Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit/Bootkit? All of the above? MBR is compromised.


  • This topic is locked This topic is locked
10 replies to this topic

#1 Yuki ikuY

Yuki ikuY

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 PM

Posted 16 July 2013 - 09:42 AM

Hello, long time listening first time caller.
     I was infected over a week ago, redirected from my browser to a site which downloaded and installed "drivers". The infection has hidden itself in my windows system files and recreated its own modules as Windows modules/services. At this point I am not interested in saving data as this is my 4th reinstall.

     It also has taken over my second PC I believe by USB, my external drive, and also my SSD has been disconnected it was infected first.. It has hidden itself in the MBR of every single drive I own, all windows commands are redirected and denied, bootrec does absolutely nothing, formatting/wipping, reinstalling, MBR cannot be fixed.

      As requested my DDs log, also to hopefully help and speed things up, I have a frst log since I am positive this will eventually be needed as well, no anti-root/malware tool has proven to even notice the infection.
Many thanks in advance, everyone I've spoken to is clueless, I trust the knowledgeable tech's here can assist. 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 10.0.9200.16635
Run by hate at 10:27:59 on 2013-07-16
#Option Extended Search is enabled.
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8143.7418 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{41A17349-8AA2-42CA-B5B5-B284BCF5C2DE} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2013-1-19 46568]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-15 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-15 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-7-15 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-15 1255736]
.
=============== Created Last 60 ================
.
2013-07-16 18:07:30 -------- d-----w- C:\FRST
2013-07-16 14:02:40 -------- d-----w- C:\Windows\pss
2013-07-16 14:00:13 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CC7EFD26-CD62-4F46-ACFD-0D85887E50E9}\mpengine.dll
2013-07-16 03:02:15 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-07-16 02:43:22 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-07-16 02:43:18 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-07-16 00:52:47 -------- d-----w- C:\Windows\Panther
2013-07-15 23:35:48 -------- d-sh--w- C:\Windows\Installer
2013-07-15 23:30:22 -------- d-----w- C:\Windows\SysWow64\Wat
2013-07-15 23:30:22 -------- d-----w- C:\Windows\System32\Wat
2013-07-15 23:13:57 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-07-15 23:12:24 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-07-15 23:12:24 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-07-15 23:12:24 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-07-15 23:12:24 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-07-15 23:06:14 57856 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2013-07-15 23:00:51 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2013-07-15 23:00:51 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-07-15 23:00:51 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-07-15 23:00:51 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-07-15 23:00:51 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-07-15 23:00:51 100864 ----a-w- C:\Windows\System32\fontsub.dll
2013-07-15 23:00:28 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-07-15 23:00:28 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-07-15 23:00:28 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-07-15 23:00:28 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-07-15 23:00:28 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-07-15 23:00:28 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-07-15 23:00:28 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-07-15 22:55:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-07-15 22:54:59 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2013-07-15 22:48:33 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-07-15 22:48:33 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2013-07-15 22:48:33 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-07-15 22:48:33 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-07-15 22:48:33 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-07-15 22:48:33 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-07-15 22:48:33 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2013-07-15 22:48:29 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-07-15 22:48:29 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-07-15 22:48:28 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-07-15 22:48:28 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-07-15 22:46:43 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-07-15 22:46:43 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-07-15 22:46:43 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
.
==================== Find6M  ====================
.
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-06 06:03:49 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-05-06 04:56:35 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-03-31 22:52:16 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-02-27 06:02:44 111448 ----a-w- C:\Windows\System32\consent.exe
2013-02-27 05:48:00 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-02-27 05:47:10 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-02-27 04:49:24 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-01-24 06:01:01 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-01-19 04:52:08 46568 ----a-w- C:\Windows\System32\drivers\ISCTD64.sys
.
============= FINISH: 10:28:23.94 ===============
 

 


 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 PM

Posted 21 July 2013 - 09:45 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/501264 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Yuki ikuY

Yuki ikuY
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 PM

Posted 23 July 2013 - 07:00 PM

Oh helpbot you're such a sweetheart! Stop that, you're making me blush babe! ;)

YES, assistance is very much still needed.

This issue, this infection to be specific, has NOT been resolved. However, much has changed since my initial creation of this thread.
I am currently away from the machine for the moment. Although, to prevent this request from being locked, I wanted to at least inform the techs that this is still in fact a live request. Please bare with me on this lengthy post, feel free to simply skim through for any useful info.

I am aware that my initial DDS log lacks much evidence, or content in general, but I can assure you though that once a correctly configured scan is shown, sketchy things will be revealed. Some good news though is that since my post I have come to realize the infection is stationary. That meaning, I realized after my first 1-5 reinstalls and formats that the infection is not longer spreading, or able to dull out several restrictions and other damaging tasks, as it was before.

Yet, it is still just sittin' there, probably loungin' out drinking an ice tea, enjoying the sweet pleasure of my confusion. This is still however, a very much an important issue.
A Microsoft Engi. and I, had come to find that the elevation of control can be worked around by creating a new user account (I know, I know, so simple I didn't even feel like it would work so I never attempted it). At this point the First user account seems to be the sole victim so I am worried that if I delete it, it will then manifest is elevated rights into the new user account. So even though I can use the PC for some of my work, the more important things I like to use it for, are still unavailable to me.

Here is a short list of some of the more prominent symptoms this bastard still maintains.

+ Elevation of control using the following user profiles:
_Administrators
_HomeGroupUser$
_CREATOR OWNER
_TrustedInstaller
(And most likely the User/Administrators profile)
+ Invalid Certificates still haunt drivers
+Regeneration (at OS boot) of the infection, and any of its files/attributes, that were altered/removed prior to reboot.
_it continues to create hidden Local Network drives or some crazy sh*t like that, during my 3 week plunder into the system I came upon these.
+Redirection of certain Microsoft urls *only in IE*
+Disguised in windows sys drivers, modules, services.
+Still hidden inside some low key sector of my hardware. Could be the disks, USB, the BIOS itself, PCI, I'm not sure.
+Driver control, infected drivers all up in this thing, it's own drivers all up in this thang as well.

Once contacted with a reply by a tech I will be readily available to explain exact details on whatever the tech may ask.

I expect to post the new log by tonight. However I really want it to be clear that:
I have given up on, avoiding to use the PC. I spent 3 weeks rummaging through the depths of Windows registry, sys files, cmd usage, cscripts, and my own devices' inners. I have reinstalled more times than I can imagine (because I corrupted the OS myself testing and learning about the infection and windows) I have attempted every anti-rootkit, security, virus, BS software that you could name of the top of your head. Therefore last night I installed up all my device drivers, and have been working around the restraints, so my newest log will be a huge mess because I have no reinstalled since my last Deep Windows Infection Hunting Adventures.


Thanks once again helpbot I send you much positive 1 1 1 0 1 1 00 1's your way. And thanks in advance to whomever wants to take on this troublesome task. Unfortunately though I fear the only fix would be re-engineering the infection, so whatever other suggestions or help is mucj appreciated.

