Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible ZeroAccess Rootkit - tried multiple antimalware programs to no avail!


  • This topic is locked This topic is locked
10 replies to this topic

#1 RJswanee

RJswanee

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:43 AM

Posted 18 February 2013 - 08:13 PM

I'm running an HP Windows 8 64-bit laptop at work.  I took a two week vacation, and when I returned, I noticed the computer was riddled with various spyware and adware.  I initially had Spybot S&D and avast! Antivirus Free installed.  I ran thorough scans with both programs multiple times; neither program turned up the root problem.  There are "insurancecomparisons.org" and "ilivid download" pop-ups that appear about every five minutes while surfing the web and every fifteen minutes without a browser open.  I'm running Google Chrome as my default browser.

 

I have scoured the web to try and solve this without starting a new topic, but I am officially at a loss.  I have run Kaspersky, RogueKiller, adwcleaner, Malwarebytes (I replaced Spybot S&D with MWB), Hitman Pro 64-bit, ESETscanner and CKScanner.  Only RogueKiller even found anything, saying it detected the ZeroAccess Rootkit.  It did not, however, get rid of it.  Combofix won't work for me because it isn't compatible with Windows 8, and I couldn't find a comparable program.

I recently had to troubleshoot Windows Updates because it was malfunctioning.  This computer contains sensitive information (it is the main laptop for a therapist's office).  I have no freaking clue what happened to it while I was gone, but I've spent the past three weeks trying to fix it without success.  Any other programs that I haven't tried or tips in general would be greatly appreciated!

Thanks!

 

-RJswanee



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:43 AM

Posted 18 February 2013 - 08:16 PM

Hello,please run these 2

 

Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)
 
Do not change the default options on scan results.

 

 

 

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the  save log button, save it to your desktop, then copy and paste it in your next reply.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 RJswanee

RJswanee
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:43 AM

Posted 18 February 2013 - 08:48 PM

I will do it when I get to work in the morning tomorrow (no access to the computer outside of work). Thank you!

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:43 AM

Posted 18 February 2013 - 08:50 PM

That will be fine.

 

I meant to mention earlier as this is a sensitive computer thatrRootkits are info stealing infections and you may want to consider just wiping and reinstalling.. Of course after backing up the important data.

 

 

 

IMPORTANT NOTE about: TDSS/TDL3[/b] rootkit.

Rootkits[/b], backdoor Trojans, Botnets[/b], and IRCBots[/b] are very dangerous because they compromise system integrity by making changes that allow it to be used by the attacker for malicious purposes. Rootkits are used by Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:


If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. They should be changed using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:


Although the rootkit was identified and may be removed, your machine has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits [b]cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:





  •  


 

 

 


Edited by boopme, 18 February 2013 - 08:54 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 RJswanee

RJswanee
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:43 AM

Posted 19 February 2013 - 11:23 AM

Here's TDSSkiller (that was one of the scans I ran yesterday with the same result of nothing found).

 



