Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 (Avast) Possible rootkit? System Clean Help Required. :)


  • This topic is locked This topic is locked
11 replies to this topic

#1 Lucius31

Lucius31

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:11:00 PM

Posted 20 April 2013 - 01:16 AM

Hello there all!

 

A few days ago a few of my friends called me with concerns that I was sending them email spam from my hotmail account. Basically at 2am "someone" sent a message from my hotmail to everyone on my user list. So I logged on and had a look and there it was, in the sent items. Scary stuff! So I immediately changed my password and the messages didn't happen again.

 

I did a virus scan with Avast and it did not find anything.

 

One friend suggested Malware Bytes and TDSKiller and ran it in safe mode, no virus found.

 

Ran TDSKiller and no virus found.

 

So then I ran Rkill (suggested by a friend also) and the following came up.

 

Rkill 2.4.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/20/2013 03:57:32 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Disabled

 * FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]


Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 04/20/2013 03:57:35 PM
Execution time: 0 hours(s), 0 minute(s), and 2 seconds(s)
 

***********************************************************************************************************************************

 

I usually disable Windows Defender because on my Avast instructions it said that two virus scanners running at the same time can cause problems.

 

At the moment it seems that I sometimes get delays when I am typing (usually in applications/games). I also get a lot of random internet lag and disconnections that never happened before and only started the last 2-3 weeks. Wife has a laptop on the same router/isp and never has issues with connectivity.

 

Can someone please help me through the correct way to solve this issue?

 

 

Many thanks!

 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:00 AM

Posted 20 April 2013 - 10:23 AM

Hello, lets also run these.

 

Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)
 
Do not change the default options on scan results.

 

 

 

 

Please download AdwCleaner by Xplode onto your desktop.
•Close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Delete.
•Confirm each time with Ok.
•You will be prompted to restart your computer. A text file will open after the restart.
•Please post the contents of that logfile with your next reply.
•You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

>>>>

 

Now I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

NOTE:Sometimes if ESET finds no infections it will not create a log.


Edited by boopme, 20 April 2013 - 10:23 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Lucius31

Lucius31
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:11:00 PM

Posted 20 April 2013 - 05:54 PM

TDSS rootkit removing tool Report :

 