- Yuk

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:46 AM

Posted 24 July 2013 - 08:02 AM

Hello, my name is Elise and I'll assist you with this issue.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#5 Yuki ikuY

Yuki ikuY
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 PM

Posted 24 July 2013 - 03:11 PM

Hi Elise, thanks for taking the time to come on over and get crazy with this infection with me.   
 
         As previously stated ,these tools unfortunately will not detect much of anything. I was hoping maybe under the new user account and profile it may, but nothing was detected. Luckily it'll at least cancel out what we need, here is the log. 

 

 

 

16:10:25.0267 3852  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
16:10:25.0267 3852  UEFI system
16:10:25.0610 3852  ============================================================
16:10:25.0610 3852  Current date / time: 2013/07/24 16:10:25.0610
16:10:25.0610 3852  SystemInfo:
16:10:25.0610 3852  
16:10:25.0610 3852  OS Version: 6.1.7601 ServicePack: 1.0
16:10:25.0610 3852  Product type: Workstation
16:10:25.0610 3852  ComputerName: YUK2
16:10:25.0610 3852  UserName: Test
16:10:25.0610 3852  Windows directory: C:\Windows
16:10:25.0610 3852  System windows directory: C:\Windows
16:10:25.0610 3852  Running under WOW64
16:10:25.0610 3852  Processor architecture: Intel x64
16:10:25.0610 3852  Number of processors: 4
16:10:25.0610 3852  Page size: 0x1000
16:10:25.0610 3852  Boot type: Normal boot
16:10:25.0610 3852  ============================================================
16:10:25.0953 3852  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:10:25.0953 3852  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:10:26.0234 3852  Drive \Device\Harddisk2\DR2 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:10:26.0234 3852  ============================================================
16:10:26.0234 3852  \Device\Harddisk0\DR0:
16:10:26.0234 3852  GPT partitions:
16:10:26.0234 3852  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {99C1AE69-7256-4B45-8854-32CA429604CF}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
16:10:26.0234 3852  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {DDB60916-241B-4EE6-A647-FE0DD468AC5F}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
16:10:26.0234 3852  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {1A7D7E1F-8FB1-4BB6-B4AF-BCEFD5F2100B}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0xDF22000
16:10:26.0234 3852  MBR partitions:
16:10:26.0234 3852  \Device\Harddisk1\DR1:
16:10:26.0234 3852  GPT partitions:
16:10:26.0234 3852  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {A367BE13-A069-4249-B2EA-5020EBC31672}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x74706000
16:10:26.0234 3852  MBR partitions:
16:10:26.0234 3852  \Device\Harddisk2\DR2:
16:10:26.0234 3852  MBR partitions:
16:10:26.0234 3852  ============================================================
16:10:26.0234 3852  C: <-> \Device\Harddisk0\DR0\Partition3
16:10:26.0234 3852  I: <-> \Device\Harddisk1\DR1\Partition1
16:10:26.0234 3852  ============================================================
16:10:26.0234 3852  Initialize success
16:10:26.0234 3852  ============================================================
16:10:32.0209 4896  ============================================================
16:10:32.0209 4896  Scan started
16:10:32.0209 4896  Mode: Manual; SigCheck; TDLFS; 
16:10:32.0209 4896  ============================================================
16:10:32.0318 4896  ================ Scan system memory ========================
16:10:32.0318 4896  System memory - ok
16:10:32.0318 4896  ================ Scan services =============================
16:10:32.0349 4896  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:10:32.0365 4896  1394ohci - ok
16:10:32.0381 4896  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:10:32.0381 4896  ACPI - ok
16:10:32.0381 4896  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:10:32.0396 4896  AcpiPmi - ok
16:10:32.0396 4896  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
16:10:32.0412 4896  adp94xx - ok
16:10:32.0412 4896  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
16:10:32.0427 4896  adpahci - ok
16:10:32.0427 4896  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
16:10:32.0427 4896  adpu320 - ok
16:10:32.0427 4896  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:10:32.0459 4896  AeLookupSvc - ok
16:10:32.0459 4896  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
16:10:32.0474 4896  AFD - ok
16:10:32.0474 4896  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:10:32.0474 4896  agp440 - ok
16:10:32.0474 4896  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
16:10:32.0490 4896  ALG - ok
16:10:32.0490 4896  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:10:32.0490 4896  aliide - ok
16:10:32.0490 4896  [ 99E061822198323D427901FDA293825C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:10:32.0505 4896  AMD External Events Utility - ok
16:10:32.0505 4896  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
16:10:32.0505 4896  amdide - ok
16:10:32.0521 4896  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
16:10:32.0521 4896  AmdK8 - ok
16:10:32.0583 4896  [ 454451A6A699C07040F406E44C457A50 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
16:10:32.0661 4896  amdkmdag - ok
16:10:32.0661 4896  [ 61FBDA851233587CE9C9B7020146359E ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
16:10:32.0677 4896  amdkmdap - ok
16:10:32.0677 4896  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
16:10:32.0677 4896  AmdPPM - ok
16:10:32.0677 4896  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:10:32.0693 4896  amdsata - ok
16:10:32.0693 4896  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
16:10:32.0693 4896  amdsbs - ok
16:10:32.0693 4896  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:10:32.0708 4896  amdxata - ok
16:10:32.0708 4896  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
16:10:32.0724 4896  AppID - ok
16:10:32.0724 4896  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:10:32.0739 4896  AppIDSvc - ok
16:10:32.0755 4896  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
16:10:32.0755 4896  Appinfo - ok
16:10:32.0755 4896  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
16:10:32.0755 4896  arc - ok
16:10:32.0771 4896  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:10:32.0771 4896  arcsas - ok
16:10:32.0771 4896  [ 72B060669EB8A3D1EF1D1B6BE6BE4C28 ] asahci64        C:\Windows\system32\DRIVERS\asahci64.sys
16:10:32.0786 4896  asahci64 - ok
16:10:32.0786 4896  [ 425A881DFFB426660A6861DC44927DD3 ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
16:10:32.0786 4896  asmthub3 - ok
16:10:32.0802 4896  [ 0B19AE36FAAE5294B19B0AD4E5F2F37E ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
16:10:32.0802 4896  asmtxhci - ok
16:10:32.0817 4896  [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:10:32.0817 4896  aspnet_state - ok
16:10:32.0833 4896  AsrCDDrv - ok
16:10:32.0849 4896  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:10:32.0864 4896  AsyncMac - ok
16:10:32.0864 4896  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
16:10:32.0864 4896  atapi - ok
16:10:32.0895 4896  [ B4421D8CDADC441F76BA39532A3E3414 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
16:10:32.0927 4896  athr - ok
16:10:32.0927 4896  [ 4E5C72F003BFCB75701480DDCA5F0F09 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
16:10:32.0927 4896  AtiHDAudioService - ok
16:10:32.0942 4896  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:10:32.0958 4896  AudioEndpointBuilder - ok
16:10:32.0958 4896  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:10:32.0989 4896  AudioSrv - ok
16:10:32.0989 4896  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:10:33.0005 4896  AxInstSV - ok
16:10:33.0005 4896  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
16:10:33.0005 4896  b06bdrv - ok
16:10:33.0020 4896  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:10:33.0020 4896  b57nd60a - ok
16:10:33.0020 4896  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:10:33.0036 4896  BDESVC - ok
16:10:33.0036 4896  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:10:33.0051 4896  Beep - ok
16:10:33.0051 4896  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
16:10:33.0083 4896  BFE - ok