08:15:12.0109 4288  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
08:15:12.0109 4288  UEFI system
08:15:12.0516 4288  ============================================================
08:15:12.0516 4288  Current date / time: 2013/02/19 08:15:12.0516
08:15:12.0516 4288  SystemInfo:
08:15:12.0516 4288  
08:15:12.0516 4288  OS Version: 6.2.9200 ServicePack: 0.0
08:15:12.0516 4288  Product type: Workstation
08:15:12.0516 4288  ComputerName: SCHWEETTHANG
08:15:12.0516 4288  UserName: Beccah
08:15:12.0516 4288  Windows directory: C:\Windows
08:15:12.0516 4288  System windows directory: C:\Windows
08:15:12.0516 4288  Running under WOW64
08:15:12.0516 4288  Processor architecture: Intel x64
08:15:12.0516 4288  Number of processors: 4
08:15:12.0516 4288  Page size: 0x1000
08:15:12.0516 4288  Boot type: Normal boot
08:15:12.0516 4288  ============================================================
08:15:12.0849 4288  BG loaded
08:15:13.0585 4288  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:15:13.0609 4288  ============================================================
08:15:13.0609 4288  \Device\Harddisk0\DR0:
08:15:13.0611 4288  GPT partitions:
08:15:13.0640 4288  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {5762BB3E-C36E-4110-A786-8A79A8E9BEE9}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xC8000
08:15:13.0640 4288  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {09628442-25D4-49E3-8BED-1129336791B2}, Name: EFI system partition, StartLBA 0xC8800, BlocksNum 0x82000
08:15:13.0640 4288  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {46F35399-C450-4196-A9F6-A3FCE2AB1242}, Name: Microsoft reserved partition, StartLBA 0x14A800, BlocksNum 0x40000
08:15:13.0640 4288  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {5F4C07C2-417D-408C-9AF6-1841AE127AB1}, Name: Basic data partition, StartLBA 0x18A800, BlocksNum 0x5406B000
08:15:13.0640 4288  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {C1F510E4-5AA9-4690-AAC0-E515A4B7C5A3}, Name: Basic data partition, StartLBA 0x541F5800, BlocksNum 0x3350800
08:15:13.0641 4288  MBR partitions:
08:15:13.0641 4288  ============================================================
08:15:13.0743 4288  C: <-> \Device\Harddisk0\DR0\Partition4
08:15:13.0886 4288  D: <-> \Device\Harddisk0\DR0\Partition5
08:15:13.0886 4288  ============================================================
08:15:13.0886 4288  Initialize success
08:15:13.0886 4288  ============================================================
08:15:22.0446 3200  ============================================================
08:15:22.0446 3200  Scan started
08:15:22.0446 3200  Mode: Manual; TDLFS; 
08:15:22.0446 3200  ============================================================
08:15:26.0038 3200  ================ Scan system memory ========================
08:15:26.0038 3200  System memory - ok
08:15:26.0039 3200  ================ Scan services =============================
08:15:26.0184 3200  [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
08:15:26.0187 3200  1394ohci - ok
08:15:26.0210 3200  [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware           C:\Windows\system32\drivers\3ware.sys
08:15:26.0212 3200  3ware - ok
08:15:26.0264 3200  [ C4C5D1AB35D1F931928056D61A1C4616 ] Accelerometer   C:\Windows\system32\DRIVERS\Accelerometer.sys
08:15:26.0265 3200  Accelerometer - ok
08:15:26.0336 3200  [ 975AABEB243B800C23626D6B652C5A9C ] ACPI            C:\Windows\system32\drivers\ACPI.sys
08:15:26.0341 3200  ACPI - ok
08:15:26.0353 3200  [ DC968C37822117E576B933F34A2D130C ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
08:15:26.0355 3200  acpiex - ok
08:15:26.0393 3200  [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
08:15:26.0393 3200  acpipagr - ok
08:15:26.0415 3200  [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
08:15:26.0416 3200  AcpiPmi - ok
08:15:26.0436 3200  [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
08:15:26.0437 3200  acpitime - ok
08:15:26.0455 3200  [ 93C6388592B99925C1D1576E465BC80F ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
08:15:26.0460 3200  adp94xx - ok
08:15:26.0498 3200  [ D27763E0247292654E7F7D16444C7C72 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
08:15:26.0502 3200  adpahci - ok
08:15:26.0534 3200  [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
08:15:26.0536 3200  adpu320 - ok
08:15:26.0588 3200  [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
08:15:26.0591 3200  AeLookupSvc - ok
08:15:26.0648 3200  [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD             C:\Windows\system32\drivers\afd.sys
08:15:26.0654 3200  AFD - ok
08:15:26.0670 3200  [ 01590377A5AB19E792528C628A2A68F9 ] agp440          C:\Windows\system32\drivers\agp440.sys
08:15:26.0672 3200  agp440 - ok
08:15:26.0710 3200  [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG             C:\Windows\System32\alg.exe
08:15:26.0711 3200  ALG - ok
08:15:26.0758 3200  [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
08:15:26.0760 3200  AllUserInstallAgent - ok
08:15:26.0807 3200  [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
08:15:26.0809 3200  AmdK8 - ok
08:15:26.0856 3200  [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
08:15:26.0858 3200  AmdPPM - ok
08:15:26.0901 3200  [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
08:15:26.0903 3200  amdsata - ok
08:15:26.0921 3200  [ 00452671904F5EE94B50BF0219C97164 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
08:15:26.0924 3200  amdsbs - ok
08:15:26.0974 3200  [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
08:15:26.0975 3200  amdxata - ok
08:15:27.0029 3200  [ 823F34D1DEF120A657BB7529ABF4461F ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
08:15:27.0031 3200  AppHostSvc - ok
08:15:27.0090 3200  [ 83B3682CE922FB0F415734B26D9D6233 ] AppID           C:\Windows\system32\drivers\appid.sys
08:15:27.0092 3200  AppID - ok
08:15:27.0121 3200  [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
08:15:27.0122 3200  AppIDSvc - ok
08:15:27.0139 3200  [ D64C4AFEE8277F35EF729A2B924666B0 ] Appinfo         C:\Windows\System32\appinfo.dll
08:15:27.0141 3200  Appinfo - ok
08:15:27.0145 3200  [ E933401B392387F4BE34DE8BAF1722A7 ] arc             C:\Windows\system32\drivers\arc.sys
08:15:27.0147 3200  arc - ok
08:15:27.0161 3200  [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
08:15:27.0163 3200  arcsas - ok
08:15:27.0268 3200  [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:15:27.0285 3200  aspnet_state - ok
08:15:27.0322 3200  [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
08:15:27.0323 3200  aswFsBlk - ok
08:15:27.0340 3200  [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
08:15:27.0342 3200  aswMonFlt - ok
08:15:27.0384 3200  [ 7415A03DEF5A4D5068112E8782FCEF75 ] aswnet          C:\Windows\System32\Drivers\aswnet.sys
08:15:27.0389 3200  aswnet - ok
08:15:27.0404 3200  [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
08:15:27.0405 3200  aswRdr - ok
08:15:27.0436 3200  [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
08:15:27.0445 3200  aswSnx - ok
08:15:27.0470 3200  [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
08:15:27.0474 3200  aswSP - ok
08:15:27.0479 3200  [ 87DE3E31CB0091D22351349869324065 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
08:15:27.0480 3200  aswTdi - ok
08:15:27.0507 3200  [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
08:15:27.0508 3200  AsyncMac - ok
08:15:27.0520 3200  [ A721FF570C2387E383BDDEA9632863C9 ] atapi           C:\Windows\system32\drivers\atapi.sys
08:15:27.0521 3200  atapi - ok
08:15:27.0546 3200  [ 810ED88782952228AF9C0985FB7D259E ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
08:15:27.0548 3200  AudioEndpointBuilder - ok
08:15:27.0596 3200  [ 25CA8B87479A374919563B3EE7136F32 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
08:15:27.0628 3200  Audiosrv - ok
08:15:27.0680 3200  [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
08:15:27.0681 3200  avast! Antivirus - ok
08:15:27.0728 3200  [ 89491EF71D5EA011127832C588002853 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
08:15:27.0731 3200  AxInstSV - ok
08:15:27.0777 3200  [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
08:15:27.0783 3200  b06bdrv - ok
08:15:27.0875 3200  [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
08:15:27.0877 3200  BasicDisplay - ok
08:15:27.0926 3200  [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
08:15:27.0927 3200  BasicRender - ok
08:15:27.0987 3200  [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC          C:\Windows\System32\bdesvc.dll
08:15:27.0990 3200  BDESVC - ok
08:15:28.0024 3200  [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep            C:\Windows\system32\drivers\Beep.sys
08:15:28.0024 3200  Beep - ok
08:15:28.0086 3200  [ 9E6A544F465C582AB42444A217CF04DC ] BFE             C:\Windows\System32\bfe.dll
08:15:28.0093 3200  BFE - ok
08:15:28.0169 3200  [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS            C:\Windows\System32\qmgr.dll
08:15:28.0403 3200  BITS - ok
08:15:28.0489 3200  [ 35616C8D6BBE95FC2C04973B3B53C348 ] BlueSoleilCS    C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
08:15:28.0503 3200  BlueSoleilCS - ok
08:15:28.0550 3200  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:15:28.0555 3200  Bonjour Service - ok
08:15:28.0608 3200  [ B17AC10B47C7FCB44D22A1F06415840E ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
08:15:28.0610 3200  bowser - ok
08:15:28.0653 3200  [ 975398A3D2C1FEA73FC93931978DF354 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
08:15:28.0656 3200  BrokerInfrastructure - ok
08:15:28.0718 3200  [ 310068BDA80B1D55C36580FD8A873FAF ] Browser         C:\Windows\System32\browser.dll
08:15:28.0720 3200  Browser - ok
08:15:28.0761 3200  [ BB9D6227BA756239BCA2C84A4CCDF77A ] BsHelpCS        C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
08:15:28.0764 3200  BsHelpCS - ok
08:15:28.0911 3200  [ 34AAF6FD68B8403E76F0D08A8C1C1DA3 ] BtAudioBusSrv   C:\Windows\System32\Drivers\BtAudioBus.sys
08:15:28.0912 3200  BtAudioBusSrv - ok
08:15:28.0984 3200  [ 3AA4309EBD9491E516F13FE3DC752FEE ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
08:15:28.0985 3200  BthAvrcpTg - ok
08:15:29.0019 3200  [ 6AB44FF15F12E2CADABA3B8E9B2FBEB8 ] BthEnum         C:\Windows\System32\drivers\BthEnum.sys
08:15:29.0020 3200  BthEnum - ok
08:15:29.0090 3200  [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
08:15:29.0091 3200  BthHFEnum - ok
08:15:29.0113 3200  [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
08:15:29.0114 3200  bthhfhid - ok
08:15:29.0128 3200  [ 9C09D5F1257F1748A4EAB0E8584FAF61 ] BthL2caScoIfSrv C:\Windows\System32\Drivers\BtL2caScoIf.sys