08:52:41.0465 4120  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
08:52:42.0528 4120  ============================================================
08:52:42.0528 4120  Current date / time: 2013/04/21 08:52:42.0528
08:52:42.0528 4120  SystemInfo:
08:52:42.0528 4120  
08:52:42.0528 4120  OS Version: 6.1.7601 ServicePack: 1.0
08:52:42.0528 4120  Product type: Workstation
08:52:42.0528 4120  ComputerName: IAM666
08:52:42.0528 4120  UserName: Tony
08:52:42.0528 4120  Windows directory: C:\Windows
08:52:42.0528 4120  System windows directory: C:\Windows
08:52:42.0528 4120  Running under WOW64
08:52:42.0528 4120  Processor architecture: Intel x64
08:52:42.0528 4120  Number of processors: 8
08:52:42.0528 4120  Page size: 0x1000
08:52:42.0528 4120  Boot type: Normal boot
08:52:42.0528 4120  ============================================================
08:52:42.0652 4120  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
08:52:42.0652 4120  Drive \Device\Harddisk0\DR0 - Size: 0x7471100000 (465.77 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:52:42.0654 4120  ============================================================
08:52:42.0654 4120  \Device\Harddisk1\DR1:
08:52:42.0655 4120  MBR partitions:
08:52:42.0655 4120  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:52:42.0655 4120  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3000
08:52:42.0655 4120  \Device\Harddisk0\DR0:
08:52:42.0655 4120  MBR partitions:
08:52:42.0655 4120  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A387800
08:52:42.0655 4120  ============================================================
08:52:42.0655 4120  C: <-> \Device\Harddisk0\DR0\Partition1
08:52:42.0680 4120  D: <-> \Device\Harddisk1\DR1\Partition2
08:52:42.0680 4120  ============================================================
08:52:42.0680 4120  Initialize success
08:52:42.0680 4120  ============================================================
08:52:49.0580 1968  ============================================================
08:52:49.0580 1968  Scan started
08:52:49.0580 1968  Mode: Manual; TDLFS;
08:52:49.0580 1968  ============================================================
08:52:49.0704 1968  ================ Scan system memory ========================
08:52:49.0704 1968  System memory - ok
08:52:49.0704 1968  ================ Scan services =============================
08:52:49.0731 1968  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
08:52:49.0732 1968  1394ohci - ok
08:52:49.0735 1968  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
08:52:49.0736 1968  ACPI - ok
08:52:49.0738 1968  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
08:52:49.0738 1968  AcpiPmi - ok
08:52:49.0741 1968  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:52:49.0741 1968  AdobeARMservice - ok
08:52:49.0763 1968  [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:52:49.0764 1968  AdobeFlashPlayerUpdateSvc - ok
08:52:49.0769 1968  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
08:52:49.0771 1968  adp94xx - ok
08:52:49.0773 1968  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
08:52:49.0775 1968  adpahci - ok
08:52:49.0777 1968  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
08:52:49.0778 1968  adpu320 - ok
08:52:49.0780 1968  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
08:52:49.0781 1968  AeLookupSvc - ok
08:52:49.0785 1968  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
08:52:49.0787 1968  AFD - ok
08:52:49.0788 1968  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
08:52:49.0789 1968  agp440 - ok
08:52:49.0790 1968  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
08:52:49.0791 1968  ALG - ok
08:52:49.0792 1968  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
08:52:49.0793 1968  aliide - ok
08:52:49.0794 1968  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
08:52:49.0795 1968  amdide - ok
08:52:49.0796 1968  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
08:52:49.0797 1968  AmdK8 - ok
08:52:49.0799 1968  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
08:52:49.0799 1968  AmdPPM - ok
08:52:49.0801 1968  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
08:52:49.0802 1968  amdsata - ok
08:52:49.0804 1968  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
08:52:49.0805 1968  amdsbs - ok
08:52:49.0807 1968  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
08:52:49.0807 1968  amdxata - ok
08:52:49.0810 1968  [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
08:52:49.0811 1968  AppHostSvc - ok
08:52:49.0812 1968  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
08:52:49.0813 1968  AppID - ok
08:52:49.0814 1968  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
08:52:49.0815 1968  AppIDSvc - ok
08:52:49.0817 1968  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
08:52:49.0817 1968  Appinfo - ok
08:52:49.0820 1968  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
08:52:49.0821 1968  AppMgmt - ok
08:52:49.0823 1968  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
08:52:49.0823 1968  arc - ok
08:52:49.0825 1968  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
08:52:49.0826 1968  arcsas - ok
08:52:49.0830 1968  [ B217378ED9A964E15346A67FEF609A17 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
08:52:49.0830 1968  aswFsBlk - ok
08:52:49.0833 1968  [ E92635BB235B03ED03B17CBB59F77FA4 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
08:52:49.0833 1968  aswMonFlt - ok
08:52:49.0835 1968  [ 8F90459AFB7FD4557D935CE639EF6110 ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
08:52:49.0835 1968  aswRdr - ok
08:52:49.0838 1968  [ DE6759B8D8E62BF0FFF2B05F05AFCEE6 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
08:52:49.0838 1968  aswRvrt - ok
08:52:49.0847 1968  [ AB8B4D3136D18A20777036E0F0CFC5E1 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
08:52:49.0850 1968  aswSnx - ok
08:52:49.0855 1968  [ 97D4D725BD32C965119E6C8E252F8C64 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
08:52:49.0856 1968  aswSP - ok
08:52:49.0858 1968  [ D62C10D1829C65115111C160EA956260 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
08:52:49.0859 1968  aswTdi - ok
08:52:49.0861 1968  [ 7E44C2684A6CA779B9D07CB4BD3F649D ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
08:52:49.0862 1968  aswVmm - ok
08:52:49.0864 1968  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
08:52:49.0864 1968  AsyncMac - ok
08:52:49.0866 1968  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
08:52:49.0866 1968  atapi - ok
08:52:49.0871 1968  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:52:49.0874 1968  AudioEndpointBuilder - ok
08:52:49.0876 1968  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
08:52:49.0878 1968  AudioSrv - ok
08:52:49.0882 1968  [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
08:52:49.0883 1968  avast! Antivirus - ok
08:52:49.0886 1968  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
08:52:49.0887 1968  AxInstSV - ok
08:52:49.0892 1968  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
08:52:49.0894 1968  b06bdrv - ok
08:52:49.0897 1968  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
08:52:49.0898 1968  b57nd60a - ok
08:52:49.0900 1968  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
08:52:49.0901 1968  BDESVC - ok
08:52:49.0902 1968  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
08:52:49.0903 1968  Beep - ok
08:52:49.0909 1968  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
08:52:49.0911 1968  BFE - ok
08:52:49.0918 1968  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
08:52:49.0921 1968  BITS - ok
08:52:49.0923 1968  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
08:52:49.0923 1968  blbdrive - ok
08:52:49.0926 1968  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
08:52:49.0926 1968  bowser - ok
08:52:49.0928 1968  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
08:52:49.0928 1968  BrFiltLo - ok
08:52:49.0929 1968  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
08:52:49.0930 1968  BrFiltUp - ok
08:52:49.0931 1968  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
08:52:49.0932 1968  BridgeMP - ok
08:52:49.0934 1968  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
08:52:49.0935 1968  Browser - ok
08:52:49.0937 1968  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
