Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Java Exploit and Jave Exploit BKO Infection, Yahoo Mail hacking


  • Please log in to reply
7 replies to this topic

#1 DazedStunnedInfected

DazedStunnedInfected

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 15 June 2013 - 03:47 PM

Hi,

 

I am on Windows 7 Home Premium.  MS Internet Explorer is installed but I only use it when my default browser, Firefox, does not display something correctly.

 

A couple of weeks ago I notice that my AVG protection turned off a couple of times so I ran a routine AVG virus scan.  AVG showed I had java Exploit and Java Exploit.BKO and (appeared to) cleaned it up. The only other possible symptom that I have had is my Yahoo email has been flagged for suspicious activity and I know it has been hacked a couple of times over the last 3-4 months.  I change my Yahoo password every time there is a hint of trouble but the suspicious activity continued, including after I (thought I) removed Java Exploit.

 

Yesterday a new coworker told me that Java Exploit is very bad and impossible to get rid of and that if I have it, I should buy a new computer to guarantee security.  He said Java Exploit runs Internet Explorer in the background.  Per his instructions I installed and ran Process Explorer to check.  Internet Explorer was not running in the background so I thought I was OK.  I installed and ran Malwarebytes which showed I had no problems.

 

I bought the computer a year ago tomorrow at Micro Center so I called their tech support.  I explained the above to the technician.  He remote accessed in and looked at the Process Explorer.  He spent about an hour loading and running various virus and malware software that included SuperAntiSpyware.  He only found a couple of harmless tracking cookies.  I let him talk me into buying their antivirus program ESET and another year of their tech support.  After I disconnected from Micro Center Tech support, Process Explorer still does not show IE running in the background.

 

Based on what my coworker said and my limited understand of what I have read on this forum, I am not confident that my computer actually is secure and free from Java Exploit (or maybe something else).  It just seemed too easy to clean up from my computer.

 

My questions are:

1. Is it still possible to have Java Exploit or Java Exploit BKO?

2. If so, is there any ‘easy’ way to get rid of it?  I am not very computer savvy and would happily buy a new computer if it saved me from the stress of having to do anything more complicated that installing and running yet another antivirus program.

3. Do you think the Yahoo mail hacking is related to Java Exploit?

4. What type of data does Java Exploit look for?  All I can tell from web searching is that it installs malware.  Specifically does it go after financial date?  Does it want to spam (my email hacking)? Use my computer as a robot to accomplish something else external of my machine or data?

5. Any opinions on Micro Center’s ESET antivirus?

 

Thank you soooooooo much!

 

Miss Dazed, Stunned and Infected

 

 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:51 AM

Posted 20 June 2013 - 08:56 PM

Hello and welcome Miss Dazed. This explanation from our quietman7 may help.

When a browser runs an applet, the Java Runtime Environment (JRE) stores the downloaded files into its cache folder for quick execution later and better performance. Both legitimate and malicious applets, malicious Java class files are stored in the Java cache directory and your anti-virus may detect them as threats. The detection can indicate the presence of malicious code which could attempt to exploit a vulnerability in the JRE. For more specific information about Java exploits, please refer to Virus found in the Java cache directory.

Notification of these files as a threat does not always mean that a machine has been infected; it indicates that a program included the viral class file but this does not mean that it used the malicious functionality. As a precaution, I agree with Rui Paz and recommend clearing the entire cache manually to ensure everything is cleaned out:If you want to perform a more thorough browser clean up, please refer to:
  • Microsoft Fix it: How to Delete the Contents of the Temporary Internet Files Folder
  • Safely Delete the Temporary Internet Files <- for Internet Explorer 8
  • How to clear the cache in Firefox
  • >>>>>>>>>>>>>>>...


    Please download MiniToolBox, save it to your desktop and run it.
    Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
    Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



    Please Download TDSSkiller
    Launch it.
    Click on change parameters-Select TDLFS file system
    Click on "Scan".
    Please post the LOG report(log file should be in your C drive)

    Do not change the default options on scan results.



    Please download AdwCleaner by Xplode onto your desktop.
    Close all open programs and internet browsers.
    Double click on adwcleaner.exe to run the tool.
    Click on Delete.
    Confirm each time with Ok.
    You will be prompted to restart your computer. A text file will open after the restart.
    Please post the contents of that logfile with your next reply.
    You can find the logfile at C:\AdwCleaner[S1].txt as well.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 DazedStunnedInfected

DazedStunnedInfected
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 04 July 2013 - 12:40 PM

Hi boopme,

 

Sorry it has taken me soo long to respond.  I really appreciate your help.  After running the tools you asked me to run, I am feeling pretty confident that whatever I had was gone and that it did minimal damage.  However, you are the expert so you tell me. : )

 

BTW Happy 4th of July!!!!

 

Miss D

 

 

MiniToolBox results:

 

MiniToolBox by Farbar  Version: 16-06-2013

Ran by xxxx (administrator) on 04-07-2013 at 09:56:02

Running from "C:xxxx"

Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

***************************************************************************

 

========================= Flush DNS: ===================================

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========================= IE Proxy Settings: ==============================

 

Proxy is not enabled.

No Proxy Server is set.

 

"Reset IE Proxy Settings": IE Proxy Settings were reset.

 

========================= FF Proxy Settings: ==============================

 

 

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

 

========================= Hosts content: =================================

 

 

 

========================= IP Configuration: ================================

 

xxxxxx Wireless Network Adapter = Wireless Network Connection (Connected)

xxxxxx Ethernet Controller (xxxxxx) = Local Area Connection (Media disconnected)

 

 

 

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

 

reset

set global icmpredirects=enabled

 

 

popd

# End of IPv4 configuration

 

 

 

Windows IP Configuration

 

   Host Name . . . . . . . . . . . . : xxxxxx

   Primary Dns Suffix  . . . . . . . :

   Node Type . . . . . . . . . . . . : Hybrid

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No

 

Wireless LAN adapter Wireless Network Connection 2:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter

   Physical Address. . . . . . . . . : xxxxxx

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

 

Wireless LAN adapter Wireless Network Connection:

 

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : xxxxxx Network Adapter

   Physical Address. . . . . . . . . : xxxxxx

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

   Link-local IPv6 Address . . . . . : xxxxxx

   IPv4 Address. . . . . . . . . . . : xxxxxx

   Subnet Mask . . . . . . . . . . . : xxxxxx

   Lease Obtained. . . . . . . . . . : Thursday, July 04, 2013 9:09:31 AM

   Lease Expires . . . . . . . . . . : Thursday, July 04, 2013 10:24:22 PM

   Default Gateway . . . . . . . . . : xxxxxx

   DHCP Server . . . . . . . . . . . : xxxxxx

   DHCPv6 IAID . . . . . . . . . . . : xxxxxx

   DHCPv6 Client DUID. . . . . . . . : xxxxxx

   DNS Servers . . . . . . . . . . . : xxxxxx

   NetBIOS over Tcpip. . . . . . . . : Enabled

 

Ethernet adapter Local Area Connection:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : xxxxxx

   Physical Address. . . . . . . . . : xxxxxx

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter Local Area Connection* 12:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : xxxxxx

   Physical Address. . . . . . . . . : xxxxxx

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter isatap.{xxxxxx}:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Microsoft ISATAP Adapterxxxxxx

   Physical Address. . . . . . . . . : xxxxxx

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter xxxxxx:

 

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : xxxxxx

   Physical Address. . . . . . . . . : xxxxxx

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

   IPv6 Address. . . . . . . . . . . : xxxxxx

   Link-local IPv6 Address . . . . . : xxxxxx

   Default Gateway . . . . . . . . . : ::

   NetBIOS over Tcpip. . . . . . . . : Disabled

Server:  UnKnown

Address:  xxxxxx

 

Name:    google.com

Addresses:  2607:f8b0:4010:801::1001

            74.125.239.34

            74.125.239.32

            74.125.239.39

            74.125.239.35

            74.125.239.46

            74.125.239.37

            74.125.239.40

            74.125.239.41

            74.125.239.33

            74.125.239.38

            74.125.239.36

 

 

Pinging google.com [74.125.239.102] with 32 bytes of data:

Reply from 74.125.239.102: bytes=32 time=15ms TTL=55

Reply from 74.125.239.102: bytes=32 time=16ms TTL=55

 

Ping statistics for 74.125.239.102:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 15ms, Maximum = 16ms, Average = 15ms

Server:  UnKnown

Address:  192.168.1.1

 

Name:    yahoo.com

Addresses:  98.138.253.109

            206.190.36.45

            98.139.183.24

 

 

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

Reply from 206.190.36.45: bytes=32 time=35ms TTL=51

Reply from 206.190.36.45: bytes=32 time=33ms TTL=51

 

Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 33ms, Maximum = 35ms, Average = 34ms

 