08:15:29.0129 3200  BthL2caScoIfSrv - ok
08:15:29.0140 3200  [ 42201C346F0B8C458E1E9CDE04D68A2C ] BthLEEnum       C:\Windows\system32\DRIVERS\BthLEEnum.sys
08:15:29.0143 3200  BthLEEnum - ok
08:15:29.0155 3200  [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
08:15:29.0156 3200  BTHMODEM - ok
08:15:29.0175 3200  [ 091BB978E9504D0AD14586929431A957 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
08:15:29.0177 3200  BthPan - ok
08:15:29.0230 3200  [ CFD630EA8B3F593FFA0030FD53BA7908 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
08:15:29.0241 3200  BTHPORT - ok
08:15:29.0263 3200  [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv         C:\Windows\system32\bthserv.dll
08:15:29.0265 3200  bthserv - ok
08:15:29.0296 3200  [ 69C903C026CB675E234F4A7C951FD722 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
08:15:29.0298 3200  BTHUSB - ok
08:15:29.0314 3200  [ 2B831007FD5BD2866481ABFF40F24E70 ] btUrbFilterDrv  C:\Windows\System32\Drivers\IvtUrbBtFlt.sys
08:15:29.0316 3200  btUrbFilterDrv - ok
08:15:29.0330 3200  [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
08:15:29.0331 3200  cdfs - ok
08:15:29.0355 3200  [ 339BFF85D788268752DA8C9644B188EE ] cdrom           C:\Windows\System32\drivers\cdrom.sys
08:15:29.0357 3200  cdrom - ok
08:15:29.0385 3200  [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc     C:\Windows\System32\certprop.dll
08:15:29.0388 3200  CertPropSvc - ok
08:15:29.0401 3200  [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass        C:\Windows\System32\drivers\circlass.sys
08:15:29.0402 3200  circlass - ok
08:15:29.0422 3200  [ 9905168708DB68849B879B5548F68AB3 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
08:15:29.0426 3200  CLFS - ok
08:15:29.0446 3200  [ 2DC8538A2260647484A6C921CA837313 ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
08:15:29.0447 3200  CmBatt - ok
08:15:29.0492 3200  [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG             C:\Windows\system32\Drivers\cng.sys
08:15:29.0498 3200  CNG - ok
08:15:29.0517 3200  [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
08:15:29.0518 3200  CompositeBus - ok
08:15:29.0522 3200  COMSysApp - ok
08:15:29.0532 3200  [ D9CB0782AF819548072AA45B70F8B22D ] condrv          C:\Windows\system32\drivers\condrv.sys
08:15:29.0533 3200  condrv - ok
08:15:29.0606 3200  [ DA8066CFED07DEBECB8DC08A55946ACE ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
08:15:29.0610 3200  cphs - ok
08:15:29.0645 3200  [ F0E78B119D12BA81F163D48C0FF30B9A ] CryptSvc        C:\Windows\system32\cryptsvc.dll
08:15:29.0647 3200  CryptSvc - ok
08:15:29.0682 3200  [ C4D01BD86D6B207275FC143EEA951D75 ] dam             C:\Windows\system32\drivers\dam.sys
08:15:29.0684 3200  dam - ok
08:15:29.0717 3200  [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch      C:\Windows\system32\rpcss.dll
08:15:29.0727 3200  DcomLaunch - ok
08:15:29.0760 3200  [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc       C:\Windows\System32\defragsvc.dll
08:15:29.0764 3200  defragsvc - ok
08:15:29.0801 3200  [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\Windows\system32\das.dll
08:15:29.0806 3200  DeviceAssociationService - ok
08:15:29.0840 3200  [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
08:15:29.0845 3200  DeviceInstall - ok
08:15:29.0865 3200  [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
08:15:29.0867 3200  Dfsc - ok
08:15:29.0905 3200  [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp            C:\Windows\system32\dhcpcore.dll
08:15:29.0910 3200  Dhcp - ok
08:15:29.0922 3200  [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache        C:\Windows\system32\drivers\discache.sys
08:15:29.0923 3200  discache - ok
08:15:29.0937 3200  [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk            C:\Windows\system32\drivers\disk.sys
08:15:29.0939 3200  disk - ok
08:15:29.0956 3200  [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
08:15:29.0957 3200  dmvsc - ok
08:15:30.0002 3200  [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
08:15:30.0005 3200  Dnscache - ok
08:15:30.0037 3200  [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc         C:\Windows\System32\dot3svc.dll
08:15:30.0041 3200  dot3svc - ok
08:15:30.0056 3200  [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS             C:\Windows\system32\dps.dll
08:15:30.0059 3200  DPS - ok
08:15:30.0088 3200  [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
08:15:30.0089 3200  drmkaud - ok
08:15:30.0109 3200  [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
08:15:30.0112 3200  DsmSvc - ok
08:15:30.0163 3200  [ 898BF1647BBF012B38EF45C7F9F7A67E ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
08:15:30.0181 3200  DXGKrnl - ok
08:15:30.0203 3200  [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost         C:\Windows\System32\eapsvc.dll
08:15:30.0206 3200  Eaphost - ok
08:15:30.0323 3200  [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
08:15:30.0353 3200  ebdrv - ok
08:15:30.0383 3200  [ F702AB6181513303AB0FC8D59E52708B ] EFS             C:\Windows\System32\lsass.exe
08:15:30.0385 3200  EFS - ok
08:15:30.0416 3200  [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
08:15:30.0418 3200  EhStorClass - ok
08:15:30.0435 3200  [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
08:15:30.0436 3200  EhStorTcgDrv - ok
08:15:30.0445 3200  [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev          C:\Windows\System32\drivers\errdev.sys
08:15:30.0446 3200  ErrDev - ok
08:15:30.0483 3200  [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem     C:\Windows\system32\es.dll
08:15:30.0489 3200  EventSystem - ok
08:15:30.0504 3200  [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat           C:\Windows\system32\drivers\exfat.sys
08:15:30.0507 3200  exfat - ok
08:15:30.0525 3200  [ 60996602A7111FD2D086E803F33E4282 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
08:15:30.0528 3200  fastfat - ok
08:15:30.0556 3200  [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax             C:\Windows\system32\fxssvc.exe
08:15:30.0564 3200  Fax - ok
08:15:30.0583 3200  [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc             C:\Windows\System32\drivers\fdc.sys
08:15:30.0585 3200  fdc - ok
08:15:30.0597 3200  [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost         C:\Windows\system32\fdPHost.dll
08:15:30.0599 3200  fdPHost - ok
08:15:30.0607 3200  [ 872506AAB591E8908DF4461475AF92DF ] FDResPub        C:\Windows\system32\fdrespub.dll
08:15:30.0609 3200  FDResPub - ok
08:15:30.0632 3200  [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc           C:\Windows\system32\fhsvc.dll
08:15:30.0636 3200  fhsvc - ok
08:15:30.0647 3200  [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
08:15:30.0648 3200  FileInfo - ok
08:15:30.0665 3200  [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
08:15:30.0666 3200  Filetrace - ok
08:15:30.0682 3200  [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
08:15:30.0682 3200  flpydisk - ok
08:15:30.0706 3200  [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
08:15:30.0710 3200  FltMgr - ok
08:15:30.0759 3200  [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache       C:\Windows\system32\FntCache.dll
08:15:30.0772 3200  FontCache - ok
08:15:30.0861 3200  [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:15:30.0862 3200  FontCache3.0.0.0 - ok
08:15:30.0882 3200  [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
08:15:30.0883 3200  FsDepends - ok
08:15:30.0907 3200  [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
08:15:30.0908 3200  Fs_Rec - ok
08:15:30.0951 3200  [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
08:15:30.0956 3200  fvevol - ok
08:15:30.0992 3200  [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
08:15:30.0993 3200  FxPPM - ok
08:15:31.0012 3200  [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
08:15:31.0013 3200  gagp30kx - ok
08:15:31.0048 3200  [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
08:15:31.0049 3200  gencounter - ok
08:15:31.0068 3200  [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
08:15:31.0070 3200  GPIOClx0101 - ok
08:15:31.0120 3200  [ 5358678C6370F2ADC5291849F6503262 ] gpsvc           C:\Windows\System32\gpsvc.dll
08:15:31.0134 3200  gpsvc - ok
08:15:31.0214 3200  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:15:31.0215 3200  gupdate - ok
08:15:31.0219 3200  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:15:31.0220 3200  gupdatem - ok
08:15:31.0255 3200  [ 9FC1F11D4D19F61DFE5CC878B4557D3A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:15:31.0259 3200  HdAudAddService - ok
08:15:31.0289 3200  [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
08:15:31.0290 3200  HDAudBus - ok
08:15:31.0307 3200  [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
08:15:31.0308 3200  HidBatt - ok
08:15:31.0326 3200  [ A25BAE8C1F2830C8E5625EC7E4E968BE ] HidBth          C:\Windows\System32\drivers\hidbth.sys
08:15:31.0328 3200  HidBth - ok
08:15:31.0352 3200  [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
08:15:31.0354 3200  hidi2c - ok
08:15:31.0372 3200  [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr           C:\Windows\System32\drivers\hidir.sys
08:15:31.0373 3200  HidIr - ok
08:15:31.0408 3200  [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv         C:\Windows\system32\hidserv.dll
08:15:31.0410 3200  hidserv - ok
08:15:31.0427 3200  [ 590B6F71BCDA4368B4BF7D8DF22B60F7 ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
08:15:31.0428 3200  HidUsb - ok
08:15:31.0456 3200  [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc          C:\Windows\system32\kmsvc.dll
08:15:31.0459 3200  hkmsvc - ok
08:15:31.0496 3200  [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:15:31.0502 3200  HomeGroupListener - ok
08:15:31.0537 3200  [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:15:31.0541 3200  HomeGroupProvider - ok
08:15:31.0565 3200  [ EF4BE0BB23BB14879050884E688F5178 ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
08:15:31.0644 3200  hpdskflt - ok
08:15:31.0705 3200  [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
08:15:31.0715 3200  hpqwmiex - ok
08:15:31.0746 3200  [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
08:15:31.0748 3200  HpSAMD - ok
08:15:31.0779 3200  [ 13B51E53073E4555E226871C7FCEF0E8 ] hpsrv           C:\Windows\system32\Hpservice.exe
08:15:31.0781 3200  hpsrv - ok
08:15:31.0821 3200  [ 29CB98187BB5711F7759540976D295FC ] HTTP            C:\Windows\system32\drivers\HTTP.sys
08:15:31.0829 3200  HTTP - ok
08:15:31.0840 3200  [ 2A98301068801700906C06649860FE94 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
08:15:31.0841 3200  hwpolicy - ok
