Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unknown infection


  • This topic is locked This topic is locked
26 replies to this topic

#1 chrisb10a

chrisb10a

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 18 February 2014 - 08:58 PM

I am not sure what is going on with my Windows 7 PC but something is definitely wrong. I have tried running the latest Microsoft Security Essentials. It found and cleaned up a few trojans but something was still wrong. I then tried Kaspersky Rescue Disk 10. It also found and cleaned up a few trojans. At this time both software packages are not finding any problems. I do not remember the exact names of the trojans found.

 

I currently have my wireless USB adapter removed from my PC. When I turn it on all appears well. However, shortly after plugging in the wireless USB adapter many dllhost.exe processes appear in task manager. These processes take up lots of memory and ultimately the video driver crashes within minutes. Also, my windows task bar and all windows that I open have changed appearance.

 

Any help is greatly appreciated.

 

 

Thank you so much in advance,

Chris B. 

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.51.2
Run by Chris at 20:18:49 on 2014-02-18
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8169.7124 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 208.67.222.222 208.67.220.220 75.75.76.76
TCP: Interfaces\{3FCBA877-3F56-4F8B-806F-E5564FD9B314} : DHCPNameServer = 208.67.222.222 208.67.220.220 75.75.76.76
TCP: Interfaces\{5EDD29C4-D667-4B64-9633-5F8C20DD7822} : DHCPNameServer = 208.67.222.222 208.67.220.220 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2012-2-21 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2012-2-21 396776]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2010-10-6 30720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-8-20 103576]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-12 111616]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-12-15 351392]
S3 LVUVC64;Logitech HD Pro Webcam C920(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-12-15 4862368]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 134944]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-11 19456]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192cu.sys [2010-8-12 748648]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2010-11-25 694888]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-8-20 204568]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-11 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-11 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-3 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776]
S4 OpenVPNAccessClient;OpenVPN Access Client;C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2011-8-5 24064]
S4 Realtek11nCU;Realtek11nCU;C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [2013-10-14 36864]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S4 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-12-15 450848]
.
=============== Created Last 30 ================
.
2014-02-17 20:05:08 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{576B6516-4983-4E12-946D-11A480F63438}\mpengine.dll
2014-02-17 08:26:46 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9B2A83BB-FC12-4BDA-9504-74991281B915}\offreg.dll
2014-02-16 02:09:01 -------- d-----w- C:\ProgramData\Oracle
2014-02-16 02:08:49 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-15 20:48:14 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-14 07:26:05 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9B2A83BB-FC12-4BDA-9504-74991281B915}\mpengine.dll
2014-02-14 01:44:22 -------- d-----w- C:\Users\Chris\AppData\Local\ElevatedDiagnostics
2014-02-13 03:29:11 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-02-13 03:29:11 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-02-13 03:29:11 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-02-13 03:29:11 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-02-13 03:28:24 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-02-13 03:28:24 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-02-13 03:28:24 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-02-13 03:28:24 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
.
==================== Find3M  ====================
.
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-21 09:53:45 548864 ----a-w- C:\Windows\System32\vbscript.dll
2013-12-21 08:56:47 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-12-02 22:24:36 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-02 22:24:36 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
.
============= FINISH: 20:18:57.93 ===============


BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:51 PM

Posted 22 February 2014 - 09:36 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Lets start with these tools.

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

#3 chrisb10a

chrisb10a
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 22 February 2014 - 10:46 AM

Hello and thank you for your help. Here is the information requested.

 

 

Thanks again,

Chris

 

 

 