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================

Interface List

 19...be b7 0d 5c 78 6e ......Microsoft Virtual WiFi Miniport Adapter

 13...9c b7 0d 5c 78 6e ......Atheros AR9285 Wireless Network Adapter

 11...dc 0e a1 80 a6 df ......Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)

  1...........................Software Loopback Interface 1

 12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter

 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5

 14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

===========================================================================

 

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.3     25

        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306

        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306

  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306

      192.168.1.0    255.255.255.0         On-link       192.168.1.3    281

      192.168.1.3  255.255.255.255         On-link       192.168.1.3    281

    192.168.1.255  255.255.255.255         On-link       192.168.1.3    281

        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306

        224.0.0.0        240.0.0.0         On-link       192.168.1.3    281

  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306

  255.255.255.255  255.255.255.255         On-link       192.168.1.3    281

===========================================================================

Persistent Routes:

  None

 

IPv6 Route Table

===========================================================================

Active Routes:

 If Metric Network Destination      Gateway

 14     58 ::/0                     On-link

  1    306 ::1/128                  On-link

 14     58 2001::/32                On-link

 14    306 2001:0:5ef5:79fb:20c2:1bb5:3f57:fefc/128

                                    On-link

 13    281 fe80::/64                On-link

 14    306 fe80::/64                On-link

 13    281 fe80::1cb2:3604:37dc:432b/128

                                    On-link

 14    306 fe80::20c2:1bb5:3f57:fefc/128

                                    On-link

  1    306 ff00::/8                 On-link

 14    306 ff00::/8                 On-link

 13    281 ff00::/8                 On-link

===========================================================================

Persistent Routes:

  None

========================= Winsock entries =====================================

 

Catalog5 01 C:\windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)

Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)

Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 05 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog5 06 C:\windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)

Catalog5 07 C:\windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)

Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)

Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)

Catalog9 01 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 02 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 03 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 04 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 05 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 06 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 07 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 08 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 09 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 10 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 11 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)

x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)

x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)

x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)

x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

 

========================= Event log errors: ===============================

 

Application errors:

==================

Error: (07/04/2013 09:14:41 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)

Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

 

Error: (07/04/2013 09:10:11 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/04/2013 09:08:35 AM) (Source: Application Virtualization Client) (User: )

Description: {tid=860}

Failed to initialize the Application Virtualization Client PerfMon provider (error 0x80070002).

 

Error: (07/03/2013 10:27:31 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)

Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

 

Error: (07/03/2013 09:10:07 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)

Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

 

Error: (07/03/2013 09:06:16 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/03/2013 09:04:38 PM) (Source: Application Virtualization Client) (User: )

Description: {tid=874}

Failed to initialize the Application Virtualization Client PerfMon provider (error 0x80070002).

 

Error: (07/01/2013 08:22:38 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)

Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

 

Error: (06/30/2013 08:31:38 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)

Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

 

Error: (06/30/2013 08:28:34 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

System errors:

=============

Error: (06/15/2013 11:43:53 AM) (Source: Service Control Manager) (User: )

Description: The ESET Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (06/15/2013 10:54:52 AM) (Source: Service Control Manager) (User: )

Description: The ScRegSetValueExW call failed for FailureActions with the following error:

%%5

 

Error: (06/15/2013 10:51:59 AM) (Source: DCOM) (User: )

Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}

 

Error: (06/15/2013 10:44:03 AM) (Source: DCOM) (User: )

Description: 1068BITS{4991D34B-80A1-4291-83B6-3328366B9097}

 

Error: (06/15/2013 10:44:02 AM) (Source: DCOM) (User: )

Description: 1084gupdate/comsvc{4EB61BAC-A3B6-4760-9581-655041EF4D69}

 

Error: (06/15/2013 10:38:07 AM) (Source: DCOM) (User: )

Description: 1084MSIServer{000C101C-0000-0000-C000-000000000046}

 

Error: (06/15/2013 10:09:49 AM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

 

Error: (06/15/2013 10:09:49 AM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

 

Error: (06/15/2013 10:09:49 AM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

 

Error: (06/14/2013 10:38:45 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

 

 

Microsoft Office Sessions:

=========================

Error: (07/04/2013 09:14:41 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)

Description: 1600000000E9230000E9230000980B0000

 

Error: (07/04/2013 09:10:11 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/04/2013 09:08:35 AM) (Source: Application Virtualization Client)(User: )

Description: {tid=860}

0x80070002

 

Error: (07/03/2013 10:27:31 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)

Description: 1600000000E9230000E9230000980B0000

 

Error: (07/03/2013 09:10:07 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)

Description: 1600000000E9230000E9230000980B0000

 

Error: (07/03/2013 09:06:16 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/03/2013 09:04:38 PM) (Source: Application Virtualization Client)(User: )

Description: {tid=874}

0x80070002

 

Error: (07/01/2013 08:22:38 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)

Description: 1600000000E9230000E9230000980B0000

 

Error: (06/30/2013 08:31:38 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)

Description: 1600000000E9230000E9230000980B0000

 

Error: (06/30/2013 08:28:34 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

=========================== Installed Programs ============================

 

Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)

Adobe Flash Player 11 Plugin (Version: 11.7.700.224)

Adobe Reader X (10.1.7) (Version: 10.1.7)

Ask Toolbar (Version: 1.15.23.0)

Ask Toolbar Updater (Version: 1.2.5.36191)

Atheros Client Installation Program (Version: 7.0)

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.36)

Conexant HD Audio (Version: 8.54.4.51)

CutePDF Writer 3.0

D3DX10 (Version: 15.4.2368.0902)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dropbox (Version: 1.6.18)

Energy Management (Version: 6.0.2.0)

ESET NOD32 Antivirus (Version: 6.0.316.0)

Intel® Control Center (Version: 1.2.1.1007)

Intel® Management Engine Components (Version: 7.0.0.1144)

Intel® Processor Graphics (Version: 9.17.10.2932)

Intel® Rapid Storage Technology (Version: 10.1.5.1001)

Java 7 Update 25 (Version: 7.0.250)

Java Auto Updater (Version: 2.1.9.5)

Junk Mail filter update (Version: 15.4.3502.0922)

Lenovo EasyCamera (Version: 1.10.1209.1)

Lenovo EE Boot Optimizer (Version: 0.0.1.6)

Lenovo Games Console (Version: 1.2.6.436)

Lenovo OneKey Recovery (Version: 7.0.1628)

Lenovo YouCam (Version: 3.1.3728)

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)

Mesh Runtime (Version: 15.4.5722.2)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)

Microsoft Office Home and Student 2013 - en-us (Version: 15.0.4505.1510)

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)

Microsoft Office Project MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Project Professional 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)

Microsoft PowerPoint Viewer (Version: 14.0.6029.1000)

Microsoft Project 2010 Service Pack 1 (SP1)

Microsoft Project Professional 2010 (Version: 14.0.6029.1000)

Microsoft Silverlight (Version: 5.1.20125.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0)

Mozilla Maintenance Service (Version: 22.0)

MSVCRT (Version: 15.4.2862.0708)

MSVCRT_amd64 (Version: 15.4.2862.0708)

Office 15 Click-to-Run Extensibility Component (Version: 15.0.4505.1510)

Office 15 Click-to-Run Licensing Component (Version: 15.0.4505.1510)

Office 15 Click-to-Run Localization Component (Version: 15.0.4505.1510)

Power2Go (Version: 5.6.0.7303)

Realtek USB 2.0 Reader Driver (Version: 6.1.7600.10003)

Skype Click to Call (Version: 6.9.12585)

Skype™ 6.2 (Version: 6.2.106)

Synaptics Pointing Device Driver (Version: 15.3.0.0)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

UserGuide (Version: 1.0.0.6)

VeriFace (Version: 4.0.0.1224)

Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)

Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)

Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (Version: 12/02/2010 6.1.0.1)

Windows Installer Clean Up (Version: 3.00.00.0000)

Windows Live Communications Platform (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3508.1109)

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)

Windows Live Installer (Version: 15.4.3502.0922)

Windows Live Language Selector (Version: 15.4.3508.1109)

Windows Live Mail (Version: 15.4.3502.0922)

Windows Live Mesh (Version: 15.4.3502.0922)

Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)

Windows Live Messenger (Version: 15.4.3502.0922)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (Version: 15.4.3502.0922)

Windows Live Photo Common (Version: 15.4.3502.0922)

Windows Live Photo Gallery (Version: 15.4.3502.0922)

Windows Live PIMT Platform (Version: 15.4.3508.1109)

Windows Live Remote Client (Version: 15.4.5722.2)

Windows Live Remote Client Resources (Version: 15.4.5722.2)

Windows Live Remote Service (Version: 15.4.5722.2)

Windows Live Remote Service Resources (Version: 15.4.5722.2)

Windows Live SOXE (Version: 15.4.3502.0922)

Windows Live SOXE Definitions (Version: 15.4.3502.0922)

Windows Live UX Platform (Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)

Windows Live Writer (Version: 15.4.3502.0922)

Windows Live Writer Resources (Version: 15.4.3502.0922)

 

========================= Memory info: ===================================

 

Percentage of memory in use: 20%

Total physical RAM: 8135.86 MB

Available physical RAM: 6429.29 MB

Total Pagefile: 16269.9 MB

Available Pagefile: 14509.96 MB

Total Virtual: 4095.88 MB

Available Virtual: 3970.5 MB

 

========================= Partitions: =====================================

 

1 Drive c: () (Fixed) (Total:421.81 GB) (Free:367.81 GB) NTFS

2 Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:26.82 GB) NTFS

 

========================= Users: ========================================

 

User accounts for \\xxxxxxxxxxx

 

Administrator            Guest                    xxxxxxx                    

xxxxxxxxx              

 

 

**** End of log ****

 

 

TDSSkiller Log:

 

The popup results window told me no threats were found! : ) 435 objects scanned.