08:15:31.0862 3200  [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
08:15:31.0863 3200  hyperkbd - ok
08:15:31.0879 3200  [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
08:15:31.0880 3200  HyperVideo - ok
08:15:31.0898 3200  [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
08:15:31.0899 3200  i8042prt - ok
08:15:31.0936 3200  [ 050F2539E14F9D5E90A4B61738EC29BD ] iaStorA         C:\Windows\system32\drivers\iaStorA.sys
08:15:31.0939 3200  iaStorA - ok
08:15:31.0968 3200  [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
08:15:31.0973 3200  iaStorV - ok
08:15:32.0048 3200  [ ABEFA4BD23329FD9BD47496BF2E58774 ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
08:15:32.0071 3200  IconMan_R - ok
08:15:32.0228 3200  [ 11A31FC2481BFE69B0507ED8C80215F4 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
08:15:32.0364 3200  igfx - ok
08:15:32.0405 3200  [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
08:15:32.0406 3200  iirsp - ok
08:15:32.0452 3200  [ 531B5A98145DA689741A0AC18F14EA94 ] IKEEXT          C:\Windows\System32\ikeext.dll
08:15:32.0464 3200  IKEEXT - ok
08:15:32.0492 3200  [ F5495B38BFB9149925F54F65AB40EFBF ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
08:15:32.0496 3200  IntcDAud - ok
08:15:32.0552 3200  [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
08:15:32.0559 3200  Intel® Capability Licensing Service Interface - ok
08:15:32.0604 3200  [ 30E9FAC23E2537D82F2836CB81AEE186 ] Intel® ME Service C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
08:15:32.0605 3200  Intel® ME Service - ok
08:15:32.0626 3200  [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide        C:\Windows\system32\drivers\intelide.sys
08:15:32.0627 3200  intelide - ok
08:15:32.0656 3200  [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm        C:\Windows\System32\drivers\intelppm.sys
08:15:32.0657 3200  intelppm - ok
08:15:32.0673 3200  [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:15:32.0675 3200  IpFilterDriver - ok
08:15:32.0711 3200  [ CAC5202757EF68C4849B0DFFA75F6D3C ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
08:15:32.0722 3200  iphlpsvc - ok
08:15:32.0726 3200  [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
08:15:32.0728 3200  IPMIDRV - ok
08:15:32.0750 3200  [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
08:15:32.0753 3200  IPNAT - ok
08:15:32.0766 3200  [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM          C:\Windows\system32\drivers\irenum.sys
08:15:32.0767 3200  IRENUM - ok
08:15:32.0780 3200  [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
08:15:32.0781 3200  isapnp - ok
08:15:32.0810 3200  [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
08:15:32.0814 3200  iScsiPrt - ok
08:15:32.0856 3200  [ 3C4002D339491AF73D663FFC7F6E5ECB ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
08:15:32.0858 3200  jhi_service - ok
08:15:32.0867 3200  [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
08:15:32.0868 3200  kbdclass - ok
08:15:32.0895 3200  [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
08:15:32.0896 3200  kbdhid - ok
08:15:32.0914 3200  [ FB6C185092E18011EF49989425C2AA87 ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
08:15:32.0915 3200  kdnic - ok
08:15:32.0922 3200  [ F702AB6181513303AB0FC8D59E52708B ] KeyIso          C:\Windows\system32\lsass.exe
08:15:32.0925 3200  KeyIso - ok
08:15:32.0961 3200  [ DFA480F6DED551464F3A5B959F437800 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
08:15:32.0962 3200  KSecDD - ok
08:15:32.0998 3200  [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
08:15:33.0000 3200  KSecPkg - ok
08:15:33.0015 3200  [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
08:15:33.0016 3200  ksthunk - ok
08:15:33.0046 3200  [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm           C:\Windows\system32\msdtckrm.dll
08:15:33.0052 3200  KtmRm - ok
08:15:33.0078 3200  [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer    C:\Windows\system32\srvsvc.dll
08:15:33.0086 3200  LanmanServer - ok
08:15:33.0123 3200  [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:15:33.0134 3200  LanmanWorkstation - ok
08:15:33.0154 3200  [ CEEFD29FC551F289810B0B9381B321DC ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
08:15:33.0156 3200  lltdio - ok
08:15:33.0193 3200  [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc         C:\Windows\System32\lltdsvc.dll
08:15:33.0197 3200  lltdsvc - ok
08:15:33.0216 3200  [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts         C:\Windows\System32\lmhsvc.dll
08:15:33.0218 3200  lmhosts - ok
08:15:33.0250 3200  [ 4269D44BB47A6DA5D80B11F4C8536458 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
08:15:33.0253 3200  LMS - ok
08:15:33.0273 3200  [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
08:15:33.0275 3200  LSI_SAS - ok
08:15:33.0280 3200  [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
08:15:33.0281 3200  LSI_SAS2 - ok
08:15:33.0286 3200  [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
08:15:33.0288 3200  LSI_SCSI - ok
08:15:33.0300 3200  [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
08:15:33.0302 3200  LSI_SSS - ok
08:15:33.0327 3200  [ 8FEFDCEE40B75FD23B4BC60DA6576113 ] LSM             C:\Windows\System32\lsm.dll
08:15:33.0333 3200  LSM - ok
08:15:33.0351 3200  [ 2BDC5D711FA61307CE6190D47C956368 ] luafv           C:\Windows\system32\drivers\luafv.sys
08:15:33.0353 3200  luafv - ok
08:15:33.0372 3200  [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas         C:\Windows\system32\drivers\megasas.sys
08:15:33.0373 3200  megasas - ok
08:15:33.0388 3200  [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
08:15:33.0396 3200  MegaSR - ok
08:15:33.0449 3200  [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64          C:\Windows\System32\drivers\HECIx64.sys
08:15:33.0450 3200  MEIx64 - ok
08:15:33.0483 3200  [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS           C:\Windows\system32\mmcss.dll
08:15:33.0486 3200  MMCSS - ok
08:15:33.0490 3200  [ 780098AD5DA8A4822E2563984C85EF7B ] Modem           C:\Windows\system32\drivers\modem.sys
08:15:33.0492 3200  Modem - ok
08:15:33.0507 3200  [ 83EB0BF7E6EBD5B1AAC97F9DBD5EB935 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
08:15:33.0508 3200  monitor - ok
08:15:33.0524 3200  [ 618446B98C79776654340CE27C73485E ] mouclass        C:\Windows\System32\drivers\mouclass.sys
08:15:33.0525 3200  mouclass - ok
08:15:33.0554 3200  [ CB2527B8B87D83E56FBF3944BBB6F606 ] mouhid          C:\Windows\System32\drivers\mouhid.sys
08:15:33.0555 3200  mouhid - ok
08:15:33.0574 3200  [ 89D263DBF08119CE16273991C120D6DD ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
08:15:33.0576 3200  mountmgr - ok
08:15:33.0613 3200  [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
08:15:33.0614 3200  mpsdrv - ok
08:15:33.0671 3200  [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc          C:\Windows\system32\mpssvc.dll
08:15:33.0682 3200  MpsSvc - ok
08:15:33.0698 3200  [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
08:15:33.0700 3200  MRxDAV - ok
08:15:33.0736 3200  [ 877D60D6E4156EC4A2E0B6871D41BED9 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
08:15:33.0740 3200  mrxsmb - ok
08:15:33.0763 3200  [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:15:33.0766 3200  mrxsmb10 - ok
08:15:33.0777 3200  [ E078446D4B8622AA6030C7B8A1A08962 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:15:33.0779 3200  mrxsmb20 - ok
08:15:33.0809 3200  [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
08:15:33.0810 3200  MsBridge - ok
08:15:33.0830 3200  [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC           C:\Windows\System32\msdtc.exe
08:15:33.0834 3200  MSDTC - ok
08:15:33.0853 3200  [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
08:15:33.0854 3200  Msfs - ok
08:15:33.0880 3200  [ C9BFB0353099B071E70299549C18C8AE ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
08:15:33.0881 3200  msgpiowin32 - ok
08:15:33.0895 3200  [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
08:15:33.0896 3200  mshidkmdf - ok
08:15:33.0908 3200  [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
08:15:33.0909 3200  mshidumdf - ok
08:15:33.0920 3200  [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
08:15:33.0921 3200  msisadrv - ok
08:15:33.0947 3200  [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
08:15:33.0950 3200  MSiSCSI - ok
08:15:33.0954 3200  msiserver - ok
08:15:33.0964 3200  [ 509809566E49F4411055864EA8D437CD ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
08:15:33.0964 3200  MSKSSRV - ok
08:15:33.0982 3200  [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
08:15:33.0983 3200  MsLldp - ok
08:15:34.0006 3200  [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
08:15:34.0007 3200  MSPCLOCK - ok
08:15:34.0018 3200  [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
08:15:34.0018 3200  MSPQM - ok
08:15:34.0048 3200  [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
08:15:34.0053 3200  MsRPC - ok
08:15:34.0067 3200  [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
08:15:34.0068 3200  mssmbios - ok
08:15:34.0084 3200  [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
08:15:34.0085 3200  MSTEE - ok
08:15:34.0114 3200  [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
08:15:34.0115 3200  MTConfig - ok
08:15:34.0126 3200  [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup             C:\Windows\system32\Drivers\mup.sys
08:15:34.0128 3200  Mup - ok
08:15:34.0143 3200  [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
08:15:34.0145 3200  mvumis - ok
08:15:34.0173 3200  [ 4B18840511D720BA118D3017E8165875 ] napagent        C:\Windows\system32\qagentRT.dll
08:15:34.0180 3200  napagent - ok
08:15:34.0216 3200  [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
08:15:34.0221 3200  NativeWifiP - ok
08:15:34.0245 3200  [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc          C:\Windows\System32\ncasvc.dll
08:15:34.0249 3200  NcaSvc - ok
08:15:34.0253 3200  [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
08:15:34.0257 3200  NcdAutoSetup - ok
08:15:34.0300 3200  [ 0F89AE618DBA5D8AB7A2DFCC375F4159 ] NDIS            C:\Windows\system32\drivers\ndis.sys
08:15:34.0314 3200  NDIS - ok
08:15:34.0340 3200  [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
08:15:34.0341 3200  NdisCap - ok
08:15:34.0354 3200  [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
08:15:34.0356 3200  NdisImPlatform - ok
08:15:34.0402 3200  [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
08:15:34.0403 3200  NdisTapi - ok
08:15:34.0421 3200  [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
08:15:34.0422 3200  Ndisuio - ok