10:27:49.0110 1488  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:27:49.0141 1488  ============================================================
10:27:49.0141 1488  Current date / time: 2014/02/22 10:27:49.0141
10:27:49.0141 1488  SystemInfo:
10:27:49.0141 1488  
10:27:49.0141 1488  OS Version: 6.1.7601 ServicePack: 1.0
10:27:49.0141 1488  Product type: Workstation
10:27:49.0141 1488  ComputerName: HOME-PC
10:27:49.0141 1488  UserName: Chris
10:27:49.0141 1488  Windows directory: C:\Windows
10:27:49.0141 1488  System windows directory: C:\Windows
10:27:49.0141 1488  Running under WOW64
10:27:49.0141 1488  Processor architecture: Intel x64
10:27:49.0141 1488  Number of processors: 4
10:27:49.0141 1488  Page size: 0x1000
10:27:49.0141 1488  Boot type: Normal boot
10:27:49.0141 1488  ============================================================
10:27:49.0359 1488  Drive \Device\Harddisk1\DR1 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:27:49.0359 1488  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:27:49.0765 1488  ============================================================
10:27:49.0765 1488  \Device\Harddisk1\DR1:
10:27:49.0765 1488  MBR partitions:
10:27:49.0765 1488  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:27:49.0765 1488  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
10:27:49.0765 1488  \Device\Harddisk0\DR0:
10:27:49.0765 1488  MBR partitions:
10:27:49.0765 1488  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
10:27:49.0765 1488  ============================================================
10:27:49.0765 1488  C: <-> \Device\Harddisk1\DR1\Partition2
10:27:49.0812 1488  E: <-> \Device\Harddisk0\DR0\Partition1
10:27:49.0812 1488  ============================================================
10:27:49.0812 1488  Initialize success
10:27:49.0812 1488  ============================================================
10:28:15.0256 1844  ============================================================
10:28:15.0256 1844  Scan started
10:28:15.0256 1844  Mode: Manual; SigCheck; TDLFS; 
10:28:15.0256 1844  ============================================================
10:28:15.0349 1844  ================ Scan system memory ========================
10:28:15.0349 1844  System memory - ok
10:28:15.0349 1844  ================ Scan services =============================
10:28:15.0380 1844  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
10:28:15.0443 1844  1394ohci - ok
10:28:15.0443 1844  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
10:28:15.0458 1844  ACPI - ok
10:28:15.0458 1844  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
10:28:15.0474 1844  AcpiPmi - ok
10:28:15.0490 1844  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:28:15.0490 1844  AdobeARMservice - ok
10:28:15.0490 1844  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
10:28:15.0505 1844  adp94xx - ok
10:28:15.0505 1844  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
10:28:15.0521 1844  adpahci - ok
10:28:15.0521 1844  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
10:28:15.0536 1844  adpu320 - ok
10:28:15.0536 1844  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:28:15.0583 1844  AeLookupSvc - ok
10:28:15.0583 1844  [ 79059559E89D06E8B80CE2944BE20228 ] AFD             C:\Windows\system32\drivers\afd.sys
10:28:15.0599 1844  AFD - ok
10:28:15.0599 1844  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
10:28:15.0599 1844  agp440 - ok
10:28:15.0599 1844  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
10:28:15.0614 1844  ALG - ok
10:28:15.0614 1844  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:28:15.0630 1844  aliide - ok
10:28:15.0630 1844  [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:28:15.0646 1844  AMD External Events Utility - ok
10:28:15.0646 1844  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
10:28:15.0646 1844  amdide - ok
10:28:15.0661 1844  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
10:28:15.0661 1844  AmdK8 - ok
10:28:15.0724 1844  [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
10:28:15.0802 1844  amdkmdag - ok
10:28:15.0817 1844  [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
10:28:15.0817 1844  amdkmdap - ok
10:28:15.0817 1844  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
10:28:15.0833 1844  AmdPPM - ok
10:28:15.0833 1844  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
10:28:15.0848 1844  amdsata - ok
10:28:15.0848 1844  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
10:28:15.0848 1844  amdsbs - ok
10:28:15.0848 1844  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
10:28:15.0864 1844  amdxata - ok
10:28:15.0864 1844  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
10:28:15.0911 1844  AppID - ok
10:28:15.0911 1844  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:28:15.0942 1844  AppIDSvc - ok
10:28:15.0942 1844  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
10:28:15.0942 1844  Appinfo - ok
10:28:15.0942 1844  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
10:28:15.0958 1844  arc - ok
10:28:15.0958 1844  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
10:28:15.0958 1844  arcsas - ok
10:28:15.0973 1844  [ 0D721BEDC99072972A1C09C9FE549B07 ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
10:28:16.0020 1844  asmthub3 - ok
10:28:16.0020 1844  [ C401B8F26490DC3E5E47D3A91F87CD00 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
10:28:16.0036 1844  asmtxhci - ok
10:28:16.0051 1844  [ 9A262EDD17F8473B91B333D6B031A901 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:28:16.0051 1844  aspnet_state - ok
10:28:16.0067 1844  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:28:16.0082 1844  AsyncMac - ok
10:28:16.0082 1844  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
10:28:16.0082 1844  atapi - ok
10:28:16.0098 1844  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:28:16.0129 1844  AudioEndpointBuilder - ok
10:28:16.0129 1844  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
10:28:16.0145 1844  AudioSrv - ok
10:28:16.0160 1844  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:28:16.0176 1844  AxInstSV - ok
10:28:16.0176 1844  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
10:28:16.0192 1844  b06bdrv - ok
10:28:16.0192 1844  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
10:28:16.0207 1844  b57nd60a - ok
10:28:16.0207 1844  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
10:28:16.0207 1844  BDESVC - ok
10:28:16.0223 1844  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:28:16.0238 1844  Beep - ok
10:28:16.0238 1844  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
10:28:16.0254 1844  BFE - ok
10:28:16.0270 1844  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
10:28:16.0301 1844  BITS - ok
10:28:16.0301 1844  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
10:28:16.0301 1844  blbdrive - ok
10:28:16.0301 1844  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:28:16.0316 1844  bowser - ok
10:28:16.0316 1844  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
10:28:16.0332 1844  BrFiltLo - ok
10:28:16.0332 1844  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
10:28:16.0332 1844  BrFiltUp - ok
10:28:16.0332 1844  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
10:28:16.0348 1844  Browser - ok
10:28:16.0348 1844  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
10:28:16.0363 1844  Brserid - ok
10:28:16.0363 1844  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:28:16.0379 1844  BrSerWdm - ok
10:28:16.0379 1844  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:28:16.0379 1844  BrUsbMdm - ok
10:28:16.0379 1844  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:28:16.0394 1844  BrUsbSer - ok
10:28:16.0394 1844  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
10:28:16.0410 1844  BthEnum - ok
10:28:16.0410 1844  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
10:28:16.0410 1844  BTHMODEM - ok
10:28:16.0410 1844  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
10:28:16.0426 1844  BthPan - ok
10:28:16.0426 1844  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
10:28:16.0441 1844  BTHPORT - ok
10:28:16.0441 1844  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
10:28:16.0472 1844  bthserv - ok
10:28:16.0472 1844  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
10:28:16.0472 1844  BTHUSB - ok
10:28:16.0488 1844  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:28:16.0504 1844  cdfs - ok
10:28:16.0504 1844  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
10:28:16.0519 1844  cdrom - ok
10:28:16.0519 1844  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
10:28:16.0535 1844  CertPropSvc - ok
10:28:16.0535 1844  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
10:28:16.0550 1844  circlass - ok
10:28:16.0550 1844  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
10:28:16.0566 1844  CLFS - ok
10:28:16.0566 1844  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:28:16.0582 1844  clr_optimization_v2.0.50727_32 - ok
10:28:16.0582 1844  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:28:16.0582 1844  clr_optimization_v2.0.50727_64 - ok
10:28:16.0597 1844  [ E87213F37A13E2B54391E40934F071D0 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:28:16.0613 1844  clr_optimization_v4.0.30319_32 - ok
10:28:16.0613 1844  [ 4AEDAB50F83580D0B4D6CF78191F92AA ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:28:16.0628 1844  clr_optimization_v4.0.30319_64 - ok
10:28:16.0628 1844  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
10:28:16.0628 1844  CmBatt - ok
10:28:16.0644 1844  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:28:16.0644 1844  cmdide - ok
10:28:16.0644 1844  [ EBF28856F69CF094A902F884CF989706 ] CNG             C:\Windows\system32\Drivers\cng.sys
10:28:16.0660 1844  CNG - ok
10:28:16.0660 1844  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
10:28:16.0675 1844  Compbatt - ok
10:28:16.0675 1844  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
10:28:16.0691 1844  CompositeBus - ok
10:28:16.0691 1844  COMSysApp - ok
10:28:16.0691 1844  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
10:28:16.0691 1844  crcdisk - ok
10:28:16.0691 1844  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:28:16.0706 1844  CryptSvc - ok
10:28:16.0706 1844  [ 25E25A158967F7A282A235EDEE416B2B ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:28:16.0722 1844  DcomLaunch ( UnsignedFile.Multi.Generic ) - warning
10:28:16.0722 1844  DcomLaunch - detected UnsignedFile.Multi.Generic (1)
10:28:16.0722 1844  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
10:28:16.0753 1844  defragsvc - ok
10:28:16.0753 1844  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:28:16.0769 1844  DfsC - ok