08:52:49.0939 1968  Brserid - ok
08:52:49.0940 1968  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
08:52:49.0941 1968  BrSerWdm - ok
08:52:49.0942 1968  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
08:52:49.0943 1968  BrUsbMdm - ok
08:52:49.0944 1968  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
08:52:49.0944 1968  BrUsbSer - ok
08:52:49.0946 1968  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
08:52:49.0946 1968  BTHMODEM - ok
08:52:49.0949 1968  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
08:52:49.0949 1968  bthserv - ok
08:52:49.0951 1968  catchme - ok
08:52:49.0953 1968  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
08:52:49.0953 1968  cdfs - ok
08:52:49.0956 1968  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
08:52:49.0956 1968  cdrom - ok
08:52:49.0959 1968  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
08:52:49.0959 1968  CertPropSvc - ok
08:52:49.0961 1968  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
08:52:49.0961 1968  circlass - ok
08:52:49.0965 1968  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
08:52:49.0967 1968  CLFS - ok
08:52:49.0972 1968  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:52:49.0972 1968  clr_optimization_v2.0.50727_32 - ok
08:52:49.0977 1968  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:52:49.0978 1968  clr_optimization_v2.0.50727_64 - ok
08:52:49.0984 1968  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:52:49.0985 1968  clr_optimization_v4.0.30319_32 - ok
08:52:49.0991 1968  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:52:49.0992 1968  clr_optimization_v4.0.30319_64 - ok
08:52:49.0993 1968  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
08:52:49.0993 1968  CmBatt - ok
08:52:49.0995 1968  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
08:52:49.0995 1968  cmdide - ok
08:52:50.0000 1968  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
08:52:50.0002 1968  CNG - ok
08:52:50.0003 1968  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
08:52:50.0003 1968  Compbatt - ok
08:52:50.0005 1968  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
08:52:50.0005 1968  CompositeBus - ok
08:52:50.0006 1968  COMSysApp - ok
08:52:50.0008 1968  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
08:52:50.0009 1968  crcdisk - ok
08:52:50.0012 1968  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
08:52:50.0013 1968  CryptSvc - ok
08:52:50.0018 1968  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
08:52:50.0020 1968  CSC - ok
08:52:50.0025 1968  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
08:52:50.0028 1968  CscService - ok
08:52:50.0034 1968  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
08:52:50.0036 1968  DcomLaunch - ok
08:52:50.0040 1968  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
08:52:50.0042 1968  defragsvc - ok
08:52:50.0043 1968  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
08:52:50.0044 1968  DfsC - ok
08:52:50.0048 1968  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
08:52:50.0049 1968  Dhcp - ok
08:52:50.0051 1968  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
08:52:50.0051 1968  discache - ok
08:52:50.0053 1968  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
08:52:50.0053 1968  Disk - ok
08:52:50.0055 1968  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
08:52:50.0056 1968  dmvsc - ok
08:52:50.0058 1968  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
08:52:50.0060 1968  Dnscache - ok
08:52:50.0063 1968  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
08:52:50.0064 1968  dot3svc - ok
08:52:50.0067 1968  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
08:52:50.0068 1968  DPS - ok
08:52:50.0069 1968  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
08:52:50.0070 1968  drmkaud - ok
08:52:50.0076 1968  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
08:52:50.0079 1968  DXGKrnl - ok
08:52:50.0081 1968  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
08:52:50.0082 1968  EapHost - ok
08:52:50.0099 1968  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
08:52:50.0110 1968  ebdrv - ok
08:52:50.0113 1968  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
08:52:50.0114 1968  EFS - ok
08:52:50.0121 1968  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
08:52:50.0123 1968  ehRecvr - ok
08:52:50.0125 1968  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
08:52:50.0126 1968  ehSched - ok
08:52:50.0130 1968  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
08:52:50.0132 1968  elxstor - ok
08:52:50.0134 1968  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
08:52:50.0134 1968  ErrDev - ok
08:52:50.0139 1968  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
08:52:50.0141 1968  EventSystem - ok
08:52:50.0143 1968  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
08:52:50.0144 1968  exfat - ok
08:52:50.0146 1968  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
08:52:50.0147 1968  fastfat - ok
08:52:50.0148 1968  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
08:52:50.0148 1968  fdc - ok
08:52:50.0150 1968  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
08:52:50.0150 1968  fdPHost - ok
08:52:50.0152 1968  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
08:52:50.0153 1968  FDResPub - ok
08:52:50.0154 1968  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
08:52:50.0154 1968  FileInfo - ok
08:52:50.0155 1968  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
08:52:50.0156 1968  Filetrace - ok
08:52:50.0157 1968  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
08:52:50.0157 1968  flpydisk - ok
08:52:50.0160 1968  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
08:52:50.0161 1968  FltMgr - ok
08:52:50.0170 1968  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
08:52:50.0174 1968  FontCache - ok
08:52:50.0176 1968  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:52:50.0176 1968  FontCache3.0.0.0 - ok
08:52:50.0178 1968  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
08:52:50.0178 1968  FsDepends - ok
08:52:50.0180 1968  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
08:52:50.0180 1968  Fs_Rec - ok
08:52:50.0182 1968  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
08:52:50.0183 1968  fvevol - ok
08:52:50.0185 1968  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
08:52:50.0186 1968  gagp30kx - ok
08:52:50.0192 1968  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
08:52:50.0195 1968  gpsvc - ok
08:52:50.0197 1968  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
08:52:50.0198 1968  hcw85cir - ok
08:52:50.0201 1968  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:52:50.0203 1968  HdAudAddService - ok
08:52:50.0205 1968  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
08:52:50.0206 1968  HDAudBus - ok
08:52:50.0207 1968  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
08:52:50.0208 1968  HidBatt - ok
08:52:50.0209 1968  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
08:52:50.0210 1968  HidBth - ok
08:52:50.0212 1968  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
08:52:50.0212 1968  HidIr - ok
08:52:50.0214 1968  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
08:52:50.0215 1968  hidserv - ok
08:52:50.0216 1968  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
08:52:50.0217 1968  HidUsb - ok
08:52:50.0219 1968  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
08:52:50.0220 1968  hkmsvc - ok
08:52:50.0223 1968  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:52:50.0224 1968  HomeGroupListener - ok
08:52:50.0227 1968  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:52:50.0229 1968  HomeGroupProvider - ok
08:52:50.0231 1968  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
08:52:50.0231 1968  HpSAMD - ok
08:52:50.0236 1968  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
08:52:50.0238 1968  HTTP - ok
08:52:50.0240 1968  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
08:52:50.0240 1968  hwpolicy - ok
08:52:50.0241 1968  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
08:52:50.0242 1968  i8042prt - ok
08:52:50.0247 1968  [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
08:52:50.0248 1968  iaStor - ok
08:52:50.0252 1968  [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
