Posted 25 January 2013 - 12:34 PM

OK, I'll check back.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Edwardh

Edwardh
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 25 January 2013 - 07:30 PM

after sevral hours it found nothing and i couldnt find the log :s would you like me to try again ?

thanks again

Edwradh

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:54 PM

Posted 25 January 2013 - 08:28 PM

OK, if there were no infections it won't produce a log.

Does MSE still see it,if so does it say where?


These are old and exploiTable and need to be removed.
Go into Control Panel,Programs amd uninstall...
Java™ 6 Update 37 (Version: 6.0.370)
Java™ 7 Update 1 (64-bit) (Version: 7.0.10)

Reboot.

To install the latest,go here
http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html
Click to Accept License Agreement
Then click on next to last in list and install
Windows x64 31.44 MB jre-7u11-windows-x64.exe
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Edwardh

Edwardh
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 26 January 2013 - 06:26 AM

when i tried to uninstall "Java™ 6 Update 37" my computer came up with the "error 1723" on the error meaasage it said "there is a problem with this windows installer package. A DLL required for this install to complete could not be run. contact your support personnel or package vendor."

futher more i have had hudge problems when i originally installed java so i rather would not have it if thats possible :)

with MSE, i ran a custom scan of the drives C and D and it found it on "containerfile:D:\DO NOT DELETE\System_Backup.WIM
file:D:\DO NOT DELETE\System_Backup.WIM->\Program Files\Maintenance\Create Shortcuts.exe"

when MSE tried to remove it it encountered this error;
"Security Essentials encountered the following error: Error code 0x800700df. The file size exceeds the limit allowed and cannot be saved.

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Items:
containerfile:D:\DO NOT DELETE\System_Backup.WIM
file:D:\DO NOT DELETE\System_Backup.WIM->\Program Files\Maintenance\Create Shortcuts.exe"

Thanks again

Edwardh

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:54 PM

Posted 26 January 2013 - 11:21 AM

Lets start a new topic as It appears the system is not stable and don't want to lose it.
Title it trouble removing malware
I think we should get a deeper look. Please follow this Preparation Guide and post in a new topic.

Let me know if all went well.


Include this link back to here...
http://www.bleepingcomputer.com/forums/topic482956.html/page__pid__2958408#entry2958408
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Edwardh

Edwardh
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 01 February 2013 - 07:55 PM

hey there just wanted to say al reasoved now it was the company that i got the laptop from but they forgot to allow it though Windows :s

Thanks for your help again

Edwardh

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:54 PM

Posted 01 February 2013 - 08:06 PM

Thanks for letting us know! :thumbup2:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users