10:28:16.0769 1844  [ E428DFFA96FAD07D8CA3C9082563A225 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
10:28:16.0784 1844  dg_ssudbus - ok
10:28:16.0784 1844  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:28:16.0800 1844  Dhcp - ok
10:28:16.0800 1844  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
10:28:16.0816 1844  discache - ok
10:28:16.0831 1844  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
10:28:16.0831 1844  Disk - ok
10:28:16.0831 1844  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:28:16.0847 1844  Dnscache - ok
10:28:16.0847 1844  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
10:28:16.0862 1844  dot3svc - ok
10:28:16.0878 1844  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
10:28:16.0894 1844  DPS - ok
10:28:16.0894 1844  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:28:16.0909 1844  drmkaud - ok
10:28:16.0909 1844  [ 88612F1CE3BF42256913BF6E61C70D52 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:28:16.0925 1844  DXGKrnl - ok
10:28:16.0925 1844  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
10:28:16.0956 1844  EapHost - ok
10:28:16.0972 1844  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
10:28:17.0018 1844  ebdrv - ok
10:28:17.0018 1844  [ 4D71227301DD8D09097B9E4CC6527E5A ] EFS             C:\Windows\System32\lsass.exe
10:28:17.0018 1844  EFS - ok
10:28:17.0034 1844  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
10:28:17.0050 1844  ehRecvr - ok
10:28:17.0050 1844  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
10:28:17.0050 1844  ehSched - ok
10:28:17.0050 1844  [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
10:28:17.0065 1844  ElbyCDIO - ok
10:28:17.0081 1844  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
10:28:17.0096 1844  elxstor - ok
10:28:17.0096 1844  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:28:17.0096 1844  ErrDev - ok
10:28:17.0112 1844  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
10:28:17.0128 1844  EventSystem - ok
10:28:17.0128 1844  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
10:28:17.0159 1844  exfat - ok
10:28:17.0159 1844  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:28:17.0174 1844  fastfat - ok
10:28:17.0190 1844  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
10:28:17.0206 1844  Fax - ok
10:28:17.0206 1844  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
10:28:17.0206 1844  fdc - ok
10:28:17.0221 1844  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
10:28:17.0237 1844  fdPHost - ok
10:28:17.0237 1844  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:28:17.0252 1844  FDResPub - ok
10:28:17.0268 1844  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:28:17.0268 1844  FileInfo - ok
10:28:17.0268 1844  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:28:17.0284 1844  Filetrace - ok
10:28:17.0299 1844  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
10:28:17.0299 1844  flpydisk - ok
10:28:17.0299 1844  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:28:17.0315 1844  FltMgr - ok
10:28:17.0315 1844  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
10:28:17.0346 1844  FontCache - ok
10:28:17.0346 1844  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:28:17.0346 1844  FontCache3.0.0.0 - ok
10:28:17.0346 1844  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:28:17.0362 1844  FsDepends - ok
10:28:17.0362 1844  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:28:17.0362 1844  Fs_Rec - ok
10:28:17.0377 1844  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:28:17.0377 1844  fvevol - ok
10:28:17.0377 1844  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
10:28:17.0393 1844  gagp30kx - ok
10:28:17.0393 1844  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
10:28:17.0424 1844  gpsvc - ok
10:28:17.0424 1844  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:28:17.0440 1844  hcw85cir - ok
10:28:17.0440 1844  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:28:17.0455 1844  HdAudAddService - ok
10:28:17.0455 1844  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
10:28:17.0455 1844  HDAudBus - ok
10:28:17.0471 1844  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
10:28:17.0471 1844  HidBatt - ok
10:28:17.0471 1844  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
10:28:17.0486 1844  HidBth - ok
10:28:17.0486 1844  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
10:28:17.0502 1844  HidIr - ok
10:28:17.0502 1844  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
10:28:17.0518 1844  hidserv - ok
10:28:17.0518 1844  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:28:17.0533 1844  HidUsb - ok
10:28:17.0533 1844  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:28:17.0549 1844  hkmsvc - ok
10:28:17.0549 1844  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:28:17.0564 1844  HomeGroupListener - ok
10:28:17.0564 1844  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:28:17.0580 1844  HomeGroupProvider - ok
10:28:17.0580 1844  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
10:28:17.0596 1844  HpSAMD - ok
10:28:17.0596 1844  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:28:17.0627 1844  HTTP - ok
10:28:17.0627 1844  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:28:17.0627 1844  hwpolicy - ok
10:28:17.0627 1844  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
10:28:17.0642 1844  i8042prt - ok
10:28:17.0642 1844  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
10:28:17.0658 1844  iaStorV - ok
10:28:17.0658 1844  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:28:17.0674 1844  idsvc - ok
10:28:17.0689 1844  IEEtwCollectorService - ok
10:28:17.0689 1844  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
10:28:17.0689 1844  iirsp - ok
10:28:17.0705 1844  [ 344789398EC3EE5A4E00C52B31847946 ] IKEEXT          C:\Windows\System32\ikeext.dll
10:28:17.0720 1844  IKEEXT - ok
10:28:17.0720 1844  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
10:28:17.0720 1844  intelide - ok
10:28:17.0720 1844  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:28:17.0736 1844  intelppm - ok
10:28:17.0736 1844  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:28:17.0752 1844  IPBusEnum - ok
10:28:17.0767 1844  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:28:17.0783 1844  IpFilterDriver - ok
10:28:17.0783 1844  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:28:17.0798 1844  iphlpsvc - ok
10:28:17.0798 1844  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
10:28:17.0814 1844  IPMIDRV - ok
10:28:17.0814 1844  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:28:17.0830 1844  IPNAT - ok
10:28:17.0830 1844  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:28:17.0845 1844  IRENUM - ok
10:28:17.0845 1844  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:28:17.0861 1844  isapnp - ok
10:28:17.0861 1844  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
10:28:17.0861 1844  iScsiPrt - ok
10:28:17.0876 1844  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
10:28:17.0876 1844  kbdclass - ok
10:28:17.0876 1844  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
10:28:17.0892 1844  kbdhid - ok
10:28:17.0892 1844  [ 4D71227301DD8D09097B9E4CC6527E5A ] KeyIso          C:\Windows\system32\lsass.exe
10:28:17.0892 1844  KeyIso - ok
10:28:17.0892 1844  [ 8F489706472F7E9A06BAAA198703FA64 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:28:17.0908 1844  KSecDD - ok
10:28:17.0908 1844  [ 868A2CAAB12EFC7A021682BCA0EEC54C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:28:17.0908 1844  KSecPkg - ok
10:28:17.0908 1844  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
10:28:17.0939 1844  ksthunk - ok
10:28:17.0939 1844  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:28:17.0970 1844  KtmRm - ok
10:28:17.0970 1844  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
10:28:17.0986 1844  LanmanServer - ok
10:28:18.0001 1844  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:28:18.0017 1844  LanmanWorkstation - ok
10:28:18.0017 1844  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:28:18.0032 1844  lltdio - ok
10:28:18.0048 1844  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:28:18.0064 1844  lltdsvc - ok
10:28:18.0064 1844  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:28:18.0095 1844  lmhosts - ok
10:28:18.0095 1844  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
10:28:18.0095 1844  LSI_FC - ok
10:28:18.0110 1844  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
10:28:18.0110 1844  LSI_SAS - ok
10:28:18.0110 1844  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
10:28:18.0126 1844  LSI_SAS2 - ok
10:28:18.0126 1844  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
10:28:18.0126 1844  LSI_SCSI - ok
10:28:18.0126 1844  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
10:28:18.0157 1844  luafv - ok
10:28:18.0157 1844  [ A832517901EEF41C206D70FCEC89B275 ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
10:28:18.0173 1844  LVRS64 - ok
10:28:18.0204 1844  [ 644E919936A8017B5F205E7FE7EDD19F ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
10:28:18.0266 1844  LVUVC64 - ok
10:28:18.0266 1844  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
10:28:18.0282 1844  Mcx2Svc - ok
10:28:18.0282 1844  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
10:28:18.0282 1844  megasas - ok
10:28:18.0298 1844  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
10:28:18.0298 1844  MegaSR - ok
10:28:18.0298 1844  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
10:28:18.0313 1844  MEIx64 - ok
10:28:18.0313 1844  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
10:28:18.0329 1844  MMCSS - ok
10:28:18.0329 1844  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
10:28:18.0360 1844  Modem - ok
10:28:18.0360 1844  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:28:18.0360 1844  monitor - ok
10:28:18.0376 1844  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:28:18.0376 1844  mouclass - ok
10:28:18.0376 1844  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:28:18.0391 1844  mouhid - ok
10:28:18.0391 1844  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:28:18.0391 1844  mountmgr - ok
10:28:18.0391 1844  [ C6B88D62F20AC646C6BD5C032EC2FAF9 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
10:28:18.0407 1844  MpFilter - ok
10:28:18.0407 1844  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:28:18.0422 1844  mpio - ok
10:28:18.0422 1844  MpKsl8cd456b0 - ok
10:28:18.0422 1844  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:28:18.0438 1844  mpsdrv - ok
10:28:18.0454 1844  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:28:18.0485 1844  MpsSvc - ok