 

(and ow for the real log...)

 

10:11:52.0388 3240  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

10:11:52.0888 3240  ============================================================

10:11:52.0888 3240  Current date / time: 2013/07/04 10:11:52.0888

10:11:52.0888 3240  SystemInfo:

10:11:52.0888 3240 

10:11:52.0888 3240  OS Version: 6.1.7601 ServicePack: 1.0

10:11:52.0888 3240  Product type: Workstation

10:11:52.0888 3240  ComputerName: xxxxxxxxx

10:11:52.0888 3240  UserName: xxxxxxx

10:11:52.0888 3240  Windows directory: C:\windows

10:11:52.0888 3240  System windows directory: C:\windows

10:11:52.0888 3240  Running under WOW64

10:11:52.0888 3240  Processor architecture: Intel x64

10:11:52.0888 3240  Number of processors: 4

10:11:52.0888 3240  Page size: 0x1000

10:11:52.0888 3240  Boot type: Normal boot

10:11:52.0888 3240  ============================================================

10:11:53.0621 3240  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:11:53.0636 3240  ============================================================

10:11:53.0636 3240  \Device\Harddisk0\DR0:

10:11:53.0636 3240  MBR partitions:

10:11:53.0636 3240  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000

10:11:53.0636 3240  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x34BA1000

10:11:53.0668 3240  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x34C06000, BlocksNum 0x39FD800

10:11:53.0668 3240  ============================================================

10:11:53.0746 3240  C: <-> \Device\Harddisk0\DR0\Partition2

10:11:53.0792 3240  D: <-> \Device\Harddisk0\DR0\Partition3

10:11:53.0792 3240  ============================================================

10:11:53.0792 3240  Initialize success

10:11:53.0792 3240  ============================================================

10:13:18.0563 4756  ============================================================

10:13:18.0563 4756  Scan started

10:13:18.0563 4756  Mode: Manual; TDLFS;

10:13:18.0563 4756  ============================================================

10:13:18.0875 4756  ================ Scan system memory ========================

10:13:18.0875 4756  System memory - ok

10:13:18.0875 4756  ================ Scan services =============================

10:13:19.0140 4756  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys

10:13:19.0187 4756  1394ohci - ok

10:13:19.0203 4756  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys

10:13:19.0203 4756  ACPI - ok

10:13:19.0218 4756  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys

10:13:19.0218 4756  AcpiPmi - ok

10:13:19.0249 4756  [ 5BBFF8B826EC38D32C26334E079C7EFC ] ACPIVPC         C:\windows\system32\DRIVERS\AcpiVpc.sys

10:13:19.0249 4756  ACPIVPC - ok

10:13:19.0343 4756  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

10:13:19.0343 4756  AdobeARMservice - ok

10:13:19.0452 4756  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

10:13:19.0468 4756  AdobeFlashPlayerUpdateSvc - ok

10:13:19.0499 4756  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys

10:13:19.0561 4756  adp94xx - ok

10:13:19.0577 4756  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\drivers\adpahci.sys

10:13:19.0608 4756  adpahci - ok

10:13:19.0608 4756  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\drivers\adpu320.sys

10:13:19.0624 4756  adpu320 - ok

10:13:19.0639 4756  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll

10:13:19.0639 4756  AeLookupSvc - ok

10:13:19.0671 4756  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\windows\system32\drivers\afd.sys

10:13:19.0671 4756  AFD - ok

10:13:19.0702 4756  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys

10:13:19.0749 4756  agp440 - ok

10:13:19.0764 4756  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe

10:13:19.0764 4756  ALG - ok

10:13:19.0780 4756  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys

10:13:19.0795 4756  aliide - ok

10:13:19.0811 4756  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys

10:13:19.0827 4756  amdide - ok

10:13:19.0842 4756  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\drivers\amdk8.sys

10:13:19.0858 4756  AmdK8 - ok

10:13:19.0858 4756  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys

10:13:19.0873 4756  AmdPPM - ok

10:13:19.0889 4756  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\windows\system32\drivers\amdsata.sys

10:13:19.0905 4756  amdsata - ok

10:13:19.0920 4756  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\drivers\amdsbs.sys

10:13:19.0936 4756  amdsbs - ok

10:13:19.0951 4756  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\windows\system32\drivers\amdxata.sys

10:13:19.0951 4756  amdxata - ok

10:13:19.0967 4756  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\windows\system32\drivers\appid.sys

10:13:19.0967 4756  AppID - ok

10:13:19.0998 4756  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll

10:13:19.0998 4756  AppIDSvc - ok

10:13:20.0014 4756  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\windows\System32\appinfo.dll

10:13:20.0014 4756  Appinfo - ok

10:13:20.0045 4756  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\drivers\arc.sys

10:13:20.0076 4756  arc - ok

10:13:20.0092 4756  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\drivers\arcsas.sys

10:13:20.0092 4756  arcsas - ok

10:13:20.0107 4756  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys

10:13:20.0107 4756  AsyncMac - ok

10:13:20.0123 4756  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\drivers\atapi.sys

10:13:20.0123 4756  atapi - ok

10:13:20.0217 4756  [ 782D36BAD8DDBF008D02E055DBE70F82 ] athr            C:\windows\system32\DRIVERS\athrx.sys

10:13:20.0263 4756  athr - ok

10:13:20.0295 4756  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll

10:13:20.0310 4756  AudioEndpointBuilder - ok

10:13:20.0326 4756  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll

10:13:20.0326 4756  AudioSrv - ok

10:13:20.0341 4756  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll

10:13:20.0341 4756  AxInstSV - ok

10:13:20.0373 4756  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys

10:13:20.0388 4756  b06bdrv - ok

10:13:20.0404 4756  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys

10:13:20.0435 4756  b57nd60a - ok

10:13:20.0466 4756  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll

10:13:20.0466 4756  BDESVC - ok

10:13:20.0497 4756  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys

10:13:20.0497 4756  Beep - ok

10:13:20.0529 4756  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\windows\System32\bfe.dll

10:13:20.0544 4756  BFE - ok

10:13:20.0607 4756  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\System32\qmgr.dll

10:13:20.0638 4756  BITS - ok

10:13:20.0653 4756  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys

10:13:20.0685 4756  blbdrive - ok

10:13:20.0716 4756  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys

10:13:20.0747 4756  bowser - ok

10:13:20.0778 4756  [ AAA4F992F879977A000FE8B8C730CD2C ] BPntDrv         C:\windows\system32\drivers\BPntDrv.sys

10:13:20.0778 4756  BPntDrv - ok

10:13:20.0809 4756  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys

10:13:20.0809 4756  BrFiltLo - ok

10:13:20.0825 4756  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys

10:13:20.0825 4756  BrFiltUp - ok

10:13:20.0856 4756  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\windows\System32\browser.dll

10:13:20.0856 4756  Browser - ok

10:13:20.0903 4756  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys

10:13:20.0919 4756  Brserid - ok

10:13:20.0934 4756  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys

10:13:20.0950 4756  BrSerWdm - ok

10:13:20.0965 4756  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys

10:13:20.0981 4756  BrUsbMdm - ok

10:13:20.0997 4756  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys

10:13:21.0012 4756  BrUsbSer - ok

10:13:21.0028 4756  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys

10:13:21.0059 4756  BthEnum - ok

10:13:21.0059 4756  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys

10:13:21.0090 4756  BTHMODEM - ok

10:13:21.0106 4756  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys

10:13:21.0121 4756  BthPan - ok

10:13:21.0137 4756  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys

10:13:21.0168 4756  BTHPORT - ok

10:13:21.0199 4756  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll

10:13:21.0199 4756  bthserv - ok

10:13:21.0215 4756  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys

10:13:21.0231 4756  BTHUSB - ok

10:13:21.0246 4756  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys

10:13:21.0246 4756  cdfs - ok

10:13:21.0262 4756  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys

10:13:21.0262 4756  cdrom - ok

10:13:21.0293 4756  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\windows\System32\certprop.dll