08:15:34.0432 3200  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
08:15:34.0435 3200  NdisWan - ok
08:15:34.0439 3200  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY   C:\Windows\system32\DRIVERS\ndiswan.sys
08:15:34.0441 3200  NDISWANLEGACY - ok
08:15:34.0450 3200  [ CE6EBC0AD38CC6482D8FBB744FF15CE2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
08:15:34.0452 3200  NDProxy - ok
08:15:34.0463 3200  [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu             C:\Windows\system32\drivers\Ndu.sys
08:15:34.0464 3200  Ndu - ok
08:15:34.0479 3200  [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
08:15:34.0480 3200  NetBIOS - ok
08:15:34.0500 3200  [ 7CEC25C682D319D484630B3952C31A11 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
08:15:34.0504 3200  NetBT - ok
08:15:34.0521 3200  [ F702AB6181513303AB0FC8D59E52708B ] Netlogon        C:\Windows\system32\lsass.exe
08:15:34.0523 3200  Netlogon - ok
08:15:34.0552 3200  [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman          C:\Windows\System32\netman.dll
08:15:34.0557 3200  Netman - ok
08:15:34.0575 3200  [ 20F6FD63E6D456114BC8056D62792786 ] netprofm        C:\Windows\System32\netprofmsvc.dll
08:15:34.0584 3200  netprofm - ok
08:15:34.0637 3200  [ 06C59F7859970C445F09E233D607FA4C ] netr28x         C:\Windows\system32\DRIVERS\netr28x.sys
08:15:34.0655 3200  netr28x - ok
08:15:34.0705 3200  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:15:34.0742 3200  NetTcpPortSharing - ok
08:15:34.0763 3200  [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
08:15:34.0764 3200  nfrd960 - ok
08:15:34.0803 3200  [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc          C:\Windows\System32\nlasvc.dll
08:15:34.0809 3200  NlaSvc - ok
08:15:34.0826 3200  [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
08:15:34.0827 3200  Npfs - ok
08:15:34.0836 3200  [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
08:15:34.0837 3200  npsvctrig - ok
08:15:34.0864 3200  [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi             C:\Windows\system32\nsisvc.dll
08:15:34.0868 3200  nsi - ok
08:15:34.0882 3200  [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
08:15:34.0883 3200  nsiproxy - ok
08:15:34.0931 3200  [ 4A7EEA9C4AD5CBFDA3C0E5B821C99CAD ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
08:15:34.0949 3200  Ntfs - ok
08:15:34.0958 3200  [ 4163ADE07DB51843AE31F65B94F5398D ] Null            C:\Windows\system32\drivers\Null.sys
08:15:34.0960 3200  Null - ok
08:15:34.0978 3200  [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
08:15:34.0981 3200  nvraid - ok
08:15:34.0986 3200  [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
08:15:34.0989 3200  nvstor - ok
08:15:34.0998 3200  [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
08:15:35.0000 3200  nv_agp - ok
08:15:35.0031 3200  [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
08:15:35.0037 3200  p2pimsvc - ok
08:15:35.0064 3200  [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc          C:\Windows\system32\p2psvc.dll
08:15:35.0071 3200  p2psvc - ok
08:15:35.0086 3200  [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport         C:\Windows\System32\drivers\parport.sys
08:15:35.0088 3200  Parport - ok
08:15:35.0111 3200  [ C1D7BA7F0DE487DFEEB51BF8D3EC5562 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
08:15:35.0113 3200  partmgr - ok
08:15:35.0149 3200  [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc          C:\Windows\System32\pcasvc.dll
08:15:35.0156 3200  PcaSvc - ok
08:15:35.0183 3200  [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci             C:\Windows\system32\drivers\pci.sys
08:15:35.0185 3200  pci - ok
08:15:35.0204 3200  [ F9908D274D458220F91E89B54D78D837 ] pciide          C:\Windows\system32\drivers\pciide.sys
08:15:35.0205 3200  pciide - ok
08:15:35.0229 3200  [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
08:15:35.0232 3200  pcmcia - ok
08:15:35.0253 3200  [ CEBBAD5391C2644560C55628A40BFD27 ] pcw             C:\Windows\system32\drivers\pcw.sys
08:15:35.0254 3200  pcw - ok
08:15:35.0297 3200  [ EF9B4F3136B4C45F421ADE6871659FB6 ] pdc             C:\Windows\system32\drivers\pdc.sys
08:15:35.0298 3200  pdc - ok
08:15:35.0324 3200  [ 70DBB6A8B52B3830922F1C5789E1BEEB ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
08:15:35.0331 3200  PEAUTH - ok
08:15:35.0384 3200  [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost        C:\Windows\SysWow64\perfhost.exe
08:15:35.0395 3200  PerfHost - ok
08:15:35.0438 3200  [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla             C:\Windows\system32\pla.dll
08:15:35.0453 3200  pla - ok
08:15:35.0487 3200  [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
08:15:35.0491 3200  PlugPlay - ok
08:15:35.0507 3200  [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
08:15:35.0510 3200  PNRPAutoReg - ok
08:15:35.0517 3200  [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
08:15:35.0521 3200  PNRPsvc - ok
08:15:35.0552 3200  [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
08:15:35.0559 3200  PolicyAgent - ok
08:15:35.0598 3200  [ F1E067F56373F11EA4B785CAE823740A ] Power           C:\Windows\system32\umpo.dll
08:15:35.0602 3200  Power - ok
08:15:35.0626 3200  [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
08:15:35.0628 3200  PptpMiniport - ok
08:15:35.0761 3200  [ C2D3B3D0060619D5E03E696BD56FF59F ] PrintNotify     C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
08:15:35.0794 3200  PrintNotify - ok
08:15:35.0848 3200  [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor       C:\Windows\System32\drivers\processr.sys
08:15:35.0850 3200  Processor - ok
08:15:35.0894 3200  [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc         C:\Windows\system32\profsvc.dll
08:15:35.0899 3200  ProfSvc - ok
08:15:35.0939 3200  [ EB8034147D4820CD31BFCB11A2A652DF ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
08:15:35.0941 3200  Psched - ok
08:15:35.0993 3200  [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE           C:\Windows\system32\qwave.dll
08:15:35.0999 3200  QWAVE - ok
08:15:36.0067 3200  [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
08:15:36.0068 3200  QWAVEdrv - ok
08:15:36.0078 3200  [ 873C60F8178100557740A832FCE10B5F ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
08:15:36.0079 3200  RasAcd - ok
08:15:36.0102 3200  [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
08:15:36.0103 3200  RasAgileVpn - ok
08:15:36.0119 3200  [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto         C:\Windows\System32\rasauto.dll
08:15:36.0123 3200  RasAuto - ok
08:15:36.0134 3200  [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
08:15:36.0136 3200  Rasl2tp - ok
08:15:36.0143 3200  [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan          C:\Windows\System32\rasmans.dll
08:15:36.0150 3200  RasMan - ok
08:15:36.0161 3200  [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
08:15:36.0163 3200  RasPppoe - ok
08:15:36.0180 3200  [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
08:15:36.0182 3200  RasSstp - ok
08:15:36.0194 3200  [ B72C33DBD5326B3864CF2091AF8B906B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
08:15:36.0199 3200  rdbss - ok
08:15:36.0209 3200  [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
08:15:36.0210 3200  rdpbus - ok
08:15:36.0230 3200  [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
08:15:36.0233 3200  RDPDR - ok
08:15:36.0271 3200  [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
08:15:36.0272 3200  RdpVideoMiniport - ok
08:15:36.0296 3200  [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
08:15:36.0299 3200  RDPWD - ok
08:15:36.0321 3200  [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
08:15:36.0324 3200  rdyboost - ok
08:15:36.0373 3200  [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess    C:\Windows\System32\mprdim.dll
08:15:36.0376 3200  RemoteAccess - ok
08:15:36.0402 3200  [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry  C:\Windows\system32\regsvc.dll
08:15:36.0407 3200  RemoteRegistry - ok
08:15:36.0436 3200  [ 17EF582CBC4809F96B9E6D0543480763 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
08:15:36.0438 3200  RFCOMM - ok
08:15:36.0473 3200  [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
08:15:36.0477 3200  RpcEptMapper - ok
08:15:36.0505 3200  [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator      C:\Windows\system32\locator.exe
08:15:36.0507 3200  RpcLocator - ok
08:15:36.0539 3200  [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs           C:\Windows\system32\rpcss.dll
08:15:36.0546 3200  RpcSs - ok
08:15:36.0577 3200  [ D38250F459BF60D6F4B69B79DCD948CC ] RSP2STOR        C:\Windows\system32\DRIVERS\RtsP2Stor.sys
08:15:36.0580 3200  RSP2STOR - ok
08:15:36.0599 3200  [ E04E770DD198B9399640717145E79EBF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
08:15:36.0601 3200  rspndr - ok
08:15:36.0660 3200  [ 8425D528D2203366F364B9B58C03CF33 ] rtbth           C:\Windows\System32\drivers\rtbth.sys
08:15:36.0667 3200  rtbth - ok
08:15:36.0704 3200  [ 34DA0D14F5C3F1883A331AFB975AB434 ] RTL8168         C:\Windows\system32\DRIVERS\Rt630x64.sys
08:15:36.0712 3200  RTL8168 - ok
08:15:36.0739 3200  [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
08:15:36.0740 3200  s3cap - ok
08:15:36.0772 3200  [ F702AB6181513303AB0FC8D59E52708B ] SamSs           C:\Windows\system32\lsass.exe
08:15:36.0774 3200  SamSs - ok
08:15:36.0792 3200  [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
08:15:36.0794 3200  sbp2port - ok
08:15:36.0827 3200  [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr        C:\Windows\System32\SCardSvr.dll
08:15:36.0832 3200  SCardSvr - ok
08:15:36.0843 3200  [ 5D7733A12756B267FCA021672B26BC9E ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
08:15:36.0844 3200  scfilter - ok
08:15:36.0880 3200  [ EDCDF4DB82EF825B94B190D544C8C58B ] Schedule        C:\Windows\system32\schedsvc.dll
08:15:36.0894 3200  Schedule - ok
08:15:36.0918 3200  [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc     C:\Windows\System32\certprop.dll
08:15:36.0919 3200  SCPolicySvc - ok
08:15:36.0951 3200  [ 66E29CADF9FF6C8325C356BDD617F7EA ] sdbus           C:\Windows\System32\drivers\sdbus.sys
08:15:36.0954 3200  sdbus - ok
08:15:36.0971 3200  [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC          C:\Windows\System32\SDRSVC.dll
08:15:36.0975 3200  SDRSVC - ok
08:15:37.0001 3200  [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
08:15:37.0003 3200  sdstor - ok
08:15:37.0030 3200  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
08:15:37.0031 3200  secdrv - ok
08:15:37.0047 3200  [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon        C:\Windows\system32\seclogon.dll
