Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Conhost virus


  • Please log in to reply
12 replies to this topic

#1 Ell223

Ell223

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 26 July 2013 - 06:41 AM

How do I vanquish this troublemaker? I hear my GPU fans spinning up to max so I check processes, when I stop it from running everything returns to normal. I think it's mining bitcoins for somebody.



BC AdBot (Login to Remove)

 


#2 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 PM

Posted 26 July 2013 - 07:04 AM

:welcome:

 

 

:step1: Install and run MBAM

:step2:  Running TDSSKiller to obtain log

 

Note: Don't cure or delete a threat, but choose skip for all instead.

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

tds2.jpg

  • In the Additional options: Check Detect TDLFS file system
  • Click Start Scan and allow the scan process to run

tds4-1.jpg

  • Choose for all threats to Skip for all of them.
  • Click Continue
  • Please post the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)

===================================================

 

:step3: ESET Online Scanner

==================

Note: If your AV is blocking Eset online scanner, please temporarily disable your AV.

 

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and » UNCHECK "Remove found threats" <== Important
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. (If no malware was found you will not be presented with a log).
  • Click the Back button.
  • Click the Finish button.

===================================================


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#3 Ell223

Ell223
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 26 July 2013 - 12:07 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.07.26.03
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Elliott :: ELLIOTT-PC [administrator]
 
26/07/2013 13:27:35
mbam-log-2013-07-26 (13-27-35).txt
 
Scan type: Full scan (B:\|C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 762526
Time elapsed: 1 hour(s), 23 minute(s), 17 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 

 

 

