Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MSE cannot remove DOS:Alueron.J


  • Please log in to reply
9 replies to this topic

#1 mttime73

mttime73

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 05 September 2013 - 11:21 PM

Hello,

I am battling a malware infection.  It started by being alerted that the computer could not boot into Windows - it claimed it couldn't find a boot device.  I was able to change the boot order and got into WIndows.  I've run MBAM once in standard and once in safe mode and it has removed a trojan and bunch of PUPs.  MSE is stuck trying to remove Alueron even using their offline Windows Defender scanner (not that I had a lot of faith in it).

 

Can someone help me diagnoise the extent of the issue and provide some steps to clean this infection?

 

Thanks!



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:31 PM

Posted 06 September 2013 - 12:42 AM

Hello -

A quick ckeck first -

Download Security Check by Screen317
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If any security program requests permission to access the Internet, allow it to do so.

 

 

Now please run these programs in order that they are listed -

 

:step1: Please download Junkware Removal Tool by thisisu to your desktop
Shut down your protection software now to avoid potential conflicts.

How To Temporarily Disable Your Anti-virus While this scan runs
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

 

:step2: Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them.
NOTE : You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.
NOTE. rKill.txt log will also be present on your desktop.
NOTE Do NOT wrap your logs in "quote" or "code" brackets.

 

 

 

:step3: This next scan is best performed with Internet Explorer, but other directions are listed -

How To Temporarily Disable Your Anti-virus While this scan runs

Scan your machine with ESET OnlineScan
1. Hold down Control and click HERE to open ESET OnlineScan in a new window.
2. Click the ESET Online Scanner button.
3. NOTE :.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

 

- 1.Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
- 2. Double click on the ESET Online Scanner icon on your desktop.

 

 4. Check "YES, I accept the Terms of Use."
 5. Click the Start button.
 6. Accept any security warnings from your browser.
 7. Under scan settings, check "Scan Archives" and "Remove found threats"
8. Click Advanced settings and select the following:

 

Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology

 

 9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take some time to download the program for a first time, and then download updated data base (1 to 2  hours or more is not unusual)
10. When the scan completes, click List Threats
11. Click Export, and save the file to your desktop using a unique name, such as ESETScan.
- Include the contents of this report in your next reply.
12. Click the Back button.
13. Click the Finish button
Or you can find a report at  C:\Program Files\esetonlinescanner\log.txt.

 

 

 

:step4: Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
• If TDSSKiller does not run, try renaming it.
• To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
• Click the Start Scan button.
Do not use the computer during the scan
•If the scan completes with nothing found, click Close to exit.
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
• A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
• Copy and paste the contents of that file in your next reply.

 

 

Be sure you have Enabled your Antivirus program by now -

 

 

If you have this program installed, be sure to Update it prior to any scan.

 

:step5: The scan should be done in Normal Mode and Not in Safe Mode -

 

Please download Malwarebytes Anti-Malware Free (aka MBAM)
* Double-click MBAM -setup.exe and follow the prompts to install the program.
* At the end, be sure to Check for Updates to be so it is current
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Scan, then click Quick Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
If you are not sure of any items, post the log and ask if it should be removed.

Be sure to reboot the computer after you post the log.

 

 

Thank You -

EDIT - You can post each reply as you complete them as this will be easier -


Edited by noknojon, 06 September 2013 - 12:51 AM.


#3 mttime73

mttime73
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 06 September 2013 - 01:30 PM

Hello,

Thanks for the quick reply.  It took some time to run all the tools, in particular ESET so I appreciate you being patient.

 

I have the logs, I will post in each one separately.

 

Security Check:

 Results of screen317's Security Check version 0.99.73  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java™ 6 Update 32  
 Java version out of Date! 
 Adobe Flash Player 11.8.800.94  
 Adobe Reader XI  
 Google Chrome 29.0.1547.62  
 Google Chrome 29.0.1547.66  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 6% 
````````````````````End of Log`````````````````````` 

Here is the log for JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.8 (09.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by AA CASH on Fri 09/06/2013 at  8:29:45.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apnupdater
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86d4b82a-abed-442a-be86-96357b70f4fe}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3297951
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNToolbarInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNToolbarInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5EC91902-C269-4CF1-AF18-F4EBCFF652D1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8D420106-E376-4082-9812-E162A3DFF574}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\typelib\{2996f0e7-292b-4cae-893f-47b8b1c05b56}"
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Windows\Tasks\filecure startup.job"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\AA CASH\AppData\Roaming\searchprotect"
Successfully deleted: [Folder] "C:\Users\AA CASH\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\AA CASH\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\AA CASH\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"
Successfully deleted: [Folder] "C:\ProgramData\ask"
Successfully deleted: [Folder] "C:\Users\AA CASH\appdata\locallow\asktoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 09/06/2013 at  8:41:54.45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

RKill log:

 

Rkill 2.6.1 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 09/06/2013 08:44:15 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Users\AA CASH\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (PID: 2168) [UP-HEUR]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]
 
Backup Registry file created at:
 C:\Users\AA CASH\Desktop\rkill\rkill-09-06-2013-08-44-19.reg
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
  ::1             localhost
 
Program finished at: 09/06/2013 08:44:55 AM
Execution time: 0 hours(s), 0 minute(s), and 40 seconds(s)


#4 mttime73

mttime73
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 06 September 2013 - 01:35 PM

ESETScan log:

 

C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js Win32/Conduit.SearchProtect.A application cleaned by deleting - quarantined
C:\Users\AA CASH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WMUL8A1R\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\AA CASH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WMUL8A1R\SPSetup[1].exe multiple threats cleaned by deleting - quarantined
C:\Users\AA CASH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XIBCA1J7\askToolbarInstaller-1.17.7.0[1].exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\AA CASH\AppData\Local\Temp\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\AA CASH\AppData\Local\Temp\is-0BAMQ.tmp\FoxitInstaller_FXTV5_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined
C:\Users\AA CASH\Documents\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\AA CASH\Downloads\driverrobot_setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\AA CASH\Downloads\FoxitReader603.0524_enu_Setup.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined
 

or

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# IEXPLORE.EXE=10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=56a905397bfc114d97c80bf62a65eccd
# engine=15034
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-09-06 06:00:21
# local_time=2013-09-06 11:00:21 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 3862442 130033871 0 0
# scanned=405485
# found=9
# cleaned=9
# scan_time=7559
sh=93510E07EBD463BE51052EC8114EC16C5423103E ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js"
sh=526C685B52444130CD450DEC45826528AD21DFB2 ft=1 fh=8cfb9e08e6192fa7 vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\AA CASH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WMUL8A1R\ApnIC[1].0"
sh=9F35D7BE2DCF8EEF6119A86FD13C0E44891B0135 ft=1 fh=21c94c558768c225 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\AA CASH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WMUL8A1R\SPSetup[1].exe"
sh=E44506A8CF1860486750A7E99DF21F5CACA1605D ft=1 fh=b7d13fb04a3561ca vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\AA CASH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XIBCA1J7\askToolbarInstaller-1.17.7.0[1].exe"
sh=DBA4D7540C69C6492D48E688A00B51387685F8A6 ft=1 fh=fb092140bceb8039 vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\AA CASH\AppData\Local\Temp\ApnStub.exe"
sh=06643513F2019CDE3DF0546979ECBB20A4C9E2B1 ft=1 fh=9451ed75344a8545 vn="a variant of Win32/Bundled.Toolbar.Ask.D application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\AA CASH\AppData\Local\Temp\is-0BAMQ.tmp\FoxitInstaller_FXTV5_.exe"
sh=DBA4D7540C69C6492D48E688A00B51387685F8A6 ft=1 fh=fb092140bceb8039 vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\AA CASH\Documents\ApnStub.exe"
sh=D8AB86DAF6E5628FBECC7D300C9C50AD05657208 ft=1 fh=edd07f85a22c817a vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\AA CASH\Downloads\driverrobot_setup.exe"
sh=16286F452F5787D76F156D7393F782E6E11F6FBD ft=1 fh=e63982776593dcc8 vn="a variant of Win32/Bundled.Toolbar.Ask.D application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\AA CASH\Downloads\FoxitReader603.0524_enu_Setup.exe"


#5 mttime73

mttime73
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 06 September 2013 - 01:37 PM

TDSS Log:

 

11:12:54.0594 0x2df4  TDSS rootkit removing tool 2.9.2.0 Aug 15 2013 16:44:29
11:12:55.0104 0x2df4  ============================================================
11:12:55.0104 0x2df4  Current date / time: 2013/09/06 11:12:55.0104
11:12:55.0104 0x2df4  SystemInfo:
11:12:55.0104 0x2df4  
11:12:55.0104 0x2df4  OS Version: 6.1.7601 ServicePack: 1.0
11:12:55.0105 0x2df4  Product type: Workstation
11:12:55.0105 0x2df4  ComputerName: PAYEE
11:12:55.0105 0x2df4  UserName: AA CASH
11:12:55.0105 0x2df4  Windows directory: C:\Windows
11:12:55.0105 0x2df4  System windows directory: C:\Windows
11:12:55.0105 0x2df4  Running under WOW64
11:12:55.0105 0x2df4  Processor architecture: Intel x64
11:12:55.0105 0x2df4  Number of processors: 4
11:12:55.0105 0x2df4  Page size: 0x1000
11:12:55.0105 0x2df4  Boot type: Normal boot
11:12:55.0105 0x2df4  ============================================================
11:12:56.0089 0x2df4  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:12:56.0128 0x2df4  ============================================================
11:12:56.0128 0x2df4  \Device\Harddisk0\DR0:
11:12:56.0128 0x2df4  MBR partitions:
11:12:56.0128 0x2df4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:12:56.0128 0x2df4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x55E26000
11:12:56.0128 0x2df4  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x55E58800, BlocksNum 0x16ED000
11:12:56.0128 0x2df4  ============================================================
11:12:56.0153 0x2df4  C: <-> \Device\Harddisk0\DR0\Partition2
11:12:56.0197 0x2df4  D: <-> \Device\Harddisk0\DR0\Partition3
11:12:56.0197 0x2df4  ============================================================
11:12:56.0197 0x2df4  Initialize success
11:12:56.0197 0x2df4  ============================================================
11:13:17.0818 0x2d88  ============================================================
11:13:17.0818 0x2d88  Scan started
11:13:17.0818 0x2d88  Mode: Manual; 
11:13:17.0818 0x2d88  ============================================================
11:13:19.0852 0x2d88  ================ Scan system memory ========================
11:13:19.0852 0x2d88  System memory - ok
11:13:19.0853 0x2d88  ================ Scan services =============================
11:13:19.0967 0x2d88  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
11:13:19.0971 0x2d88  1394ohci - ok
11:13:20.0014 0x2d88  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
11:13:20.0022 0x2d88  ACPI - ok
11:13:20.0042 0x2d88  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
11:13:20.0044 0x2d88  AcpiPmi - ok
11:13:20.0128 0x2d88  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:13:20.0131 0x2d88  AdobeARMservice - ok
11:13:20.0229 0x2d88  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:13:20.0234 0x2d88  AdobeFlashPlayerUpdateSvc - ok
11:13:20.0266 0x2d88  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
11:13:20.0276 0x2d88  adp94xx - ok
11:13:20.0299 0x2d88  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