08:15:37.0051 3200  seclogon - ok
08:15:37.0064 3200  [ 9C51620998F0763039DFA6BF68E475ED ] SENS            C:\Windows\System32\sens.dll
08:15:37.0068 3200  SENS - ok
08:15:37.0085 3200  [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc        C:\Windows\system32\sensrsvc.dll
08:15:37.0092 3200  SensrSvc - ok
08:15:37.0105 3200  [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx           C:\Windows\system32\drivers\SerCx.sys
08:15:37.0106 3200  SerCx - ok
08:15:37.0127 3200  [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum         C:\Windows\System32\drivers\serenum.sys
08:15:37.0128 3200  Serenum - ok
08:15:37.0138 3200  [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial          C:\Windows\System32\drivers\serial.sys
08:15:37.0139 3200  Serial - ok
08:15:37.0151 3200  [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse        C:\Windows\System32\drivers\sermouse.sys
08:15:37.0152 3200  sermouse - ok
08:15:37.0181 3200  [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv      C:\Windows\system32\sessenv.dll
08:15:37.0187 3200  SessionEnv - ok
08:15:37.0208 3200  [ 7EE65419B29302C795714FF8073969A1 ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
08:15:37.0209 3200  sfloppy - ok
08:15:37.0247 3200  [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
08:15:37.0252 3200  SharedAccess - ok
08:15:37.0292 3200  [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:15:37.0300 3200  ShellHWDetection - ok
08:15:37.0322 3200  [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
08:15:37.0323 3200  SiSRaid2 - ok
08:15:37.0339 3200  [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
08:15:37.0340 3200  SiSRaid4 - ok
08:15:37.0368 3200  [ AF5CC3F9B88F140D78FC967ABF0F4EC7 ] SmbDrv          C:\Windows\System32\drivers\Smb_driver_AMDASF.sys
08:15:37.0370 3200  SmbDrv - ok
08:15:37.0388 3200  [ 19555D03CB179BED8B8AAA239A36BDA4 ] SmbDrvI         C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
08:15:37.0389 3200  SmbDrvI - ok
08:15:37.0405 3200  [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
08:15:37.0408 3200  SNMPTRAP - ok
08:15:37.0426 3200  [ 465F3C355CE5ED2779B8F460F14C5A78 ] spaceport       C:\Windows\system32\drivers\spaceport.sys
08:15:37.0429 3200  spaceport - ok
08:15:37.0433 3200  [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
08:15:37.0435 3200  SpbCx - ok
08:15:37.0467 3200  [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler         C:\Windows\System32\spoolsv.exe
08:15:37.0479 3200  Spooler - ok
08:15:37.0786 3200  [ EC84D961501054F87A6878EC5D53388F ] sppsvc          C:\Windows\system32\sppsvc.exe
08:15:37.0888 3200  sppsvc - ok
08:15:37.0915 3200  [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv             C:\Windows\system32\DRIVERS\srv.sys
08:15:37.0919 3200  srv - ok
08:15:38.0032 3200  [ C2106BB710AA34A046126AED7BCA6964 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
08:15:38.0039 3200  srv2 - ok
08:15:38.0085 3200  [ 9400C71F5A1A380B494B6922F007D485 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
08:15:38.0088 3200  srvnet - ok
08:15:38.0147 3200  [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
08:15:38.0153 3200  SSDPSRV - ok
08:15:38.0170 3200  [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc         C:\Windows\system32\sstpsvc.dll
08:15:38.0174 3200  SstpSvc - ok
08:15:38.0270 3200  [ F452B51D895D894BF5487057E11D44CF ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
08:15:38.0274 3200  STacSV - ok
08:15:38.0325 3200  [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
08:15:38.0326 3200  stexstor - ok
08:15:38.0372 3200  [ B05AEC4014FFDC1793B5CCB6D9BD28D1 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
08:15:38.0378 3200  STHDA - ok
08:15:38.0417 3200  [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc          C:\Windows\System32\wiaservc.dll
08:15:38.0427 3200  stisvc - ok
08:15:38.0461 3200  [ C588BBD37B432CE3204E5765B459E6B2 ] storahci        C:\Windows\system32\drivers\storahci.sys
08:15:38.0463 3200  storahci - ok
08:15:38.0526 3200  [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
08:15:38.0527 3200  storflt - ok
08:15:38.0554 3200  [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc         C:\Windows\system32\storsvc.dll
08:15:38.0558 3200  StorSvc - ok
08:15:38.0588 3200  [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
08:15:38.0589 3200  storvsc - ok
08:15:38.0612 3200  [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc           C:\Windows\system32\svsvc.dll
08:15:38.0616 3200  svsvc - ok
08:15:38.0663 3200  [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum          C:\Windows\System32\drivers\swenum.sys
08:15:38.0664 3200  swenum - ok
08:15:38.0792 3200  [ 502F9488540051F3E6C39889ECFA76BB ] swprv           C:\Windows\System32\swprv.dll
08:15:38.0827 3200  swprv - ok
08:15:38.0937 3200  [ 3F45C3FE208CA5E68832B65C597A35A6 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
08:15:38.0945 3200  SynTP - ok
08:15:38.0996 3200  [ DC21E1F06343773D7E24362DCEF7944B ] SysMain         C:\Windows\system32\sysmain.dll
08:15:39.0011 3200  SysMain - ok
08:15:39.0068 3200  [ E219BF7BCCFE4881B0C053C7E0B47ECC ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
08:15:39.0073 3200  SystemEventsBroker - ok
08:15:39.0090 3200  [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\Windows\System32\TabSvc.dll
08:15:39.0102 3200  TabletInputService - ok
08:15:39.0121 3200  [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
08:15:39.0128 3200  TapiSrv - ok
08:15:39.0178 3200  [ D192288CE5FB395F0BBAFDD1A8B5285D ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
08:15:39.0199 3200  Tcpip - ok
08:15:39.0223 3200  [ D192288CE5FB395F0BBAFDD1A8B5285D ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
08:15:39.0234 3200  TCPIP6 - ok
08:15:39.0271 3200  [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
08:15:39.0272 3200  tcpipreg - ok
08:15:39.0283 3200  [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
08:15:39.0285 3200  tdx - ok
08:15:39.0311 3200  [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
08:15:39.0312 3200  terminpt - ok
08:15:39.0353 3200  [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService     C:\Windows\System32\termsrv.dll
08:15:39.0363 3200  TermService - ok
08:15:39.0382 3200  [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes          C:\Windows\system32\themeservice.dll
08:15:39.0387 3200  Themes - ok
08:15:39.0417 3200  [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER     C:\Windows\system32\mmcss.dll
08:15:39.0420 3200  THREADORDER - ok
08:15:39.0469 3200  [ FF4135424A79DCC2998276D8E39C9B4D ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
08:15:39.0475 3200  TimeBroker - ok
08:15:39.0510 3200  [ B44EFE254C0B3719E4037088D24FE4B5 ] TPM             C:\Windows\system32\drivers\tpm.sys
08:15:39.0512 3200  TPM - ok
08:15:39.0530 3200  [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks          C:\Windows\System32\trkwks.dll
08:15:39.0536 3200  TrkWks - ok
08:15:39.0578 3200  [ 8D516AEF3C1DF980664CF17BB1FF6093 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:15:39.0579 3200  TrustedInstaller - ok
08:15:39.0623 3200  [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
08:15:39.0624 3200  TsUsbFlt - ok
08:15:39.0636 3200  [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
08:15:39.0637 3200  TsUsbGD - ok
08:15:39.0659 3200  [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
08:15:39.0661 3200  tunnel - ok
08:15:39.0684 3200  [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35          C:\Windows\system32\drivers\uagp35.sys
08:15:39.0685 3200  uagp35 - ok
08:15:39.0721 3200  [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
08:15:39.0723 3200  UASPStor - ok
08:15:39.0756 3200  [ 1ED222DFE6C13DA50FE081ABF90CAFE1 ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
08:15:39.0759 3200  UCX01000 - ok
08:15:39.0792 3200  [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
08:15:39.0796 3200  udfs - ok
08:15:39.0830 3200  [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect       C:\Windows\system32\UI0Detect.exe
08:15:39.0834 3200  UI0Detect - ok
08:15:39.0839 3200  [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
08:15:39.0840 3200  uliagpkx - ok
08:15:39.0857 3200  [ 02CEB3FE6152668A7BA420B93B664860 ] umbus           C:\Windows\System32\drivers\umbus.sys
08:15:39.0858 3200  umbus - ok
08:15:39.0871 3200  [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass          C:\Windows\System32\drivers\umpass.sys
08:15:39.0872 3200  UmPass - ok
08:15:39.0894 3200  [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService    C:\Windows\System32\umrdp.dll
08:15:39.0900 3200  UmRdpService - ok
08:15:40.0008 3200  [ DBE2E6388379D5CC78099650541E9566 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
08:15:40.0012 3200  UNS - ok
08:15:40.0051 3200  [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost        C:\Windows\System32\upnphost.dll
08:15:40.0060 3200  upnphost - ok
08:15:40.0075 3200  [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
08:15:40.0077 3200  usbccgp - ok
08:15:40.0102 3200  [ B395B62B62F28106218FA6FB17F4C797 ] usbcir          C:\Windows\System32\drivers\usbcir.sys
08:15:40.0104 3200  usbcir - ok
08:15:40.0130 3200  [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
08:15:40.0132 3200  usbehci - ok
08:15:40.0175 3200  [ FBB6794E3BBAD92D66D59D206C1F849F ] usbhub          C:\Windows\System32\drivers\usbhub.sys
08:15:40.0180 3200  usbhub - ok
08:15:40.0223 3200  [ B7A948501424805571BF562BB0BFE31D ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
08:15:40.0228 3200  USBHUB3 - ok
08:15:40.0250 3200  [ 325F6179009B5A7F6118951A5BA422AB ] usbohci         C:\Windows\System32\drivers\usbohci.sys
08:15:40.0251 3200  usbohci - ok
08:15:40.0268 3200  [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint        C:\Windows\System32\drivers\usbprint.sys
08:15:40.0269 3200  usbprint - ok
08:15:40.0284 3200  [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
08:15:40.0286 3200  USBSTOR - ok
08:15:40.0319 3200  [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
08:15:40.0321 3200  usbuhci - ok
08:15:40.0352 3200  [ 09799E701B4327097E9F63D3FE221083 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
08:15:40.0355 3200  usbvideo - ok
08:15:40.0388 3200  [ 9CD4259AD15F84DE27B94A956C978D6C ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
08:15:40.0392 3200  USBXHCI - ok
08:15:40.0399 3200  [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc        C:\Windows\system32\lsass.exe
08:15:40.0402 3200  VaultSvc - ok
08:15:40.0426 3200  [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
08:15:40.0427 3200  vdrvroot - ok