08:52:50.0252 1968  IAStorDataMgrSvc - ok
08:52:50.0256 1968  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
08:52:50.0258 1968  iaStorV - ok
08:52:50.0265 1968  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:52:50.0268 1968  idsvc - ok
08:52:50.0270 1968  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
08:52:50.0271 1968  iirsp - ok
08:52:50.0278 1968  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
08:52:50.0281 1968  IKEEXT - ok
08:52:50.0310 1968  [ 150AC23F21DBDBF8488408BA944B0D65 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
08:52:50.0323 1968  IntcAzAudAddService - ok
08:52:50.0326 1968  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
08:52:50.0326 1968  intelide - ok
08:52:50.0327 1968  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
08:52:50.0328 1968  intelppm - ok
08:52:50.0330 1968  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
08:52:50.0331 1968  IPBusEnum - ok
08:52:50.0333 1968  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:52:50.0333 1968  IpFilterDriver - ok
08:52:50.0338 1968  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
08:52:50.0341 1968  iphlpsvc - ok
08:52:50.0343 1968  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
08:52:50.0344 1968  IPMIDRV - ok
08:52:50.0346 1968  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
08:52:50.0346 1968  IPNAT - ok
08:52:50.0347 1968  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
08:52:50.0348 1968  IRENUM - ok
08:52:50.0349 1968  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
08:52:50.0349 1968  isapnp - ok
08:52:50.0352 1968  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
08:52:50.0354 1968  iScsiPrt - ok
08:52:50.0355 1968  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
08:52:50.0356 1968  kbdclass - ok
08:52:50.0357 1968  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
08:52:50.0357 1968  kbdhid - ok
08:52:50.0358 1968  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
08:52:50.0359 1968  KeyIso - ok
08:52:50.0361 1968  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
08:52:50.0362 1968  KSecDD - ok
08:52:50.0364 1968  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
08:52:50.0365 1968  KSecPkg - ok
08:52:50.0366 1968  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
08:52:50.0367 1968  ksthunk - ok
08:52:50.0371 1968  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
08:52:50.0373 1968  KtmRm - ok
08:52:50.0376 1968  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
08:52:50.0378 1968  LanmanServer - ok
08:52:50.0380 1968  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:52:50.0382 1968  LanmanWorkstation - ok
08:52:50.0384 1968  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
08:52:50.0385 1968  lltdio - ok
08:52:50.0388 1968  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
08:52:50.0390 1968  lltdsvc - ok
08:52:50.0392 1968  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
08:52:50.0393 1968  lmhosts - ok
08:52:50.0395 1968  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
08:52:50.0396 1968  LSI_FC - ok
08:52:50.0398 1968  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
08:52:50.0399 1968  LSI_SAS - ok
08:52:50.0400 1968  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
08:52:50.0401 1968  LSI_SAS2 - ok
08:52:50.0403 1968  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
08:52:50.0404 1968  LSI_SCSI - ok
08:52:50.0405 1968  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
08:52:50.0406 1968  luafv - ok
08:52:50.0408 1968  [ DE585D1D266805E5EEDAE911FDD16F38 ] ManyCam         C:\Windows\system32\DRIVERS\mcvidrv_x64.sys
08:52:50.0409 1968  ManyCam - ok
08:52:50.0411 1968  [ 5858C4ABE87D0A842A941D6BD08038F1 ] mcaudrv_simple  C:\Windows\system32\drivers\mcaudrv_x64.sys
08:52:50.0412 1968  mcaudrv_simple - ok
08:52:50.0414 1968  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
08:52:50.0415 1968  Mcx2Svc - ok
08:52:50.0417 1968  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
08:52:50.0417 1968  megasas - ok
08:52:50.0420 1968  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
08:52:50.0421 1968  MegaSR - ok
08:52:50.0423 1968  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
08:52:50.0423 1968  MEIx64 - ok
08:52:50.0425 1968  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
08:52:50.0426 1968  MMCSS - ok
08:52:50.0428 1968  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
08:52:50.0428 1968  Modem - ok
08:52:50.0429 1968  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
08:52:50.0430 1968  monitor - ok
08:52:50.0431 1968  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
08:52:50.0432 1968  mouclass - ok
08:52:50.0433 1968  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
08:52:50.0433 1968  mouhid - ok
08:52:50.0435 1968  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
08:52:50.0436 1968  mountmgr - ok
08:52:50.0439 1968  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:52:50.0439 1968  MozillaMaintenance - ok
08:52:50.0442 1968  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
08:52:50.0443 1968  mpio - ok
08:52:50.0445 1968  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
08:52:50.0445 1968  mpsdrv - ok
08:52:50.0451 1968  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
08:52:50.0454 1968  MpsSvc - ok
08:52:50.0456 1968  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
08:52:50.0457 1968  MRxDAV - ok
08:52:50.0459 1968  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
08:52:50.0460 1968  mrxsmb - ok
08:52:50.0463 1968  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:52:50.0465 1968  mrxsmb10 - ok
08:52:50.0467 1968  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:52:50.0467 1968  mrxsmb20 - ok
08:52:50.0469 1968  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
08:52:50.0469 1968  msahci - ok
08:52:50.0471 1968  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
08:52:50.0472 1968  msdsm - ok
08:52:50.0474 1968  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
08:52:50.0476 1968  MSDTC - ok
08:52:50.0478 1968  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
08:52:50.0479 1968  Msfs - ok
08:52:50.0480 1968  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
08:52:50.0480 1968  mshidkmdf - ok
08:52:50.0481 1968  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
08:52:50.0482 1968  msisadrv - ok
08:52:50.0484 1968  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
08:52:50.0485 1968  MSiSCSI - ok
08:52:50.0487 1968  msiserver - ok
08:52:50.0488 1968  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
08:52:50.0488 1968  MSKSSRV - ok
08:52:50.0490 1968  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
08:52:50.0490 1968  MSPCLOCK - ok
08:52:50.0491 1968  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
08:52:50.0492 1968  MSPQM - ok
08:52:50.0495 1968  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
08:52:50.0497 1968  MsRPC - ok
08:52:50.0499 1968  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
08:52:50.0499 1968  mssmbios - ok
08:52:50.0500 1968  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
08:52:50.0501 1968  MSTEE - ok
08:52:50.0502 1968  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
08:52:50.0502 1968  MTConfig - ok
08:52:50.0504 1968  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
08:52:50.0504 1968  Mup - ok
08:52:50.0506 1968  [ BAA293F089077FE71F855BA5649648D9 ] mv91cons        C:\Windows\system32\DRIVERS\mv91cons.sys
08:52:50.0506 1968  mv91cons - ok
08:52:50.0509 1968  [ A986DC81534582FA478C286E8F57A877 ] mvs91xx         C:\Windows\system32\DRIVERS\mvs91xx.sys
08:52:50.0510 1968  mvs91xx - ok
08:52:50.0515 1968  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
08:52:50.0518 1968  napagent - ok
08:52:50.0521 1968  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
08:52:50.0523 1968  NativeWifiP - ok
08:52:50.0529 1968  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
08:52:50.0532 1968  NDIS - ok
08:52:50.0533 1968  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
08:52:50.0534 1968  NdisCap - ok
08:52:50.0535 1968  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
08:52:50.0536 1968  NdisTapi - ok
08:52:50.0537 1968  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