11:13:20.0306 0x2d88  adpahci - ok
11:13:20.0324 0x2d88  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
11:13:20.0329 0x2d88  adpu320 - ok
11:13:20.0354 0x2d88  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
11:13:20.0356 0x2d88  AeLookupSvc - ok
11:13:20.0389 0x2d88  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
11:13:20.0394 0x2d88  AFD - ok
11:13:20.0408 0x2d88  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
11:13:20.0410 0x2d88  agp440 - ok
11:13:20.0428 0x2d88  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
11:13:20.0429 0x2d88  ALG - ok
11:13:20.0442 0x2d88  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
11:13:20.0443 0x2d88  aliide - ok
11:13:20.0456 0x2d88  [ C4C88CD854B28FC85495C841A0F6A069 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:13:20.0459 0x2d88  AMD External Events Utility - ok
11:13:20.0469 0x2d88  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
11:13:20.0471 0x2d88  amdide - ok
11:13:20.0482 0x2d88  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
11:13:20.0484 0x2d88  AmdK8 - ok
11:13:20.0616 0x2d88  [ 1147F8816D4DDC9FC43A40DF52F40500 ] amdkmdag        C:\Windows\system32\DRIVERS\atipmdag.sys
11:13:20.0735 0x2d88  amdkmdag - ok
11:13:20.0757 0x2d88  [ EBC963D8F5B04C98F5EF597AAE79CDDD ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
11:13:20.0759 0x2d88  amdkmdap - ok
11:13:20.0771 0x2d88  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
11:13:20.0772 0x2d88  AmdPPM - ok
11:13:20.0786 0x2d88  [ 53D8D46D51D390ABDB54ECA623165CB7 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
11:13:20.0786 0x2d88  amdsata - ok
11:13:20.0800 0x2d88  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
11:13:20.0803 0x2d88  amdsbs - ok
11:13:20.0806 0x2d88  [ 75C51148154E34EB3D7BB84749A758D5 ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
11:13:20.0806 0x2d88  amdxata - ok
11:13:20.0853 0x2d88  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
11:13:20.0856 0x2d88  AppID - ok
11:13:20.0868 0x2d88  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
11:13:20.0870 0x2d88  AppIDSvc - ok
11:13:20.0898 0x2d88  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
11:13:20.0900 0x2d88  Appinfo - ok
11:13:20.0916 0x2d88  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
11:13:20.0920 0x2d88  arc - ok
11:13:20.0938 0x2d88  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
11:13:20.0941 0x2d88  arcsas - ok
11:13:20.0974 0x2d88  aspnet_state - ok
11:13:20.0996 0x2d88  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:13:20.0997 0x2d88  AsyncMac - ok
11:13:21.0002 0x2d88  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
11:13:21.0003 0x2d88  atapi - ok
11:13:21.0114 0x2d88  [ A1EC6816BD37AF374C765B59B3B2853C ] ATICDSDr        C:\Users\AACASH~1\AppData\Local\Temp\ATICDSDr.sys
11:13:21.0116 0x2d88  ATICDSDr - ok
11:13:21.0150 0x2d88  [ E82E61F46D1336447F4DEFF8C074F13E ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie64.sys
11:13:21.0152 0x2d88  AtiPcie - ok
11:13:21.0199 0x2d88  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:13:21.0213 0x2d88  AudioEndpointBuilder - ok
11:13:21.0230 0x2d88  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
11:13:21.0236 0x2d88  AudioSrv - ok
11:13:21.0260 0x2d88  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
11:13:21.0262 0x2d88  AxInstSV - ok
11:13:21.0286 0x2d88  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
11:13:21.0292 0x2d88  b06bdrv - ok
11:13:21.0312 0x2d88  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
11:13:21.0316 0x2d88  b57nd60a - ok
11:13:21.0349 0x2d88  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
11:13:21.0351 0x2d88  BDESVC - ok
11:13:21.0365 0x2d88  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:13:21.0366 0x2d88  Beep - ok
11:13:21.0391 0x2d88  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
11:13:21.0400 0x2d88  BFE - ok
11:13:21.0425 0x2d88  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
11:13:21.0436 0x2d88  BITS - ok
11:13:21.0453 0x2d88  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
11:13:21.0455 0x2d88  blbdrive - ok
11:13:21.0493 0x2d88  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:13:21.0495 0x2d88  bowser - ok
11:13:21.0509 0x2d88  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:13:21.0511 0x2d88  BrFiltLo - ok
11:13:21.0517 0x2d88  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:13:21.0518 0x2d88  BrFiltUp - ok
11:13:21.0548 0x2d88  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
11:13:21.0551 0x2d88  Browser - ok
11:13:21.0563 0x2d88  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
11:13:21.0567 0x2d88  Brserid - ok
11:13:21.0579 0x2d88  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
11:13:21.0581 0x2d88  BrSerWdm - ok
11:13:21.0596 0x2d88  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
11:13:21.0597 0x2d88  BrUsbMdm - ok
11:13:21.0602 0x2d88  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
11:13:21.0603 0x2d88  BrUsbSer - ok
11:13:21.0620 0x2d88  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
11:13:21.0622 0x2d88  BTHMODEM - ok
11:13:21.0637 0x2d88  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
11:13:21.0638 0x2d88  bthserv - ok
11:13:21.0647 0x2d88  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:13:21.0649 0x2d88  cdfs - ok
11:13:21.0686 0x2d88  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
11:13:21.0688 0x2d88  cdrom - ok
11:13:21.0735 0x2d88  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
11:13:21.0737 0x2d88  CertPropSvc - ok
11:13:21.0783 0x2d88  [ 2C24DB5F78F0ACA759803001E6B4F320 ] CinemaNow Service C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
11:13:21.0788 0x2d88  CinemaNow Service - ok
11:13:21.0807 0x2d88  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
11:13:21.0808 0x2d88  circlass - ok
11:13:21.0823 0x2d88  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
11:13:21.0828 0x2d88  CLFS - ok
11:13:21.0848 0x2d88  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:13:21.0849 0x2d88  clr_optimization_v2.0.50727_32 - ok
11:13:21.0882 0x2d88  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:13:21.0883 0x2d88  clr_optimization_v2.0.50727_64 - ok
11:13:21.0944 0x2d88  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:13:21.0948 0x2d88  clr_optimization_v4.0.30319_32 - ok
11:13:22.0016 0x2d88  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:13:22.0018 0x2d88  clr_optimization_v4.0.30319_64 - ok
11:13:22.0029 0x2d88  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
11:13:22.0030 0x2d88  CmBatt - ok
11:13:22.0045 0x2d88  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
11:13:22.0046 0x2d88  cmdide - ok
11:13:22.0072 0x2d88  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
11:13:22.0078 0x2d88  CNG - ok
11:13:22.0088 0x2d88  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
11:13:22.0089 0x2d88  Compbatt - ok
11:13:22.0103 0x2d88  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
11:13:22.0104 0x2d88  CompositeBus - ok
11:13:22.0109 0x2d88  COMSysApp - ok
11:13:22.0126 0x2d88  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
11:13:22.0127 0x2d88  crcdisk - ok
11:13:22.0168 0x2d88  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:13:22.0171 0x2d88  CryptSvc - ok
11:13:22.0202 0x2d88  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:13:22.0210 0x2d88  DcomLaunch - ok
11:13:22.0226 0x2d88  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
11:13:22.0231 0x2d88  defragsvc - ok
11:13:22.0253 0x2d88  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:13:22.0255 0x2d88  DfsC - ok
11:13:22.0285 0x2d88  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
11:13:22.0290 0x2d88  Dhcp - ok
11:13:22.0317 0x2d88  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
11:13:22.0319 0x2d88  discache - ok
11:13:22.0339 0x2d88  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
11:13:22.0341 0x2d88  Disk - ok
11:13:22.0369 0x2d88  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:13:22.0372 0x2d88  Dnscache - ok
11:13:22.0414 0x2d88  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
11:13:22.0418 0x2d88  dot3svc - ok
11:13:22.0458 0x2d88  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
11:13:22.0462 0x2d88  Dot4 - ok
11:13:22.0502 0x2d88  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\drivers\Dot4Prt.sys
11:13:22.0504 0x2d88  Dot4Print - ok
11:13:22.0533 0x2d88  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
11:13:22.0535 0x2d88  dot4usb - ok
11:13:22.0557 0x2d88  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
11:13:22.0562 0x2d88  DPS - ok
11:13:22.0577 0x2d88  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
11:13:22.0579 0x2d88  drmkaud - ok
11:13:22.0619 0x2d88  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