10:13:21.0293 4756  CertPropSvc - ok

10:13:21.0309 4756  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\drivers\circlass.sys

10:13:21.0309 4756  circlass - ok

10:13:21.0324 4756  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys

10:13:21.0340 4756  CLFS - ok

10:13:21.0402 4756  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

10:13:21.0402 4756  clr_optimization_v2.0.50727_32 - ok

10:13:21.0465 4756  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

10:13:21.0465 4756  clr_optimization_v2.0.50727_64 - ok

10:13:21.0543 4756  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

10:13:21.0543 4756  clr_optimization_v4.0.30319_32 - ok

10:13:21.0574 4756  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

10:13:21.0574 4756  clr_optimization_v4.0.30319_64 - ok

10:13:21.0605 4756  [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd           C:\windows\system32\DRIVERS\clwvd.sys

10:13:21.0652 4756  clwvd - ok

10:13:21.0683 4756  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys

10:13:21.0683 4756  CmBatt - ok

10:13:21.0699 4756  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys

10:13:21.0699 4756  cmdide - ok

10:13:21.0730 4756  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\windows\system32\Drivers\cng.sys

10:13:21.0745 4756  CNG - ok

10:13:21.0792 4756  [ A260BE645DD096D90318C8CF98536720 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys

10:13:21.0808 4756  CnxtHdAudService - ok

10:13:21.0823 4756  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\drivers\compbatt.sys

10:13:21.0823 4756  Compbatt - ok

10:13:21.0823 4756  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys

10:13:21.0839 4756  CompositeBus - ok

10:13:21.0839 4756  COMSysApp - ok

10:13:21.0870 4756  [ 815F3180B5117E42E422188E9CCC89C6 ] cphs            C:\windows\SysWow64\IntelCpHeciSvc.exe

10:13:21.0870 4756  cphs - ok

10:13:21.0886 4756  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys

10:13:21.0886 4756  crcdisk - ok

10:13:21.0933 4756  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\windows\system32\cryptsvc.dll

10:13:21.0948 4756  CryptSvc - ok

10:13:22.0042 4756  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

10:13:22.0057 4756  cvhsvc - ok

10:13:22.0089 4756  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll

10:13:22.0104 4756  DcomLaunch - ok

10:13:22.0135 4756  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll

10:13:22.0135 4756  defragsvc - ok

10:13:22.0167 4756  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys

10:13:22.0167 4756  DfsC - ok

10:13:22.0198 4756  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll

10:13:22.0198 4756  Dhcp - ok

10:13:22.0198 4756  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys

10:13:22.0213 4756  discache - ok

10:13:22.0229 4756  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\drivers\disk.sys

10:13:22.0260 4756  Disk - ok

10:13:22.0276 4756  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll

10:13:22.0291 4756  Dnscache - ok

10:13:22.0307 4756  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\windows\System32\dot3svc.dll

10:13:22.0307 4756  dot3svc - ok

10:13:22.0307 4756  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\windows\system32\dps.dll

10:13:22.0323 4756  DPS - ok

10:13:22.0338 4756  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys

10:13:22.0354 4756  drmkaud - ok

10:13:22.0401 4756  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys

10:13:22.0416 4756  DXGKrnl - ok

10:13:22.0463 4756  [ 398904F1FBF13CEF0FCB822E9CA5F2D5 ] eamonm          C:\windows\system32\DRIVERS\eamonm.sys

10:13:22.0463 4756  eamonm - ok

10:13:22.0479 4756  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll

10:13:22.0479 4756  EapHost - ok

10:13:22.0588 4756  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\drivers\evbda.sys

10:13:22.0681 4756  ebdrv - ok

10:13:22.0697 4756  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\windows\System32\lsass.exe

10:13:22.0697 4756  EFS - ok

10:13:22.0728 4756  [ 9E39134330C18CBAC0F24C1283701D7E ] ehdrv           C:\windows\system32\DRIVERS\ehdrv.sys

10:13:22.0728 4756  ehdrv - ok

10:13:22.0791 4756  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\windows\ehome\ehRecvr.exe

10:13:22.0806 4756  ehRecvr - ok

10:13:22.0822 4756  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\windows\ehome\ehsched.exe

10:13:22.0822 4756  ehSched - ok

10:13:22.0947 4756  [ 7FE34FD5652C54BDA8D2DF8AC92E833A ] ekrn            C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

10:13:22.0947 4756  ekrn - ok

10:13:22.0993 4756  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\drivers\elxstor.sys

10:13:22.0993 4756  elxstor - ok

10:13:23.0040 4756  [ B4E8DC817963B256537B1EC09AF0647E ] epfwwfpr        C:\windows\system32\DRIVERS\epfwwfpr.sys

10:13:23.0040 4756  epfwwfpr - ok

10:13:23.0056 4756  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys

10:13:23.0087 4756  ErrDev - ok

10:13:23.0134 4756  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll

10:13:23.0149 4756  EventSystem - ok

10:13:23.0165 4756  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys

10:13:23.0165 4756  exfat - ok

10:13:23.0196 4756  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys

10:13:23.0227 4756  fastfat - ok

10:13:23.0243 4756  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\windows\system32\fxssvc.exe

10:13:23.0259 4756  Fax - ok

10:13:23.0274 4756  [ 3191ACA33088EE2481044FC0DB736442 ] fbfmon          C:\windows\system32\drivers\fbfmon.sys

10:13:23.0290 4756  fbfmon - ok

10:13:23.0305 4756  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\drivers\fdc.sys

10:13:23.0321 4756  fdc - ok

10:13:23.0337 4756  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll

10:13:23.0337 4756  fdPHost - ok

10:13:23.0352 4756  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll

10:13:23.0352 4756  FDResPub - ok

10:13:23.0368 4756  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys

10:13:23.0368 4756  FileInfo - ok

10:13:23.0383 4756  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys

10:13:23.0399 4756  Filetrace - ok

10:13:23.0399 4756  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\drivers\flpydisk.sys

10:13:23.0415 4756  flpydisk - ok

10:13:23.0430 4756  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys

10:13:23.0430 4756  FltMgr - ok

10:13:23.0477 4756  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\windows\system32\FntCache.dll

10:13:23.0508 4756  FontCache - ok

10:13:23.0539 4756  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

10:13:23.0555 4756  FontCache3.0.0.0 - ok

10:13:23.0571 4756  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys

10:13:23.0602 4756  FsDepends - ok

10:13:23.0633 4756  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys

10:13:23.0633 4756  Fs_Rec - ok

10:13:23.0664 4756  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys

10:13:23.0664 4756  fvevol - ok

10:13:23.0680 4756  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys

10:13:23.0711 4756  gagp30kx - ok

10:13:23.0742 4756  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\windows\System32\gpsvc.dll

10:13:23.0758 4756  gpsvc - ok

10:13:23.0773 4756  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys

10:13:23.0789 4756  hcw85cir - ok

10:13:23.0836 4756  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys

10:13:23.0851 4756  HdAudAddService - ok

10:13:23.0883 4756  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys

10:13:23.0883 4756  HDAudBus - ok

10:13:23.0914 4756  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\drivers\HidBatt.sys

10:13:23.0961 4756  HidBatt - ok

10:13:23.0961 4756  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\drivers\hidbth.sys

10:13:23.0976 4756  HidBth - ok

10:13:23.0976 4756  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\drivers\hidir.sys

10:13:24.0007 4756  HidIr - ok

10:13:24.0023 4756  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\system32\hidserv.dll

10:13:24.0023 4756  hidserv - ok

10:13:24.0054 4756  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys

10:13:24.0054 4756  HidUsb - ok

10:13:24.0085 4756  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll

10:13:24.0085 4756  hkmsvc - ok

10:13:24.0148 4756  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll

10:13:24.0163 4756  HomeGroupListener - ok

10:13:24.0210 4756  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll

10:13:24.0210 4756  HomeGroupProvider - ok

10:13:24.0241 4756  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys

10:13:24.0241 4756  HpSAMD - ok

10:13:24.0522 4756  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys

10:13:24.0538 4756  HTTP - ok

10:13:24.0553 4756  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys

10:13:24.0553 4756  hwpolicy - ok

10:13:24.0569 4756  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys

10:13:24.0585 4756  i8042prt - ok

10:13:24.0616 4756  [ 53CC5BF8B5A219119953C7ABB19A7705 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys

10:13:24.0616 4756  iaStor - ok

10:13:24.0663 4756  [ F5C0317AF600F8C0D7E4202EB04232B1 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

10:13:24.0663 4756  IAStorDataMgrSvc - ok

10:13:24.0694 4756  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys

10:13:24.0725 4756  iaStorV - ok

10:13:24.0834 4756  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

10:13:24.0881 4756  idsvc - ok

10:13:24.0990 4756  [ 348214F96642FD4FEF630DE021BA3540 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys

10:13:25.0115 4756  igfx - ok

10:13:25.0131 4756  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\drivers\iirsp.sys

10:13:25.0131 4756  iirsp - ok

10:13:25.0177 4756  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll

10:13:25.0177 4756  IKEEXT - ok

10:13:25.0209 4756  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys

10:13:25.0224 4756  IntcDAud - ok

10:13:25.0255 4756  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys

10:13:25.0255 4756  intelide - ok

10:13:25.0271 4756  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys

10:13:25.0271 4756  intelppm - ok

10:13:25.0287 4756  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll

10:13:25.0302 4756  IPBusEnum - ok

10:13:25.0302 4756  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys

10:13:25.0318 4756  IpFilterDriver - ok

10:13:25.0349 4756  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll

10:13:25.0365 4756  iphlpsvc - ok

10:13:25.0380 4756  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys

10:13:25.0396 4756  IPMIDRV - ok

10:13:25.0411 4756  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys

10:13:25.0427 4756  IPNAT - ok

10:13:25.0443 4756  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys

10:13:25.0443 4756  IRENUM - ok

10:13:25.0443 4756  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys

10:13:25.0458 4756  isapnp - ok

10:13:25.0489 4756  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys

10:13:25.0489 4756  iScsiPrt - ok

10:13:25.0521 4756  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys

10:13:25.0521 4756  kbdclass - ok

10:13:25.0521 4756  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys

10:13:25.0536 4756  kbdhid - ok

10:13:25.0552 4756  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe

10:13:25.0552 4756  KeyIso - ok

10:13:25.0583 4756  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys

10:13:25.0583 4756  KSecDD - ok

10:13:25.0614 4756  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys

10:13:25.0614 4756  KSecPkg - ok

10:13:25.0630 4756  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys

10:13:25.0645 4756  ksthunk - ok

10:13:25.0661 4756  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll

10:13:25.0677 4756  KtmRm - ok

10:13:25.0677 4756  [ 95CA93FC12BE372BB952669F37FFF9C5 ] L1C             C:\windows\system32\DRIVERS\L1C62x64.sys

10:13:25.0692 4756  L1C - ok

10:13:25.0723 4756  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\system32\srvsvc.dll

10:13:25.0723 4756  LanmanServer - ok

10:13:25.0739 4756  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll

10:13:25.0739 4756  LanmanWorkstation - ok

10:13:25.0786 4756  [ BE166935083F9C38EDFDC21B9A7A679B ] LHDmgr          C:\windows\system32\DRIVERS\LhdX64.sys

10:13:25.0801 4756  LHDmgr - ok

10:13:25.0817 4756  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys

10:13:25.0817 4756  lltdio - ok

10:13:25.0864 4756  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll

10:13:25.0879 4756  lltdsvc - ok

10:13:25.0911 4756  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll

10:13:25.0911 4756  lmhosts - ok

10:13:25.0942 4756  [ 2ED1786B7542CDA261029F6B526EDF44 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

10:13:25.0957 4756  LMS - ok

10:13:25.0973 4756  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys

10:13:25.0989 4756  LSI_FC - ok

10:13:26.0020 4756  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys

10:13:26.0035 4756  LSI_SAS - ok

10:13:26.0035 4756  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys

10:13:26.0051 4756  LSI_SAS2 - ok

10:13:26.0051 4756  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys

10:13:26.0067 4756  LSI_SCSI - ok

10:13:26.0082 4756  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys

10:13:26.0082 4756  luafv - ok

10:13:26.0129 4756  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\windows\system32\drivers\mbam.sys

10:13:26.0160 4756  MBAMProtector - ok

10:13:26.0207 4756  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

10:13:26.0207 4756  MBAMScheduler - ok

10:13:26.0254 4756  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

10:13:26.0269 4756  MBAMService - ok

10:13:26.0285 4756  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll

10:13:26.0301 4756  Mcx2Svc - ok

10:13:26.0316 4756  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\drivers\megasas.sys

10:13:26.0332 4756  megasas - ok

10:13:26.0347 4756  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys

10:13:26.0363 4756  MegaSR - ok

10:13:26.0379 4756  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\windows\system32\DRIVERS\HECIx64.sys

10:13:26.0379 4756  MEIx64 - ok

10:13:26.0425 4756  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll

10:13:26.0425 4756  MMCSS - ok

10:13:26.0441 4756  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys

10:13:26.0457 4756  Modem - ok

10:13:26.0472 4756  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys

10:13:26.0488 4756  monitor - ok

10:13:26.0519 4756  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys

10:13:26.0519 4756  mouclass - ok

10:13:26.0535 4756  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys

10:13:26.0535 4756  mouhid - ok

10:13:26.0550 4756  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys

10:13:26.0550 4756  mountmgr - ok

10:13:26.0581 4756  [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

10:13:26.0581 4756  MozillaMaintenance - ok

10:13:26.0597 4756  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys

10:13:26.0613 4756  mpio - ok

10:13:26.0628 4756  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys

10:13:26.0628 4756  mpsdrv - ok

10:13:26.0675 4756  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll

10:13:26.0691 4756  MpsSvc - ok

10:13:26.0722 4756  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys

10:13:26.0737 4756  MRxDAV - ok

10:13:26.0753 4756  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys

10:13:26.0753 4756  mrxsmb - ok

10:13:26.0784 4756  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys

10:13:26.0831 4756  mrxsmb10 - ok

10:13:26.0847 4756  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys

10:13:26.0847 4756  mrxsmb20 - ok

10:13:26.0862 4756  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\drivers\msahci.sys

10:13:26.0862 4756  msahci - ok

10:13:26.0878 4756  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\windows\system32\drivers\msdsm.sys

10:13:26.0878 4756  msdsm - ok

10:13:26.0893 4756  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe

10:13:26.0909 4756  MSDTC - ok

10:13:26.0925 4756  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys

10:13:26.0925 4756  Msfs - ok

10:13:26.0940 4756  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys

10:13:26.0940 4756  mshidkmdf - ok

10:13:26.0956 4756  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys

10:13:26.0971 4756  msisadrv - ok

10:13:26.0987 4756  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll

10:13:27.0003 4756  MSiSCSI - ok

10:13:27.0003 4756  msiserver - ok

10:13:27.0018 4756  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys

10:13:27.0018 4756  MSKSSRV - ok

10:13:27.0034 4756  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys

10:13:27.0034 4756  MSPCLOCK - ok

10:13:27.0049 4756  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys

10:13:27.0049 4756  MSPQM - ok

10:13:27.0065 4756  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\windows\system32\drivers\MsRPC.sys

10:13:27.0065 4756  MsRPC - ok

10:13:27.0081 4756  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys

10:13:27.0081 4756  mssmbios - ok

10:13:27.0112 4756  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys

10:13:27.0112 4756  MSTEE - ok

10:13:27.0127 4756  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\drivers\MTConfig.sys

10:13:27.0127 4756  MTConfig - ok

10:13:27.0143 4756  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys

10:13:27.0159 4756  Mup - ok

10:13:27.0190 4756  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll

10:13:27.0190 4756  napagent - ok

10:13:27.0221 4756  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys

10:13:27.0252 4756  NativeWifiP - ok

10:13:27.0283 4756  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys

10:13:27.0299 4756  NDIS - ok

10:13:27.0315 4756  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys

10:13:27.0330 4756  NdisCap - ok

10:13:27.0346 4756  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys

10:13:27.0346 4756  NdisTapi - ok

10:13:27.0377 4756  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys

10:13:27.0377 4756  Ndisuio - ok

10:13:27.0393 4756  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys

10:13:27.0408 4756  NdisWan - ok

10:13:27.0424 4756  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys

10:13:27.0439 4756  NDProxy - ok

10:13:27.0455 4756  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys

10:13:27.0471 4756  NetBIOS - ok

10:13:27.0486 4756  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys

10:13:27.0486 4756  NetBT - ok

10:13:27.0502 4756  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe

10:13:27.0502 4756  Netlogon - ok

10:13:27.0533 4756  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll

10:13:27.0533 4756  Netman - ok

10:13:27.0564 4756  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll

10:13:27.0580 4756  netprofm - ok

10:13:27.0611 4756  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

10:13:27.0611 4756  NetTcpPortSharing - ok

10:13:27.0642 4756  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys

10:13:27.0658 4756  nfrd960 - ok

10:13:27.0705 4756  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\windows\System32\nlasvc.dll