16:10:33.0083 4896  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
16:10:33.0114 4896  BITS - ok
16:10:33.0114 4896  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:10:33.0114 4896  blbdrive - ok
16:10:33.0114 4896  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:10:33.0129 4896  bowser - ok
16:10:33.0129 4896  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
16:10:33.0129 4896  BrFiltLo - ok
16:10:33.0145 4896  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
16:10:33.0145 4896  BrFiltUp - ok
16:10:33.0145 4896  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
16:10:33.0161 4896  Browser - ok
16:10:33.0161 4896  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:10:33.0161 4896  Brserid - ok
16:10:33.0161 4896  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:10:33.0176 4896  BrSerWdm - ok
16:10:33.0176 4896  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:10:33.0176 4896  BrUsbMdm - ok
16:10:33.0192 4896  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:10:33.0192 4896  BrUsbSer - ok
16:10:33.0192 4896  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
16:10:33.0207 4896  BTHMODEM - ok
16:10:33.0207 4896  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
16:10:33.0223 4896  bthserv - ok
16:10:33.0223 4896  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:10:33.0239 4896  cdfs - ok
16:10:33.0254 4896  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:10:33.0254 4896  cdrom - ok
16:10:33.0254 4896  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
16:10:33.0270 4896  CertPropSvc - ok
16:10:33.0270 4896  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
16:10:33.0285 4896  circlass - ok
16:10:33.0285 4896  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
16:10:33.0301 4896  CLFS - ok
16:10:33.0301 4896  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:10:33.0301 4896  clr_optimization_v2.0.50727_32 - ok
16:10:33.0317 4896  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:10:33.0317 4896  clr_optimization_v2.0.50727_64 - ok
16:10:33.0317 4896  [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:10:33.0332 4896  clr_optimization_v4.0.30319_32 - ok
16:10:33.0332 4896  [ 86329C35FF23CFEF0FB6C0023BA06BCE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:10:33.0332 4896  clr_optimization_v4.0.30319_64 - ok
16:10:33.0348 4896  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
16:10:33.0348 4896  CmBatt - ok
16:10:33.0348 4896  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:10:33.0348 4896  cmdide - ok
16:10:33.0363 4896  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
16:10:33.0363 4896  CNG - ok
16:10:33.0379 4896  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
16:10:33.0379 4896  Compbatt - ok
16:10:33.0379 4896  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
16:10:33.0395 4896  CompositeBus - ok
16:10:33.0395 4896  COMSysApp - ok
16:10:33.0395 4896  [ 815F3180B5117E42E422188E9CCC89C6 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
16:10:33.0395 4896  cphs - ok
16:10:33.0410 4896  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
16:10:33.0410 4896  crcdisk - ok
16:10:33.0410 4896  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:10:33.0426 4896  CryptSvc - ok
16:10:33.0426 4896  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:10:33.0441 4896  DcomLaunch - ok
16:10:33.0457 4896  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
16:10:33.0473 4896  defragsvc - ok
16:10:33.0473 4896  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:10:33.0488 4896  DfsC - ok
16:10:33.0488 4896  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:10:33.0504 4896  Dhcp - ok
16:10:33.0504 4896  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
16:10:33.0519 4896  discache - ok
16:10:33.0519 4896  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
16:10:33.0535 4896  Disk - ok
16:10:33.0535 4896  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:10:33.0535 4896  Dnscache - ok
16:10:33.0535 4896  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:10:33.0566 4896  dot3svc - ok
16:10:33.0566 4896  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
16:10:33.0582 4896  DPS - ok
16:10:33.0582 4896  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:10:33.0597 4896  drmkaud - ok
16:10:33.0597 4896  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:10:33.0613 4896  DXGKrnl - ok
16:10:33.0613 4896  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
16:10:33.0629 4896  EapHost - ok
16:10:33.0660 4896  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
16:10:33.0675 4896  ebdrv - ok
16:10:33.0675 4896  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
16:10:33.0691 4896  EFS - ok
16:10:33.0691 4896  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:10:33.0707 4896  ehRecvr - ok
16:10:33.0707 4896  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
16:10:33.0707 4896  ehSched - ok
16:10:33.0722 4896  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
16:10:33.0722 4896  elxstor - ok
16:10:33.0722 4896  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:10:33.0738 4896  ErrDev - ok
16:10:33.0738 4896  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
16:10:33.0769 4896  EventSystem - ok
16:10:33.0769 4896  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
16:10:33.0785 4896  exfat - ok
16:10:33.0785 4896  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:10:33.0800 4896  fastfat - ok
16:10:33.0816 4896  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
16:10:33.0831 4896  Fax - ok
16:10:33.0831 4896  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
16:10:33.0831 4896  fdc - ok
16:10:33.0831 4896  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:10:33.0847 4896  fdPHost - ok
16:10:33.0863 4896  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:10:33.0878 4896  FDResPub - ok
16:10:33.0878 4896  [ CDAF7F210DF460770DA4F6C4EC67BA0F ] ffusb2audio     C:\Windows\system32\DRIVERS\ffusb2audio.sys
16:10:33.0878 4896  ffusb2audio - ok
16:10:33.0878 4896  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:10:33.0894 4896  FileInfo - ok
16:10:33.0894 4896  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:10:33.0909 4896  Filetrace - ok
16:10:33.0909 4896  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
16:10:33.0925 4896  flpydisk - ok
16:10:33.0925 4896  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:10:33.0925 4896  FltMgr - ok
16:10:33.0941 4896  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
16:10:33.0956 4896  FontCache - ok
16:10:33.0956 4896  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:10:33.0956 4896  FontCache3.0.0.0 - ok
16:10:33.0956 4896  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:10:33.0956 4896  FsDepends - ok
16:10:33.0972 4896  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:10:33.0972 4896  Fs_Rec - ok
16:10:33.0972 4896  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:10:33.0987 4896  fvevol - ok
16:10:33.0987 4896  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:10:33.0987 4896  gagp30kx - ok
16:10:34.0003 4896  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
16:10:34.0019 4896  gpsvc - ok
16:10:34.0019 4896  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:10:34.0034 4896  gupdate - ok
16:10:34.0034 4896  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:10:34.0034 4896  gupdatem - ok
16:10:34.0034 4896  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:10:34.0050 4896  hcw85cir - ok
16:10:34.0050 4896  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:10:34.0050 4896  HdAudAddService - ok
16:10:34.0065 4896  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
16:10:34.0065 4896  HDAudBus - ok
16:10:34.0065 4896  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
16:10:34.0081 4896  HidBatt - ok
16:10:34.0081 4896  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
16:10:34.0081 4896  HidBth - ok
16:10:34.0081 4896  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
16:10:34.0097 4896  HidIr - ok
16:10:34.0097 4896  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
16:10:34.0112 4896  hidserv - ok
16:10:34.0112 4896  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:10:34.0128 4896  HidUsb - ok
16:10:34.0128 4896  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:10:34.0143 4896  hkmsvc - ok