10:28:18.0485 1844  [ 1A4F75E63C9FB84B85DFFC6B63FD5404 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:28:18.0500 1844  MRxDAV - ok
10:28:18.0500 1844  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:28:18.0500 1844  mrxsmb - ok
10:28:18.0516 1844  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:28:18.0516 1844  mrxsmb10 - ok
10:28:18.0516 1844  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:28:18.0532 1844  mrxsmb20 - ok
10:28:18.0532 1844  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
10:28:18.0532 1844  msahci - ok
10:28:18.0547 1844  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:28:18.0547 1844  msdsm - ok
10:28:18.0547 1844  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
10:28:18.0563 1844  MSDTC - ok
10:28:18.0563 1844  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:28:18.0578 1844  Msfs - ok
10:28:18.0594 1844  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:28:18.0625 1844  mshidkmdf - ok
10:28:18.0625 1844  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:28:18.0625 1844  msisadrv - ok
10:28:18.0625 1844  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:28:18.0656 1844  MSiSCSI - ok
10:28:18.0656 1844  msiserver - ok
10:28:18.0656 1844  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:28:18.0672 1844  MSKSSRV - ok
10:28:18.0688 1844  [ 7675E15D1B2180745E4DA4D26AAD7385 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
10:28:18.0688 1844  MsMpSvc - ok
10:28:18.0688 1844  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:28:18.0703 1844  MSPCLOCK - ok
10:28:18.0719 1844  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:28:18.0734 1844  MSPQM - ok
10:28:18.0734 1844  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:28:18.0750 1844  MsRPC - ok
10:28:18.0750 1844  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
10:28:18.0750 1844  mssmbios - ok
10:28:18.0766 1844  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:28:18.0781 1844  MSTEE - ok
10:28:18.0781 1844  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
10:28:18.0781 1844  MTConfig - ok
10:28:18.0797 1844  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
10:28:18.0797 1844  Mup - ok
10:28:18.0797 1844  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
10:28:18.0828 1844  napagent - ok
10:28:18.0828 1844  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:28:18.0844 1844  NativeWifiP - ok
10:28:18.0859 1844  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:28:18.0875 1844  NDIS - ok
10:28:18.0875 1844  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:28:18.0890 1844  NdisCap - ok
10:28:18.0890 1844  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:28:18.0906 1844  NdisTapi - ok
10:28:18.0922 1844  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:28:18.0937 1844  Ndisuio - ok
10:28:18.0937 1844  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:28:18.0968 1844  NdisWan - ok
10:28:18.0968 1844  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:28:18.0984 1844  NDProxy - ok
10:28:18.0984 1844  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:28:19.0000 1844  NetBIOS - ok
10:28:19.0015 1844  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:28:19.0031 1844  NetBT - ok
10:28:19.0031 1844  [ 4D71227301DD8D09097B9E4CC6527E5A ] Netlogon        C:\Windows\system32\lsass.exe
10:28:19.0046 1844  Netlogon - ok
10:28:19.0046 1844  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
10:28:19.0078 1844  Netman - ok
10:28:19.0078 1844  [ 21318671BCAD3ACF16638F98D4D00973 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:28:19.0078 1844  NetMsmqActivator - ok
10:28:19.0093 1844  [ 21318671BCAD3ACF16638F98D4D00973 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:28:19.0093 1844  NetPipeActivator - ok
10:28:19.0093 1844  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
10:28:19.0124 1844  netprofm - ok
10:28:19.0124 1844  [ 21318671BCAD3ACF16638F98D4D00973 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:28:19.0140 1844  NetTcpActivator - ok
10:28:19.0140 1844  [ 21318671BCAD3ACF16638F98D4D00973 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:28:19.0140 1844  NetTcpPortSharing - ok
10:28:19.0156 1844  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
10:28:19.0156 1844  nfrd960 - ok
10:28:19.0156 1844  [ ACE8C64C57E4A711473C8BC10ADF692B ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:28:19.0171 1844  NisDrv - ok
10:28:19.0171 1844  [ 6247E8B31ED0A9D6BC5A26276E49BEB3 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
10:28:19.0187 1844  NisSrv - ok
10:28:19.0187 1844  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:28:19.0202 1844  NlaSvc - ok
10:28:19.0202 1844  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:28:19.0218 1844  Npfs - ok
10:28:19.0218 1844  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
10:28:19.0234 1844  nsi - ok
10:28:19.0249 1844  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:28:19.0265 1844  nsiproxy - ok
10:28:19.0280 1844  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:28:19.0296 1844  Ntfs - ok
10:28:19.0296 1844  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
10:28:19.0327 1844  Null - ok
10:28:19.0327 1844  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:28:19.0327 1844  nvraid - ok
10:28:19.0343 1844  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:28:19.0343 1844  nvstor - ok
10:28:19.0343 1844  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:28:19.0358 1844  nv_agp - ok
10:28:19.0358 1844  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:28:19.0358 1844  ohci1394 - ok
10:28:19.0358 1844  [ 6FF6EF1CC25E558CF0335928B658D11E ] OpenVPNAccessClient C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
10:28:19.0374 1844  OpenVPNAccessClient ( UnsignedFile.Multi.Generic ) - warning
10:28:19.0374 1844  OpenVPNAccessClient - detected UnsignedFile.Multi.Generic (1)
10:28:19.0374 1844  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:28:19.0374 1844  ose - ok
10:28:19.0405 1844  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:28:19.0468 1844  osppsvc - ok
10:28:19.0483 1844  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:28:19.0483 1844  p2pimsvc - ok
10:28:19.0499 1844  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
10:28:19.0499 1844  p2psvc - ok
10:28:19.0514 1844  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
10:28:19.0514 1844  Parport - ok
10:28:19.0514 1844  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:28:19.0530 1844  partmgr - ok
10:28:19.0530 1844  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:28:19.0546 1844  PcaSvc - ok
10:28:19.0546 1844  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
10:28:19.0546 1844  pci - ok
10:28:19.0546 1844  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
10:28:19.0561 1844  pciide - ok
10:28:19.0561 1844  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
10:28:19.0577 1844  pcmcia - ok
10:28:19.0577 1844  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
10:28:19.0577 1844  pcw - ok
10:28:19.0592 1844  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:28:19.0608 1844  PEAUTH - ok
10:28:19.0624 1844  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
10:28:19.0639 1844  PerfHost - ok
10:28:19.0655 1844  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
10:28:19.0686 1844  pla - ok
10:28:19.0686 1844  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:28:19.0702 1844  PlugPlay - ok
10:28:19.0702 1844  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
10:28:19.0717 1844  PNRPAutoReg - ok
10:28:19.0717 1844  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
10:28:19.0717 1844  PNRPsvc - ok
10:28:19.0733 1844  [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64         C:\Windows\system32\DRIVERS\point64.sys
10:28:19.0733 1844  Point64 - ok
10:28:19.0733 1844  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:28:19.0764 1844  PolicyAgent - ok
10:28:19.0764 1844  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
10:28:19.0795 1844  Power - ok
10:28:19.0795 1844  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:28:19.0811 1844  PptpMiniport - ok
10:28:19.0811 1844  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
10:28:19.0826 1844  Processor - ok
10:28:19.0826 1844  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
10:28:19.0842 1844  ProfSvc - ok
10:28:19.0842 1844  [ 4D71227301DD8D09097B9E4CC6527E5A ] ProtectedStorage C:\Windows\system32\lsass.exe
10:28:19.0842 1844  ProtectedStorage - ok
10:28:19.0842 1844  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:28:19.0873 1844  Psched - ok
10:28:19.0889 1844  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
10:28:19.0904 1844  ql2300 - ok
10:28:19.0904 1844  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
10:28:19.0920 1844  ql40xx - ok
10:28:19.0920 1844  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
10:28:19.0936 1844  QWAVE - ok
10:28:19.0936 1844  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:28:19.0951 1844  QWAVEdrv - ok
10:28:19.0951 1844  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:28:19.0967 1844  RasAcd - ok
10:28:19.0967 1844  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
10:28:19.0998 1844  RasAgileVpn - ok
10:28:19.0998 1844  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
10:28:20.0014 1844  RasAuto - ok
10:28:20.0014 1844  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:28:20.0045 1844  Rasl2tp - ok
10:28:20.0045 1844  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
10:28:20.0060 1844  RasMan - ok
10:28:20.0060 1844  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:28:20.0092 1844  RasPppoe - ok
10:28:20.0092 1844  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:28:20.0107 1844  RasSstp - ok
10:28:20.0123 1844  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:28:20.0138 1844  rdbss - ok
10:28:20.0138 1844  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
10:28:20.0154 1844  rdpbus - ok
10:28:20.0154 1844  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:28:20.0170 1844  RDPCDD - ok
10:28:20.0170 1844  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:28:20.0201 1844  RDPENCDD - ok
10:28:20.0201 1844  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:28:20.0216 1844  RDPREFMP - ok
10:28:20.0216 1844  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:28:20.0232 1844  RdpVideoMiniport - ok
10:28:20.0232 1844  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:28:20.0248 1844  RDPWD - ok
10:28:20.0248 1844  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:28:20.0248 1844  rdyboost - ok
10:28:20.0263 1844  [ EA569D48B2E755AF6D96F03F3335D98A ] Realtek11nCU    C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe
10:28:20.0263 1844  Realtek11nCU ( UnsignedFile.Multi.Generic ) - warning
10:28:20.0263 1844  Realtek11nCU - detected UnsignedFile.Multi.Generic (1)
10:28:20.0263 1844  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:28:20.0279 1844  RemoteAccess - ok
10:28:20.0294 1844  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:28:20.0310 1844  RemoteRegistry - ok
10:28:20.0310 1844  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
10:28:20.0326 1844  RFCOMM - ok
10:28:20.0326 1844  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:28:20.0341 1844  RpcEptMapper - ok
10:28:20.0341 1844  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
10:28:20.0357 1844  RpcLocator - ok
10:28:20.0357 1844  [ 25E25A158967F7A282A235EDEE416B2B ] RpcSs           C:\Windows\system32\rpcss.dll
10:28:20.0372 1844  RpcSs ( UnsignedFile.Multi.Generic ) - warning
10:28:20.0372 1844  RpcSs - detected UnsignedFile.Multi.Generic (1)
10:28:20.0372 1844  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:28:20.0388 1844  rspndr - ok
10:28:20.0404 1844  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
10:28:20.0404 1844  RTL8167 - ok
10:28:20.0419 1844  [ A4F7F9BB5576BF1D3A57F785C5DBEDB7 ] RTL8192cu       C:\Windows\system32\DRIVERS\RTL8192cu.sys
10:28:20.0435 1844  RTL8192cu - ok
10:28:20.0435 1844  [ B3F36B4B3F192EA87DDC119F3A0B3E45 ] RTL8192su       C:\Windows\system32\DRIVERS\RTL8192su.sys
10:28:20.0450 1844  RTL8192su - ok
10:28:20.0450 1844  [ 4D71227301DD8D09097B9E4CC6527E5A ] SamSs           C:\Windows\system32\lsass.exe
10:28:20.0466 1844  SamSs - ok
10:28:20.0466 1844  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:28:20.0466 1844  sbp2port - ok
10:28:20.0466 1844  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:28:20.0497 1844  SCardSvr - ok
10:28:20.0497 1844  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:28:20.0513 1844  scfilter - ok
10:28:20.0528 1844  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
10:28:20.0560 1844  Schedule - ok
10:28:20.0560 1844  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:28:20.0575 1844  SCPolicySvc - ok
10:28:20.0575 1844  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:28:20.0591 1844  SDRSVC - ok
10:28:20.0591 1844  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:28:20.0606 1844  secdrv - ok
10:28:20.0606 1844  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
10:28:20.0638 1844  seclogon - ok
10:28:20.0638 1844  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
10:28:20.0653 1844  SENS - ok
10:28:20.0653 1844  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:28:20.0669 1844  SensrSvc - ok
10:28:20.0669 1844  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
10:28:20.0669 1844  Serenum - ok
10:28:20.0684 1844  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
10:28:20.0684 1844  Serial - ok
10:28:20.0684 1844  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
10:28:20.0700 1844  sermouse - ok
10:28:20.0700 1844  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
10:28:20.0716 1844  SessionEnv - ok
10:28:20.0716 1844  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
10:28:20.0731 1844  sffdisk - ok
10:28:20.0731 1844  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:28:20.0747 1844  sffp_mmc - ok
10:28:20.0747 1844  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
10:28:20.0747 1844  sffp_sd - ok
10:28:20.0747 1844  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
10:28:20.0762 1844  sfloppy - ok
10:28:20.0762 1844  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:28:20.0794 1844  SharedAccess - ok
10:28:20.0794 1844  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:28:20.0825 1844  ShellHWDetection - ok
10:28:20.0825 1844  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
10:28:20.0825 1844  SiSRaid2 - ok
10:28:20.0825 1844  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
10:28:20.0840 1844  SiSRaid4 - ok
10:28:20.0840 1844  [ 50D9949020E02B847CD48F1243FCB895 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
10:28:20.0856 1844  SkypeUpdate - ok
10:28:20.0856 1844  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:28:20.0872 1844  Smb - ok
10:28:20.0872 1844  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:28:20.0887 1844  SNMPTRAP - ok
10:28:20.0887 1844  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:28:20.0887 1844  spldr - ok
10:28:20.0903 1844  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
10:28:20.0903 1844  Spooler - ok
10:28:20.0934 1844  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
10:28:20.0981 1844  sppsvc - ok
10:28:20.0981 1844  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
10:28:21.0012 1844  sppuinotify - ok
10:28:21.0012 1844  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:28:21.0028 1844  srv - ok
10:28:21.0028 1844  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:28:21.0043 1844  srv2 - ok
10:28:21.0043 1844  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:28:21.0043 1844  srvnet - ok
10:28:21.0059 1844  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:28:21.0074 1844  SSDPSRV - ok
10:28:21.0074 1844  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:28:21.0106 1844  SstpSvc - ok
10:28:21.0106 1844  [ AAF6F247F1DC370C593B4430974EAD9C ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
10:28:21.0106 1844  ssudmdm - ok
10:28:21.0121 1844  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
10:28:21.0121 1844  stexstor - ok
10:28:21.0121 1844  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\drivers\serscan.sys
10:28:21.0137 1844  StillCam - ok
10:28:21.0137 1844  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
10:28:21.0152 1844  stisvc - ok
10:28:21.0152 1844  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
10:28:21.0152 1844  swenum - ok
10:28:21.0168 1844  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
10:28:21.0184 1844  swprv - ok
10:28:21.0199 1844  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
10:28:21.0230 1844  SysMain - ok
10:28:21.0230 1844  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:28:21.0246 1844  TabletInputService - ok
10:28:21.0246 1844  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:28:21.0262 1844  TapiSrv - ok
10:28:21.0277 1844  [ 927D0CDB3F96EFC1E98FB1A2C9FB67AD ] tapoas          C:\Windows\system32\DRIVERS\tapoas.sys
10:28:21.0277 1844  tapoas - ok
10:28:21.0277 1844  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
10:28:21.0308 1844  TBS - ok
10:28:21.0308 1844  [ 40AF23633D197905F03AB5628C558C51 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:28:21.0340 1844  Tcpip - ok
10:28:21.0355 1844  [ 40AF23633D197905F03AB5628C558C51 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:28:21.0371 1844  TCPIP6 - ok
10:28:21.0386 1844  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:28:21.0386 1844  tcpipreg - ok
10:28:21.0386 1844  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:28:21.0402 1844  TDPIPE - ok
10:28:21.0402 1844  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:28:21.0402 1844  TDTCP - ok
10:28:21.0402 1844  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:28:21.0433 1844  tdx - ok
10:28:21.0433 1844  [ BB676D2C7AD5E7131D12417E4691F9B9 ] Te.Service      C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe
10:28:21.0433 1844  Te.Service ( UnsignedFile.Multi.Generic ) - warning
10:28:21.0433 1844  Te.Service - detected UnsignedFile.Multi.Generic (1)
10:28:21.0449 1844  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
10:28:21.0449 1844  TermDD - ok
10:28:21.0449 1844  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
10:28:21.0480 1844  TermService - ok
10:28:21.0480 1844  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
10:28:21.0496 1844  Themes - ok
10:28:21.0496 1844  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
10:28:21.0527 1844  THREADORDER - ok
10:28:21.0527 1844  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
10:28:21.0542 1844  TrkWks - ok
10:28:21.0542 1844  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:28:21.0574 1844  TrustedInstaller - ok
10:28:21.0574 1844  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:28:21.0574 1844  tssecsrv - ok
10:28:21.0574 1844  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
10:28:21.0589 1844  TsUsbFlt - ok
10:28:21.0589 1844  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
10:28:21.0589 1844  TsUsbGD - ok
10:28:21.0605 1844  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:28:21.0620 1844  tunnel - ok
10:28:21.0620 1844  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
10:28:21.0636 1844  uagp35 - ok
10:28:21.0636 1844  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:28:21.0652 1844  udfs - ok
10:28:21.0667 1844  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:28:21.0667 1844  UI0Detect - ok
10:28:21.0667 1844  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:28:21.0683 1844  uliagpkx - ok
10:28:21.0683 1844  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
10:28:21.0683 1844  umbus - ok
10:28:21.0683 1844  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
10:28:21.0698 1844  UmPass - ok
10:28:21.0698 1844  [ AEBE8F338432F9DE5AE0CAE4D4BAED76 ] UMVPFSrv        C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
10:28:21.0714 1844  UMVPFSrv - ok
10:28:21.0714 1844  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
10:28:21.0745 1844  upnphost - ok
10:28:21.0745 1844  [ B0435098C81D04CAFFF80DDB746CD3A2 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
10:28:21.0761 1844  usbaudio - ok
10:28:21.0761 1844  [ DCA68B0943D6FA415F0C56C92158A83A ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:28:21.0761 1844  usbccgp - ok
10:28:21.0761 1844  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:28:21.0776 1844  usbcir - ok
10:28:21.0776 1844  [ 18A85013A3E0F7E1755365D287443965 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
10:28:21.0776 1844  usbehci - ok
10:28:21.0792 1844  [ 8D1196CFBB223621F2C67D45710F25BA ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:28:21.0792 1844  usbhub - ok
10:28:21.0792 1844  [ 765A92D428A8DB88B960DA5A8D6089DC ] usbohci         C:\Windows\system32\drivers\usbohci.sys
10:28:21.0808 1844  usbohci - ok
10:28:21.0808 1844  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
10:28:21.0823 1844  usbprint - ok
10:28:21.0823 1844  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
10:28:21.0823 1844  usbscan - ok
10:28:21.0823 1844  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:28:21.0839 1844  USBSTOR - ok
10:28:21.0839 1844  [ DD253AFC3BC6CBA412342DE60C3647F3 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
10:28:21.0839 1844  usbuhci - ok
10:28:21.0854 1844  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