10:13:27.0720 4756  NlaSvc - ok

10:13:27.0751 4756  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys

10:13:27.0767 4756  Npfs - ok

10:13:27.0798 4756  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll

10:13:27.0798 4756  nsi - ok

10:13:27.0814 4756  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys

10:13:27.0814 4756  nsiproxy - ok

10:13:27.0892 4756  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys

10:13:27.0923 4756  Ntfs - ok

10:13:27.0939 4756  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys

10:13:27.0970 4756  Null - ok

10:13:27.0985 4756  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys

10:13:27.0985 4756  nvraid - ok

10:13:28.0001 4756  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys

10:13:28.0017 4756  nvstor - ok

10:13:28.0017 4756  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys

10:13:28.0032 4756  nv_agp - ok

10:13:28.0126 4756  [ CF7B55AEF7AA9CF053C8B33D8055C367 ] OfficeSvc       C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe

10:13:28.0141 4756  OfficeSvc - ok

10:13:28.0157 4756  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys

10:13:28.0173 4756  ohci1394 - ok

10:13:28.0204 4756  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

10:13:28.0204 4756  ose - ok

10:13:28.0391 4756  [ FE9C0029E1AF26350D9985D00520E5C8 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

10:13:28.0469 4756  osppsvc - ok

10:13:28.0516 4756  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll

10:13:28.0516 4756  p2pimsvc - ok

10:13:28.0531 4756  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll

10:13:28.0531 4756  p2psvc - ok

10:13:28.0563 4756  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\drivers\parport.sys

10:13:28.0578 4756  Parport - ok

10:13:28.0594 4756  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\windows\system32\drivers\partmgr.sys

10:13:28.0609 4756  partmgr - ok

10:13:28.0625 4756  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll

10:13:28.0641 4756  PcaSvc - ok

10:13:28.0672 4756  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\windows\system32\drivers\pci.sys

10:13:28.0687 4756  pci - ok

10:13:28.0703 4756  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\drivers\pciide.sys

10:13:28.0719 4756  pciide - ok

10:13:28.0734 4756  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\drivers\pcmcia.sys

10:13:28.0750 4756  pcmcia - ok

10:13:28.0765 4756  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys

10:13:28.0765 4756  pcw - ok

10:13:28.0797 4756  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys

10:13:28.0812 4756  PEAUTH - ok

10:13:28.0843 4756  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe

10:13:28.0843 4756  PerfHost - ok

10:13:28.0906 4756  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\windows\system32\pla.dll

10:13:28.0921 4756  pla - ok

10:13:28.0968 4756  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll

10:13:28.0984 4756  PlugPlay - ok

10:13:28.0999 4756  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll

10:13:28.0999 4756  PNRPAutoReg - ok

10:13:29.0015 4756  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll

10:13:29.0031 4756  PNRPsvc - ok

10:13:29.0062 4756  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll

10:13:29.0062 4756  PolicyAgent - ok

10:13:29.0077 4756  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\windows\system32\umpo.dll

10:13:29.0077 4756  Power - ok

10:13:29.0109 4756  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys

10:13:29.0109 4756  PptpMiniport - ok

10:13:29.0124 4756  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\drivers\processr.sys

10:13:29.0140 4756  Processor - ok

10:13:29.0171 4756  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\windows\system32\profsvc.dll

10:13:29.0171 4756  ProfSvc - ok

10:13:29.0187 4756  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe

10:13:29.0187 4756  ProtectedStorage - ok

10:13:29.0202 4756  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys

10:13:29.0202 4756  Psched - ok

10:13:29.0265 4756  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\drivers\ql2300.sys

10:13:29.0280 4756  ql2300 - ok

10:13:29.0327 4756  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\drivers\ql40xx.sys

10:13:29.0327 4756  ql40xx - ok

10:13:29.0343 4756  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll

10:13:29.0358 4756  QWAVE - ok

10:13:29.0374 4756  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys

10:13:29.0374 4756  QWAVEdrv - ok

10:13:29.0405 4756  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys

10:13:29.0405 4756  RasAcd - ok

10:13:29.0436 4756  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys

10:13:29.0436 4756  RasAgileVpn - ok

10:13:29.0467 4756  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll

10:13:29.0467 4756  RasAuto - ok

10:13:29.0499 4756  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys

10:13:29.0499 4756  Rasl2tp - ok

10:13:29.0514 4756  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll

10:13:29.0530 4756  RasMan - ok

10:13:29.0545 4756  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys

10:13:29.0545 4756  RasPppoe - ok

10:13:29.0561 4756  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys

10:13:29.0561 4756  RasSstp - ok

10:13:29.0592 4756  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys

10:13:29.0608 4756  rdbss - ok

10:13:29.0623 4756  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\drivers\rdpbus.sys

10:13:29.0639 4756  rdpbus - ok

10:13:29.0655 4756  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys

10:13:29.0655 4756  RDPCDD - ok

10:13:29.0686 4756  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys

10:13:29.0686 4756  RDPENCDD - ok

10:13:29.0701 4756  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys

10:13:29.0701 4756  RDPREFMP - ok

10:13:29.0733 4756  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys

10:13:29.0733 4756  RdpVideoMiniport - ok

10:13:29.0779 4756  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\windows\system32\drivers\RDPWD.sys

10:13:29.0795 4756  RDPWD - ok

10:13:29.0811 4756  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys

10:13:29.0826 4756  rdyboost - ok

10:13:29.0857 4756  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll

10:13:29.0873 4756  RemoteAccess - ok

10:13:29.0904 4756  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll

10:13:29.0904 4756  RemoteRegistry - ok

10:13:29.0935 4756  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys

10:13:29.0951 4756  RFCOMM - ok

10:13:29.0982 4756  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll

10:13:29.0982 4756  RpcEptMapper - ok

10:13:30.0013 4756  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe

10:13:30.0013 4756  RpcLocator - ok

10:13:30.0029 4756  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\windows\system32\rpcss.dll

10:13:30.0029 4756  RpcSs - ok

10:13:30.0060 4756  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys

10:13:30.0076 4756  rspndr - ok

10:13:30.0123 4756  [ 89DFB71B370D82DFE75183F677043CEE ] RSUSBVSTOR      C:\windows\system32\Drivers\RtsUVStor.sys

10:13:30.0123 4756  RSUSBVSTOR - ok

10:13:30.0169 4756  [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys

10:13:30.0185 4756  RTL8167 - ok

10:13:30.0216 4756  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\windows\system32\lsass.exe

10:13:30.0216 4756  SamSs - ok

10:13:30.0216 4756  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys

10:13:30.0232 4756  sbp2port - ok

10:13:30.0263 4756  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll

10:13:30.0279 4756  SCardSvr - ok

10:13:30.0310 4756  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys

10:13:30.0310 4756  scfilter - ok

10:13:30.0372 4756  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll

10:13:30.0388 4756  Schedule - ok

10:13:30.0435 4756  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\windows\System32\certprop.dll

10:13:30.0435 4756  SCPolicySvc - ok

10:13:30.0466 4756  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll

10:13:30.0466 4756  SDRSVC - ok

10:13:30.0497 4756  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys

10:13:30.0513 4756  secdrv - ok

10:13:30.0528 4756  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll

10:13:30.0528 4756  seclogon - ok

10:13:30.0559 4756  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\System32\sens.dll

10:13:30.0559 4756  SENS - ok

10:13:30.0575 4756  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll

10:13:30.0575 4756  SensrSvc - ok

10:13:30.0591 4756  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\drivers\serenum.sys

10:13:30.0606 4756  Serenum - ok

10:13:30.0622 4756  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\drivers\serial.sys

10:13:30.0653 4756  Serial - ok

10:13:30.0653 4756  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\drivers\sermouse.sys

10:13:30.0653 4756  sermouse - ok

10:13:30.0684 4756  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll

10:13:30.0684 4756  SessionEnv - ok

10:13:30.0700 4756  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\drivers\sffdisk.sys

10:13:30.0715 4756  sffdisk - ok

10:13:30.0731 4756  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys

10:13:30.0747 4756  sffp_mmc - ok

10:13:30.0762 4756  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys

10:13:30.0762 4756  sffp_sd - ok

10:13:30.0778 4756  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys

10:13:30.0840 4756  sfloppy - ok

10:13:30.0918 4756  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\windows\system32\DRIVERS\Sftfslh.sys

10:13:30.0934 4756  Sftfs - ok

10:13:30.0981 4756  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

10:13:30.0981 4756  sftlist - ok

10:13:31.0012 4756  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\windows\system32\DRIVERS\Sftplaylh.sys

10:13:31.0027 4756  Sftplay - ok

10:13:31.0027 4756  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\windows\system32\DRIVERS\Sftredirlh.sys

10:13:31.0043 4756  Sftredir - ok

10:13:31.0043 4756  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\windows\system32\DRIVERS\Sftvollh.sys