16:10:34.0143 4896  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:10:34.0159 4896  HomeGroupListener - ok
16:10:34.0159 4896  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:10:34.0159 4896  HomeGroupProvider - ok
16:10:34.0175 4896  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:10:34.0175 4896  HpSAMD - ok
16:10:34.0175 4896  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:10:34.0206 4896  HTTP - ok
16:10:34.0206 4896  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:10:34.0206 4896  hwpolicy - ok
16:10:34.0206 4896  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
16:10:34.0221 4896  i8042prt - ok
16:10:34.0221 4896  [ 6C91E425ACE29594BD574DE38AC9B76D ] iaStorA         C:\Windows\system32\DRIVERS\iaStorA.sys
16:10:34.0237 4896  iaStorA - ok
16:10:34.0237 4896  [ 0AB254994A460550258446950BB58311 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
16:10:34.0237 4896  IAStorDataMgrSvc - ok
16:10:34.0253 4896  [ 2B38F13E18E272459CD2CE83E6722C12 ] iaStorF         C:\Windows\system32\DRIVERS\iaStorF.sys
16:10:34.0253 4896  iaStorF - ok
16:10:34.0253 4896  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:10:34.0268 4896  iaStorV - ok
16:10:34.0268 4896  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:10:34.0284 4896  idsvc - ok
16:10:34.0315 4896  [ 348214F96642FD4FEF630DE021BA3540 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
16:10:34.0346 4896  igfx - ok
16:10:34.0346 4896  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
16:10:34.0362 4896  iirsp - ok
16:10:34.0362 4896  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
16:10:34.0393 4896  IKEEXT - ok
16:10:34.0409 4896  [ 8524178B895E4BC04776B319DA3A70EC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:10:34.0455 4896  IntcAzAudAddService - ok
16:10:34.0455 4896  [ B353F1834FCD36D77BE3F74992C147D4 ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
16:10:34.0471 4896  Intel® Capability Licensing Service Interface - ok
16:10:34.0471 4896  [ 125BED41A1AFDA9CAB2B6177553D5758 ] Intel® ME Service C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
16:10:34.0471 4896  Intel® ME Service - ok
16:10:34.0471 4896  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
16:10:34.0487 4896  intelide - ok
16:10:34.0487 4896  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:10:34.0487 4896  intelppm - ok
16:10:34.0487 4896  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:10:34.0518 4896  IPBusEnum - ok
16:10:34.0518 4896  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:10:34.0533 4896  IpFilterDriver - ok
16:10:34.0533 4896  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:10:34.0549 4896  iphlpsvc - ok
16:10:34.0549 4896  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:10:34.0549 4896  IPMIDRV - ok
16:10:34.0565 4896  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:10:34.0580 4896  IPNAT - ok
16:10:34.0580 4896  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:10:34.0580 4896  IRENUM - ok
16:10:34.0596 4896  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:10:34.0596 4896  isapnp - ok
16:10:34.0596 4896  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:10:34.0611 4896  iScsiPrt - ok
16:10:34.0611 4896  [ 4EE2423C38F43D37F8497A672FD10BDC ] ISCT            C:\Windows\system32\DRIVERS\ISCTD64.sys
16:10:34.0611 4896  ISCT - ok
16:10:34.0611 4896  [ 88CCCCFA8269973C3C3C06F94DA03BAB ] ISCTAgent       C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
16:10:34.0627 4896  ISCTAgent - ok
16:10:34.0627 4896  [ 846354992EBB373F452EB9182D501B08 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
16:10:34.0627 4896  iusb3hcs - ok
16:10:34.0627 4896  [ 1D88A23853387D34D52CC8F9DDBFC56C ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
16:10:34.0643 4896  iusb3hub - ok
16:10:34.0643 4896  [ FC5EFD7C797DF19DFB999F0605A7924E ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
16:10:34.0658 4896  iusb3xhc - ok
16:10:34.0658 4896  [ 5B14FDE79871F83A5E0DCDC01F78BECF ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
16:10:34.0674 4896  jhi_service - ok
16:10:34.0674 4896  [ B2B34FD7372E6E01A26E9AE22CC8F1EC ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
16:10:34.0674 4896  k57nd60a - ok
16:10:34.0674 4896  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:10:34.0689 4896  kbdclass - ok
16:10:34.0689 4896  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:10:34.0689 4896  kbdhid - ok
16:10:34.0689 4896  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
16:10:34.0705 4896  KeyIso - ok
16:10:34.0705 4896  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:10:34.0705 4896  KSecDD - ok
16:10:34.0721 4896  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:10:34.0721 4896  KSecPkg - ok
16:10:34.0721 4896  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:10:34.0736 4896  ksthunk - ok
16:10:34.0736 4896  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:10:34.0767 4896  KtmRm - ok
16:10:34.0767 4896  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:10:34.0783 4896  LanmanServer - ok
16:10:34.0783 4896  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:10:34.0814 4896  LanmanWorkstation - ok
16:10:34.0814 4896  [ D186AAAE72691136BDE00BBB41F48D12 ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
16:10:34.0814 4896  LBTServ - ok
16:10:34.0830 4896  [ 77D5786C6A7765503884E38706C9FD5E ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
16:10:34.0830 4896  LHidFilt - ok
16:10:34.0830 4896  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:10:34.0845 4896  lltdsvc - ok
16:10:34.0861 4896  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:10:34.0877 4896  lmhosts - ok
16:10:34.0877 4896  [ F84023FB2E3DEA06103501974A2EDB44 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
16:10:34.0877 4896  LMouFilt - ok
16:10:34.0877 4896  [ 3974B7CE015A6EEF30DA4ADD5F1203D0 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
16:10:34.0892 4896  LMS - ok
16:10:34.0892 4896  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
16:10:34.0892 4896  LSI_FC - ok
16:10:34.0908 4896  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
16:10:34.0908 4896  LSI_SAS - ok
16:10:34.0908 4896  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
16:10:34.0908 4896  LSI_SAS2 - ok
16:10:34.0908 4896  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
16:10:34.0923 4896  LSI_SCSI - ok
16:10:34.0923 4896  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
16:10:34.0939 4896  luafv - ok
16:10:34.0939 4896  [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt          C:\Windows\system32\drivers\MBfilt64.sys
16:10:34.0955 4896  MBfilt - ok
16:10:34.0955 4896  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:10:34.0955 4896  Mcx2Svc - ok
16:10:34.0955 4896  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
16:10:34.0970 4896  megasas - ok
16:10:34.0970 4896  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
16:10:34.0970 4896  MegaSR - ok
16:10:34.0986 4896  [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
16:10:34.0986 4896  MEIx64 - ok
16:10:34.0986 4896  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
16:10:35.0001 4896  MMCSS - ok
16:10:35.0001 4896  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
16:10:35.0017 4896  Modem - ok
16:10:35.0033 4896  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:10:35.0033 4896  monitor - ok
16:10:35.0033 4896  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:10:35.0048 4896  mouclass - ok
16:10:35.0048 4896  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:10:35.0048 4896  mouhid - ok
16:10:35.0048 4896  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:10:35.0064 4896  mountmgr - ok
16:10:35.0064 4896  [ FC1D590039EF06A381768710E6C07E75 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
16:10:35.0064 4896  MpFilter - ok
16:10:35.0064 4896  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:10:35.0079 4896  mpio - ok
16:10:35.0079 4896  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:10:35.0095 4896  mpsdrv - ok
16:10:35.0111 4896  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:10:35.0126 4896  MpsSvc - ok
16:10:35.0126 4896  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:10:35.0142 4896  MRxDAV - ok
16:10:35.0142 4896  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:10:35.0142 4896  mrxsmb - ok
16:10:35.0157 4896  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:10:35.0157 4896  mrxsmb10 - ok