14:52:25.0950 8024  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
14:52:26.0286 8024  ============================================================
14:52:26.0286 8024  Current date / time: 2013/07/26 14:52:26.0286
14:52:26.0286 8024  SystemInfo:
14:52:26.0286 8024  
14:52:26.0286 8024  OS Version: 6.1.7601 ServicePack: 1.0
14:52:26.0286 8024  Product type: Workstation
14:52:26.0287 8024  ComputerName: ELLIOTT-PC
14:52:26.0287 8024  UserName: Elliott
14:52:26.0287 8024  Windows directory: C:\Windows
14:52:26.0287 8024  System windows directory: C:\Windows
14:52:26.0287 8024  Running under WOW64
14:52:26.0287 8024  Processor architecture: Intel x64
14:52:26.0287 8024  Number of processors: 4
14:52:26.0287 8024  Page size: 0x1000
14:52:26.0287 8024  Boot type: Normal boot
14:52:26.0287 8024  ============================================================
14:52:26.0675 8024  Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:52:26.0684 8024  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:52:26.0686 8024  ============================================================
14:52:26.0686 8024  \Device\Harddisk1\DR1:
14:52:26.0686 8024  MBR partitions:
14:52:26.0686 8024  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:52:26.0686 8024  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
14:52:26.0686 8024  \Device\Harddisk0\DR0:
14:52:26.0686 8024  MBR partitions:
14:52:26.0686 8024  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x157C000
14:52:26.0686 8024  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x157C800, BlocksNum 0x73189000
14:52:26.0686 8024  ============================================================
14:52:26.0688 8024  C: <-> \Device\Harddisk1\DR1\Partition2
14:52:26.0742 8024  B: <-> \Device\Harddisk0\DR0\Partition2
14:52:26.0742 8024  ============================================================
14:52:26.0742 8024  Initialize success
14:52:26.0742 8024  ============================================================
14:52:30.0958 8120  ============================================================
14:52:30.0958 8120  Scan started
14:52:30.0958 8120  Mode: Manual; TDLFS; 
14:52:30.0958 8120  ============================================================
14:52:31.0273 8120  ================ Scan system memory ========================
14:52:31.0273 8120  System memory - ok
14:52:31.0273 8120  ================ Scan services =============================
14:52:31.0317 8120  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:52:31.0320 8120  1394ohci - ok
14:52:31.0328 8120  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:52:31.0332 8120  ACPI - ok
14:52:31.0336 8120  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:52:31.0337 8120  AcpiPmi - ok
14:52:31.0342 8120  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:52:31.0343 8120  AdobeARMservice - ok
14:52:31.0353 8120  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
14:52:31.0359 8120  adp94xx - ok
14:52:31.0367 8120  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
14:52:31.0371 8120  adpahci - ok
14:52:31.0377 8120  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
14:52:31.0380 8120  adpu320 - ok
14:52:31.0386 8120  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:52:31.0387 8120  AeLookupSvc - ok
14:52:31.0398 8120  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
14:52:31.0402 8120  AFD - ok
14:52:31.0407 8120  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:52:31.0408 8120  agp440 - ok
14:52:31.0411 8120  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
14:52:31.0412 8120  ALG - ok
14:52:31.0414 8120  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:52:31.0415 8120  aliide - ok
14:52:31.0419 8120  [ 310F86335B0505DDC6D2DD48E66EF06B ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:52:31.0421 8120  AMD External Events Utility - ok
14:52:31.0424 8120  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
14:52:31.0424 8120  amdide - ok
14:52:31.0427 8120  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
14:52:31.0428 8120  AmdK8 - ok
14:52:31.0540 8120  [ 79CC9BE187E3144E1B58A54B842475E7 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
14:52:31.0613 8120  amdkmdag - ok
14:52:31.0620 8120  [ 07561D3B7FD99F6E186C49C2D0628E38 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
14:52:31.0624 8120  amdkmdap - ok
14:52:31.0626 8120  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
14:52:31.0628 8120  AmdPPM - ok
14:52:31.0630 8120  [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:52:31.0632 8120  amdsata - ok
14:52:31.0635 8120  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
14:52:31.0637 8120  amdsbs - ok
14:52:31.0639 8120  [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:52:31.0639 8120  amdxata - ok
14:52:31.0642 8120  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
14:52:31.0643 8120  AppID - ok
14:52:31.0645 8120  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:52:31.0646 8120  AppIDSvc - ok
14:52:31.0648 8120  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
14:52:31.0649 8120  Appinfo - ok
14:52:31.0652 8120  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
14:52:31.0653 8120  arc - ok
14:52:31.0656 8120  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:52:31.0657 8120  arcsas - ok
14:52:31.0659 8120  [ EB6DC008A1F36DFD7999EB57E97EAACE ] asahci64        C:\Windows\system32\DRIVERS\asahci64.sys
14:52:31.0660 8120  asahci64 - ok
14:52:31.0682 8120  [ E536856E96A7605EBF580D62A868E5FE ] ASGT            C:\Windows\SysWOW64\ASGT.exe
14:52:31.0683 8120  ASGT - ok
14:52:31.0685 8120  [ 22842362DF890F5492F85AA60916A697 ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
14:52:31.0687 8120  asmthub3 - ok
14:52:31.0692 8120  [ 08E2D77766CC05E75A0707207D9FC684 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
14:52:31.0695 8120  asmtxhci - ok
14:52:31.0699 8120  ASPI32 - ok
14:52:31.0709 8120  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:52:31.0710 8120  aspnet_state - ok
14:52:31.0712 8120  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:52:31.0713 8120  AsyncMac - ok
14:52:31.0715 8120  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
14:52:31.0715 8120  atapi - ok
14:52:31.0720 8120  [ ED3A041014FBBFDC23D6C04F9C7A5D79 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
14:52:31.0721 8120  AtiHDAudioService - ok
14:52:31.0728 8120  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:52:31.0732 8120  AudioEndpointBuilder - ok
14:52:31.0739 8120  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:52:31.0741 8120  AudioSrv - ok
14:52:31.0744 8120  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:52:31.0745 8120  AxInstSV - ok
14:52:31.0751 8120  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
14:52:31.0754 8120  b06bdrv - ok
14:52:31.0759 8120  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:52:31.0761 8120  b57nd60a - ok
14:52:31.0764 8120  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:52:31.0765 8120  BDESVC - ok
14:52:31.0768 8120  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:52:31.0768 8120  Beep - ok
14:52:31.0776 8120  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
14:52:31.0780 8120  BFE - ok
14:52:31.0789 8120  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
14:52:31.0798 8120  BITS - ok
14:52:31.0806 8120  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:52:31.0806 8120  blbdrive - ok
14:52:31.0809 8120  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:52:31.0810 8120  bowser - ok
14:52:31.0812 8120  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
14:52:31.0813 8120  BrFiltLo - ok
14:52:31.0814 8120  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
14:52:31.0815 8120  BrFiltUp - ok
14:52:31.0817 8120  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
14:52:31.0818 8120  BridgeMP - ok
14:52:31.0821 8120  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
14:52:31.0823 8120  Browser - ok
14:52:31.0826 8120  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:52:31.0828 8120  Brserid - ok
14:52:31.0830 8120  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:52:31.0831 8120  BrSerWdm - ok
14:52:31.0833 8120  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:52:31.0834 8120  BrUsbMdm - ok