08:15:40.0476 3200  [ 8A8CDA9E3CF2E0B4C6CC19FBC6FB9A71 ] vds             C:\Windows\System32\vds.exe
08:15:40.0486 3200  vds - ok
08:15:40.0502 3200  [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
08:15:40.0504 3200  VerifierExt - ok
08:15:40.0556 3200  [ 8628FA679F0EC4B709CCD1F6B6A3233B ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
08:15:40.0564 3200  vhdmp - ok
08:15:40.0579 3200  [ F5B4A14B00E89250C50982AC762DDD1D ] viaide          C:\Windows\system32\drivers\viaide.sys
08:15:40.0580 3200  viaide - ok
08:15:40.0599 3200  [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
08:15:40.0601 3200  vmbus - ok
08:15:40.0615 3200  [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
08:15:40.0616 3200  VMBusHID - ok
08:15:40.0663 3200  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
08:15:40.0669 3200  vmicheartbeat - ok
08:15:40.0675 3200  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
08:15:40.0679 3200  vmickvpexchange - ok
08:15:40.0689 3200  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv         C:\Windows\System32\ICSvc.dll
08:15:40.0693 3200  vmicrdv - ok
08:15:40.0699 3200  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown    C:\Windows\System32\ICSvc.dll
08:15:40.0704 3200  vmicshutdown - ok
08:15:40.0710 3200  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync    C:\Windows\System32\ICSvc.dll
08:15:40.0714 3200  vmictimesync - ok
08:15:40.0732 3200  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss         C:\Windows\System32\ICSvc.dll
08:15:40.0737 3200  vmicvss - ok
08:15:40.0756 3200  [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
08:15:40.0758 3200  volmgr - ok
08:15:40.0782 3200  [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
08:15:40.0786 3200  volmgrx - ok
08:15:40.0805 3200  [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap         C:\Windows\system32\drivers\volsnap.sys
08:15:40.0809 3200  volsnap - ok
08:15:40.0829 3200  [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci            C:\Windows\System32\drivers\vpci.sys
08:15:40.0841 3200  vpci - ok
08:15:40.0870 3200  [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
08:15:40.0872 3200  vsmraid - ok
08:15:41.0021 3200  [ EA658570314042C914964FC72AB50E6B ] VSS             C:\Windows\system32\vssvc.exe
08:15:41.0050 3200  VSS - ok
08:15:41.0123 3200  [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
08:15:41.0127 3200  VSTXRAID - ok
08:15:41.0148 3200  [ 62460A45435A26A334907E3F2EA45611 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
08:15:41.0149 3200  vwifibus - ok
08:15:41.0179 3200  [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
08:15:41.0180 3200  vwififlt - ok
08:15:41.0220 3200  [ 73FA1A41A97A5C34ADC03B3577FF1A86 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
08:15:41.0222 3200  vwifimp - ok
08:15:41.0255 3200  [ F690B6EEAA94576727B24376D7ED3601 ] W32Time         C:\Windows\system32\w32time.dll
08:15:41.0262 3200  W32Time - ok
08:15:41.0353 3200  [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
08:15:41.0364 3200  WacomPen - ok
08:15:41.0394 3200  [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
08:15:41.0396 3200  Wanarp - ok
08:15:41.0399 3200  [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
08:15:41.0401 3200  Wanarpv6 - ok
08:15:41.0498 3200  [ 901CC968412F8155B08D7ABE0171166A ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
08:15:41.0503 3200  WAS - ok
08:15:41.0547 3200  [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine        C:\Windows\system32\wbengine.exe
08:15:41.0567 3200  wbengine - ok
08:15:41.0649 3200  [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
08:15:41.0658 3200  WbioSrvc - ok
08:15:41.0685 3200  [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
08:15:41.0692 3200  Wcmsvc - ok
08:15:41.0798 3200  [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
08:15:41.0808 3200  wcncsvc - ok
08:15:41.0861 3200  [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:15:41.0866 3200  WcsPlugInService - ok
08:15:41.0921 3200  [ B3A4D918DAB90505B6BC7B70632913CB ] Wd              C:\Windows\system32\drivers\wd.sys
08:15:41.0922 3200  Wd - ok
08:15:41.0955 3200  [ 260F8DFC4D5748F4CCB9B19CFB0E58EA ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
08:15:41.0956 3200  WdBoot - ok
08:15:41.0986 3200  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
08:15:41.0994 3200  Wdf01000 - ok
08:15:42.0025 3200  [ 880FFFC4D5BBBB4187B6B04AB2E8C32A ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
08:15:42.0028 3200  WdFilter - ok
08:15:42.0042 3200  [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
08:15:42.0047 3200  WdiServiceHost - ok
08:15:42.0050 3200  [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
08:15:42.0055 3200  WdiSystemHost - ok
08:15:42.0105 3200  [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient       C:\Windows\System32\webclnt.dll
08:15:42.0111 3200  WebClient - ok
08:15:42.0117 3200  [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc          C:\Windows\system32\wecsvc.dll
08:15:42.0123 3200  Wecsvc - ok
08:15:42.0158 3200  [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport   C:\Windows\System32\wercplsupport.dll
08:15:42.0163 3200  wercplsupport - ok
08:15:42.0201 3200  [ 8E2426162ED6749A127B35D235F21E11 ] WerSvc          C:\Windows\System32\WerSvc.dll
08:15:42.0300 3200  WerSvc - ok
08:15:42.0334 3200  [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
08:15:42.0336 3200  WFPLWFS - ok
08:15:42.0346 3200  [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc          C:\Windows\System32\wiarpc.dll
08:15:42.0350 3200  WiaRpc - ok
08:15:42.0366 3200  [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
08:15:42.0368 3200  WIMMount - ok
08:15:42.0386 3200  WinDefend - ok
08:15:42.0451 3200  [ 7911470B6018059A880469A63B65700A ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
08:15:42.0461 3200  WinHttpAutoProxySvc - ok
08:15:42.0527 3200  [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
08:15:42.0530 3200  Winmgmt - ok
08:15:42.0612 3200  [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM           C:\Windows\system32\WsmSvc.dll
08:15:42.0642 3200  WinRM - ok
08:15:42.0677 3200  [ DAF801153E8F33E13AB278332250D78A ] WirelessButtonDriver C:\Windows\System32\drivers\WirelessButtonDriver64.sys
08:15:42.0679 3200  WirelessButtonDriver - ok
08:15:42.0751 3200  [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc         C:\Windows\System32\wlansvc.dll
08:15:42.0767 3200  WlanSvc - ok
08:15:42.0821 3200  [ 08EFA13A2234C8C3B8A99E4B88BE7E9B ] wlidsvc         C:\Windows\system32\wlidsvc.dll
08:15:42.0843 3200  wlidsvc - ok
08:15:42.0879 3200  [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
08:15:42.0880 3200  WmiAcpi - ok
08:15:42.0915 3200  [ D113499052C5E541906B727779F0F959 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
08:15:42.0918 3200  wmiApSrv - ok
08:15:42.0939 3200  WMPNetworkSvc - ok
08:15:42.0966 3200  [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
08:15:42.0967 3200  wpcfltr - ok
08:15:42.0999 3200  [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
08:15:43.0003 3200  WPCSvc - ok
08:15:43.0017 3200  [ 94AA5150E35B3ABB7191FE641E3C2473 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
08:15:43.0022 3200  WPDBusEnum - ok
08:15:43.0033 3200  [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
08:15:43.0034 3200  WpdUpFltr - ok
08:15:43.0064 3200  [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
08:15:43.0065 3200  ws2ifsl - ok
08:15:43.0085 3200  [ FB0C1B7F94FA08E72F19F6F2CE7210E1 ] wscsvc          C:\Windows\System32\wscsvc.dll
08:15:43.0090 3200  wscsvc - ok
08:15:43.0117 3200  [ 74EFDA0526862C3D8D01A776182798EA ] WSDPrintDevice  C:\Windows\System32\drivers\WSDPrint.sys
08:15:43.0118 3200  WSDPrintDevice - ok
08:15:43.0122 3200  [ 6ED437C0BE2280AF78070B4BEDD0D221 ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
08:15:43.0123 3200  WSDScan - ok
08:15:43.0127 3200  WSearch - ok
08:15:43.0198 3200  [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService       C:\Windows\System32\WSService.dll
08:15:43.0223 3200  WSService - ok
08:15:43.0317 3200  [ A8484C0CB54DB48180FB7CA00F1C3F8F ] wuauserv        C:\Windows\system32\wuaueng.dll
08:15:43.0355 3200  wuauserv - ok
08:15:43.0381 3200  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
08:15:43.0383 3200  WudfPf - ok
08:15:43.0406 3200  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
08:15:43.0408 3200  WUDFRd - ok
08:15:43.0435 3200  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
08:15:43.0440 3200  wudfsvc - ok
08:15:43.0446 3200  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs       C:\Windows\system32\DRIVERS\WUDFRd.sys
08:15:43.0447 3200  WUDFWpdFs - ok
08:15:43.0483 3200  [ F9D8D2E6ECE08B278621D5BF3A7240A6 ] WwanSvc         C:\Windows\System32\wwansvc.dll
08:15:43.0491 3200  WwanSvc - ok
08:15:43.0505 3200  ================ Scan global ===============================
08:15:43.0557 3200  [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\Windows\system32\basesrv.dll
08:15:43.0598 3200  [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\Windows\system32\winsrv.dll
08:15:43.0621 3200  [ BD7C6949984D19AAA609896B675E7357 ] C:\Windows\system32\sxssrv.dll
08:15:43.0667 3200  [ 8F226143046435C75C033B0C52E90FFE ] C:\Windows\system32\services.exe
08:15:43.0673 3200  [Global] - ok
08:15:43.0674 3200  ================ Scan MBR ==================================
08:15:43.0681 3200  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
08:15:43.0749 3200  \Device\Harddisk0\DR0 - ok
08:15:43.0749 3200  ================ Scan VBR ==================================
08:15:43.0779 3200  [ 6BB615D7802B6D02C36DB0C077D916FC ] \Device\Harddisk0\DR0\Partition1
08:15:43.0781 3200  \Device\Harddisk0\DR0\Partition1 - ok
08:15:43.0791 3200  [ 16C5494C76B7230E26E8828085D90A24 ] \Device\Harddisk0\DR0\Partition2
08:15:43.0792 3200  \Device\Harddisk0\DR0\Partition2 - ok
08:15:43.0802 3200  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
08:15:43.0802 3200  \Device\Harddisk0\DR0\Partition3 - ok
08:15:43.0814 3200  [ 882D0BDA02F14B70DE7A523FA4E84900 ] \Device\Harddisk0\DR0\Partition4
08:15:43.0815 3200  \Device\Harddisk0\DR0\Partition4 - ok
08:15:43.0845 3200  [ D9C4C54DEF63FEB81D0FD6B8FF8B4B13 ] \Device\Harddisk0\DR0\Partition5
08:15:43.0846 3200  \Device\Harddisk0\DR0\Partition5 - ok
08:15:43.0846 3200  ============================================================
08:15:43.0846 3200  Scan finished
08:15:43.0846 3200  ============================================================
08:15:43.0854 4600  Detected object count: 0
08:15:43.0854 4600  Actual detected object count: 0
 