16:10:35.0157 4896  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:10:35.0173 4896  mrxsmb20 - ok
16:10:35.0173 4896  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
16:10:35.0173 4896  msahci - ok
16:10:35.0173 4896  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:10:35.0189 4896  msdsm - ok
16:10:35.0189 4896  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
16:10:35.0189 4896  MSDTC - ok
16:10:35.0204 4896  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:10:35.0220 4896  Msfs - ok
16:10:35.0220 4896  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:10:35.0235 4896  mshidkmdf - ok
16:10:35.0235 4896  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:10:35.0235 4896  msisadrv - ok
16:10:35.0251 4896  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:10:35.0267 4896  MSiSCSI - ok
16:10:35.0267 4896  msiserver - ok
16:10:35.0267 4896  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:10:35.0282 4896  MSKSSRV - ok
16:10:35.0282 4896  [ 66238063B53E51ADDA16764BAB9A3F7C ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:10:35.0298 4896  MsMpSvc - ok
16:10:35.0298 4896  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:10:35.0313 4896  MSPCLOCK - ok
16:10:35.0313 4896  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:10:35.0329 4896  MSPQM - ok
16:10:35.0345 4896  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:10:35.0345 4896  MsRPC - ok
16:10:35.0345 4896  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
16:10:35.0360 4896  mssmbios - ok
16:10:35.0360 4896  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:10:35.0376 4896  MSTEE - ok
16:10:35.0376 4896  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
16:10:35.0376 4896  MTConfig - ok
16:10:35.0391 4896  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:10:35.0391 4896  Mup - ok
16:10:35.0391 4896  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
16:10:35.0423 4896  napagent - ok
16:10:35.0423 4896  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:10:35.0423 4896  NativeWifiP - ok
16:10:35.0438 4896  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:10:35.0454 4896  NDIS - ok
16:10:35.0454 4896  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:10:35.0469 4896  NdisCap - ok
16:10:35.0469 4896  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:10:35.0485 4896  NdisTapi - ok
16:10:35.0501 4896  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:10:35.0516 4896  Ndisuio - ok
16:10:35.0516 4896  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:10:35.0532 4896  NdisWan - ok
16:10:35.0532 4896  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:10:35.0547 4896  NDProxy - ok
16:10:35.0547 4896  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:10:35.0579 4896  NetBIOS - ok
16:10:35.0579 4896  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:10:35.0594 4896  NetBT - ok
16:10:35.0594 4896  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
16:10:35.0594 4896  Netlogon - ok
16:10:35.0610 4896  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
16:10:35.0625 4896  Netman - ok
16:10:35.0641 4896  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:10:35.0641 4896  NetMsmqActivator - ok
16:10:35.0641 4896  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:10:35.0657 4896  NetPipeActivator - ok
16:10:35.0657 4896  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
16:10:35.0672 4896  netprofm - ok
16:10:35.0688 4896  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:10:35.0688 4896  NetTcpActivator - ok
16:10:35.0688 4896  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:10:35.0703 4896  NetTcpPortSharing - ok
16:10:35.0703 4896  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
16:10:35.0703 4896  nfrd960 - ok
16:10:35.0703 4896  [ 8FB3C853E886E1E4D57271672486111C ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:10:35.0719 4896  NisDrv - ok
16:10:35.0719 4896  [ 869A808253726EA11939EC4FE76346A4 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
16:10:35.0719 4896  NisSrv - ok
16:10:35.0735 4896  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:10:35.0735 4896  NlaSvc - ok
16:10:35.0735 4896  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:10:35.0766 4896  Npfs - ok
16:10:35.0766 4896  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
16:10:35.0781 4896  nsi - ok
16:10:35.0781 4896  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:10:35.0797 4896  nsiproxy - ok
16:10:35.0813 4896  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:10:35.0828 4896  Ntfs - ok
16:10:35.0828 4896  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
16:10:35.0844 4896  Null - ok
16:10:35.0859 4896  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:10:35.0859 4896  nvraid - ok
16:10:35.0859 4896  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:10:35.0875 4896  nvstor - ok
16:10:35.0875 4896  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:10:35.0875 4896  nv_agp - ok
16:10:35.0875 4896  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:10:35.0891 4896  ohci1394 - ok
16:10:35.0891 4896  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:10:35.0891 4896  p2pimsvc - ok
16:10:35.0906 4896  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:10:35.0906 4896  p2psvc - ok
16:10:35.0922 4896  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
16:10:35.0922 4896  Parport - ok
16:10:35.0922 4896  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:10:35.0922 4896  partmgr - ok
16:10:35.0937 4896  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:10:35.0937 4896  PcaSvc - ok
16:10:35.0937 4896  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
16:10:35.0953 4896  pci - ok
16:10:35.0953 4896  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
16:10:35.0953 4896  pciide - ok
16:10:35.0953 4896  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:10:35.0969 4896  pcmcia - ok
16:10:35.0969 4896  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:10:35.0969 4896  pcw - ok
16:10:35.0984 4896  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:10:36.0000 4896  PEAUTH - ok
16:10:36.0015 4896  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:10:36.0031 4896  PerfHost - ok
16:10:36.0047 4896  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
16:10:36.0062 4896  pla - ok
16:10:36.0078 4896  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:10:36.0078 4896  PlugPlay - ok
16:10:36.0078 4896  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:10:36.0093 4896  PNRPAutoReg - ok
16:10:36.0093 4896  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:10:36.0109 4896  PNRPsvc - ok
16:10:36.0109 4896  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:10:36.0125 4896  PolicyAgent - ok
16:10:36.0140 4896  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
16:10:36.0156 4896  Power - ok
16:10:36.0156 4896  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:10:36.0171 4896  PptpMiniport - ok
16:10:36.0171 4896  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
16:10:36.0187 4896  Processor - ok
16:10:36.0187 4896  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:10:36.0187 4896  ProfSvc - ok
16:10:36.0187 4896  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:10:36.0203 4896  ProtectedStorage - ok
16:10:36.0203 4896  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:10:36.0218 4896  Psched - ok
16:10:36.0234 4896  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
16:10:36.0249 4896  ql2300 - ok
16:10:36.0249 4896  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
16:10:36.0249 4896  ql40xx - ok
16:10:36.0265 4896  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
16:10:36.0281 4896  QWAVE - ok
16:10:36.0281 4896  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:10:36.0281 4896  QWAVEdrv - ok
16:10:36.0281 4896  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:10:36.0312 4896  RasAcd - ok
16:10:36.0312 4896  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:10:36.0327 4896  RasAgileVpn - ok
16:10:36.0327 4896  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
16:10:36.0343 4896  RasAuto - ok
16:10:36.0343 4896  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:10:36.0374 4896  Rasl2tp - ok
16:10:36.0374 4896  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
16:10:36.0390 4896  RasMan - ok