14:52:31.0835 8120  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:52:31.0836 8120  BrUsbSer - ok
14:52:31.0838 8120  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
14:52:31.0839 8120  BthEnum - ok
14:52:31.0841 8120  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
14:52:31.0841 8120  BTHMODEM - ok
14:52:31.0845 8120  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
14:52:31.0846 8120  BthPan - ok
14:52:31.0852 8120  [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
14:52:31.0856 8120  BTHPORT - ok
14:52:31.0858 8120  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
14:52:31.0859 8120  bthserv - ok
14:52:31.0861 8120  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
14:52:31.0862 8120  BTHUSB - ok
14:52:31.0863 8120  catchme - ok
14:52:31.0866 8120  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:52:31.0867 8120  cdfs - ok
14:52:31.0870 8120  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:52:31.0871 8120  cdrom - ok
14:52:31.0874 8120  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
14:52:31.0875 8120  CertPropSvc - ok
14:52:31.0877 8120  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
14:52:31.0878 8120  circlass - ok
14:52:31.0883 8120  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
14:52:31.0886 8120  CLFS - ok
14:52:31.0892 8120  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:52:31.0892 8120  clr_optimization_v2.0.50727_32 - ok
14:52:31.0897 8120  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:52:31.0897 8120  clr_optimization_v2.0.50727_64 - ok
14:52:31.0909 8120  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:52:31.0911 8120  clr_optimization_v4.0.30319_32 - ok
14:52:31.0913 8120  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:52:31.0915 8120  clr_optimization_v4.0.30319_64 - ok
14:52:31.0917 8120  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
14:52:31.0918 8120  CmBatt - ok
14:52:31.0920 8120  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:52:31.0920 8120  cmdide - ok
14:52:31.0943 8120  [ 0367F029425CBD5506E8DB2757FF3A8F ] cmudaxp         C:\Windows\system32\drivers\cmudaxp.sys
14:52:31.0974 8120  cmudaxp - ok
14:52:31.0982 8120  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
14:52:31.0985 8120  CNG - ok
14:52:31.0988 8120  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
14:52:31.0989 8120  Compbatt - ok
14:52:31.0991 8120  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
14:52:31.0992 8120  CompositeBus - ok
14:52:31.0993 8120  COMSysApp - ok
14:52:31.0995 8120  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
14:52:31.0996 8120  crcdisk - ok
14:52:32.0000 8120  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:52:32.0001 8120  CryptSvc - ok
14:52:32.0008 8120  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:52:32.0012 8120  DcomLaunch - ok
14:52:32.0017 8120  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
14:52:32.0019 8120  defragsvc - ok
14:52:32.0022 8120  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:52:32.0023 8120  DfsC - ok
14:52:32.0027 8120  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:52:32.0030 8120  Dhcp - ok
14:52:32.0032 8120  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
14:52:32.0033 8120  discache - ok
14:52:32.0035 8120  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
14:52:32.0036 8120  Disk - ok
14:52:32.0040 8120  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:52:32.0041 8120  Dnscache - ok
14:52:32.0045 8120  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:52:32.0047 8120  dot3svc - ok
14:52:32.0050 8120  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
14:52:32.0052 8120  DPS - ok
14:52:32.0054 8120  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:52:32.0054 8120  drmkaud - ok
14:52:32.0059 8120  [ 426D951F2DE2D4DFCBE0D1A42BBBA72F ] DTSAudioSvc     C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
14:52:32.0060 8120  DTSAudioSvc - ok
14:52:32.0071 8120  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:52:32.0077 8120  DXGKrnl - ok
14:52:32.0082 8120  [ EAFCB4551836FF44EE775CEDDFA7A77E ] e1cexpress      C:\Windows\system32\DRIVERS\e1c62x64.sys
14:52:32.0085 8120  e1cexpress - ok
14:52:32.0087 8120  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
14:52:32.0089 8120  EapHost - ok
14:52:32.0115 8120  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
14:52:32.0133 8120  ebdrv - ok
14:52:32.0136 8120  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
14:52:32.0137 8120  EFS - ok
14:52:32.0145 8120  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:52:32.0150 8120  ehRecvr - ok
14:52:32.0152 8120  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
14:52:32.0153 8120  ehSched - ok
14:52:32.0159 8120  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
14:52:32.0163 8120  elxstor - ok
14:52:32.0165 8120  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:52:32.0165 8120  ErrDev - ok
14:52:32.0172 8120  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
14:52:32.0175 8120  EventSystem - ok
14:52:32.0178 8120  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
14:52:32.0180 8120  exfat - ok
14:52:32.0183 8120  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:52:32.0184 8120  fastfat - ok
14:52:32.0191 8120  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
14:52:32.0196 8120  Fax - ok
14:52:32.0198 8120  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
14:52:32.0199 8120  fdc - ok
14:52:32.0201 8120  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
14:52:32.0202 8120  fdPHost - ok
14:52:32.0203 8120  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:52:32.0204 8120  FDResPub - ok
14:52:32.0206 8120  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:52:32.0207 8120  FileInfo - ok
14:52:32.0209 8120  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:52:32.0210 8120  Filetrace - ok
14:52:32.0211 8120  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
14:52:32.0212 8120  flpydisk - ok
14:52:32.0216 8120  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:52:32.0218 8120  FltMgr - ok
14:52:32.0229 8120  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
14:52:32.0236 8120  FontCache - ok
14:52:32.0239 8120  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:52:32.0239 8120  FontCache3.0.0.0 - ok
14:52:32.0241 8120  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:52:32.0242 8120  FsDepends - ok
14:52:32.0244 8120  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:52:32.0245 8120  Fs_Rec - ok
14:52:32.0248 8120  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:52:32.0250 8120  fvevol - ok
14:52:32.0253 8120  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:52:32.0254 8120  gagp30kx - ok
14:52:32.0261 8120  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
14:52:32.0266 8120  gpsvc - ok
14:52:32.0271 8120  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:52:32.0272 8120  gupdate - ok
14:52:32.0274 8120  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:52:32.0274 8120  gupdatem - ok
14:52:32.0276 8120  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:52:32.0277 8120  hcw85cir - ok
14:52:32.0281 8120  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:52:32.0284 8120  HdAudAddService - ok
14:52:32.0287 8120  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
14:52:32.0289 8120  HDAudBus - ok
14:52:32.0290 8120  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
14:52:32.0291 8120  HidBatt - ok
14:52:32.0293 8120  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
14:52:32.0295 8120  HidBth - ok
14:52:32.0297 8120  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
14:52:32.0297 8120  HidIr - ok
14:52:32.0300 8120  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
14:52:32.0301 8120  hidserv - ok
14:52:32.0303 8120  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:52:32.0311 8120  HidUsb - ok
14:52:32.0314 8120  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:52:32.0315 8120  hkmsvc - ok
14:52:32.0319 8120  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:52:32.0321 8120  HomeGroupListener - ok
14:52:32.0325 8120  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:52:32.0327 8120  HomeGroupProvider - ok