08:52:50.0537 1968  Ndisuio - ok
08:52:50.0539 1968  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
08:52:50.0540 1968  NdisWan - ok
08:52:50.0542 1968  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
08:52:50.0543 1968  NDProxy - ok
08:52:50.0544 1968  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
08:52:50.0544 1968  NetBIOS - ok
08:52:50.0547 1968  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
08:52:50.0548 1968  NetBT - ok
08:52:50.0549 1968  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
08:52:50.0550 1968  Netlogon - ok
08:52:50.0554 1968  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
08:52:50.0556 1968  Netman - ok
08:52:50.0561 1968  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
08:52:50.0563 1968  netprofm - ok
08:52:50.0565 1968  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:52:50.0566 1968  NetTcpPortSharing - ok
08:52:50.0568 1968  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
08:52:50.0569 1968  nfrd960 - ok
08:52:50.0572 1968  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
08:52:50.0574 1968  NlaSvc - ok
08:52:50.0576 1968  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
08:52:50.0576 1968  Npfs - ok
08:52:50.0578 1968  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
08:52:50.0579 1968  nsi - ok
08:52:50.0580 1968  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
08:52:50.0581 1968  nsiproxy - ok
08:52:50.0593 1968  [ B8965FB53551B5455630A4B804D0791F ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
08:52:50.0598 1968  Ntfs - ok
08:52:50.0600 1968  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
08:52:50.0600 1968  Null - ok
08:52:50.0602 1968  [ A7127E86F9FFE2A53E271B56B2C4CEDF ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
08:52:50.0602 1968  nusb3hub - ok
08:52:50.0605 1968  [ 49BBEC6F48D5F9284B03ABF3A959B19B ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
08:52:50.0606 1968  nusb3xhc - ok
08:52:50.0610 1968  [ 8D4AAC74B571FC356560E5B308955E93 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
08:52:50.0611 1968  NVHDA - ok
08:52:50.0659 1968  [ 26AA3C7E6E1DB7107BF93503F6F57E88 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:52:50.0689 1968  nvlddmkm - ok
08:52:50.0692 1968  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
08:52:50.0694 1968  nvraid - ok
08:52:50.0696 1968  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
08:52:50.0697 1968  nvstor - ok
08:52:50.0705 1968  [ A83AC04D672567CAF8BE7A4D73C0B850 ] nvsvc           C:\Windows\system32\nvvsvc.exe
08:52:50.0708 1968  nvsvc - ok
08:52:50.0711 1968  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
08:52:50.0711 1968  nv_agp - ok
08:52:50.0713 1968  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
08:52:50.0714 1968  ohci1394 - ok
08:52:50.0717 1968  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
08:52:50.0719 1968  p2pimsvc - ok
08:52:50.0724 1968  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
08:52:50.0727 1968  p2psvc - ok
08:52:50.0729 1968  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
08:52:50.0729 1968  Parport - ok
08:52:50.0731 1968  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
08:52:50.0731 1968  partmgr - ok
08:52:50.0733 1968  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
08:52:50.0735 1968  PcaSvc - ok
08:52:50.0738 1968  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
08:52:50.0738 1968  pci - ok
08:52:50.0740 1968  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
08:52:50.0740 1968  pciide - ok
08:52:50.0743 1968  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
08:52:50.0743 1968  pcmcia - ok
08:52:50.0745 1968  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
08:52:50.0745 1968  pcw - ok
08:52:50.0750 1968  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
08:52:50.0752 1968  PEAUTH - ok
08:52:50.0762 1968  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
08:52:50.0767 1968  PeerDistSvc - ok
08:52:50.0786 1968  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
08:52:50.0787 1968  PerfHost - ok
08:52:50.0798 1968  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
08:52:50.0803 1968  pla - ok
08:52:50.0807 1968  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
08:52:50.0810 1968  PlugPlay - ok
08:52:50.0812 1968  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
08:52:50.0814 1968  PNRPAutoReg - ok
08:52:50.0816 1968  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
08:52:50.0818 1968  PNRPsvc - ok
08:52:50.0822 1968  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
08:52:50.0824 1968  PolicyAgent - ok
08:52:50.0827 1968  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
08:52:50.0829 1968  Power - ok
08:52:50.0831 1968  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
08:52:50.0832 1968  PptpMiniport - ok
08:52:50.0834 1968  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
08:52:50.0834 1968  Processor - ok
08:52:50.0837 1968  [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc         C:\Windows\system32\profsvc.dll
08:52:50.0839 1968  ProfSvc - ok
08:52:50.0840 1968  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:52:50.0841 1968  ProtectedStorage - ok
08:52:50.0843 1968  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
08:52:50.0844 1968  Psched - ok
08:52:50.0855 1968  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
08:52:50.0860 1968  ql2300 - ok
08:52:50.0862 1968  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
08:52:50.0863 1968  ql40xx - ok
08:52:50.0866 1968  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
08:52:50.0869 1968  QWAVE - ok
08:52:50.0870 1968  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
08:52:50.0871 1968  QWAVEdrv - ok
08:52:50.0872 1968  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
08:52:50.0872 1968  RasAcd - ok
08:52:50.0874 1968  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
08:52:50.0875 1968  RasAgileVpn - ok
08:52:50.0876 1968  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
08:52:50.0878 1968  RasAuto - ok
08:52:50.0880 1968  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
08:52:50.0881 1968  Rasl2tp - ok
08:52:50.0885 1968  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
08:52:50.0887 1968  RasMan - ok
08:52:50.0889 1968  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
08:52:50.0890 1968  RasPppoe - ok
08:52:50.0891 1968  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
08:52:50.0892 1968  RasSstp - ok
08:52:50.0895 1968  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
08:52:50.0897 1968  rdbss - ok
08:52:50.0898 1968  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
08:52:50.0898 1968  rdpbus - ok
08:52:50.0899 1968  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
08:52:50.0900 1968  RDPCDD - ok
08:52:50.0903 1968  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
08:52:50.0904 1968  RDPDR - ok
08:52:50.0905 1968  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
08:52:50.0905 1968  RDPENCDD - ok
08:52:50.0907 1968  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
08:52:50.0907 1968  RDPREFMP - ok
08:52:50.0910 1968  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
08:52:50.0910 1968  RDPWD - ok
08:52:50.0913 1968  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
08:52:50.0914 1968  rdyboost - ok
08:52:50.0916 1968  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
08:52:50.0917 1968  RemoteAccess - ok
08:52:50.0920 1968  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
08:52:50.0922 1968  RemoteRegistry - ok
08:52:50.0923 1968  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
08:52:50.0925 1968  RpcEptMapper - ok
08:52:50.0926 1968  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
08:52:50.0928 1968  RpcLocator - ok
08:52:50.0932 1968  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
08:52:50.0935 1968  RpcSs - ok
08:52:50.0936 1968  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
08:52:50.0937 1968  rspndr - ok
08:52:50.0942 1968  [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
08:52:50.0944 1968  RTL8167 - ok
08:52:50.0947 1968  [ F71EEA505290B0AAD48850F0D750702D ] RzSynapse       C:\Windows\system32\DRIVERS\RzSynapse.sys
08:52:50.0948 1968  RzSynapse - ok