16:10:36.0390 4896  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:10:36.0405 4896  RasPppoe - ok
16:10:36.0421 4896  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:10:36.0437 4896  RasSstp - ok
16:10:36.0437 4896  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:10:36.0452 4896  rdbss - ok
16:10:36.0452 4896  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
16:10:36.0468 4896  rdpbus - ok
16:10:36.0468 4896  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:10:36.0483 4896  RDPCDD - ok
16:10:36.0483 4896  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:10:36.0499 4896  RDPENCDD - ok
16:10:36.0515 4896  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:10:36.0530 4896  RDPREFMP - ok
16:10:36.0530 4896  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:10:36.0530 4896  RdpVideoMiniport - ok
16:10:36.0546 4896  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:10:36.0546 4896  RDPWD - ok
16:10:36.0546 4896  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:10:36.0561 4896  rdyboost - ok
16:10:36.0561 4896  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:10:36.0577 4896  RemoteAccess - ok
16:10:36.0577 4896  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:10:36.0593 4896  RemoteRegistry - ok
16:10:36.0608 4896  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:10:36.0624 4896  RpcEptMapper - ok
16:10:36.0624 4896  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
16:10:36.0624 4896  RpcLocator - ok
16:10:36.0639 4896  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
16:10:36.0655 4896  RpcSs - ok
16:10:36.0655 4896  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
16:10:36.0671 4896  SamSs - ok
16:10:36.0671 4896  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:10:36.0671 4896  sbp2port - ok
16:10:36.0671 4896  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:10:36.0702 4896  SCardSvr - ok
16:10:36.0702 4896  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:10:36.0717 4896  scfilter - ok
16:10:36.0717 4896  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
16:10:36.0749 4896  Schedule - ok
16:10:36.0749 4896  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:10:36.0764 4896  SCPolicySvc - ok
16:10:36.0764 4896  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:10:36.0780 4896  SDRSVC - ok
16:10:36.0780 4896  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:10:36.0795 4896  secdrv - ok
16:10:36.0795 4896  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
16:10:36.0811 4896  seclogon - ok
16:10:36.0827 4896  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
16:10:36.0842 4896  SENS - ok
16:10:36.0842 4896  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:10:36.0842 4896  SensrSvc - ok
16:10:36.0842 4896  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
16:10:36.0858 4896  Serenum - ok
16:10:36.0858 4896  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:10:36.0858 4896  Serial - ok
16:10:36.0858 4896  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
16:10:36.0873 4896  sermouse - ok
16:10:36.0873 4896  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:10:36.0889 4896  SessionEnv - ok
16:10:36.0889 4896  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:10:36.0905 4896  sffdisk - ok
16:10:36.0905 4896  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:10:36.0920 4896  sffp_mmc - ok
16:10:36.0920 4896  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:10:36.0920 4896  sffp_sd - ok
16:10:36.0920 4896  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
16:10:36.0936 4896  sfloppy - ok
16:10:36.0936 4896  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:10:36.0951 4896  SharedAccess - ok
16:10:36.0951 4896  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:10:36.0983 4896  ShellHWDetection - ok
16:10:36.0983 4896  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
16:10:36.0983 4896  SiSRaid2 - ok
16:10:36.0983 4896  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:10:36.0998 4896  SiSRaid4 - ok
16:10:36.0998 4896  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:10:37.0014 4896  Smb - ok
16:10:37.0014 4896  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:10:37.0029 4896  SNMPTRAP - ok
16:10:37.0029 4896  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:10:37.0029 4896  spldr - ok
16:10:37.0045 4896  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
16:10:37.0045 4896  Spooler - ok
16:10:37.0076 4896  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
16:10:37.0107 4896  sppsvc - ok
16:10:37.0107 4896  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:10:37.0123 4896  sppuinotify - ok
16:10:37.0139 4896  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:10:37.0139 4896  srv - ok
16:10:37.0139 4896  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:10:37.0154 4896  srv2 - ok
16:10:37.0154 4896  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:10:37.0170 4896  srvnet - ok
16:10:37.0170 4896  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:10:37.0185 4896  SSDPSRV - ok
16:10:37.0185 4896  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:10:37.0201 4896  SstpSvc - ok
16:10:37.0217 4896  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
16:10:37.0217 4896  stexstor - ok
16:10:37.0217 4896  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
16:10:37.0232 4896  stisvc - ok
16:10:37.0232 4896  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
16:10:37.0248 4896  swenum - ok
16:10:37.0248 4896  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
16:10:37.0263 4896  swprv - ok
16:10:37.0279 4896  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
16:10:37.0295 4896  SysMain - ok
16:10:37.0295 4896  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:10:37.0310 4896  TabletInputService - ok
16:10:37.0310 4896  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:10:37.0326 4896  TapiSrv - ok
16:10:37.0341 4896  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
16:10:37.0357 4896  TBS - ok
16:10:37.0373 4896  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:10:37.0388 4896  Tcpip - ok
16:10:37.0404 4896  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:10:37.0419 4896  TCPIP6 - ok
16:10:37.0419 4896  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:10:37.0435 4896  tcpipreg - ok
16:10:37.0435 4896  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:10:37.0435 4896  TDPIPE - ok
16:10:37.0435 4896  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:10:37.0451 4896  TDTCP - ok
16:10:37.0451 4896  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:10:37.0466 4896  tdx - ok
16:10:37.0466 4896  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
16:10:37.0466 4896  TermDD - ok
16:10:37.0482 4896  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
16:10:37.0497 4896  TermService - ok
16:10:37.0497 4896  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
16:10:37.0513 4896  Themes - ok
16:10:37.0513 4896  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
16:10:37.0529 4896  THREADORDER - ok
16:10:37.0529 4896  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
16:10:37.0560 4896  TrkWks - ok
16:10:37.0560 4896  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:10:37.0575 4896  TrustedInstaller - ok
16:10:37.0575 4896  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:10:37.0591 4896  tssecsrv - ok
16:10:37.0607 4896  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:10:37.0607 4896  TsUsbFlt - ok
16:10:37.0607 4896  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
16:10:37.0607 4896  TsUsbGD - ok
16:10:37.0622 4896  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:10:37.0638 4896  tunnel - ok
16:10:37.0638 4896  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:10:37.0638 4896  uagp35 - ok
16:10:37.0638 4896  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:10:37.0669 4896  udfs - ok
16:10:37.0669 4896  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:10:37.0669 4896  UI0Detect - ok
16:10:37.0685 4896  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:10:37.0685 4896  uliagpkx - ok
16:10:37.0685 4896  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:10:37.0685 4896  umbus - ok
16:10:37.0700 4896  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
16:10:37.0700 4896  UmPass - ok
16:10:37.0700 4896  [ 1E9A5658E0EBDBC381F52123363F74CB ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