14:52:32.0329 8120  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:52:32.0330 8120  HpSAMD - ok
14:52:32.0337 8120  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:52:32.0342 8120  HTTP - ok
14:52:32.0345 8120  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:52:32.0345 8120  hwpolicy - ok
14:52:32.0348 8120  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
14:52:32.0350 8120  i8042prt - ok
14:52:32.0356 8120  [ C224331A54571C8C9162F7714400BBBD ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
14:52:32.0357 8120  iaStor - ok
14:52:32.0361 8120  [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
14:52:32.0361 8120  IAStorDataMgrSvc - ok
14:52:32.0366 8120  [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:52:32.0369 8120  iaStorV - ok
14:52:32.0378 8120  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:52:32.0384 8120  idsvc - ok
14:52:32.0386 8120  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
14:52:32.0387 8120  iirsp - ok
14:52:32.0396 8120  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
14:52:32.0402 8120  IKEEXT - ok
14:52:32.0443 8120  [ E83BB47C3446F0497019DE7FD6C6A86F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:52:32.0471 8120  IntcAzAudAddService - ok
14:52:32.0475 8120  [ D0E680E2F30FE6611895F2F34324A67C ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
14:52:32.0476 8120  Intel® PROSet Monitoring Service - ok
14:52:32.0478 8120  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
14:52:32.0479 8120  intelide - ok
14:52:32.0481 8120  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:52:32.0482 8120  intelppm - ok
14:52:32.0485 8120  [ 9D9CB717C3824C6A0AF2F0577B2541E6 ] IOMap           C:\Windows\system32\drivers\IOMap64.sys
14:52:32.0486 8120  IOMap - ok
14:52:32.0488 8120  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:52:32.0490 8120  IPBusEnum - ok
14:52:32.0492 8120  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:52:32.0493 8120  IpFilterDriver - ok
14:52:32.0499 8120  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:52:32.0503 8120  iphlpsvc - ok
14:52:32.0505 8120  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:52:32.0506 8120  IPMIDRV - ok
14:52:32.0508 8120  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:52:32.0510 8120  IPNAT - ok
14:52:32.0511 8120  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:52:32.0512 8120  IRENUM - ok
14:52:32.0514 8120  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:52:32.0515 8120  isapnp - ok
14:52:32.0519 8120  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:52:32.0521 8120  iScsiPrt - ok
14:52:32.0524 8120  [ 8E4577C6E0D3114170509159DE658907 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
14:52:32.0524 8120  iusb3hcs - ok
14:52:32.0529 8120  [ FE76346E9B57DA575BD1B3BD0CCAD7FF ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
14:52:32.0531 8120  iusb3hub - ok
14:52:32.0540 8120  [ 1008CD90DA2198FFD250298DEB9DF160 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
14:52:32.0545 8120  iusb3xhc - ok
14:52:32.0548 8120  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:52:32.0548 8120  kbdclass - ok
14:52:32.0550 8120  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:52:32.0558 8120  kbdhid - ok
14:52:32.0560 8120  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
14:52:32.0561 8120  KeyIso - ok
14:52:32.0563 8120  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:52:32.0565 8120  KSecDD - ok
14:52:32.0568 8120  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:52:32.0569 8120  KSecPkg - ok
14:52:32.0571 8120  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:52:32.0571 8120  ksthunk - ok
14:52:32.0575 8120  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:52:32.0579 8120  KtmRm - ok
14:52:32.0582 8120  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
14:52:32.0585 8120  LanmanServer - ok
14:52:32.0588 8120  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:52:32.0589 8120  LanmanWorkstation - ok
14:52:32.0592 8120  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:52:32.0593 8120  lltdio - ok
14:52:32.0597 8120  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:52:32.0600 8120  lltdsvc - ok
14:52:32.0602 8120  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:52:32.0603 8120  lmhosts - ok
14:52:32.0606 8120  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
14:52:32.0607 8120  LSI_FC - ok
14:52:32.0610 8120  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
14:52:32.0611 8120  LSI_SAS - ok
14:52:32.0613 8120  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
14:52:32.0614 8120  LSI_SAS2 - ok
14:52:32.0617 8120  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:52:32.0618 8120  LSI_SCSI - ok
14:52:32.0620 8120  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
14:52:32.0621 8120  luafv - ok
14:52:32.0624 8120  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:52:32.0626 8120  Mcx2Svc - ok
14:52:32.0628 8120  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
14:52:32.0628 8120  megasas - ok
14:52:32.0632 8120  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
14:52:32.0635 8120  MegaSR - ok
14:52:32.0637 8120  [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
14:52:32.0638 8120  MEIx64 - ok
14:52:32.0640 8120  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
14:52:32.0642 8120  MMCSS - ok
14:52:32.0643 8120  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
14:52:32.0644 8120  Modem - ok
14:52:32.0646 8120  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:52:32.0647 8120  monitor - ok
14:52:32.0649 8120  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:52:32.0650 8120  mouclass - ok
14:52:32.0652 8120  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:52:32.0659 8120  mouhid - ok
14:52:32.0661 8120  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:52:32.0662 8120  mountmgr - ok
14:52:32.0665 8120  [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:52:32.0667 8120  MozillaMaintenance - ok
14:52:32.0671 8120  [ FC1D590039EF06A381768710E6C07E75 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
14:52:32.0673 8120  MpFilter - ok
14:52:32.0676 8120  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:52:32.0678 8120  mpio - ok
14:52:32.0680 8120  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:52:32.0680 8120  mpsdrv - ok
14:52:32.0690 8120  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:52:32.0693 8120  MpsSvc - ok
14:52:32.0695 8120  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:52:32.0696 8120  MRxDAV - ok
14:52:32.0699 8120  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:52:32.0700 8120  mrxsmb - ok
14:52:32.0705 8120  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:52:32.0707 8120  mrxsmb10 - ok
14:52:32.0710 8120  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:52:32.0711 8120  mrxsmb20 - ok
14:52:32.0713 8120  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:52:32.0714 8120  msahci - ok
14:52:32.0717 8120  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:52:32.0718 8120  msdsm - ok
14:52:32.0721 8120  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
14:52:32.0722 8120  MSDTC - ok
14:52:32.0726 8120  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:52:32.0726 8120  Msfs - ok
14:52:32.0728 8120  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:52:32.0728 8120  mshidkmdf - ok
14:52:32.0730 8120  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:52:32.0730 8120  msisadrv - ok
14:52:32.0734 8120  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:52:32.0735 8120  MSiSCSI - ok
14:52:32.0737 8120  msiserver - ok
14:52:32.0739 8120  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:52:32.0739 8120  MSKSSRV - ok
14:52:32.0742 8120  [ 66238063B53E51ADDA16764BAB9A3F7C ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
14:52:32.0742 8120  MsMpSvc - ok
14:52:32.0744 8120  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:52:32.0744 8120  MSPCLOCK - ok
14:52:32.0746 8120  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:52:32.0746 8120  MSPQM - ok
14:52:32.0752 8120  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:52:32.0755 8120  MsRPC - ok