10:28:21.0870 1844  UxSms - ok
10:28:21.0870 1844  [ 4D71227301DD8D09097B9E4CC6527E5A ] VaultSvc        C:\Windows\system32\lsass.exe
10:28:21.0870 1844  VaultSvc - ok
10:28:21.0886 1844  [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
10:28:21.0886 1844  VClone - ok
10:28:21.0886 1844  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
10:28:21.0901 1844  vdrvroot - ok
10:28:21.0901 1844  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
10:28:21.0932 1844  vds - ok
10:28:21.0932 1844  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:28:21.0932 1844  vga - ok
10:28:21.0948 1844  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:28:21.0964 1844  VgaSave - ok
10:28:21.0964 1844  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
10:28:21.0979 1844  vhdmp - ok
10:28:21.0979 1844  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
10:28:21.0979 1844  viaide - ok
10:28:21.0979 1844  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:28:21.0995 1844  volmgr - ok
10:28:21.0995 1844  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:28:22.0010 1844  volmgrx - ok
10:28:22.0010 1844  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:28:22.0010 1844  volsnap - ok
10:28:22.0026 1844  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
10:28:22.0026 1844  vsmraid - ok
10:28:22.0042 1844  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
10:28:22.0073 1844  VSS - ok
10:28:22.0088 1844  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
10:28:22.0088 1844  vwifibus - ok
10:28:22.0088 1844  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
10:28:22.0104 1844  vwififlt - ok
10:28:22.0104 1844  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
10:28:22.0120 1844  vwifimp - ok
10:28:22.0120 1844  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
10:28:22.0135 1844  W32Time - ok
10:28:22.0151 1844  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
10:28:22.0151 1844  WacomPen - ok
10:28:22.0151 1844  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:28:22.0182 1844  WANARP - ok
10:28:22.0182 1844  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:28:22.0198 1844  Wanarpv6 - ok
10:28:22.0213 1844  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
10:28:22.0229 1844  WatAdminSvc - ok
10:28:22.0244 1844  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
10:28:22.0260 1844  wbengine - ok
10:28:22.0260 1844  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:28:22.0276 1844  WbioSrvc - ok
10:28:22.0276 1844  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:28:22.0291 1844  wcncsvc - ok
10:28:22.0291 1844  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:28:22.0307 1844  WcsPlugInService - ok
10:28:22.0307 1844  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
10:28:22.0307 1844  Wd - ok
10:28:22.0307 1844  [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
10:28:22.0322 1844  WDC_SAM - ok
10:28:22.0322 1844  [ E2C933EDBC389386EBE6D2BA953F43D8 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:28:22.0338 1844  Wdf01000 - ok
10:28:22.0338 1844  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:28:22.0354 1844  WdiServiceHost - ok
10:28:22.0354 1844  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:28:22.0369 1844  WdiSystemHost - ok
10:28:22.0369 1844  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D ] WebClient       C:\Windows\System32\webclnt.dll
10:28:22.0385 1844  WebClient - ok
10:28:22.0385 1844  [ D5BA7D43FA2EF656BF7E98A188391E40 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:28:22.0385 1844  Wecsvc - ok
10:28:22.0400 1844  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:28:22.0416 1844  wercplsupport - ok
10:28:22.0416 1844  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:28:22.0447 1844  WerSvc - ok
10:28:22.0447 1844  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:28:22.0463 1844  WfpLwf - ok
10:28:22.0463 1844  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:28:22.0463 1844  WIMMount - ok
10:28:22.0478 1844  WinDefend - ok
10:28:22.0478 1844  WinHttpAutoProxySvc - ok
10:28:22.0478 1844  [ 136760C1E9697BAF4ECDEAE5590A0806 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:28:22.0494 1844  Winmgmt - ok
10:28:22.0510 1844  [ 3BB6B401A780BF434C8F58137DE10BF7 ] WinRM           C:\Windows\system32\WsmSvc.dll
10:28:22.0541 1844  WinRM - ok
10:28:22.0541 1844  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
10:28:22.0556 1844  WinUsb - ok
10:28:22.0556 1844  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:28:22.0588 1844  Wlansvc - ok
10:28:22.0603 1844  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:28:22.0634 1844  wlidsvc - ok
10:28:22.0634 1844  [ 680A7846370000D20D7E74917D5B7936 ] WmBEnum         C:\Windows\system32\drivers\WmBEnum.sys
10:28:22.0634 1844  WmBEnum - ok
10:28:22.0634 1844  [ 14C35BA8189C6F65D839163AA285E954 ] WmFilter        C:\Windows\system32\drivers\WmFilter.sys
10:28:22.0650 1844  WmFilter - ok
10:28:22.0650 1844  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
10:28:22.0650 1844  WmiAcpi - ok
10:28:22.0666 1844  [ 4DF841632B62A7CF19A79A05046A8AB1 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:28:22.0666 1844  wmiApSrv - ok
10:28:22.0666 1844  WMPNetworkSvc - ok
10:28:22.0681 1844  [ 8488DD91A3EE54A8E29F02AD7BB8201E ] WmVirHid        C:\Windows\system32\drivers\WmVirHid.sys
10:28:22.0681 1844  WmVirHid - ok
10:28:22.0681 1844  [ 14802B3A30AA849C97CB968CCC813BF3 ] WmXlCore        C:\Windows\system32\drivers\WmXlCore.sys
10:28:22.0681 1844  WmXlCore - ok
10:28:22.0697 1844  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:28:22.0697 1844  WPCSvc - ok
10:28:22.0697 1844  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:28:22.0712 1844  WPDBusEnum - ok
10:28:22.0712 1844  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:28:22.0728 1844  ws2ifsl - ok
10:28:22.0744 1844  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
10:28:22.0744 1844  wscsvc - ok
10:28:22.0744 1844  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
10:28:22.0759 1844  WSDPrintDevice - ok
10:28:22.0759 1844  WSearch - ok
10:28:22.0775 1844  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
10:28:22.0806 1844  wuauserv - ok
10:28:22.0806 1844  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:28:22.0822 1844  WudfPf - ok
10:28:22.0822 1844  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:28:22.0837 1844  WUDFRd - ok
10:28:22.0837 1844  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:28:22.0853 1844  wudfsvc - ok
10:28:22.0853 1844  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
10:28:22.0853 1844  WwanSvc - ok
10:28:22.0868 1844  ================ Scan global ===============================
10:28:22.0868 1844  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:28:22.0868 1844  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
10:28:22.0884 1844  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
10:28:22.0884 1844  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:28:22.0884 1844  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:28:22.0884 1844  [Global] - ok
10:28:22.0884 1844  ================ Scan MBR ==================================
10:28:22.0884 1844  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
10:28:22.0962 1844  \Device\Harddisk1\DR1 - ok
10:28:22.0962 1844  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:28:23.0056 1844  \Device\Harddisk0\DR0 - ok
10:28:23.0056 1844  ================ Scan VBR ==================================
10:28:23.0056 1844  [ 18A5560DFAFDD36FB690074F066DF277 ] \Device\Harddisk1\DR1\Partition1
10:28:23.0056 1844  \Device\Harddisk1\DR1\Partition1 - ok
10:28:23.0056 1844  [ 2BA4D0529D589083DA9E132E30FEAA70 ] \Device\Harddisk1\DR1\Partition2
10:28:23.0071 1844  \Device\Harddisk1\DR1\Partition2 - ok
10:28:23.0071 1844  [ C4C1C5CE5899D8496782992ECB91830F ] \Device\Harddisk0\DR0\Partition1
10:28:23.0071 1844  \Device\Harddisk0\DR0\Partition1 - ok
10:28:23.0071 1844  ============================================================
10:28:23.0071 1844  Scan finished
10:28:23.0071 1844  ============================================================
10:28:23.0071 1460  Detected object count: 5
10:28:23.0071 1460  Actual detected object count: 5
10:30:55.0031 1460  DcomLaunch ( UnsignedFile.Multi.Generic ) - skipped by user
10:30:55.0031 1460  DcomLaunch ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:30:55.0031 1460  OpenVPNAccessClient ( UnsignedFile.Multi.Generic ) - skipped by user
10:30:55.0031 1460  OpenVPNAccessClient ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:30:55.0031 1460  Realtek11nCU ( UnsignedFile.Multi.Generic ) - skipped by user
10:30:55.0031 1460  Realtek11nCU ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:30:55.0047 1460  RpcSs ( UnsignedFile.Multi.Generic ) - skipped by user
10:30:55.0047 1460  RpcSs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:30:55.0047 1460  Te.Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:30:55.0047 1460  Te.Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:33:03.0370 1208  Deinitialize success
 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-02-22 10:33:06
-----------------------------
10:33:06.483    OS Version: Windows x64 6.1.7601 Service Pack 1
10:33:06.483    Number of processors: 4 586 0x2A07
10:33:06.483    ComputerName: HOME-PC  UserName: Chris
10:33:06.608    Initialize success
10:33:28.730    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4
10:33:28.730    Disk 0 Vendor: ST1000DM003-9YN162 CC46 Size: 953869MB BusType: 11
10:33:28.730    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-3
10:33:28.746    Disk 1 Vendor: M4-CT128M4SSD2 040H Size: 122104MB BusType: 11
10:33:28.746    Disk 1 MBR read successfully
10:33:28.746    Disk 1 MBR scan
10:33:28.746    Disk 1 Windows 7 default MBR code
10:33:28.746    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
10:33:28.746    Disk 1 Partition 2 00     07    HPFS/NTFS NTFS       122002 MB offset 206848
10:33:28.762    Disk 1 scanning C:\Windows\system32\drivers
10:33:29.386    Service scanning
10:33:31.445    Modules scanning
10:33:31.445    Disk 1 trace - called modules:
10:33:31.445    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
10:33:31.445    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800755b060]
10:33:31.445    3 CLASSPNP.SYS[fffff880017ce43f] -> nt!IofCallDriver -> [0xfffffa800736c520]
10:33:31.445    5 ACPI.sys[fffff88000f837a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa800735c4e0]
10:33:31.445    Scan finished successfully
10:33:58.464    Disk 1 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
10:33:58.464    The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR.txt"
 