16:10:37.0716 4896  UNS - ok
16:10:37.0716 4896  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
16:10:37.0731 4896  upnphost - ok
16:10:37.0731 4896  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
16:10:37.0747 4896  usbaudio - ok
16:10:37.0747 4896  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:10:37.0747 4896  usbccgp - ok
16:10:37.0763 4896  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:10:37.0763 4896  usbcir - ok
16:10:37.0763 4896  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
16:10:37.0778 4896  usbehci - ok
16:10:37.0778 4896  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:10:37.0778 4896  usbhub - ok
16:10:37.0794 4896  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
16:10:37.0794 4896  usbohci - ok
16:10:37.0794 4896  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
16:10:37.0794 4896  usbprint - ok
16:10:37.0809 4896  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\drivers\USBSTOR.SYS
16:10:37.0809 4896  USBSTOR - ok
16:10:37.0809 4896  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
16:10:37.0809 4896  usbuhci - ok
16:10:37.0825 4896  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
16:10:37.0841 4896  UxSms - ok
16:10:37.0841 4896  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
16:10:37.0841 4896  VaultSvc - ok
16:10:37.0841 4896  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:10:37.0856 4896  vdrvroot - ok
16:10:37.0856 4896  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
16:10:37.0887 4896  vds - ok
16:10:37.0887 4896  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:10:37.0887 4896  vga - ok
16:10:37.0887 4896  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:10:37.0903 4896  VgaSave - ok
16:10:37.0919 4896  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:10:37.0919 4896  vhdmp - ok
16:10:37.0919 4896  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:10:37.0919 4896  viaide - ok
16:10:37.0934 4896  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:10:37.0934 4896  volmgr - ok
16:10:37.0934 4896  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:10:37.0950 4896  volmgrx - ok
16:10:37.0950 4896  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:10:37.0950 4896  volsnap - ok
16:10:37.0965 4896  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
16:10:37.0965 4896  vsmraid - ok
16:10:37.0981 4896  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
16:10:38.0012 4896  VSS - ok
16:10:38.0012 4896  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
16:10:38.0012 4896  vwifibus - ok
16:10:38.0012 4896  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
16:10:38.0028 4896  vwififlt - ok
16:10:38.0028 4896  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
16:10:38.0043 4896  W32Time - ok
16:10:38.0059 4896  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
16:10:38.0059 4896  WacomPen - ok
16:10:38.0059 4896  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:10:38.0075 4896  WANARP - ok
16:10:38.0075 4896  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:10:38.0106 4896  Wanarpv6 - ok
16:10:38.0106 4896  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
16:10:38.0121 4896  WatAdminSvc - ok
16:10:38.0137 4896  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
16:10:38.0153 4896  wbengine - ok
16:10:38.0153 4896  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:10:38.0168 4896  WbioSrvc - ok
16:10:38.0168 4896  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:10:38.0184 4896  wcncsvc - ok
16:10:38.0184 4896  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:10:38.0184 4896  WcsPlugInService - ok
16:10:38.0184 4896  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
16:10:38.0199 4896  Wd - ok
16:10:38.0199 4896  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:10:38.0215 4896  Wdf01000 - ok
16:10:38.0215 4896  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:10:38.0231 4896  WdiServiceHost - ok
16:10:38.0231 4896  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:10:38.0231 4896  WdiSystemHost - ok
16:10:38.0246 4896  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
16:10:38.0246 4896  WebClient - ok
16:10:38.0246 4896  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:10:38.0277 4896  Wecsvc - ok
16:10:38.0277 4896  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:10:38.0293 4896  wercplsupport - ok
16:10:38.0293 4896  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:10:38.0309 4896  WerSvc - ok
16:10:38.0324 4896  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:10:38.0340 4896  WfpLwf - ok
16:10:38.0340 4896  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:10:38.0340 4896  WIMMount - ok
16:10:38.0340 4896  WinDefend - ok
16:10:38.0340 4896  WinHttpAutoProxySvc - ok
16:10:38.0355 4896  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:10:38.0371 4896  Winmgmt - ok
16:10:38.0387 4896  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
16:10:38.0418 4896  WinRM - ok
16:10:38.0418 4896  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:10:38.0433 4896  Wlansvc - ok
16:10:38.0449 4896  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
16:10:38.0449 4896  WmiAcpi - ok
16:10:38.0449 4896  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:10:38.0465 4896  wmiApSrv - ok
16:10:38.0465 4896  WMPNetworkSvc - ok
16:10:38.0465 4896  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:10:38.0465 4896  WPCSvc - ok
16:10:38.0465 4896  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:10:38.0480 4896  WPDBusEnum - ok
16:10:38.0480 4896  [ 7CA09731EB7FC99B910C7F239E57720F ] WPRO_41_2001    C:\Windows\system32\drivers\WPRO_41_2001.sys
16:10:38.0480 4896  WPRO_41_2001 - ok
16:10:38.0480 4896  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:10:38.0511 4896  ws2ifsl - ok
16:10:38.0511 4896  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
16:10:38.0511 4896  wscsvc - ok
16:10:38.0511 4896  WSearch - ok
16:10:38.0543 4896  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:10:38.0558 4896  wuauserv - ok
16:10:38.0558 4896  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:10:38.0574 4896  WudfPf - ok
16:10:38.0574 4896  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:10:38.0574 4896  WUDFRd - ok
16:10:38.0574 4896  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:10:38.0589 4896  wudfsvc - ok
16:10:38.0589 4896  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:10:38.0605 4896  WwanSvc - ok
16:10:38.0605 4896  ================ Scan global ===============================
16:10:38.0605 4896  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:10:38.0605 4896  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:10:38.0605 4896  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:10:38.0605 4896  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:10:38.0621 4896  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:10:38.0621 4896  [Global] - ok
16:10:38.0621 4896  ================ Scan MBR ==================================
16:10:38.0621 4896  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
16:10:38.0636 4896  \Device\Harddisk0\DR0 - ok
16:10:38.0636 4896  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
16:10:38.0652 4896  \Device\Harddisk1\DR1 - ok
16:10:38.0917 4896  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
16:10:39.0011 4896  \Device\Harddisk2\DR2 - ok
16:10:39.0011 4896  ================ Scan VBR ==================================
16:10:39.0011 4896  [ 7BC4DE27BF2849EA387474DDC9ABD753 ] \Device\Harddisk0\DR0\Partition1
16:10:39.0011 4896  \Device\Harddisk0\DR0\Partition1 - ok
16:10:39.0026 4896  [ A1A1CC4BA4AE1C51FC0245E9B1587FFB ] \Device\Harddisk0\DR0\Partition2
16:10:39.0026 4896  \Device\Harddisk0\DR0\Partition2 - ok
16:10:39.0026 4896  [ 1F7305F27C8A291629E3E330BF3A9F0F ] \Device\Harddisk0\DR0\Partition3
16:10:39.0026 4896  \Device\Harddisk0\DR0\Partition3 - ok
16:10:39.0026 4896  [ 1D0D2D9067A52CEF81B31895AD169067 ] \Device\Harddisk1\DR1\Partition1
16:10:39.0026 4896  \Device\Harddisk1\DR1\Partition1 - ok
16:10:39.0026 4896  ============================================================
16:10:39.0026 4896  Scan finished
16:10:39.0026 4896  ============================================================
16:10:39.0042 3028  Detected object count: 0
16:10:39.0042 3028  Actual detected object count: 0
16:10:42.0895 3736  Deinitialize success
 