14:52:32.0758 8120  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
14:52:32.0758 8120  mssmbios - ok
14:52:32.0760 8120  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:52:32.0760 8120  MSTEE - ok
14:52:32.0762 8120  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
14:52:32.0762 8120  MTConfig - ok
14:52:32.0764 8120  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
14:52:32.0765 8120  Mup - ok
14:52:32.0771 8120  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
14:52:32.0774 8120  napagent - ok
14:52:32.0779 8120  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:52:32.0781 8120  NativeWifiP - ok
14:52:32.0791 8120  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:52:32.0797 8120  NDIS - ok
14:52:32.0801 8120  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:52:32.0801 8120  NdisCap - ok
14:52:32.0803 8120  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:52:32.0804 8120  NdisTapi - ok
14:52:32.0806 8120  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:52:32.0807 8120  Ndisuio - ok
14:52:32.0809 8120  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:52:32.0811 8120  NdisWan - ok
14:52:32.0814 8120  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:52:32.0814 8120  NDProxy - ok
14:52:32.0816 8120  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:52:32.0817 8120  NetBIOS - ok
14:52:32.0821 8120  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:52:32.0823 8120  NetBT - ok
14:52:32.0825 8120  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
14:52:32.0825 8120  Netlogon - ok
14:52:32.0830 8120  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
14:52:32.0833 8120  Netman - ok
14:52:32.0836 8120  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:52:32.0837 8120  NetMsmqActivator - ok
14:52:32.0839 8120  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:52:32.0840 8120  NetPipeActivator - ok
14:52:32.0845 8120  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
14:52:32.0849 8120  netprofm - ok
14:52:32.0851 8120  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:52:32.0852 8120  NetTcpActivator - ok
14:52:32.0854 8120  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:52:32.0854 8120  NetTcpPortSharing - ok
14:52:32.0856 8120  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
14:52:32.0857 8120  nfrd960 - ok
14:52:32.0860 8120  [ 8FB3C853E886E1E4D57271672486111C ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:52:32.0861 8120  NisDrv - ok
14:52:32.0866 8120  [ 869A808253726EA11939EC4FE76346A4 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
14:52:32.0869 8120  NisSrv - ok
14:52:32.0873 8120  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:52:32.0876 8120  NlaSvc - ok
14:52:32.0878 8120  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:52:32.0879 8120  Npfs - ok
14:52:32.0881 8120  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
14:52:32.0882 8120  nsi - ok
14:52:32.0884 8120  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:52:32.0884 8120  nsiproxy - ok
14:52:32.0901 8120  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:52:32.0912 8120  Ntfs - ok
14:52:32.0914 8120  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
14:52:32.0915 8120  Null - ok
14:52:32.0918 8120  [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:52:32.0919 8120  nvraid - ok
14:52:32.0922 8120  [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:52:32.0924 8120  nvstor - ok
14:52:32.0926 8120  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:52:32.0928 8120  nv_agp - ok
14:52:32.0930 8120  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:52:32.0931 8120  ohci1394 - ok
14:52:32.0935 8120  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:52:32.0938 8120  p2pimsvc - ok
14:52:32.0944 8120  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:52:32.0948 8120  p2psvc - ok
14:52:32.0950 8120  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
14:52:32.0951 8120  Parport - ok
14:52:32.0954 8120  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:52:32.0955 8120  partmgr - ok
14:52:32.0958 8120  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:52:32.0960 8120  PcaSvc - ok
14:52:32.0963 8120  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
14:52:32.0965 8120  pci - ok
14:52:32.0967 8120  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
14:52:32.0967 8120  pciide - ok
14:52:32.0971 8120  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:52:32.0973 8120  pcmcia - ok
14:52:32.0975 8120  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:52:32.0976 8120  pcw - ok
14:52:32.0982 8120  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:52:32.0986 8120  PEAUTH - ok
14:52:33.0011 8120  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:52:33.0012 8120  PerfHost - ok
14:52:33.0027 8120  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
14:52:33.0036 8120  pla - ok
14:52:33.0042 8120  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:52:33.0045 8120  PlugPlay - ok
14:52:33.0047 8120  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:52:33.0048 8120  PNRPAutoReg - ok
14:52:33.0052 8120  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:52:33.0054 8120  PNRPsvc - ok
14:52:33.0060 8120  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:52:33.0064 8120  PolicyAgent - ok
14:52:33.0068 8120  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
14:52:33.0070 8120  Power - ok
14:52:33.0072 8120  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:52:33.0074 8120  PptpMiniport - ok
14:52:33.0076 8120  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
14:52:33.0077 8120  Processor - ok
14:52:33.0080 8120  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:52:33.0082 8120  ProfSvc - ok
14:52:33.0084 8120  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:52:33.0085 8120  ProtectedStorage - ok
14:52:33.0087 8120  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:52:33.0089 8120  Psched - ok
14:52:33.0102 8120  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
14:52:33.0112 8120  ql2300 - ok
14:52:33.0115 8120  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
14:52:33.0117 8120  ql40xx - ok
14:52:33.0120 8120  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
14:52:33.0123 8120  QWAVE - ok
14:52:33.0125 8120  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:52:33.0126 8120  QWAVEdrv - ok
14:52:33.0127 8120  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:52:33.0128 8120  RasAcd - ok
14:52:33.0130 8120  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:52:33.0131 8120  RasAgileVpn - ok
14:52:33.0134 8120  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
14:52:33.0135 8120  RasAuto - ok
14:52:33.0138 8120  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:52:33.0139 8120  Rasl2tp - ok
14:52:33.0143 8120  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
14:52:33.0146 8120  RasMan - ok
14:52:33.0148 8120  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:52:33.0149 8120  RasPppoe - ok
14:52:33.0152 8120  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:52:33.0153 8120  RasSstp - ok
14:52:33.0156 8120  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:52:33.0159 8120  rdbss - ok
14:52:33.0161 8120  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
14:52:33.0161 8120  rdpbus - ok
14:52:33.0163 8120  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:52:33.0164 8120  RDPCDD - ok
14:52:33.0166 8120  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:52:33.0167 8120  RDPENCDD - ok
14:52:33.0169 8120  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:52:33.0169 8120  RDPREFMP - ok
14:52:33.0172 8120  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:52:33.0173 8120  RdpVideoMiniport - ok
14:52:33.0176 8120  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:52:33.0178 8120  RDPWD - ok
14:52:33.0182 8120  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:52:33.0184 8120  rdyboost - ok
14:52:33.0187 8120  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:52:33.0188 8120  RemoteAccess - ok
14:52:33.0192 8120  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:52:33.0193 8120  RemoteRegistry - ok
14:52:33.0197 8120  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