 
 

 

Attached Files

  • Attached File  MBR.zip   560bytes   0 downloads


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:51 PM

Posted 22 February 2014 - 01:44 PM


Your Master Boot Record is clean.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#5 chrisb10a

chrisb10a
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 23 February 2014 - 01:54 PM

Thank you for your continued help.

 

Adwcleaner.exe found a few issues. I did click the Clean button to remove everything it found. The original problem still exists.

 

 

Thanks again,

Chris

 

 

# AdwCleaner v3.019 - Report created 23/02/2014 at 13:11:43
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Chris - HOME-PC
# Running from : C:\Users\Chris\Desktop\adwcleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [893 octets] - [23/02/2014 13:11:43]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [952 octets] ##########
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Chris on Sun 02/23/2014 at 13:17:09.02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{0D5D89D4-27D8-4FC9-97BD-F353870B442D}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{267BD188-CF31-4FB9-BD6A-64E1FDFC3376}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{2858C632-4389-4F44-85A9-C883D2990BA2}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{29013DDE-88DD-41F4-9744-DA5FF8B93124}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{4FB82594-9E25-4F54-8D0F-14D959A60DA5}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{614D0450-F257-4324-9C8E-90737ABF2505}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{6CDACABA-A077-45EF-B084-CB810CCEDA88}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{730EDD9A-C2DA-43B7-B959-EE65B382F770}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{B2CAB225-3D95-4E8D-B171-2E09E3DF72BF}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{BF6B6310-E66F-4384-9F8A-584F81D9ADDC}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/23/2014 at 13:19:49.92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2014 01
Ran by Chris (administrator) on HOME-PC on 23-02-2014 13:22:16
Running from C:\Users\Chris\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM-x32\...\Run: [] - [X]
HKU\S-1-5-19\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-207386558-4275052178-3415983149-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Chris\AppData\Local\Temp\ssmnvju\srvqxee\wow.dll ATTENTION! ====> ZeroAccess?
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6AA84BC19DCACC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220 75.75.76.76
 
Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Shockwave Flash) - C:\Users\Chris\AppData\Local\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Chris\AppData\Local\Google\Chrome\Application\32.0.1700.107\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Chris\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Chris\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Java™ Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Chris\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (YouTube) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-08-13]
CHR Extension: (Google Search) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-08-13]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-01-10]
CHR Extension: (Google Wallet) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-08-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-09-05]
 
==================== Services (Whitelisted) =================
 
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S4 OpenVPNAccessClient; C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [24064 2011-08-05] ()
S4 Realtek11nCU; C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation                           )
R3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2010-10-06] (The OpenVPN Project)
S1 MpKsl8cd456b0; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BECFFAE6-1D6F-4FD5-A32A-1E43B50711F9}\MpKsl8cd456b0.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-23 13:22 - 2014-02-23 13:22 - 00008428 _____ () C:\Users\Chris\Desktop\FRST.txt
2014-02-23 13:22 - 2014-02-23 13:22 - 00000000 ____D () C:\FRST
2014-02-23 13:19 - 2014-02-23 13:19 - 00001695 _____ () C:\Users\Chris\Desktop\JRT.txt
2014-02-23 13:17 - 2014-02-23 13:17 - 00000000 ____D () C:\Windows\ERUNT
2014-02-23 13:11 - 2014-02-23 13:15 - 00000000 ____D () C:\AdwCleaner
2014-02-23 13:11 - 2014-02-23 11:23 - 02155520 _____ (Farbar) C:\Users\Chris\Desktop\FRST64.exe
2014-02-23 13:11 - 2014-02-23 11:22 - 01037734 _____ (Thisisu) C:\Users\Chris\Desktop\JRT.exe
2014-02-23 13:11 - 2014-02-23 11:21 - 01241834 _____ () C:\Users\Chris\Desktop\adwcleaner.exe
2014-02-22 10:35 - 2014-02-22 10:35 - 00000560 _____ () C:\Users\Chris\Desktop\MBR.zip
2014-02-22 10:33 - 2014-02-22 10:33 - 00001787 _____ () C:\Users\Chris\Desktop\aswMBR.txt
2014-02-22 10:33 - 2014-02-22 10:33 - 00000512 _____ () C:\Users\Chris\Desktop\MBR.dat
2014-02-22 10:27 - 2014-02-22 10:20 - 04745728 _____ (AVAST Software) C:\Users\Chris\Desktop\aswMBR.exe
2014-02-22 10:27 - 2014-02-22 10:19 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Chris\Desktop\tdsskiller.exe
2014-02-18 20:19 - 2014-02-18 20:19 - 00013439 _____ () C:\Users\Chris\Desktop\attach.txt
2014-02-18 20:19 - 2014-02-18 20:18 - 00012948 _____ () C:\Users\Chris\Desktop\dds.txt
2014-02-18 20:18 - 2014-02-18 20:15 - 00688992 ____R (Swearware) C:\Users\Chris\Desktop\dds.com
2014-02-15 21:09 - 2014-02-15 21:09 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-15 21:08 - 2014-02-15 21:08 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-15 21:08 - 2014-02-15 21:08 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-15 21:08 - 2014-02-15 21:08 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-15 21:08 - 2014-02-15 21:08 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-15 21:08 - 2014-02-15 21:08 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-15 15:42 - 2014-02-15 15:42 - 00366464 ____N () C:\Windows\Minidump\021514-9562-01.dmp
2014-02-15 15:35 - 2014-02-17 15:05 - 00000074 _____ () C:\Windows\system32\povgup.xrn
2014-02-15 15:22 - 2014-02-15 15:22 - 00000064 _____ () C:\Windows\system32\xxodju.trv
2014-02-15 15:22 - 2014-02-15 15:22 - 00000000 _____ () C:\Windows\system32\xmtmkr.otz
2014-02-15 04:21 - 2014-02-15 04:21 - 00228999 ____S () C:\Windows\system32\eresb.dsy
2014-02-13 20:28 - 2014-02-13 20:29 - 00000000 ____D () C:\Users\Chris\Downloads\<name changed privacy>
2014-02-13 20:16 - 2014-02-14 14:19 - 00000000 ____D () C:\Users\Chris\Downloads\<name changed privacy>
2014-02-13 19:58 - 2014-02-13 19:58 - 00000000 ____D () C:\Users\Chris\Downloads\<name changed privacy
2014-02-13 14:34 - 2014-02-13 14:34 - 00011410 _____ () C:\Users\Chris\Desktop\<name changed privacy>.xlsx
2014-02-13 10:06 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 10:06 - 2013-12-31 18:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 22:30 - 2014-02-06 07:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 22:30 - 2014-02-06 06:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 22:30 - 2014-02-06 06:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 22:30 - 2014-02-06 06:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 22:30 - 2014-02-06 06:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 22:30 - 2014-02-06 06:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 22:30 - 2014-02-06 05:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 22:30 - 2014-02-06 05:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 22:30 - 2014-02-06 05:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 22:30 - 2014-02-06 05:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 22:30 - 2014-02-06 05:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 22:30 - 2014-02-06 05:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 22:30 - 2014-02-06 05:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 22:30 - 2014-02-06 05:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 22:30 - 2014-02-06 05:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 22:30 - 2014-02-06 05:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 22:30 - 2014-02-06 05:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 22:30 - 2014-02-06 05:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 22:30 - 2014-02-06 05:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 22:30 - 2014-02-06 04:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 22:30 - 2014-02-06 04:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 22:30 - 2014-02-06 04:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 22:30 - 2014-02-06 04:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 22:30 - 2014-02-06 04:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 22:30 - 2014-02-06 04:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 22:30 - 2014-02-06 04:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 22:30 - 2014-02-06 04:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 22:30 - 2014-02-06 04:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 22:30 - 2014-02-06 04:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 22:30 - 2014-02-06 04:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 22:30 - 2014-02-06 04:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 22:30 - 2014-02-06 04:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 22:30 - 2014-02-06 04:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 22:30 - 2014-02-06 04:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 22:30 - 2014-02-06 03:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 22:30 - 2014-02-06 03:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 22:30 - 2014-02-06 03:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 22:30 - 2014-02-06 03:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 22:30 - 2014-02-06 03:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 22:30 - 2013-12-21 04:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 22:30 - 2013-12-21 03:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 22:29 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 22:29 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 22:29 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 22:29 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-12 22:28 - 2013-12-05 21:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 22:28 - 2013-12-05 21:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 22:28 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 22:28 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-01-24 16:57 - 2014-01-24 16:58 - 00000000 ____D () C:\Users\Chris\Downloads\
2014-01-24 16:37 - 2014-01-24 16:38 - 00000000 ____D () C:\Users\Chris\Downloads\<name changed privacy>
2014-01-24 16:07 - 2014-01-24 16:07 - 00000000 ____D () C:\Users\Chris\Downloads\<name changed privacy>
 