08:52:50.0950 1968  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
08:52:50.0950 1968  s3cap - ok
08:52:50.0952 1968  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
08:52:50.0953 1968  SamSs - ok
08:52:50.0954 1968  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
08:52:50.0955 1968  sbp2port - ok
08:52:50.0957 1968  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
08:52:50.0959 1968  SCardSvr - ok
08:52:50.0961 1968  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
08:52:50.0961 1968  scfilter - ok
08:52:50.0970 1968  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
08:52:50.0974 1968  Schedule - ok
08:52:50.0976 1968  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
08:52:50.0976 1968  SCPolicySvc - ok
08:52:50.0979 1968  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
08:52:50.0981 1968  SDRSVC - ok
08:52:50.0982 1968  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
08:52:50.0983 1968  secdrv - ok
08:52:50.0984 1968  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
08:52:50.0986 1968  seclogon - ok
08:52:50.0988 1968  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
08:52:50.0989 1968  SENS - ok
08:52:50.0991 1968  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
08:52:50.0992 1968  SensrSvc - ok
08:52:50.0994 1968  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
08:52:50.0994 1968  Serenum - ok
08:52:50.0996 1968  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
08:52:50.0997 1968  Serial - ok
08:52:50.0998 1968  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
08:52:50.0998 1968  sermouse - ok
08:52:51.0002 1968  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
08:52:51.0004 1968  SessionEnv - ok
08:52:51.0006 1968  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
08:52:51.0006 1968  sffdisk - ok
08:52:51.0007 1968  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
08:52:51.0008 1968  sffp_mmc - ok
08:52:51.0009 1968  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
08:52:51.0009 1968  sffp_sd - ok
08:52:51.0010 1968  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
08:52:51.0011 1968  sfloppy - ok
08:52:51.0014 1968  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
08:52:51.0016 1968  SharedAccess - ok
08:52:51.0020 1968  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:52:51.0022 1968  ShellHWDetection - ok
08:52:51.0024 1968  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
08:52:51.0024 1968  SiSRaid2 - ok
08:52:51.0025 1968  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
08:52:51.0026 1968  SiSRaid4 - ok
08:52:51.0029 1968  [ 3467821FD04A66C9786DF0C8C0219A73 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
08:52:51.0030 1968  SkypeUpdate - ok
08:52:51.0032 1968  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
08:52:51.0033 1968  Smb - ok
08:52:51.0037 1968  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
08:52:51.0038 1968  SNMPTRAP - ok
08:52:51.0039 1968  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
08:52:51.0040 1968  spldr - ok
08:52:51.0045 1968  [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler         C:\Windows\System32\spoolsv.exe
08:52:51.0048 1968  Spooler - ok
08:52:51.0066 1968  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
08:52:51.0079 1968  sppsvc - ok
08:52:51.0081 1968  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
08:52:51.0083 1968  sppuinotify - ok
08:52:51.0087 1968  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
08:52:51.0088 1968  srv - ok
08:52:51.0092 1968  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
08:52:51.0093 1968  srv2 - ok
08:52:51.0096 1968  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
08:52:51.0097 1968  srvnet - ok
08:52:51.0100 1968  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
08:52:51.0102 1968  SSDPSRV - ok
08:52:51.0103 1968  [ D1E083D50F354A1840C9DF1C62437BC9 ] SSMO3v2Filter   C:\Windows\system32\drivers\MO3v2Driver.sys
08:52:51.0104 1968  SSMO3v2Filter - ok
08:52:51.0106 1968  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
08:52:51.0107 1968  SstpSvc - ok
08:52:51.0109 1968  Steam Client Service - ok
08:52:51.0110 1968  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
08:52:51.0111 1968  stexstor - ok
08:52:51.0116 1968  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
08:52:51.0120 1968  stisvc - ok
08:52:51.0121 1968  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
08:52:51.0122 1968  storflt - ok
08:52:51.0123 1968  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
08:52:51.0125 1968  StorSvc - ok
08:52:51.0127 1968  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
08:52:51.0127 1968  storvsc - ok
08:52:51.0129 1968  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
08:52:51.0129 1968  swenum - ok
08:52:51.0133 1968  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
08:52:51.0137 1968  swprv - ok
08:52:51.0150 1968  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
08:52:51.0156 1968  SysMain - ok
08:52:51.0158 1968  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:52:51.0160 1968  TabletInputService - ok
08:52:51.0164 1968  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
08:52:51.0166 1968  TapiSrv - ok
08:52:51.0168 1968  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
08:52:51.0170 1968  TBS - ok
08:52:51.0184 1968  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
08:52:51.0189 1968  Tcpip - ok
08:52:51.0196 1968  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
08:52:51.0201 1968  TCPIP6 - ok
08:52:51.0204 1968  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
08:52:51.0205 1968  tcpipreg - ok
08:52:51.0207 1968  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
08:52:51.0207 1968  TDPIPE - ok
08:52:51.0208 1968  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
08:52:51.0209 1968  TDTCP - ok
08:52:51.0211 1968  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
08:52:51.0211 1968  tdx - ok
08:52:51.0213 1968  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
08:52:51.0213 1968  TermDD - ok
08:52:51.0219 1968  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
08:52:51.0222 1968  TermService - ok
08:52:51.0224 1968  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
08:52:51.0225 1968  Themes - ok
08:52:51.0227 1968  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
08:52:51.0228 1968  THREADORDER - ok
08:52:51.0230 1968  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
08:52:51.0232 1968  TrkWks - ok
08:52:51.0235 1968  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:52:51.0236 1968  TrustedInstaller - ok
08:52:51.0238 1968  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
08:52:51.0238 1968  tssecsrv - ok
08:52:51.0240 1968  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
08:52:51.0241 1968  TsUsbFlt - ok
08:52:51.0242 1968  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
08:52:51.0243 1968  TsUsbGD - ok
08:52:51.0245 1968  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
08:52:51.0246 1968  tunnel - ok
08:52:51.0247 1968  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
08:52:51.0248 1968  uagp35 - ok
08:52:51.0252 1968  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
08:52:51.0253 1968  udfs - ok
08:52:51.0256 1968  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
08:52:51.0257 1968  UI0Detect - ok
08:52:51.0259 1968  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
08:52:51.0260 1968  uliagpkx - ok
08:52:51.0261 1968  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
08:52:51.0262 1968  umbus - ok
08:52:51.0263 1968  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
08:52:51.0264 1968  UmPass - ok
08:52:51.0266 1968  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
08:52:51.0269 1968  UmRdpService - ok
08:52:51.0273 1968  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
08:52:51.0275 1968  upnphost - ok
08:52:51.0277 1968  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
08:52:51.0278 1968  usbccgp - ok
08:52:51.0279 1968  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
08:52:51.0280 1968  usbcir - ok
08:52:51.0282 1968  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
08:52:51.0282 1968  usbehci - ok
08:52:51.0286 1968  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