14:52:33.0198 8120  RFCOMM - ok
14:52:33.0201 8120  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:52:33.0202 8120  RpcEptMapper - ok
14:52:33.0204 8120  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
14:52:33.0205 8120  RpcLocator - ok
14:52:33.0210 8120  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
14:52:33.0212 8120  RpcSs - ok
14:52:33.0214 8120  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:52:33.0216 8120  rspndr - ok
14:52:33.0218 8120  [ A936B36825135505467A9EAF3C22DA80 ] rzdaendpt       C:\Windows\system32\DRIVERS\rzdaendpt.sys
14:52:33.0219 8120  rzdaendpt - ok
14:52:33.0222 8120  [ 2A4CAD463AC2B03CC110EFB1B043099B ] rzudd           C:\Windows\system32\DRIVERS\rzudd.sys
14:52:33.0223 8120  rzudd - ok
14:52:33.0225 8120  [ 3A13921C17544F81B83AD3991B38F739 ] rzvkeyboard     C:\Windows\system32\DRIVERS\rzvkeyboard.sys
14:52:33.0226 8120  rzvkeyboard - ok
14:52:33.0228 8120  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
14:52:33.0228 8120  SamSs - ok
14:52:33.0231 8120  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:52:33.0232 8120  sbp2port - ok
14:52:33.0235 8120  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:52:33.0237 8120  SCardSvr - ok
14:52:33.0241 8120  [ 8CA4B51D1B07EC3CC5D907251F1800AB ] SCDEmu          C:\Windows\system32\drivers\SCDEmu.sys
14:52:33.0257 8120  SCDEmu - ok
14:52:33.0259 8120  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:52:33.0262 8120  scfilter - ok
14:52:33.0271 8120  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
14:52:33.0279 8120  Schedule - ok
14:52:33.0281 8120  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:52:33.0282 8120  SCPolicySvc - ok
14:52:33.0285 8120  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:52:33.0287 8120  SDRSVC - ok
14:52:33.0289 8120  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:52:33.0290 8120  secdrv - ok
14:52:33.0292 8120  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
14:52:33.0293 8120  seclogon - ok
14:52:33.0296 8120  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
14:52:33.0297 8120  SENS - ok
14:52:33.0299 8120  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:52:33.0301 8120  SensrSvc - ok
14:52:33.0303 8120  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
14:52:33.0304 8120  Serenum - ok
14:52:33.0306 8120  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
14:52:33.0307 8120  Serial - ok
14:52:33.0309 8120  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
14:52:33.0310 8120  sermouse - ok
14:52:33.0315 8120  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:52:33.0317 8120  SessionEnv - ok
14:52:33.0319 8120  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:52:33.0319 8120  sffdisk - ok
14:52:33.0321 8120  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:52:33.0322 8120  sffp_mmc - ok
14:52:33.0323 8120  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:52:33.0324 8120  sffp_sd - ok
14:52:33.0326 8120  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
14:52:33.0327 8120  sfloppy - ok
14:52:33.0331 8120  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:52:33.0334 8120  SharedAccess - ok
14:52:33.0339 8120  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:52:33.0342 8120  ShellHWDetection - ok
14:52:33.0344 8120  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
14:52:33.0345 8120  SiSRaid2 - ok
14:52:33.0348 8120  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:52:33.0348 8120  SiSRaid4 - ok
14:52:33.0351 8120  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:52:33.0352 8120  Smb - ok
14:52:33.0355 8120  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:52:33.0356 8120  SNMPTRAP - ok
14:52:33.0358 8120  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:52:33.0359 8120  spldr - ok
14:52:33.0365 8120  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
14:52:33.0369 8120  Spooler - ok
14:52:33.0399 8120  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
14:52:33.0422 8120  sppsvc - ok
14:52:33.0425 8120  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:52:33.0426 8120  sppuinotify - ok
14:52:33.0432 8120  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:52:33.0435 8120  srv - ok
14:52:33.0440 8120  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:52:33.0443 8120  srv2 - ok
14:52:33.0447 8120  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:52:33.0448 8120  srvnet - ok
14:52:33.0452 8120  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:52:33.0454 8120  SSDPSRV - ok
14:52:33.0456 8120  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:52:33.0457 8120  SstpSvc - ok
14:52:33.0459 8120  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
14:52:33.0460 8120  stexstor - ok
14:52:33.0467 8120  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
14:52:33.0471 8120  stisvc - ok
14:52:33.0473 8120  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
14:52:33.0474 8120  swenum - ok
14:52:33.0479 8120  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
14:52:33.0483 8120  swprv - ok
14:52:33.0499 8120  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
14:52:33.0511 8120  SysMain - ok
14:52:33.0514 8120  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:52:33.0516 8120  TabletInputService - ok
14:52:33.0521 8120  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:52:33.0524 8120  TapiSrv - ok
14:52:33.0526 8120  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
14:52:33.0527 8120  TBS - ok
14:52:33.0545 8120  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:52:33.0557 8120  Tcpip - ok
14:52:33.0573 8120  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:52:33.0579 8120  TCPIP6 - ok
14:52:33.0582 8120  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:52:33.0583 8120  tcpipreg - ok
14:52:33.0586 8120  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:52:33.0587 8120  TDPIPE - ok
14:52:33.0589 8120  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:52:33.0589 8120  TDTCP - ok
14:52:33.0592 8120  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:52:33.0593 8120  tdx - ok
14:52:33.0596 8120  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
14:52:33.0597 8120  TermDD - ok
14:52:33.0608 8120  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
14:52:33.0613 8120  TermService - ok
14:52:33.0615 8120  [ 9201BE2BAB8A9FF8E20D8439AE3BB04D ] Themes          C:\Windows\system32\themeservice.dll
14:52:33.0629 8120  Themes - ok
14:52:33.0631 8120  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
14:52:33.0632 8120  THREADORDER - ok
14:52:33.0638 8120  [ E19B1D70087E8AF86FC7EAC8EAA77FB1 ] Time            C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe
14:52:33.0638 8120  Time - ok
14:52:33.0641 8120  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
14:52:33.0643 8120  TrkWks - ok
14:52:33.0647 8120  [ 370A6907DDF79532A39319492B1FA38A ] truecrypt       C:\Windows\system32\drivers\truecrypt.sys
14:52:33.0649 8120  truecrypt - ok
14:52:33.0653 8120  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:52:33.0654 8120  TrustedInstaller - ok
14:52:33.0657 8120  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:52:33.0658 8120  tssecsrv - ok
14:52:33.0661 8120  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:52:33.0662 8120  TsUsbFlt - ok
14:52:33.0664 8120  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
14:52:33.0665 8120  TsUsbGD - ok
14:52:33.0669 8120  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:52:33.0670 8120  tunnel - ok
14:52:33.0672 8120  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:52:33.0673 8120  uagp35 - ok
14:52:33.0678 8120  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:52:33.0681 8120  udfs - ok
14:52:33.0686 8120  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:52:33.0687 8120  UI0Detect - ok
14:52:33.0690 8120  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:52:33.0691 8120  uliagpkx - ok
14:52:33.0693 8120  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:52:33.0694 8120  umbus - ok
14:52:33.0696 8120  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
14:52:33.0697 8120  UmPass - ok
14:52:33.0702 8120  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
14:52:33.0705 8120  upnphost - ok