11:13:22.0631 0x2d88  DXGKrnl - ok
11:13:22.0652 0x2d88  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
11:13:22.0654 0x2d88  EapHost - ok
11:13:22.0731 0x2d88  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
11:13:22.0781 0x2d88  ebdrv - ok
11:13:22.0814 0x2d88  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
11:13:22.0816 0x2d88  EFS - ok
11:13:22.0881 0x2d88  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
11:13:22.0894 0x2d88  ehRecvr - ok
11:13:22.0925 0x2d88  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
11:13:22.0927 0x2d88  ehSched - ok
11:13:22.0962 0x2d88  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
11:13:22.0969 0x2d88  elxstor - ok
11:13:22.0984 0x2d88  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
11:13:22.0986 0x2d88  ErrDev - ok
11:13:23.0017 0x2d88  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
11:13:23.0022 0x2d88  EventSystem - ok
11:13:23.0038 0x2d88  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
11:13:23.0042 0x2d88  exfat - ok
11:13:23.0057 0x2d88  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
11:13:23.0060 0x2d88  fastfat - ok
11:13:23.0094 0x2d88  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
11:13:23.0103 0x2d88  Fax - ok
11:13:23.0118 0x2d88  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
11:13:23.0120 0x2d88  fdc - ok
11:13:23.0131 0x2d88  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
11:13:23.0133 0x2d88  fdPHost - ok
11:13:23.0143 0x2d88  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
11:13:23.0145 0x2d88  FDResPub - ok
11:13:23.0158 0x2d88  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:13:23.0160 0x2d88  FileInfo - ok
11:13:23.0171 0x2d88  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
11:13:23.0173 0x2d88  Filetrace - ok
11:13:23.0184 0x2d88  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
11:13:23.0185 0x2d88  flpydisk - ok
11:13:23.0207 0x2d88  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:13:23.0211 0x2d88  FltMgr - ok
11:13:23.0260 0x2d88  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
11:13:23.0286 0x2d88  FontCache - ok
11:13:23.0323 0x2d88  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:13:23.0324 0x2d88  FontCache3.0.0.0 - ok
11:13:23.0350 0x2d88  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
11:13:23.0351 0x2d88  FsDepends - ok
11:13:23.0369 0x2d88  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:13:23.0371 0x2d88  Fs_Rec - ok
11:13:23.0407 0x2d88  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
11:13:23.0409 0x2d88  fvevol - ok
11:13:23.0419 0x2d88  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
11:13:23.0420 0x2d88  gagp30kx - ok
11:13:23.0445 0x2d88  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
11:13:23.0453 0x2d88  gpsvc - ok
11:13:23.0499 0x2d88  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:13:23.0502 0x2d88  gupdate - ok
11:13:23.0511 0x2d88  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:13:23.0513 0x2d88  gupdatem - ok
11:13:23.0535 0x2d88  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
11:13:23.0537 0x2d88  hcw85cir - ok
11:13:23.0590 0x2d88  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:13:23.0595 0x2d88  HdAudAddService - ok
11:13:23.0611 0x2d88  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
11:13:23.0613 0x2d88  HDAudBus - ok
11:13:23.0627 0x2d88  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
11:13:23.0628 0x2d88  HidBatt - ok
11:13:23.0641 0x2d88  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
11:13:23.0642 0x2d88  HidBth - ok
11:13:23.0659 0x2d88  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
11:13:23.0660 0x2d88  HidIr - ok
11:13:23.0683 0x2d88  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
11:13:23.0685 0x2d88  hidserv - ok
11:13:23.0696 0x2d88  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
11:13:23.0697 0x2d88  HidUsb - ok
11:13:23.0720 0x2d88  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
11:13:23.0725 0x2d88  hkmsvc - ok
11:13:23.0759 0x2d88  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:13:23.0762 0x2d88  HomeGroupListener - ok
11:13:23.0775 0x2d88  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:13:23.0778 0x2d88  HomeGroupProvider - ok
11:13:23.0863 0x2d88  [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
11:13:23.0865 0x2d88  HP Support Assistant Service - ok
11:13:23.0919 0x2d88  [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
11:13:23.0939 0x2d88  hpqwmiex - ok
11:13:23.0957 0x2d88  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
11:13:23.0960 0x2d88  HpSAMD - ok
11:13:24.0016 0x2d88  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
11:13:24.0024 0x2d88  HTTP - ok
11:13:24.0051 0x2d88  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
11:13:24.0052 0x2d88  hwpolicy - ok
11:13:24.0060 0x2d88  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
11:13:24.0062 0x2d88  i8042prt - ok
11:13:24.0087 0x2d88  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
11:13:24.0092 0x2d88  iaStorV - ok
11:13:24.0118 0x2d88  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:13:24.0129 0x2d88  idsvc - ok
11:13:24.0140 0x2d88  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
11:13:24.0141 0x2d88  iirsp - ok
11:13:24.0159 0x2d88  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
11:13:24.0169 0x2d88  IKEEXT - ok
11:13:24.0221 0x2d88  [ 3C4B4EE54FEBB09F7E9F58776DE96DCA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:13:24.0255 0x2d88  IntcAzAudAddService - ok
11:13:24.0269 0x2d88  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
11:13:24.0270 0x2d88  intelide - ok
11:13:24.0291 0x2d88  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
11:13:24.0292 0x2d88  intelppm - ok
11:13:24.0321 0x2d88  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
11:13:24.0324 0x2d88  IPBusEnum - ok
11:13:24.0359 0x2d88  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:13:24.0361 0x2d88  IpFilterDriver - ok
11:13:24.0395 0x2d88  [ 08C2957BB30058E663720C5606885653 ] IpHlpSvc        C:\Windows\System32\iphlpsvc.dll
11:13:24.0408 0x2d88  IpHlpSvc - ok
11:13:24.0433 0x2d88  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
11:13:24.0435 0x2d88  IPMIDRV - ok
11:13:24.0456 0x2d88  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
11:13:24.0459 0x2d88  IPNAT - ok
11:13:24.0474 0x2d88  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
11:13:24.0476 0x2d88  IRENUM - ok
11:13:24.0487 0x2d88  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
11:13:24.0488 0x2d88  isapnp - ok
11:13:24.0510 0x2d88  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
11:13:24.0514 0x2d88  iScsiPrt - ok
11:13:24.0533 0x2d88  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
11:13:24.0534 0x2d88  kbdclass - ok
11:13:24.0545 0x2d88  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
11:13:24.0546 0x2d88  kbdhid - ok
11:13:24.0554 0x2d88  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
11:13:24.0555 0x2d88  KeyIso - ok
11:13:24.0638 0x2d88  [ 775C6D5D60146D7DB08A01CB596D7EC6 ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
11:13:24.0646 0x2d88  Kodak AiO Network Discovery Service - ok
11:13:24.0730 0x2d88  [ 17AFF68AB32F8671BC46612D35351099 ] Kodak AiO Status Monitor Service C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
11:13:24.0745 0x2d88  Kodak AiO Status Monitor Service - ok
11:13:24.0779 0x2d88  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
11:13:24.0783 0x2d88  KSecDD - ok
11:13:24.0810 0x2d88  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
11:13:24.0814 0x2d88  KSecPkg - ok
11:13:24.0825 0x2d88  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
11:13:24.0827 0x2d88  ksthunk - ok
11:13:24.0860 0x2d88  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
11:13:24.0870 0x2d88  KtmRm - ok
11:13:24.0933 0x2d88  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
11:13:24.0941 0x2d88  LanmanServer - ok
11:13:24.0988 0x2d88  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:13:24.0993 0x2d88  LanmanWorkstation - ok
11:13:25.0046 0x2d88  [ 3503F257B3203F824B1567238EBE17E2 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
11:13:25.0048 0x2d88  LightScribeService - ok
11:13:25.0080 0x2d88  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
11:13:25.0081 0x2d88  lltdio - ok
11:13:25.0106 0x2d88  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
11:13:25.0109 0x2d88  lltdsvc - ok
11:13:25.0126 0x2d88  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
11:13:25.0127 0x2d88  lmhosts - ok
11:13:25.0213 0x2d88  [ 8F2CFF01F12955477450DA5E572D4001 ] LMIGuardianSvc  C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
11:13:25.0216 0x2d88  LMIGuardianSvc - ok
11:13:25.0257 0x2d88  [ 0F28935ECF1FBDEC22BAF720A5A94564 ] LMIInfo         C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