 



#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:46 AM

Posted 24 July 2013 - 03:37 PM

Could you tell me what practical problems you are experiencing, what tasks can you no longer do at this point and what happens when you try (error messages, crashes, freezes).


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#7 Yuki ikuY

Yuki ikuY
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 PM

Posted 24 July 2013 - 07:25 PM

Before you get into this let me say, The infection took control a few hours prior to the July 2013 Microsoft Security Bulletin, and because the content of the summary is almost spot on with the issues, to make this easier I think it would be a good idea for you to skim over the security update to get a good feel for whats going on here. 

 
Here is the MS Bulletin Summary

 

 

     You'll find examples throughout the prior posts (if you can rummage through it all heh) But I'll touch down on a few again, for convenience. Again, with the initial user account, created, with fresh install as administrator, hardly 30% of the OS can really be used. The infection first installed its drivers into the key system files, folders, and drivers, following its acquirement of privilege elevation.

 

Here is a small taste of the practical problems:

  • Fake errors will be prompted when trying to make any kind of system altering, reading/writing.
     
  • Drivers are unable to be installed, fake notifications of drivers being up to date are prompted. (I have a folder of GUIDs/files/folders/.infs and other related instances to the errors that I flagged and collected in case specific examples need to be shown.)
     
  • Windows Defender/Windows Update/MSE were all corrupted, and incapable of being turned on.
     
  • Homegroups are not allowed to be altered, Certain services obviously as well. Minor things like personalization and taskbar properties prompt errors and are disallowed. 
     
  • With the first era of infection, attempting to even view system properties would result in control panel crash, explorer itself would freeze up and crash if certain infected folders were even clicked on.The infection would not even give a user the chance to even sniff Computer Management (msc) without crashing, as well as volume shadow services, or any type of disk related tools.
     
  • Located as "HKEY_USERS\S-1-5-21-1808079421-1948222169-3808412198-1003_Classes" in the registry it still remains, as well as several ControlSets and really.... almost anything you can think of when relating to a registry being hijacked and totally manipulated.

     

    My own personal guess here is that it has manifested itself in one or more of my devices besides just the Boot Sector of (all of my) the disks. Since I don't believe we'll be able to simply remove this, what I'm looking for here with help from you Elise is: 

  • Assistance determining what exactly this is, and pin point the exact location of it's home.
  • Assistance discovering the files and folders/modules that is the Parent for it's ability to re-write itself.
  • And finally which devices it is, or has the ability to, live in. 

 

    I'm not sure if you'll be up it or what you can even do. Regardless, any help here will be much appreciated. If I can determine if it's in certain devices, I can then give up (finally) and purchase replacements.

   Please forgive me for being so random and all over the place with this, there is an abundance of issues and symptoms and this started 2/3 weeks ago. Since then, as I stated in latter posts, most of the symptoms are no longer the case, but this has been such a mess it's tough to recite all of them off hand. 

 

 

 

P.S.
  Even though most of the problems will not occur on the new User Account I'm testing it on, does not mean that the problems are solved. The elephant in the room still comes up and slaps me in the face every now and then to remind me of it's presence, metaphorically speaking.


Edited by Yuki ikuY, 24 July 2013 - 07:29 PM.


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:46 AM

Posted 25 July 2013 - 05:49 AM

Fake errors will be prompted when trying to make any kind of system altering, reading/writing.

Please create a screenshot of such an error and attach it to your next reply.

 

Vulnerabilities patching is something (unfortunately) normal for Windows (or really any piece of more complex software). That does not mean its likely you'll have all those on your system and usually malware doesn't yet use this either (and if it does then only a certain infection will exploit a certain vulnerability). In any case, if you'd have reinstalled and installed all latest updates the vulnerabilities would be addressed.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#9 Yuki ikuY

Yuki ikuY
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 PM

Posted 26 July 2013 - 08:09 PM

Well yes that is true, what I meant was to just give you an example for better explanation than my back n forth. Luckily the issue wasn't all of those situations, and not in exact detail, but at the moment of occurrence Windows Update, was controlled and blocked, and manual installation and patching as well.
Things are a little less messy now after my days of rummaging, tweaking, and removing. At this point, Im not even sure what the status is, it's there, it's definitely discouraging and I fear if I were to commence another fresh reinstall, it would jump start the infection and restart it back to the beginning disaster. Now I'm not sure what you can assist in, I just wish you could remotely rummage with me ha, it'd be so much easier to show you.

Ill switch to the diseased user and see if I can pull up an error, I haven't gotten an error on the test account for a few days now. Ill edit this reply and post the screen shot on here in a few moments.

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:46 AM

Posted 27 July 2013 - 02:04 AM

Please don't edit, that way I won't get a notification when you reply. :)


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:46 AM

Posted 04 August 2013 - 03:45 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users