08:52:51.0287 1968  usbhub - ok
08:52:51.0289 1968  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
08:52:51.0290 1968  usbohci - ok
08:52:51.0291 1968  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
08:52:51.0292 1968  usbprint - ok
08:52:51.0293 1968  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:52:51.0294 1968  USBSTOR - ok
08:52:51.0295 1968  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
08:52:51.0296 1968  usbuhci - ok
08:52:51.0299 1968  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
08:52:51.0300 1968  usbvideo - ok
08:52:51.0302 1968  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
08:52:51.0303 1968  UxSms - ok
08:52:51.0305 1968  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
08:52:51.0306 1968  VaultSvc - ok
08:52:51.0308 1968  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
08:52:51.0308 1968  vdrvroot - ok
08:52:51.0313 1968  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
08:52:51.0316 1968  vds - ok
08:52:51.0318 1968  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
08:52:51.0319 1968  vga - ok
08:52:51.0320 1968  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
08:52:51.0321 1968  VgaSave - ok
08:52:51.0323 1968  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
08:52:51.0324 1968  vhdmp - ok
08:52:51.0325 1968  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
08:52:51.0326 1968  viaide - ok
08:52:51.0329 1968  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
08:52:51.0330 1968  vmbus - ok
08:52:51.0332 1968  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
08:52:51.0332 1968  VMBusHID - ok
08:52:51.0334 1968  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
08:52:51.0334 1968  volmgr - ok
08:52:51.0337 1968  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
08:52:51.0339 1968  volmgrx - ok
08:52:51.0342 1968  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
08:52:51.0343 1968  volsnap - ok
08:52:51.0345 1968  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
08:52:51.0346 1968  vsmraid - ok
08:52:51.0357 1968  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
08:52:51.0365 1968  VSS - ok
08:52:51.0366 1968  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
08:52:51.0367 1968  vwifibus - ok
08:52:51.0371 1968  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
08:52:51.0373 1968  W32Time - ok
08:52:51.0380 1968  [ B32009DB1972E7F2C227499289C4384A ] W3SVC           C:\Windows\system32\inetsrv\iisw3adm.dll
08:52:51.0381 1968  W3SVC - ok
08:52:51.0383 1968  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
08:52:51.0383 1968  WacomPen - ok
08:52:51.0385 1968  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
08:52:51.0386 1968  WANARP - ok
08:52:51.0387 1968  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
08:52:51.0388 1968  Wanarpv6 - ok
08:52:51.0391 1968  [ B32009DB1972E7F2C227499289C4384A ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
08:52:51.0392 1968  WAS - ok
08:52:51.0401 1968  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
08:52:51.0407 1968  WatAdminSvc - ok
08:52:51.0418 1968  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
08:52:51.0424 1968  wbengine - ok
08:52:51.0426 1968  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
08:52:51.0428 1968  WbioSrvc - ok
08:52:51.0432 1968  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
08:52:51.0435 1968  wcncsvc - ok
08:52:51.0436 1968  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:52:51.0438 1968  WcsPlugInService - ok
08:52:51.0440 1968  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
08:52:51.0440 1968  Wd - ok
08:52:51.0446 1968  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
08:52:51.0448 1968  Wdf01000 - ok
08:52:51.0450 1968  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
08:52:51.0452 1968  WdiServiceHost - ok
08:52:51.0453 1968  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
08:52:51.0454 1968  WdiSystemHost - ok
08:52:51.0457 1968  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
08:52:51.0460 1968  WebClient - ok
08:52:51.0463 1968  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
08:52:51.0465 1968  Wecsvc - ok
08:52:51.0467 1968  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
08:52:51.0469 1968  wercplsupport - ok
08:52:51.0471 1968  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
08:52:51.0473 1968  WerSvc - ok
08:52:51.0474 1968  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
08:52:51.0475 1968  WfpLwf - ok
08:52:51.0476 1968  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
08:52:51.0477 1968  WIMMount - ok
08:52:51.0478 1968  WinDefend - ok
08:52:51.0480 1968  WinHttpAutoProxySvc - ok
08:52:51.0486 1968  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
08:52:51.0487 1968  Winmgmt - ok
08:52:51.0502 1968  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
08:52:51.0509 1968  WinRM - ok
08:52:51.0513 1968  [ FE88B288356E7B47B74B13372ADD906D ] WinUSB          C:\Windows\system32\DRIVERS\WinUSB.sys
08:52:51.0513 1968  WinUSB - ok
08:52:51.0521 1968  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
08:52:51.0525 1968  Wlansvc - ok
08:52:51.0540 1968  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:52:51.0549 1968  wlidsvc - ok
08:52:51.0551 1968  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
08:52:51.0551 1968  WmiAcpi - ok
08:52:51.0554 1968  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
08:52:51.0556 1968  wmiApSrv - ok
08:52:51.0557 1968  WMPNetworkSvc - ok
08:52:51.0559 1968  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
08:52:51.0561 1968  WPCSvc - ok
08:52:51.0563 1968  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
08:52:51.0565 1968  WPDBusEnum - ok
08:52:51.0566 1968  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
08:52:51.0567 1968  ws2ifsl - ok
08:52:51.0569 1968  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
08:52:51.0571 1968  wscsvc - ok
08:52:51.0572 1968  WSearch - ok
08:52:51.0589 1968  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
08:52:51.0599 1968  wuauserv - ok
08:52:51.0601 1968  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
08:52:51.0602 1968  WudfPf - ok
08:52:51.0604 1968  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
08:52:51.0605 1968  WUDFRd - ok
08:52:51.0607 1968  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
08:52:51.0609 1968  wudfsvc - ok
08:52:51.0612 1968  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
08:52:51.0615 1968  WwanSvc - ok
08:52:51.0621 1968  [ 4A5CE13408945E525503B5F73D29B9C5 ] xnacc           C:\Windows\system32\DRIVERS\xnacc.sys
08:52:51.0624 1968  xnacc - ok
08:52:51.0625 1968  ================ Scan global ===============================
08:52:51.0627 1968  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
08:52:51.0630 1968  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
08:52:51.0633 1968  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
08:52:51.0636 1968  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
08:52:51.0641 1968  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
08:52:51.0643 1968  [Global] - ok
08:52:51.0643 1968  ================ Scan MBR ==================================
08:52:51.0653 1968  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
08:52:51.0781 1968  \Device\Harddisk1\DR1 - ok
08:52:51.0782 1968  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:52:51.0785 1968  \Device\Harddisk0\DR0 - ok
08:52:51.0786 1968  ================ Scan VBR ==================================
08:52:51.0786 1968  [ CEFD657BE9D321A8043D4CF3ED019C2A ] \Device\Harddisk1\DR1\Partition1
08:52:51.0787 1968  \Device\Harddisk1\DR1\Partition1 - ok
08:52:51.0788 1968  [ 63988A07EE16A7EA7A7038F05BFB2CA7 ] \Device\Harddisk1\DR1\Partition2
08:52:51.0789 1968  \Device\Harddisk1\DR1\Partition2 - ok
08:52:51.0790 1968  [ 06AFF0CD1C6DB5CC756E370D8BF6CEA4 ] \Device\Harddisk0\DR0\Partition1
08:52:51.0790 1968  \Device\Harddisk0\DR0\Partition1 - ok
08:52:51.0790 1968  ============================================================
08:52:51.0790 1968  Scan finished
08:52:51.0790 1968  ============================================================
08:52:51.0793 2240  Detected object count: 0
08:52:51.0793 2240  Actual detected object count: 0
 