11:13:25.0258 0x2d88  LMIInfo - ok
11:13:25.0291 0x2d88  [ CA86C7042E406070B905AE6CA45D22EA ] LMIMaint        C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
11:13:25.0293 0x2d88  LMIMaint - ok
11:13:25.0317 0x2d88  [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr         C:\Windows\system32\DRIVERS\lmimirr.sys
11:13:25.0318 0x2d88  lmimirr - ok
11:13:25.0321 0x2d88  LMIRfsClientNP - ok
11:13:25.0329 0x2d88  [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver    C:\Windows\system32\drivers\LMIRfsDriver.sys
11:13:25.0330 0x2d88  LMIRfsDriver - ok
11:13:25.0346 0x2d88  [ D3760BC17E1755091B7120CF32DBF56B ] LogMeIn         C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
11:13:25.0350 0x2d88  LogMeIn - ok
11:13:25.0362 0x2d88  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
11:13:25.0364 0x2d88  LSI_FC - ok
11:13:25.0386 0x2d88  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
11:13:25.0388 0x2d88  LSI_SAS - ok
11:13:25.0404 0x2d88  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:13:25.0408 0x2d88  LSI_SAS2 - ok
11:13:25.0428 0x2d88  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:13:25.0432 0x2d88  LSI_SCSI - ok
11:13:25.0460 0x2d88  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
11:13:25.0464 0x2d88  luafv - ok
11:13:25.0502 0x2d88  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
11:13:25.0505 0x2d88  MBAMProtector - ok
11:13:25.0577 0x2d88  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:13:25.0586 0x2d88  MBAMScheduler - ok
11:13:25.0630 0x2d88  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:13:25.0644 0x2d88  MBAMService - ok
11:13:25.0703 0x2d88  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
11:13:25.0709 0x2d88  McComponentHostService - ok
11:13:25.0747 0x2d88  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
11:13:25.0749 0x2d88  Mcx2Svc - ok
11:13:25.0764 0x2d88  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
11:13:25.0765 0x2d88  megasas - ok
11:13:25.0788 0x2d88  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
11:13:25.0792 0x2d88  MegaSR - ok
11:13:25.0817 0x2d88  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
11:13:25.0824 0x2d88  MMCSS - ok
11:13:25.0833 0x2d88  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
11:13:25.0835 0x2d88  Modem - ok
11:13:25.0857 0x2d88  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
11:13:25.0860 0x2d88  monitor - ok
11:13:25.0888 0x2d88  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
11:13:25.0890 0x2d88  mouclass - ok
11:13:25.0898 0x2d88  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
11:13:25.0900 0x2d88  mouhid - ok
11:13:25.0925 0x2d88  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
11:13:25.0928 0x2d88  mountmgr - ok
11:13:25.0966 0x2d88  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
11:13:25.0971 0x2d88  MpFilter - ok
11:13:26.0011 0x2d88  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
11:13:26.0016 0x2d88  mpio - ok
11:13:26.0181 0x2d88  [ 0EBB390B7AEEC45EC061D9870A34FD42 ] MpKsl325c4045   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A3CEEB4F-BB20-4685-9914-2AA5DC2BAEDA}\MpKsl325c4045.sys
11:13:26.0181 0x2d88  MpKsl325c4045 - ok
11:13:26.0202 0x2d88  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
11:13:26.0203 0x2d88  mpsdrv - ok
11:13:26.0235 0x2d88  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
11:13:26.0243 0x2d88  MpsSvc - ok
11:13:26.0269 0x2d88  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
11:13:26.0271 0x2d88  MRxDAV - ok
11:13:26.0294 0x2d88  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
11:13:26.0296 0x2d88  mrxsmb - ok
11:13:26.0324 0x2d88  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:13:26.0328 0x2d88  mrxsmb10 - ok
11:13:26.0341 0x2d88  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:13:26.0344 0x2d88  mrxsmb20 - ok
11:13:26.0359 0x2d88  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
11:13:26.0361 0x2d88  msahci - ok
11:13:26.0377 0x2d88  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
11:13:26.0380 0x2d88  msdsm - ok
11:13:26.0399 0x2d88  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
11:13:26.0403 0x2d88  MSDTC - ok
11:13:26.0430 0x2d88  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
11:13:26.0432 0x2d88  Msfs - ok
11:13:26.0439 0x2d88  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
11:13:26.0441 0x2d88  mshidkmdf - ok
11:13:26.0455 0x2d88  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
11:13:26.0457 0x2d88  msisadrv - ok
11:13:26.0490 0x2d88  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
11:13:26.0493 0x2d88  MSiSCSI - ok
11:13:26.0496 0x2d88  msiserver - ok
11:13:26.0513 0x2d88  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
11:13:26.0514 0x2d88  MSKSSRV - ok
11:13:26.0584 0x2d88  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
11:13:26.0586 0x2d88  MsMpSvc - ok
11:13:26.0604 0x2d88  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
11:13:26.0605 0x2d88  MSPCLOCK - ok
11:13:26.0614 0x2d88  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
11:13:26.0616 0x2d88  MSPQM - ok
11:13:26.0641 0x2d88  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
11:13:26.0646 0x2d88  MsRPC - ok
11:13:26.0661 0x2d88  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
11:13:26.0662 0x2d88  mssmbios - ok
11:13:26.0675 0x2d88  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
11:13:26.0676 0x2d88  MSTEE - ok
11:13:26.0683 0x2d88  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
11:13:26.0705 0x2d88  MTConfig - ok
11:13:26.0729 0x2d88  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
11:13:26.0730 0x2d88  Mup - ok
11:13:26.0746 0x2d88  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
11:13:26.0752 0x2d88  napagent - ok
11:13:26.0777 0x2d88  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
11:13:26.0780 0x2d88  NativeWifiP - ok
11:13:26.0825 0x2d88  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
11:13:26.0839 0x2d88  NDIS - ok
11:13:26.0851 0x2d88  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
11:13:26.0852 0x2d88  NdisCap - ok
11:13:26.0870 0x2d88  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
11:13:26.0871 0x2d88  NdisTapi - ok
11:13:26.0904 0x2d88  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
11:13:26.0905 0x2d88  Ndisuio - ok
11:13:26.0926 0x2d88  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
11:13:26.0928 0x2d88  NdisWan - ok
11:13:26.0952 0x2d88  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
11:13:26.0953 0x2d88  NDProxy - ok
11:13:26.0963 0x2d88  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
11:13:26.0964 0x2d88  NetBIOS - ok
11:13:26.0973 0x2d88  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
11:13:26.0976 0x2d88  NetBT - ok
11:13:26.0984 0x2d88  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
11:13:26.0985 0x2d88  Netlogon - ok
11:13:27.0003 0x2d88  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
11:13:27.0007 0x2d88  Netman - ok
11:13:27.0024 0x2d88  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
11:13:27.0029 0x2d88  netprofm - ok
11:13:27.0051 0x2d88  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:13:27.0052 0x2d88  NetTcpPortSharing - ok
11:13:27.0080 0x2d88  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
11:13:27.0082 0x2d88  nfrd960 - ok
11:13:27.0118 0x2d88  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:13:27.0121 0x2d88  NisDrv - ok
11:13:27.0168 0x2d88  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
11:13:27.0174 0x2d88  NisSrv - ok
11:13:27.0206 0x2d88  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
11:13:27.0215 0x2d88  NlaSvc - ok
11:13:27.0229 0x2d88  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
11:13:27.0232 0x2d88  Npfs - ok
11:13:27.0240 0x2d88  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
11:13:27.0244 0x2d88  nsi - ok
11:13:27.0274 0x2d88  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
11:13:27.0276 0x2d88  nsiproxy - ok
11:13:27.0356 0x2d88  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
11:13:27.0400 0x2d88  Ntfs - ok
11:13:27.0412 0x2d88  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
11:13:27.0414 0x2d88  Null - ok
11:13:27.0439 0x2d88  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
11:13:27.0441 0x2d88  nvraid - ok
11:13:27.0462 0x2d88  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
11:13:27.0465 0x2d88  nvstor - ok
11:13:27.0508 0x2d88  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
11:13:27.0511 0x2d88  nv_agp - ok
11:13:27.0564 0x2d88  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:13:27.0570 0x2d88  odserv - ok
11:13:27.0595 0x2d88  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
11:13:27.0597 0x2d88  ohci1394 - ok