10:13:31.0059 4756  Sftvol - ok

10:13:31.0074 4756  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

10:13:31.0074 4756  sftvsa - ok

10:13:31.0121 4756  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll

10:13:31.0121 4756  SharedAccess - ok

10:13:31.0152 4756  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll

10:13:31.0168 4756  ShellHWDetection - ok

10:13:31.0199 4756  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys

10:13:31.0215 4756  SiSRaid2 - ok

10:13:31.0230 4756  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys

10:13:31.0230 4756  SiSRaid4 - ok

10:13:31.0386 4756  [ EB17DF573B4423DF0B3B2EE3B268A6DE ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

10:13:31.0402 4756  Skype C2C Service - ok

10:13:31.0449 4756  [ 0A0A0183711EFB04F9BCC32BB44471F2 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe

10:13:31.0449 4756  SkypeUpdate - ok

10:13:31.0495 4756  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys

10:13:31.0495 4756  Smb - ok

10:13:31.0511 4756  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe

10:13:31.0527 4756  SNMPTRAP - ok

10:13:31.0573 4756  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys

10:13:31.0573 4756  spldr - ok

10:13:31.0620 4756  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\windows\System32\spoolsv.exe

10:13:31.0620 4756  Spooler - ok

10:13:31.0729 4756  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe

10:13:31.0807 4756  sppsvc - ok

10:13:31.0839 4756  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll

10:13:31.0839 4756  sppuinotify - ok

10:13:31.0870 4756  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\windows\system32\DRIVERS\srv.sys

10:13:31.0917 4756  srv - ok

10:13:31.0948 4756  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys

10:13:31.0948 4756  srv2 - ok

10:13:31.0963 4756  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys

10:13:31.0963 4756  srvnet - ok

10:13:31.0995 4756  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll

10:13:31.0995 4756  SSDPSRV - ok

10:13:32.0010 4756  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll

10:13:32.0010 4756  SstpSvc - ok

10:13:32.0026 4756  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\drivers\stexstor.sys

10:13:32.0026 4756  stexstor - ok

10:13:32.0073 4756  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll

10:13:32.0088 4756  stisvc - ok

10:13:32.0104 4756  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\DRIVERS\swenum.sys

10:13:32.0104 4756  swenum - ok

10:13:32.0135 4756  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll

10:13:32.0151 4756  swprv - ok

10:13:32.0197 4756  [ 9643991B5CFD7A9BA68626B7A005F7E6 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys

10:13:32.0229 4756  SynTP - ok

10:13:32.0291 4756  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\windows\system32\sysmain.dll

10:13:32.0307 4756  SysMain - ok

10:13:32.0338 4756  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll

10:13:32.0353 4756  TabletInputService - ok

10:13:32.0385 4756  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\windows\System32\tapisrv.dll

10:13:32.0385 4756  TapiSrv - ok

10:13:32.0400 4756  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll

10:13:32.0416 4756  TBS - ok

10:13:32.0478 4756  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\windows\system32\drivers\tcpip.sys

10:13:32.0494 4756  Tcpip - ok

10:13:32.0525 4756  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys

10:13:32.0541 4756  TCPIP6 - ok

10:13:32.0572 4756  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys

10:13:32.0572 4756  tcpipreg - ok

10:13:32.0603 4756  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys

10:13:32.0603 4756  TDPIPE - ok

10:13:32.0634 4756  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys

10:13:32.0650 4756  TDTCP - ok

10:13:32.0681 4756  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\windows\system32\DRIVERS\tdx.sys

10:13:32.0697 4756  tdx - ok

10:13:32.0712 4756  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\DRIVERS\termdd.sys

10:13:32.0728 4756  TermDD - ok

10:13:32.0759 4756  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\windows\System32\termsrv.dll

10:13:32.0759 4756  TermService - ok

10:13:32.0775 4756  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll

10:13:32.0775 4756  Themes - ok

10:13:32.0790 4756  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll

10:13:32.0790 4756  THREADORDER - ok

10:13:32.0806 4756  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll

10:13:32.0821 4756  TrkWks - ok

10:13:32.0868 4756  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe

10:13:32.0868 4756  TrustedInstaller - ok

10:13:32.0884 4756  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys

10:13:32.0884 4756  tssecsrv - ok

10:13:32.0899 4756  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys

10:13:32.0899 4756  TsUsbFlt - ok

10:13:32.0931 4756  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys

10:13:32.0931 4756  TsUsbGD - ok

10:13:32.0946 4756  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys

10:13:32.0946 4756  tunnel - ok

10:13:32.0962 4756  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\drivers\uagp35.sys

10:13:32.0977 4756  uagp35 - ok

10:13:32.0993 4756  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys

10:13:32.0993 4756  udfs - ok

10:13:33.0024 4756  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe

10:13:33.0024 4756  UI0Detect - ok

10:13:33.0040 4756  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys

10:13:33.0055 4756  uliagpkx - ok

10:13:33.0087 4756  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\windows\system32\DRIVERS\umbus.sys

10:13:33.0118 4756  umbus - ok

10:13:33.0149 4756  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\drivers\umpass.sys

10:13:33.0165 4756  UmPass - ok

10:13:33.0274 4756  [ 7E5E1603D0FF2D240AE70295C5C3FEFC ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

10:13:33.0289 4756  UNS - ok

10:13:33.0321 4756  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll

10:13:33.0321 4756  upnphost - ok

10:13:33.0352 4756  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys

10:13:33.0367 4756  usbccgp - ok

10:13:33.0399 4756  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys

10:13:33.0399 4756  usbcir - ok

10:13:33.0414 4756  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys

10:13:33.0445 4756  usbehci - ok

10:13:33.0461 4756  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys

10:13:33.0492 4756  usbhub - ok

10:13:33.0523 4756  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\windows\system32\drivers\usbohci.sys

10:13:33.0555 4756  usbohci - ok

10:13:33.0555 4756  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys

10:13:33.0570 4756  usbprint - ok

10:13:33.0586 4756  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys

10:13:33.0601 4756  usbscan - ok

10:13:33.0617 4756  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS

10:13:33.0648 4756  USBSTOR - ok

10:13:33.0648 4756  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\windows\system32\drivers\usbuhci.sys

10:13:33.0664 4756  usbuhci - ok

10:13:33.0664 4756  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\system32\Drivers\usbvideo.sys

10:13:33.0679 4756  usbvideo - ok

10:13:33.0711 4756  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll

10:13:33.0711 4756  UxSms - ok

10:13:33.0726 4756  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe

10:13:33.0726 4756  VaultSvc - ok

10:13:33.0742 4756  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys

10:13:33.0742 4756  vdrvroot - ok

10:13:33.0773 4756  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\windows\System32\vds.exe

10:13:33.0773 4756  vds - ok

10:13:33.0804 4756  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys

10:13:33.0804 4756  vga - ok

10:13:33.0835 4756  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys

10:13:33.0835 4756  VgaSave - ok

10:13:33.0851 4756  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\windows\system32\drivers\vhdmp.sys

10:13:33.0867 4756  vhdmp - ok

10:13:33.0882 4756  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys

10:13:33.0882 4756  viaide - ok

10:13:33.0929 4756  [ 5CB80AFA98111FC6ED6E8702A0D7AC5B ] vm2uvcflt       C:\windows\system32\Drivers\vm2uvcflt.sys

10:13:33.0929 4756  vm2uvcflt - ok

10:13:33.0945 4756  [ FE75ED0244AEDFF9B278A2A09AC06CA9 ] vm332avs        C:\windows\system32\Drivers\vm332avs.sys

10:13:33.0960 4756  vm332avs - ok

10:13:33.0991 4756  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys

10:13:33.0991 4756  volmgr - ok

10:13:34.0007 4756  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys

10:13:34.0023 4756  volmgrx - ok

10:13:34.0038 4756  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\windows\system32\drivers\volsnap.sys

10:13:34.0038 4756  volsnap - ok

10:13:34.0069 4756  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\drivers\vsmraid.sys

10:13:34.0085 4756  vsmraid - ok

10:13:34.0132 4756  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\windows\system32\vssvc.exe

10:13:34.0147 4756  VSS - ok

10:13:34.0163 4756  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys

10:13:34.0163 4756  vwifibus - ok

10:13:34.0210 4756  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys

10:13:34.0210 4756  vwififlt - ok

10:13:34.0257 4756  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys

10:13:34.0288 4756  vwifimp - ok

10:13:34.0335 4756  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll

10:13:34.0335 4756  W32Time - ok

10:13:34.0366 4756  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\drivers\wacompen.sys