Edited by Lucius31, 20 April 2013 - 07:06 PM.


#4 Lucius31

Lucius31
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:11:00 PM

Posted 20 April 2013 - 05:58 PM

AdwCleaner Report :

 

# AdwCleaner v2.200 - Logfile created 04/21/2013 at 08:56:20
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Tony - IAM666
# Boot Mode : Normal
# Running from : D:\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\9y06xyrx.default\prefs.js

[OK] File is clean.

-\\ Chromium v     check_default_browser: false
   }

File : C:\Users\Tony\AppData\Local\Chromium\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S8].txt - [813 octets] - [21/04/2013 08:56:20]

########## EOF - C:\AdwCleaner[S8].txt - [872 octets] ##########


Edited by Lucius31, 20 April 2013 - 07:06 PM.


#5 Lucius31

Lucius31
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:11:00 PM

Posted 20 April 2013 - 06:09 PM

ESET Online Scanner Report :

 

Ran for 43 minutes.

 

No threats found. No Report Produced.

 

Thanks for the help thus far, look forward to next steps.


Edited by Lucius31, 20 April 2013 - 06:50 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:00 AM

Posted 20 April 2013 - 07:39 PM

Lets do another rootkit check.

 

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the  save log button, save it to your desktop, then copy and paste it in your next reply.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Lucius31

Lucius31
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:11:00 PM

Posted 20 April 2013 - 09:09 PM

Hi,

 

How long should aswMBR run for?

 

Firstly it did not ask for definitions. Secondly it gets up to a dll file, which is from my raidcall program (for online gaming) and it just looks frozen. I let the program run for 20 minutes, and it was stuck on this one dll file. So I then moved that dll file and re-ran the scan and it subsequently got stuck on the next dll file for a long period of time. It will just sit there on the "scanning" with nothing updating on the screen. I am sure something is actually running because the system peformance is at a grinding halt and the program is taking up a lot of resources.

 

Is this a problem or normal? I am just concerned that something is wrong. If the program is meant to run for hours, then I will just run it overnight.

 

Update: I rebooted my system, renamed the download file to iexplore.exe as suggested on the download page (maybe the virus is stopping it from running) and the same thing happened.


Edited by Lucius31, 20 April 2013 - 09:40 PM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:00 AM

Posted 20 April 2013 - 10:34 PM

Can you do this?

 

Lets check for and confirm the MBR (Master Boot Record) rootkit.


Please download mbr.exe and save it to the root directory, usually C:\ <- (Important!).

  • Go to Start > Run and type: cmd.exe

  • press Ok.

  • At the command prompt type: c:\mbr.exe >>"C:\mbr.log"

  • press Enter.

  • The process is automatic...a black DOS window will open and quickly disappear. This is normal.

  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).

  • Copy and paste the results of the mbr.log in your next reply.

[i]If you have a problem using the command prompt, you can just double-click on mbr.exe to run the tool.[/I

 

 


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Lucius31

Lucius31
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:11:00 PM

Posted 20 April 2013 - 11:57 PM

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601

device: opened successfully
user: error reading MBR
error: Read  The handle is invalid.
kernel: error reading MBR



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:00 AM

Posted 21 April 2013 - 08:13 PM

We have a rootkit that requires stronger tools to remove. You'll need to make a new topic.

We need to get a deeper look. Please follow this Preparation Guide and post in a new topic.

Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Lucius31

Lucius31
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:11:00 PM

Posted 22 April 2013 - 03:26 AM

I read the prep guide, did a backup. Also made a new thread.

 

Look forward to getting further help!

 

Thank you.


Edited by Lucius31, 22 April 2013 - 03:50 AM.


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:00 AM

Posted 22 April 2013 - 10:15 AM

You're in good hands now with gringopr
Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.
The current wait time is 1 - 2 days and ALL logs are answered.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users