11:13:27.0632 0x2d88  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:13:27.0633 0x2d88  ose - ok
11:13:27.0657 0x2d88  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
11:13:27.0661 0x2d88  p2pimsvc - ok
11:13:27.0674 0x2d88  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
11:13:27.0679 0x2d88  p2psvc - ok
11:13:27.0715 0x2d88  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
11:13:27.0717 0x2d88  Parport - ok
11:13:27.0751 0x2d88  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
11:13:27.0753 0x2d88  partmgr - ok
11:13:27.0762 0x2d88  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
11:13:27.0765 0x2d88  PcaSvc - ok
11:13:27.0787 0x2d88  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
11:13:27.0789 0x2d88  pci - ok
11:13:27.0815 0x2d88  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
11:13:27.0816 0x2d88  pciide - ok
11:13:27.0831 0x2d88  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
11:13:27.0840 0x2d88  pcmcia - ok
11:13:27.0867 0x2d88  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
11:13:27.0869 0x2d88  pcw - ok
11:13:27.0886 0x2d88  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
11:13:27.0892 0x2d88  PEAUTH - ok
11:13:27.0950 0x2d88  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
11:13:27.0951 0x2d88  PerfHost - ok
11:13:27.0994 0x2d88  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
11:13:28.0020 0x2d88  pla - ok
11:13:28.0043 0x2d88  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
11:13:28.0048 0x2d88  PlugPlay - ok
11:13:28.0231 0x2d88  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
11:13:28.0271 0x2d88  PNRPAutoReg - ok
11:13:28.0318 0x2d88  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
11:13:28.0326 0x2d88  PNRPsvc - ok
11:13:28.0411 0x2d88  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
11:13:28.0422 0x2d88  PolicyAgent - ok
11:13:28.0458 0x2d88  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
11:13:28.0465 0x2d88  Power - ok
11:13:28.0510 0x2d88  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
11:13:28.0514 0x2d88  PptpMiniport - ok
11:13:28.0533 0x2d88  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
11:13:28.0535 0x2d88  Processor - ok
11:13:28.0562 0x2d88  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
11:13:28.0565 0x2d88  ProfSvc - ok
11:13:28.0574 0x2d88  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:13:28.0575 0x2d88  ProtectedStorage - ok
11:13:28.0610 0x2d88  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
11:13:28.0614 0x2d88  Psched - ok
11:13:28.0674 0x2d88  [ B54DE452262082A7A47A55C1DD01503E ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
11:13:28.0676 0x2d88  QBCFMonitorService - ok
11:13:28.0710 0x2d88  [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService     C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
11:13:28.0713 0x2d88  QBFCService - ok
11:13:28.0781 0x2d88  [ AB5C6D3D1925166AC28B079C971F4A92 ] QBVSS           C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
11:13:28.0808 0x2d88  QBVSS - ok
11:13:28.0891 0x2d88  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
11:13:28.0917 0x2d88  ql2300 - ok
11:13:28.0938 0x2d88  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
11:13:28.0940 0x2d88  ql40xx - ok
11:13:28.0966 0x2d88  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
11:13:28.0969 0x2d88  QWAVE - ok
11:13:28.0989 0x2d88  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
11:13:28.0990 0x2d88  QWAVEdrv - ok
11:13:29.0002 0x2d88  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
11:13:29.0003 0x2d88  RasAcd - ok
11:13:29.0032 0x2d88  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
11:13:29.0034 0x2d88  RasAgileVpn - ok
11:13:29.0047 0x2d88  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
11:13:29.0049 0x2d88  RasAuto - ok
11:13:29.0061 0x2d88  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
11:13:29.0063 0x2d88  Rasl2tp - ok
11:13:29.0074 0x2d88  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
11:13:29.0079 0x2d88  RasMan - ok
11:13:29.0089 0x2d88  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
11:13:29.0090 0x2d88  RasPppoe - ok
11:13:29.0096 0x2d88  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
11:13:29.0097 0x2d88  RasSstp - ok
11:13:29.0114 0x2d88  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
11:13:29.0118 0x2d88  rdbss - ok
11:13:29.0130 0x2d88  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
11:13:29.0131 0x2d88  rdpbus - ok
11:13:29.0150 0x2d88  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
11:13:29.0151 0x2d88  RDPCDD - ok
11:13:29.0158 0x2d88  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
11:13:29.0159 0x2d88  RDPENCDD - ok
11:13:29.0177 0x2d88  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
11:13:29.0178 0x2d88  RDPREFMP - ok
11:13:29.0199 0x2d88  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
11:13:29.0201 0x2d88  RDPWD - ok
11:13:29.0220 0x2d88  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
11:13:29.0223 0x2d88  rdyboost - ok
11:13:29.0245 0x2d88  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
11:13:29.0247 0x2d88  RemoteAccess - ok
11:13:29.0258 0x2d88  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
11:13:29.0261 0x2d88  RemoteRegistry - ok
11:13:29.0306 0x2d88  [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb          C:\Windows\system32\Drivers\RimUsb_AMD64.sys
11:13:29.0309 0x2d88  RimUsb - ok
11:13:29.0337 0x2d88  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
11:13:29.0341 0x2d88  RpcEptMapper - ok
11:13:29.0368 0x2d88  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
11:13:29.0370 0x2d88  RpcLocator - ok
11:13:29.0403 0x2d88  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
11:13:29.0406 0x2d88  RpcSs - ok
11:13:29.0419 0x2d88  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
11:13:29.0421 0x2d88  rspndr - ok
11:13:29.0449 0x2d88  [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
11:13:29.0453 0x2d88  RTL8167 - ok
11:13:29.0466 0x2d88  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
11:13:29.0467 0x2d88  SamSs - ok
11:13:29.0496 0x2d88  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
11:13:29.0498 0x2d88  sbp2port - ok
11:13:29.0515 0x2d88  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
11:13:29.0518 0x2d88  SCardSvr - ok
11:13:29.0542 0x2d88  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
11:13:29.0543 0x2d88  scfilter - ok
11:13:29.0592 0x2d88  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
11:13:29.0610 0x2d88  Schedule - ok
11:13:29.0644 0x2d88  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
11:13:29.0645 0x2d88  SCPolicySvc - ok
11:13:29.0661 0x2d88  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
11:13:29.0668 0x2d88  SDRSVC - ok
11:13:29.0692 0x2d88  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
11:13:29.0695 0x2d88  secdrv - ok
11:13:29.0737 0x2d88  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
11:13:29.0743 0x2d88  seclogon - ok
11:13:29.0760 0x2d88  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
11:13:29.0765 0x2d88  SENS - ok
11:13:29.0782 0x2d88  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
11:13:29.0788 0x2d88  SensrSvc - ok
11:13:29.0802 0x2d88  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
11:13:29.0805 0x2d88  Serenum - ok
11:13:29.0820 0x2d88  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
11:13:29.0824 0x2d88  Serial - ok
11:13:29.0842 0x2d88  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
11:13:29.0844 0x2d88  sermouse - ok
11:13:29.0861 0x2d88  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
11:13:29.0871 0x2d88  SessionEnv - ok
11:13:29.0901 0x2d88  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
11:13:29.0903 0x2d88  sffdisk - ok
11:13:29.0915 0x2d88  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
11:13:29.0916 0x2d88  sffp_mmc - ok
11:13:29.0928 0x2d88  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
11:13:29.0930 0x2d88  sffp_sd - ok
11:13:29.0959 0x2d88  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
11:13:29.0961 0x2d88  sfloppy - ok
11:13:29.0992 0x2d88  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
11:13:30.0001 0x2d88  SharedAccess - ok
11:13:30.0020 0x2d88  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:13:30.0026 0x2d88  ShellHWDetection - ok
11:13:30.0050 0x2d88  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:13:30.0052 0x2d88  SiSRaid2 - ok
11:13:30.0078 0x2d88  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
11:13:30.0080 0x2d88  SiSRaid4 - ok
11:13:30.0092 0x2d88  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
11:13:30.0094 0x2d88  Smb - ok
11:13:30.0118 0x2d88  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
11:13:30.0121 0x2d88  SNMPTRAP - ok