 
 
Here's aswMBR's log.  It didn't ask if I'd like to download the latest avast! virus definitions....
 
 
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-19 08:20:06
-----------------------------
08:20:06.748    OS Version: Windows x64 6.2.9200 
08:20:06.748    Number of processors: 4 586 0x3A09
08:20:06.749    ComputerName: SCHWEETTHANG  UserName: Beccah
08:20:06.946    Initialze error 1 
08:20:07.796    AVAST engine defs: 13021800
08:20:31.523    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000038
08:20:31.525    Disk 0 Vendor: ST750LM022_HN-M750MBB 2AR10002 Size: 715404MB BusType: 8
08:20:31.557    Disk 0 MBR read successfully
08:20:31.559    Disk 0 MBR scan
08:20:31.561    Disk 0 unknown MBR code
08:20:31.563    Disk 0 Partition 1 00     EE          GPT            715404 MB offset 1
08:20:31.565    Disk 0 scanning C:\Windows\system32\drivers
08:20:31.568    Service scanning
08:20:32.418    Modules scanning
08:20:32.423    Disk 0 trace - called modules:
08:20:32.433    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys storport.sys hal.dll iaStorA.sys 
08:20:32.438    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80085e1060]
08:20:32.442    3 CLASSPNP.SYS[fffff880012b78aa] -> nt!IofCallDriver -> [0xfffffa8008344980]
08:20:32.447    5 hpdskflt.sys[fffff88001ff6339] -> nt!IofCallDriver -> \Device\00000038[0xfffffa8007912060]
08:20:32.451    AVAST engine scan C:\Windows
08:20:32.454    AVAST engine scan C:\Windows\system32
08:20:32.458    AVAST engine scan C:\Windows\system32\drivers
08:20:32.461    AVAST engine scan C:\Users\Beccah
08:20:32.464    AVAST engine scan C:\ProgramData
08:20:32.468    Scan finished successfully
08:20:44.956    Disk 0 MBR has been saved successfully to "C:\Users\Beccah\Desktop\MBR.dat"
08:20:44.960    The log file has been saved successfully to "C:\Users\Beccah\Desktop\aswMBR log (1).txt"


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:43 AM

Posted 19 February 2013 - 03:15 PM

Please run one more this may need an hour or so.

 

Now I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the   button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 RJswanee

RJswanee
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:43 AM

Posted 19 February 2013 - 05:46 PM

ESET didn't find anything (again).  No reports were available.  I'm still having the issue, and RogueKiller identified it as possible ZeroAccess.



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:43 AM

Posted 19 February 2013 - 06:23 PM

Well lets repost this in a new topic named "cannot kiil  0access rootkit"

 

We need a deeper look to find it.

 

 Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.
 


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 RJswanee

RJswanee
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:43 AM

Posted 19 February 2013 - 06:46 PM

Thank you so much for trying! I will definitely repost as per your suggestion.

#10 RJswanee

RJswanee
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:43 AM

Posted 19 February 2013 - 08:06 PM

If anyone stumbles across this topic with a similar problem, the issue has been advanced.  Here's the link:
http://www.bleepingcomputer.com/forums/t/486027/cannot-kill-zeroaccess-rootkit/ 
As of 2/19/13, it is being reviewed. 



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:43 AM

Posted 19 February 2013 - 09:40 PM

You will get expert assistance.

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 2 days and ALL logs are answered.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users