10:13:34.0366 4756  WacomPen - ok

10:13:34.0381 4756  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys

10:13:34.0381 4756  WANARP - ok

10:13:34.0397 4756  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys

10:13:34.0397 4756  Wanarpv6 - ok

10:13:34.0428 4756  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe

10:13:34.0444 4756  WatAdminSvc - ok

10:13:34.0506 4756  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe

10:13:34.0522 4756  wbengine - ok

10:13:34.0537 4756  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll

10:13:34.0553 4756  WbioSrvc - ok

10:13:34.0584 4756  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\windows\System32\wcncsvc.dll

10:13:34.0600 4756  wcncsvc - ok

10:13:34.0615 4756  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll

10:13:34.0615 4756  WcsPlugInService - ok

10:13:34.0631 4756  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\drivers\wd.sys

10:13:34.0647 4756  Wd - ok

10:13:34.0678 4756  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys

10:13:34.0709 4756  Wdf01000 - ok

10:13:34.0725 4756  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll

10:13:34.0740 4756  WdiServiceHost - ok

10:13:34.0740 4756  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll

10:13:34.0740 4756  WdiSystemHost - ok

10:13:34.0756 4756  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\windows\System32\webclnt.dll

10:13:34.0771 4756  WebClient - ok

10:13:34.0771 4756  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll

10:13:34.0787 4756  Wecsvc - ok

10:13:34.0803 4756  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll

10:13:34.0803 4756  wercplsupport - ok

10:13:34.0818 4756  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll

10:13:34.0818 4756  WerSvc - ok

10:13:34.0834 4756  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys

10:13:34.0849 4756  WfpLwf - ok

10:13:34.0865 4756  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys

10:13:34.0881 4756  WIMMount - ok

10:13:34.0912 4756  WinDefend - ok

10:13:34.0912 4756  WinHttpAutoProxySvc - ok

10:13:34.0974 4756  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll

10:13:34.0990 4756  Winmgmt - ok

10:13:35.0115 4756  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\windows\system32\WsmSvc.dll

10:13:35.0161 4756  WinRM - ok

10:13:35.0224 4756  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll

10:13:35.0224 4756  Wlansvc - ok

10:13:35.0271 4756  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

10:13:35.0271 4756  wlcrasvc - ok

10:13:35.0333 4756  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

10:13:35.0349 4756  wlidsvc - ok

10:13:35.0380 4756  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys

10:13:35.0395 4756  WmiAcpi - ok

10:13:35.0427 4756  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe

10:13:35.0427 4756  wmiApSrv - ok

10:13:35.0458 4756  WMPNetworkSvc - ok

10:13:35.0489 4756  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll

10:13:35.0505 4756  WPCSvc - ok

10:13:35.0505 4756  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll

10:13:35.0520 4756  WPDBusEnum - ok

10:13:35.0536 4756  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys

10:13:35.0551 4756  ws2ifsl - ok

10:13:35.0583 4756  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\System32\wscsvc.dll

10:13:35.0583 4756  wscsvc - ok

10:13:35.0598 4756  WSearch - ok

10:13:35.0614 4756  [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd            C:\windows\system32\DRIVERS\wsvd.sys

10:13:35.0629 4756  wsvd - ok

10:13:35.0707 4756  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll

10:13:35.0739 4756  wuauserv - ok

10:13:35.0754 4756  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\windows\system32\drivers\WudfPf.sys

10:13:35.0754 4756  WudfPf - ok

10:13:35.0785 4756  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys

10:13:35.0785 4756  WUDFRd - ok

10:13:35.0801 4756  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\windows\System32\WUDFSvc.dll

10:13:35.0817 4756  wudfsvc - ok

10:13:35.0863 4756  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\windows\System32\wwansvc.dll

10:13:35.0863 4756  WwanSvc - ok

10:13:35.0895 4756  ================ Scan global ===============================

10:13:35.0941 4756  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll

10:13:35.0957 4756  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll

10:13:35.0973 4756  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll

10:13:36.0004 4756  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll

10:13:36.0019 4756  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe

10:13:36.0019 4756  [Global] - ok

10:13:36.0019 4756  ================ Scan MBR ==================================

10:13:36.0035 4756  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

10:13:36.0394 4756  \Device\Harddisk0\DR0 - ok

10:13:36.0394 4756  ================ Scan VBR ==================================

10:13:36.0394 4756  [ 47626E126A6BA8462CB797EB7046136E ] \Device\Harddisk0\DR0\Partition1

10:13:36.0394 4756  \Device\Harddisk0\DR0\Partition1 - ok

10:13:36.0425 4756  [ 0E89C880E90921CA5B5921FF6DF1CF9D ] \Device\Harddisk0\DR0\Partition2

10:13:36.0425 4756  \Device\Harddisk0\DR0\Partition2 - ok

10:13:36.0456 4756  [ D044103963CD1903404A32CC8CE9825B ] \Device\Harddisk0\DR0\Partition3

10:13:36.0456 4756  \Device\Harddisk0\DR0\Partition3 - ok

10:13:36.0456 4756  ============================================================

10:13:36.0456 4756  Scan finished

10:13:36.0456 4756  ============================================================

10:13:36.0472 1832  Detected object count: 0

10:13:36.0472 1832  Actual detected object count: 0

 

 

AdwCleaner log:

 

# AdwCleaner v2.304 - Logfile created 07/04/2013 at 10:20:27

# Updated 03/07/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : xxxxxx - xxxxxx

# Boot Mode : Normal

# Running from : C:xxxxxxxxAdwCleaner.exe

# Option [Delete]

 

 

***** [Services] *****

 

 

***** [Files / Folders] *****

 

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

File Deleted : C:\Users\xxxxx\AppData\Local\Temp\Uninstall.exe

File Deleted : C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ifvgqqo9.default\searchplugins\Askcom.xml

Folder Deleted : C:\Program Files (x86)\Ask.com

Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\ProgramData\Partner

Folder Deleted : C:\Users\xxxxx\AppData\Local\Temp\avg@toolbar

Folder Deleted : C:\Users\xxxxx\AppData\LocalLow\AskToolbar

Folder Deleted : C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ifvgqqo9.default\extensions\toolbar@ask.com

Folder Deleted : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\APN

Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar

Key Deleted : HKCU\Software\Ask.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKLM\Software\APN

Key Deleted : HKLM\Software\AskToolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

 

***** [Internet Browsers] *****

 

-\\ Internet Explorer v10.0.9200.16611

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v22.0 (en-US)

 

File : C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ifvgqqo9.default\prefs.js

 

Deleted : user_pref("browser.search.defaultengine", "Ask.com");

Deleted : user_pref("browser.search.defaultenginename", "Ask.com");

Deleted : user_pref("browser.search.order.1", "Ask.com");

Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");

 

*************************

 

AdwCleaner[S1].txt - [6290 octets] - [04/07/2013 10:20:27]

 

########## EOF - C:\AdwCleaner[S1].txt - [6350 octets] ##########



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:51 AM

Posted 05 July 2013 - 04:15 PM

Had a nice holiday, hope you did also!

Lets run one more scan and then we will mop up. This may need a few hours.

run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 DazedStunnedInfected

DazedStunnedInfected
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 06 July 2013 - 05:27 PM

Hi b,

 

So I ran the ESET Scanner.  it only found 4 potential issues 2 of which seem to be associated with Cute PDF writer. I had it delete the quarantined programs when I exited.  I will reinstall Cute PDF writer again when I need it unless you recommend a different free pdf converter. 

 

C:\Users\Tess\AppData\Local\Temp\APNStub.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Users\Tess\Downloads\CuteWriter(1).exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Users\Tess\Downloads\CuteWriter(2).exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Users\Tess\Downloads\CuteWriter.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
 

Thanks for your help!



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:51 AM

Posted 07 July 2013 - 09:20 PM

I believe Cute contained some adware and that is why it gets pulled. You can put it back or try  Foxit PDF Reader
 
Update you Adobe Reader.
 
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
How is it now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 DazedStunnedInfected

DazedStunnedInfected
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 07 July 2013 - 10:36 PM

not squeaky clean yet, but nothing looks malicious, just unused.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by xxxxxxxon Sun 07/07/2013 at 20:17:04.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D84E2083-F9FC-46D4-9073-580048FF8A6C}



~~~ Files

Successfully deleted: [File] "C:\windows\s.bat"



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\xxxxxxxx\appdata\local\{652F4608-AB38-4C9E-9269-48A4199645C8}



~~~ FireFox

Emptied folder: C:\Users\xxxxxxxx\AppData\Roaming\mozilla\firefox\profiles\ifvgqqo9.default\minidumps [133 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 07/07/2013 at 20:20:28.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:51 AM

Posted 08 July 2013 - 09:40 PM

Looks good now.
 
Only thing to do now is Empty your temp folders using TFC (Temporary File Cleaner)
 
[list]
  • Please download TFC by Old Timer and save it to your desktop.
    alternate download link
  • Save any unsaved work. (TFC will close ALL open programs including your browser!)
  • Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users