11:13:30.0128 0x2d88  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
11:13:30.0129 0x2d88  spldr - ok
11:13:30.0157 0x2d88  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
11:13:30.0163 0x2d88  Spooler - ok
11:13:30.0214 0x2d88  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
11:13:30.0266 0x2d88  sppsvc - ok
11:13:30.0282 0x2d88  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
11:13:30.0285 0x2d88  sppuinotify - ok
11:13:30.0310 0x2d88  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
11:13:30.0315 0x2d88  srv - ok
11:13:30.0329 0x2d88  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
11:13:30.0333 0x2d88  srv2 - ok
11:13:30.0349 0x2d88  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
11:13:30.0351 0x2d88  srvnet - ok
11:13:30.0376 0x2d88  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
11:13:30.0379 0x2d88  SSDPSRV - ok
11:13:30.0386 0x2d88  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
11:13:30.0389 0x2d88  SstpSvc - ok
11:13:30.0401 0x2d88  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
11:13:30.0403 0x2d88  stexstor - ok
11:13:30.0429 0x2d88  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
11:13:30.0435 0x2d88  stisvc - ok
11:13:30.0460 0x2d88  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
11:13:30.0461 0x2d88  swenum - ok
11:13:30.0479 0x2d88  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
11:13:30.0494 0x2d88  swprv - ok
11:13:30.0573 0x2d88  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
11:13:30.0614 0x2d88  SysMain - ok
11:13:30.0631 0x2d88  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:13:30.0635 0x2d88  TabletInputService - ok
11:13:30.0649 0x2d88  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
11:13:30.0655 0x2d88  TapiSrv - ok
11:13:30.0682 0x2d88  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
11:13:30.0686 0x2d88  TBS - ok
11:13:30.0742 0x2d88  [ DB74544B75566C974815E79A62433F29 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
11:13:30.0777 0x2d88  Tcpip - ok
11:13:30.0826 0x2d88  [ DB74544B75566C974815E79A62433F29 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
11:13:30.0840 0x2d88  TCPIP6 - ok
11:13:30.0886 0x2d88  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
11:13:30.0890 0x2d88  tcpipreg - ok
11:13:30.0918 0x2d88  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
11:13:30.0921 0x2d88  TDPIPE - ok
11:13:30.0945 0x2d88  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
11:13:30.0948 0x2d88  TDTCP - ok
11:13:30.0968 0x2d88  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
11:13:30.0972 0x2d88  tdx - ok
11:13:31.0007 0x2d88  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
11:13:31.0011 0x2d88  TermDD - ok
11:13:31.0061 0x2d88  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
11:13:31.0078 0x2d88  TermService - ok
11:13:31.0089 0x2d88  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
11:13:31.0093 0x2d88  Themes - ok
11:13:31.0121 0x2d88  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
11:13:31.0123 0x2d88  THREADORDER - ok
11:13:31.0136 0x2d88  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
11:13:31.0140 0x2d88  TrkWks - ok
11:13:31.0168 0x2d88  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:13:31.0171 0x2d88  TrustedInstaller - ok
11:13:31.0198 0x2d88  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
11:13:31.0200 0x2d88  tssecsrv - ok
11:13:31.0254 0x2d88  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
11:13:31.0258 0x2d88  TsUsbFlt - ok
11:13:31.0292 0x2d88  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
11:13:31.0297 0x2d88  tunnel - ok
11:13:31.0346 0x2d88  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
11:13:31.0359 0x2d88  uagp35 - ok
11:13:31.0434 0x2d88  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
11:13:31.0452 0x2d88  udfs - ok
11:13:31.0476 0x2d88  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
11:13:31.0482 0x2d88  UI0Detect - ok
11:13:31.0499 0x2d88  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
11:13:31.0502 0x2d88  uliagpkx - ok
11:13:31.0523 0x2d88  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
11:13:31.0526 0x2d88  umbus - ok
11:13:31.0544 0x2d88  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
11:13:31.0547 0x2d88  UmPass - ok
11:13:31.0564 0x2d88  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
11:13:31.0571 0x2d88  upnphost - ok
11:13:31.0597 0x2d88  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
11:13:31.0600 0x2d88  usbccgp - ok
11:13:31.0627 0x2d88  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
11:13:31.0631 0x2d88  usbcir - ok
11:13:31.0651 0x2d88  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
11:13:31.0653 0x2d88  usbehci - ok
11:13:31.0682 0x2d88  [ 858BE9C0E498C8E505E198E17EECE0D9 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
11:13:31.0685 0x2d88  usbfilter - ok
11:13:31.0700 0x2d88  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
11:13:31.0705 0x2d88  usbhub - ok
11:13:31.0714 0x2d88  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
11:13:31.0717 0x2d88  usbohci - ok
11:13:31.0732 0x2d88  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
11:13:31.0734 0x2d88  usbprint - ok
11:13:31.0773 0x2d88  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
11:13:31.0776 0x2d88  usbscan - ok
11:13:31.0785 0x2d88  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:13:31.0788 0x2d88  USBSTOR - ok
11:13:31.0804 0x2d88  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
11:13:31.0807 0x2d88  usbuhci - ok
11:13:31.0825 0x2d88  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
11:13:31.0829 0x2d88  UxSms - ok
11:13:31.0838 0x2d88  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
11:13:31.0840 0x2d88  VaultSvc - ok
11:13:31.0846 0x2d88  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
11:13:31.0848 0x2d88  vdrvroot - ok
11:13:31.0902 0x2d88  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
11:13:31.0917 0x2d88  vds - ok
11:13:31.0957 0x2d88  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
11:13:31.0960 0x2d88  vga - ok
11:13:31.0988 0x2d88  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
11:13:31.0992 0x2d88  VgaSave - ok
11:13:32.0015 0x2d88  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
11:13:32.0021 0x2d88  vhdmp - ok
11:13:32.0036 0x2d88  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
11:13:32.0039 0x2d88  viaide - ok
11:13:32.0051 0x2d88  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
11:13:32.0054 0x2d88  volmgr - ok
11:13:32.0079 0x2d88  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
11:13:32.0084 0x2d88  volmgrx - ok
11:13:32.0101 0x2d88  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
11:13:32.0105 0x2d88  volsnap - ok
11:13:32.0118 0x2d88  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
11:13:32.0121 0x2d88  vsmraid - ok
11:13:32.0166 0x2d88  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
11:13:32.0201 0x2d88  VSS - ok
11:13:32.0210 0x2d88  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
11:13:32.0210 0x2d88  vwifibus - ok
11:13:32.0229 0x2d88  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
11:13:32.0235 0x2d88  W32Time - ok
11:13:32.0253 0x2d88  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
11:13:32.0255 0x2d88  WacomPen - ok
11:13:32.0267 0x2d88  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
11:13:32.0270 0x2d88  WANARP - ok
11:13:32.0275 0x2d88  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
11:13:32.0276 0x2d88  Wanarpv6 - ok
11:13:32.0328 0x2d88  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
11:13:32.0352 0x2d88  WatAdminSvc - ok
11:13:32.0392 0x2d88  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
11:13:32.0426 0x2d88  wbengine - ok
11:13:32.0445 0x2d88  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
11:13:32.0450 0x2d88  WbioSrvc - ok
11:13:32.0489 0x2d88  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
11:13:32.0496 0x2d88  wcncsvc - ok
11:13:32.0510 0x2d88  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:13:32.0515 0x2d88  WcsPlugInService - ok
11:13:32.0532 0x2d88  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
11:13:32.0534 0x2d88  Wd - ok
11:13:32.0574 0x2d88  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
11:13:32.0591 0x2d88  Wdf01000 - ok
11:13:32.0632 0x2d88  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
11:13:32.0639 0x2d88  WdiServiceHost - ok
11:13:32.0651 0x2d88  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
11:13:32.0656 0x2d88  WdiSystemHost - ok
11:13:32.0686 0x2d88  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
11:13:32.0692 0x2d88  WebClient - ok
11:13:32.0707 0x2d88  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
11:13:32.0712 0x2d88  Wecsvc - ok
11:13:32.0728 0x2d88  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