14:52:33.0708 8120  [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:52:33.0716 8120  usbccgp - ok
14:52:33.0718 8120  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:52:33.0719 8120  usbcir - ok
14:52:33.0722 8120  [ 74EE782B1D9C241EFE425565854C661C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
14:52:33.0723 8120  usbehci - ok
14:52:33.0728 8120  [ DC96BD9CCB8403251BCF25047573558E ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:52:33.0732 8120  usbhub - ok
14:52:33.0734 8120  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:52:33.0735 8120  usbohci - ok
14:52:33.0737 8120  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
14:52:33.0738 8120  usbprint - ok
14:52:33.0740 8120  [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:52:33.0741 8120  USBSTOR - ok
14:52:33.0743 8120  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:52:33.0745 8120  usbuhci - ok
14:52:33.0747 8120  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
14:52:33.0749 8120  UxSms - ok
14:52:33.0751 8120  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
14:52:33.0751 8120  VaultSvc - ok
14:52:33.0753 8120  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:52:33.0754 8120  vdrvroot - ok
14:52:33.0760 8120  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
14:52:33.0765 8120  vds - ok
14:52:33.0767 8120  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:52:33.0768 8120  vga - ok
14:52:33.0770 8120  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:52:33.0771 8120  VgaSave - ok
14:52:33.0774 8120  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:52:33.0777 8120  vhdmp - ok
14:52:33.0779 8120  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:52:33.0779 8120  viaide - ok
14:52:33.0782 8120  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:52:33.0783 8120  volmgr - ok
14:52:33.0788 8120  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:52:33.0791 8120  volmgrx - ok
14:52:33.0795 8120  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:52:33.0798 8120  volsnap - ok
14:52:33.0801 8120  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
14:52:33.0803 8120  vsmraid - ok
14:52:33.0819 8120  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
14:52:33.0830 8120  VSS - ok
14:52:33.0832 8120  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
14:52:33.0832 8120  vwifibus - ok
14:52:33.0837 8120  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
14:52:33.0841 8120  W32Time - ok
14:52:33.0844 8120  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
14:52:33.0845 8120  WacomPen - ok
14:52:33.0847 8120  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:52:33.0848 8120  WANARP - ok
14:52:33.0850 8120  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:52:33.0851 8120  Wanarpv6 - ok
14:52:33.0866 8120  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
14:52:33.0876 8120  WatAdminSvc - ok
14:52:33.0889 8120  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
14:52:33.0900 8120  wbengine - ok
14:52:33.0904 8120  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:52:33.0907 8120  WbioSrvc - ok
14:52:33.0911 8120  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:52:33.0915 8120  wcncsvc - ok
14:52:33.0918 8120  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:52:33.0920 8120  WcsPlugInService - ok
14:52:33.0922 8120  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
14:52:33.0923 8120  Wd - ok
14:52:33.0930 8120  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:52:33.0936 8120  Wdf01000 - ok
14:52:33.0938 8120  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:52:33.0940 8120  WdiServiceHost - ok
14:52:33.0942 8120  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:52:33.0943 8120  WdiSystemHost - ok
14:52:33.0946 8120  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
14:52:33.0949 8120  WebClient - ok
14:52:33.0953 8120  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:52:33.0955 8120  Wecsvc - ok
14:52:33.0957 8120  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:52:33.0959 8120  wercplsupport - ok
14:52:33.0962 8120  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:52:33.0963 8120  WerSvc - ok
14:52:33.0965 8120  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:52:33.0966 8120  WfpLwf - ok
14:52:33.0968 8120  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:52:33.0968 8120  WIMMount - ok
14:52:33.0971 8120  WinDefend - ok
14:52:33.0974 8120  WinHttpAutoProxySvc - ok
14:52:33.0981 8120  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:52:33.0982 8120  Winmgmt - ok
14:52:34.0000 8120  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
14:52:34.0013 8120  WinRM - ok
14:52:34.0018 8120  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:52:34.0018 8120  WinUsb - ok
14:52:34.0028 8120  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:52:34.0031 8120  Wlansvc - ok
14:52:34.0052 8120  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:52:34.0066 8120  wlidsvc - ok
14:52:34.0068 8120  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
14:52:34.0069 8120  WmiAcpi - ok
14:52:34.0073 8120  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:52:34.0073 8120  wmiApSrv - ok
14:52:34.0075 8120  WMPNetworkSvc - ok
14:52:34.0077 8120  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:52:34.0079 8120  WPCSvc - ok
14:52:34.0081 8120  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:52:34.0082 8120  WPDBusEnum - ok
14:52:34.0084 8120  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:52:34.0085 8120  ws2ifsl - ok
14:52:34.0087 8120  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
14:52:34.0089 8120  wscsvc - ok
14:52:34.0090 8120  WSearch - ok
14:52:34.0113 8120  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:52:34.0128 8120  wuauserv - ok
14:52:34.0131 8120  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:52:34.0132 8120  WudfPf - ok
14:52:34.0136 8120  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:52:34.0137 8120  WUDFRd - ok
14:52:34.0140 8120  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:52:34.0142 8120  wudfsvc - ok
14:52:34.0145 8120  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:52:34.0147 8120  WwanSvc - ok
14:52:34.0155 8120  [ 4A5CE13408945E525503B5F73D29B9C5 ] xnacc           C:\Windows\system32\DRIVERS\xnacc.sys
14:52:34.0160 8120  xnacc - ok
14:52:34.0163 8120  [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
14:52:34.0164 8120  xusb21 - ok
14:52:34.0166 8120  ================ Scan global ===============================
14:52:34.0168 8120  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:52:34.0172 8120  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:52:34.0176 8120  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:52:34.0179 8120  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:52:34.0184 8120  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:52:34.0187 8120  [Global] - ok
14:52:34.0187 8120  ================ Scan MBR ==================================
14:52:34.0188 8120  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
14:52:34.0285 8120  \Device\Harddisk1\DR1 - ok
14:52:34.0292 8120  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:52:34.0603 8120  \Device\Harddisk0\DR0 - ok
14:52:34.0604 8120  ================ Scan VBR ==================================
14:52:34.0607 8120  [ A23AFA012A81551E0A0B81CECABC04DD ] \Device\Harddisk1\DR1\Partition1
14:52:34.0609 8120  \Device\Harddisk1\DR1\Partition1 - ok
14:52:34.0612 8120  [ E2A7179AD7B3A838CCB1AD9C4F702BEF ] \Device\Harddisk1\DR1\Partition2
14:52:34.0613 8120  \Device\Harddisk1\DR1\Partition2 - ok
14:52:34.0616 8120  [ 1076B2E1798675A3822F3F693306C86B ] \Device\Harddisk0\DR0\Partition1
14:52:34.0618 8120  \Device\Harddisk0\DR0\Partition1 - ok
14:52:34.0622 8120  [ E50DDDE288DE66C1D0A8E19768BC4BCF ] \Device\Harddisk0\DR0\Partition2
14:52:34.0624 8120  \Device\Harddisk0\DR0\Partition2 - ok
14:52:34.0624 8120  ============================================================
14:52:34.0624 8120  Scan finished
14:52:34.0625 8120  ============================================================
14:52:34.0641 8112  Detected object count: 0
14:52:34.0641 8112  Actual detected object count: 0
 