11:13:32.0732 0x2d88  wercplsupport - ok
11:13:32.0744 0x2d88  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
11:13:32.0747 0x2d88  WerSvc - ok
11:13:32.0760 0x2d88  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
11:13:32.0762 0x2d88  WfpLwf - ok
11:13:32.0777 0x2d88  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
11:13:32.0780 0x2d88  WIMMount - ok
11:13:32.0807 0x2d88  WinDefend - ok
11:13:32.0813 0x2d88  WinHttpAutoProxySvc - ok
11:13:32.0851 0x2d88  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
11:13:32.0854 0x2d88  Winmgmt - ok
11:13:32.0898 0x2d88  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
11:13:32.0942 0x2d88  WinRM - ok
11:13:32.0992 0x2d88  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
11:13:32.0995 0x2d88  WinUsb - ok
11:13:33.0022 0x2d88  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
11:13:33.0032 0x2d88  Wlansvc - ok
11:13:33.0044 0x2d88  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
11:13:33.0046 0x2d88  WmiAcpi - ok
11:13:33.0056 0x2d88  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
11:13:33.0058 0x2d88  wmiApSrv - ok
11:13:33.0062 0x2d88  WMPNetworkSvc - ok
11:13:33.0087 0x2d88  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
11:13:33.0090 0x2d88  WPCSvc - ok
11:13:33.0104 0x2d88  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
11:13:33.0106 0x2d88  WPDBusEnum - ok
11:13:33.0112 0x2d88  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
11:13:33.0114 0x2d88  ws2ifsl - ok
11:13:33.0122 0x2d88  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
11:13:33.0126 0x2d88  wscsvc - ok
11:13:33.0129 0x2d88  WSearch - ok
11:13:33.0205 0x2d88  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
11:13:33.0248 0x2d88  wuauserv - ok
11:13:33.0282 0x2d88  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
11:13:33.0284 0x2d88  WudfPf - ok
11:13:33.0300 0x2d88  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
11:13:33.0337 0x2d88  WUDFRd - ok
11:13:33.0376 0x2d88  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
11:13:33.0393 0x2d88  wudfsvc - ok
11:13:33.0841 0x2d88  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
11:13:33.0849 0x2d88  WwanSvc - ok
11:13:33.0878 0x2d88  ================ Scan global ===============================
11:13:33.0906 0x2d88  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:13:33.0940 0x2d88  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
11:13:33.0957 0x2d88  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
11:13:33.0987 0x2d88  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:13:33.0999 0x2d88  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:13:34.0005 0x2d88  [Global] - ok
11:13:34.0005 0x2d88  ================ Scan MBR ==================================
11:13:34.0008 0x2d88  [ A636FC94FB5BB0A91E5D3F8C2D17936E ] \Device\Harddisk0\DR0
11:13:34.0009 0x2d88  Suspicious mbr (Forged): \Device\Harddisk0\DR0
11:13:34.0056 0x2d88  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
11:13:34.0056 0x2d88  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
11:13:34.0057 0x2d88  ================ Scan VBR ==================================
11:13:34.0080 0x2d88  [ 428105591E082F270682630B5D1FBBEE ] \Device\Harddisk0\DR0\Partition1
11:13:34.0084 0x2d88  \Device\Harddisk0\DR0\Partition1 - ok
11:13:34.0096 0x2d88  [ 2F3484D976E6D92E80620015D10AEACA ] \Device\Harddisk0\DR0\Partition2
11:13:34.0099 0x2d88  \Device\Harddisk0\DR0\Partition2 - ok
11:13:34.0129 0x2d88  [ 19949DBCFF7C3D30DD32E41C5EE44B40 ] \Device\Harddisk0\DR0\Partition3
11:13:34.0135 0x2d88  \Device\Harddisk0\DR0\Partition3 - ok
11:13:34.0136 0x2d88  ============================================================
11:13:34.0136 0x2d88  Scan finished
11:13:34.0136 0x2d88  ============================================================
11:13:34.0157 0x25d8  Detected object count: 1
11:13:34.0157 0x25d8  Actual detected object count: 1
11:14:05.0923 0x25d8  \Device\Harddisk0\DR0\# - copied to quarantine
11:14:05.0925 0x25d8  \Device\Harddisk0\DR0 - copied to quarantine
11:14:05.0970 0x25d8  \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
11:14:05.0973 0x25d8  \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
11:14:06.0009 0x25d8  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
11:14:06.0017 0x25d8  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
11:14:06.0018 0x25d8  \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
11:14:06.0019 0x25d8  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
11:14:06.0021 0x25d8  \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
11:14:06.0023 0x25d8  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
11:14:06.0025 0x25d8  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
11:14:06.0027 0x25d8  \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
11:14:06.0028 0x25d8  \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
11:14:06.0029 0x25d8  \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
11:14:06.0033 0x25d8  \Device\Harddisk0\DR0\TDLFS\cmd32.dll - copied to quarantine
11:14:06.0034 0x25d8  \Device\Harddisk0\DR0\TDLFS\ua - copied to quarantine
11:14:06.0035 0x25d8  \Device\Harddisk0\DR0\TDLFS\ns - copied to quarantine
11:14:06.0075 0x25d8  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
11:14:06.0076 0x25d8  \Device\Harddisk0\DR0 - ok
11:14:06.0359 0x25d8  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 
11:14:13.0706 0x159c  Deinitialize success


#6 mttime73

mttime73
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 06 September 2013 - 01:38 PM

MBAM Log:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.06.08
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
AA CASH :: PAYEE [administrator]
 
Protection: Enabled
 
9/6/2013 11:19:03 AM
mbam-log-2013-09-06 (11-19-03).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 247000
Time elapsed: 7 minute(s), 5 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:31 PM

Posted 06 September 2013 - 05:42 PM

Hello -

That has cleaned out a lot of minor problems, a few mid range problems, and there was a rootkit ( Rootkit.Boot.Pihar.c ) found in the scan. Malwarebytes now produces a clean report.

 

ESET often takes a while if it has never been used and also the rootkit would slow your system.

 

 Java™ 6 Update 32  
 Java version out of Date!  < Visit this link for Version7 Update25
Do not accept (Untick) any Add-ons or Toolbars as they are not part of Java.
 
Please update me on your computers condition now -
 
Thank You -


#8 mttime73

mttime73
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 06 September 2013 - 08:17 PM

Hello,

I have updated Java making sure not to install the Ask adware/spyware toolbar.

 

The system appears to be running much better and MSE isn't constantly trying to quarantine the trojan/rootkit.  I am running CCleaner at the moment.

 

Would you make any other recommendations?

 

MSE is already installed, I plan on upgrading to MBAM Pro, and installing "Scotty" (WinPatrol).

 

Thanks,

Aaron



#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:31 PM

Posted 06 September 2013 - 09:27 PM

<< MSE is already installed, I plan on upgrading to MBAM Pro, and installing "Scotty" (WinPatrol) .>>

Basically the same as my other computer and a reasonable way to keep clean.

I will watch this for a week if you still have problems, but after that start a new topic in the correct area -

 

Regards -



#10 mttime73

mttime73
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 11 September 2013 - 11:50 AM

I apologize for starting this post in the wrong area!  If I may, I wanted to request some advice.  After I put this computer in service, when it started up it complained about not being able to find the boot device.  Very similiar to the first behavior I witnessed prior to requesting assistance here.  What I'm saying is that I still have that piece of doubt that the boot virus wasn't completely removed.

I was finally able to get Windows to load, but when we finally reached the desktop Scotty alerted us to a program wanting to write itself to the Startup folder.  It was %windir%\system32\coinme.exe.  Scotty froze when regardless of which option I selected, so I used another tool to remove the coinme entry from the Startup folder.  After I did that and rebooted, I didn't get the coinme.exe message any longer.

However, I then found that the onboard NIC could not connect to the internet.  The NIC had been working perfectly all during the malware removal, downloading tools from the internet, etc.  I could not bring the NIC back online and finally had to get a replacement.  The replacement got me back online, but it was concerning considering.

 

Do you feel I should take this system offline and run some more tests?

 

Thanks!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users