ESET didn't give me a log.



#4 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 PM

Posted 26 July 2013 - 01:39 PM

 
Eset log (log.txt) can be found
 
C:\Program Files (x86)\ESET\ESET Online Scanner

 

[OR]

 

C:\Program Files\ESET\ESET Online Scanner


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#5 Ell223

Ell223
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 27 July 2013 - 04:38 AM

I think something went wrong the first time so I did another scan.

 

 

# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9c14d54f9061dd418e5f1da30874de6f
# engine=14542
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-07-26 07:30:04
# local_time=2013-07-26 08:30:04 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 1224239 127332054 0 0
# scanned=136618
# found=0
# cleaned=0
# scan_time=1118
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9c14d54f9061dd418e5f1da30874de6f
# engine=14545
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-07-27 09:35:25
# local_time=2013-07-27 10:35:25 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 1274960 127382775 0 0
# scanned=540759
# found=0
# cleaned=0
# scan_time=4599


#6 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 PM

Posted 27 July 2013 - 05:43 AM

There are no signs of infection(s). Why do you think you have a virus?


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#7 Ell223

Ell223
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 27 July 2013 - 06:00 AM

Conhost shows up in my processes when I boot up, sometimes multiple instances of them. I monitor my GPU and it's at 99% usage, when I close the process the GPU goes back to 0%. I've read online that hackers and the like are using conhost.exe as a disguise for a program that uses your computer as a bitcoin miner, so it has an outgoing connection with their computer. It's definitely the conhost.exe that is causing my GPU spike.



#8 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 PM

Posted 27 July 2013 - 06:07 AM

:step1: Run Rkill http://www.bleepingcomputer.com/forums/t/308364/rkill-what-it-does-and-what-it-doesnt-a-brief-introduction-to-the-program/

 

       Note: Sometimes AV's thinks Rkill is infected, this isn't true, it's just a false-positive. Just let it terminate the malware processes. 

 

:step2: Provide the Rkill log.

 

:step3: Download Emsisoft Emergency Kit

  • Open EmsisoftEmergencyKit by  double-click Start.exe.
  • A new window will open. Under "Run Directly:" click Emergency Kit Scanner.
  • When asked to run an online update, click Yes.
  • When the update is finished, click the Back to Security Status link in the left corner. On the main screen click the Scan Now button.
  • Select the Deep Scan option and click the SCAN button.
  • When the scan is finished click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • Click the View Report button and in the Reports window double-click on the most recent log. Note, logs are named as follows: a2scan_<date>-<time>.txt.
  • Copy/paste the report contents in your next reply

Edited by GodfatherKing, 27 July 2013 - 06:13 AM.

If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#9 Ell223

Ell223
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 27 July 2013 - 08:21 AM

Rkill 2.5.7 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 07/27/2013 12:17:39 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\SysWOW64\ASGT.exe (PID: 1732) [WD-HEUR]
 * C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe (PID: 1152) [AU-HEUR]
 * C:\Windows\SysWOW64\HsMgr.exe (PID: 2840) [WD-HEUR]
 * C:\Windows\system\HsMgr64.exe (PID: 2868) [WD-HEUR]
 * C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe (PID: 3800) [AU-HEUR]
 * C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe (PID: 7128) [AU-HEUR]
 
6 proccesses terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * C:\Windows\System32\UxTheme.dll : 332,288 : 07/12/2013 05:10 PM : 8bf20c54ffb37cfb960f708ffa813fa7 [NoSig]
 +-> C:\Windows\SysWOW64\uxtheme.dll : 245,760 : 07/14/2009 02:11 AM : 43964fa89ccf97ba6be34d69455ac65f [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_01d98c7b2040a1b9\uxtheme.dll : 332,288 : 07/14/2009 02:41 AM : d29e998e8277666982b4f0303bf4e7af [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_0c2e36cd54a163b4\uxtheme.dll : 245,760 : 07/14/2009 02:11 AM : 43964fa89ccf97ba6be34d69455ac65f [Pos Repl]
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 07/27/2013 12:17:56 PM

 

 

Although it doesn't say Conhost in the log, it did stop the process from running, so maybe it only shows up as conhost in processes to try and disguise itself?

 

Emsisoft Emergency Kit - Version 4.0

Last update: 27/07/2013 12:28:43
User account: Elliott-PC\Elliott
 
Scan settings:
 
Scan type: Deep Scan
Objects: Rootkits, Memory, Traces, B:\, C:\
 
Detect Riskware: Off
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 27/07/2013 12:29:01
 
Scanned 862282
Found 0
 
Scan end: 27/07/2013 14:20:51
Scan time: 1:51:50


#10 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 PM

Posted 27 July 2013 - 08:32 AM

I think you got some new malware that's bad to trace, because other scans weren't able to find them.

 

:step1: Go to Virustotal => https://www.virustotal.com 

 

           Upload the following files:

 

  C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe (PID: 1152) [AU-HEUR]
  C:\Windows\SysWOW64\HsMgr.exe (PID: 2840) [WD-HEUR]
  C:\Windows\system\HsMgr64.exe (PID: 2868) [WD-HEUR]
  C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe (PID: 3800) [AU-HEUR]
  C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe (PID: 7128) [AU-HEUR]
 
Post the links to scan analyses. 

If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#11 Ell223

Ell223
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 27 July 2013 - 08:55 AM

https://www.virustotal.com/en/file/7209efff514555dacb73c3a7b428a48b20ace4ce2effa15eddd891487ddb2b6b/analysis/1374933018/

https://www.virustotal.com/en/file/c6d275b4993502a155f85d8de26b119866dee106c98cf29cdaacbaf11484c94a/analysis/1374933116/

https://www.virustotal.com/en/file/65ccfec1f61e475a1f6759ecca8de1844a26ab7f827bc1f63339a0dff554b039/analysis/1374933162/

https://www.virustotal.com/en/file/1748c837ca06781ecc09f2649f4a1f1e29179328e77797d04c124e5187355a22/analysis/1374933223/

https://www.virustotal.com/en/file/a6bfb9e6bcc25b3ba7b4c8a0f11c274a7e2e06f4dd283035129e43cfdd456fd1/analysis/1374933268/

 

 

The last one got some bad points.



#12 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 PM

Posted 27 July 2013 - 10:02 AM

This is too advanced for me, I would suggest you post a DSS-log into the forum Virus, Trojan, Spyware, and Malware Removal Logs.

 

 

:step1: Read this topic: http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

 

:step2: Post a new topic with the DSS-log http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

 

:step3: An Malware expert will help you there. 


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#13 Ell223

Ell223
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 27 July 2013 - 10:21 AM

Thanks for all the help, I've posted a topic over there!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users