==================== One Month Modified Files and Folders =======
 
2014-02-23 13:22 - 2014-02-23 13:22 - 00008428 _____ () C:\Users\Chris\Desktop\FRST.txt
2014-02-23 13:22 - 2014-02-23 13:22 - 00000000 ____D () C:\FRST
2014-02-23 13:20 - 2009-07-14 00:13 - 00786514 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-23 13:19 - 2014-02-23 13:19 - 00001695 _____ () C:\Users\Chris\Desktop\JRT.txt
2014-02-23 13:17 - 2014-02-23 13:17 - 00000000 ____D () C:\Windows\ERUNT
2014-02-23 13:16 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-23 13:16 - 2009-07-13 23:51 - 00067769 _____ () C:\Windows\setupact.log
2014-02-23 13:15 - 2014-02-23 13:11 - 00000000 ____D () C:\AdwCleaner
2014-02-23 13:14 - 2009-07-13 23:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-23 13:14 - 2009-07-13 23:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-23 11:23 - 2014-02-23 13:11 - 02155520 _____ (Farbar) C:\Users\Chris\Desktop\FRST64.exe
2014-02-23 11:22 - 2014-02-23 13:11 - 01037734 _____ (Thisisu) C:\Users\Chris\Desktop\JRT.exe
2014-02-23 11:21 - 2014-02-23 13:11 - 01241834 _____ () C:\Users\Chris\Desktop\adwcleaner.exe
2014-02-22 10:48 - 2012-08-13 19:56 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-207386558-4275052178-3415983149-1000UA.job
2014-02-22 10:35 - 2014-02-22 10:35 - 00000560 _____ () C:\Users\Chris\Desktop\MBR.zip
2014-02-22 10:33 - 2014-02-22 10:33 - 00001787 _____ () C:\Users\Chris\Desktop\aswMBR.txt
2014-02-22 10:33 - 2014-02-22 10:33 - 00000512 _____ () C:\Users\Chris\Desktop\MBR.dat
2014-02-22 10:26 - 2012-01-03 22:53 - 02081437 _____ () C:\Windows\WindowsUpdate.log
2014-02-22 10:20 - 2014-02-22 10:27 - 04745728 _____ (AVAST Software) C:\Users\Chris\Desktop\aswMBR.exe
2014-02-22 10:19 - 2014-02-22 10:27 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Chris\Desktop\tdsskiller.exe
2014-02-18 20:19 - 2014-02-18 20:19 - 00013439 _____ () C:\Users\Chris\Desktop\attach.txt
2014-02-18 20:18 - 2014-02-18 20:19 - 00012948 _____ () C:\Users\Chris\Desktop\dds.txt
2014-02-18 20:15 - 2014-02-18 20:18 - 00688992 ____R (Swearware) C:\Users\Chris\Desktop\dds.com
2014-02-17 15:49 - 2012-03-04 15:17 - 00000000 ____D () C:\Users\Chris\Documents\Outlook Files
2014-02-17 15:05 - 2014-02-15 15:35 - 00000074 _____ () C:\Windows\system32\povgup.xrn
2014-02-15 21:09 - 2014-02-15 21:09 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-15 21:08 - 2014-02-15 21:08 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-15 21:08 - 2014-02-15 21:08 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-15 21:08 - 2014-02-15 21:08 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-15 21:08 - 2014-02-15 21:08 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-15 21:08 - 2014-02-15 21:08 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-15 19:48 - 2012-08-13 19:56 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-207386558-4275052178-3415983149-1000Core.job
2014-02-15 16:20 - 2012-02-15 19:03 - 00953636 _____ () C:\Users\Chris\ovpntray.log
2014-02-15 16:18 - 2012-01-03 22:53 - 00000000 ____D () C:\Users\Chris
2014-02-15 15:43 - 2012-03-17 11:23 - 00000000 ____D () C:\Windows\Minidump
2014-02-15 15:42 - 2014-02-15 15:42 - 00366464 ____N () C:\Windows\Minidump\021514-9562-01.dmp
2014-02-15 15:22 - 2014-02-15 15:22 - 00000064 _____ () C:\Windows\system32\xxodju.trv
2014-02-15 15:22 - 2014-02-15 15:22 - 00000000 _____ () C:\Windows\system32\xmtmkr.otz
2014-02-15 04:21 - 2014-02-15 04:21 - 00228999 ____S () C:\Windows\system32\eresb.dsy
2014-02-15 04:21 - 2012-01-05 17:22 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\<name changed privacy>
2014-02-15 04:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-02-14 14:59 - 2012-03-08 21:58 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\<name changed privacy>
2014-02-14 14:19 - 2014-02-13 20:16 - 00000000 ____D () C:\Users\Chris\Downloads\<name changed privacy>
2014-02-13 20:29 - 2014-02-13 20:28 - 00000000 ____D () C:\Users\Chris\Downloads\<name changed privacy>
2014-02-13 19:58 - 2014-02-13 19:58 - 00000000 ____D () C:\Users\Chris\Downloads\<name changed privacy>
2014-02-13 14:34 - 2014-02-13 14:34 - 00011410 _____ () C:\Users\Chris\Desktop\<name changed privacy>.xlsx
2014-02-13 10:34 - 2013-10-14 09:50 - 00000000 ____D () C:\Users\Chris\AppData\Local\OpenVPN Technologies
2014-02-13 10:03 - 2010-11-20 22:47 - 00286670 _____ () C:\Windows\PFRO.log
2014-02-12 22:33 - 2013-08-14 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 22:33 - 2012-01-04 20:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-12 22:32 - 2012-01-03 23:11 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-12 22:31 - 2012-03-04 14:55 - 00778636 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-12 22:30 - 2009-07-13 21:34 - 00000478 _____ () C:\Windows\win.ini
2014-02-10 19:43 - 2012-08-13 19:56 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-207386558-4275052178-3415983149-1000UA
2014-02-10 19:43 - 2012-08-13 19:56 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-207386558-4275052178-3415983149-1000Core
2014-02-09 16:36 - 2012-05-27 10:09 - 00000000 ____D () C:\Users\Chris\Documents\<name changed privacy>
2014-02-06 13:43 - 2013-07-24 18:42 - 00000000 ____D () C:\Users\Chris\Documents\<name changed privacy>
2014-02-06 07:16 - 2014-02-12 22:30 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 06:30 - 2014-02-12 22:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 06:30 - 2014-02-12 22:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 06:12 - 2014-02-12 22:30 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 06:07 - 2014-02-12 22:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 06:06 - 2014-02-12 22:30 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 05:57 - 2014-02-12 22:30 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 05:56 - 2014-02-12 22:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 05:52 - 2014-02-12 22:30 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 05:49 - 2014-02-12 22:30 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 05:48 - 2014-02-12 22:30 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 05:48 - 2014-02-12 22:30 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 05:38 - 2014-02-12 22:30 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 05:32 - 2014-02-12 22:30 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 05:20 - 2014-02-12 22:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 05:17 - 2014-02-12 22:30 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 05:11 - 2014-02-12 22:30 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 05:01 - 2014-02-12 22:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 05:00 - 2014-02-12 22:30 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 04:57 - 2014-02-12 22:30 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 04:57 - 2014-02-12 22:30 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 04:52 - 2014-02-12 22:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 04:52 - 2014-02-12 22:30 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 04:50 - 2014-02-12 22:30 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 04:49 - 2014-02-12 22:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 04:47 - 2014-02-12 22:30 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 04:46 - 2014-02-12 22:30 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 04:25 - 2014-02-12 22:30 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 04:25 - 2014-02-12 22:30 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 04:24 - 2014-02-12 22:30 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 04:22 - 2014-02-12 22:30 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 04:13 - 2014-02-12 22:30 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 04:09 - 2014-02-12 22:30 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 04:03 - 2014-02-12 22:30 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 03:55 - 2014-02-12 22:30 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 03:41 - 2014-02-12 22:30 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 03:40 - 2014-02-12 22:30 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 03:36 - 2014-02-12 22:30 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 03:34 - 2014-02-12 22:30 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-03 22:44 - 2012-08-13 19:56 - 00002363 _____ () C:\Users\Chris\Desktop\Google Chrome.lnk
2014-02-03 15:34 - 2012-03-04 16:27 - 00000000 ____D () C:\Users\Chris\Documents\<name changed privacy>
2014-01-31 17:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-01-24 16:58 - 2014-01-24 16:57 - 00000000 ____D () C:\Users\Chris\Downloads\<name changed privacy>
2014-01-24 16:38 - 2014-01-24 16:37 - 00000000 ____D () C:\Users\Chris\Downloads\<name changed privacy>
2014-01-24 16:07 - 2014-01-24 16:07 - 00000000 ____D () C:\Users\Chris\Downloads\<name changed privacy>
 
Some content of TEMP:
====================
C:\Users\Chris\AppData\Local\Temp\heec.exe
C:\Users\Chris\AppData\Local\Temp\install.exe
C:\Users\Chris\AppData\Local\Temp\jna1044147733184025240.dll
C:\Users\Chris\AppData\Local\Temp\jna8152133549266890281.dll
C:\Users\Chris\AppData\Local\Temp\jna9039724257152889763.dll
C:\Users\Chris\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe
C:\Users\Chris\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Chris\AppData\Local\Temp\ols7771.exe
C:\Users\Chris\AppData\Local\Temp\olset32.exe
C:\Users\Chris\AppData\Local\Temp\ose00000.exe
C:\Users\Chris\AppData\Local\Temp\OutlookConnector.exe
C:\Users\Chris\AppData\Local\Temp\outlookset.exe
C:\Users\Chris\AppData\Local\Temp\outlookset64.exe
C:\Users\Chris\AppData\Local\Temp\prestall.exe
C:\Users\Chris\AppData\Local\Temp\Quarantine.exe
C:\Users\Chris\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Chris\AppData\Local\Temp\vlc-2.0.7-win32.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2010-11-20 22:24] - [2010-11-20 22:24] - 0513024 ____A (Microsoft Corporation) 25E25A158967F7A282A235EDEE416B2B
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-08 00:33
 
==================== End Of Log ============================
 
 

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:51 PM

Posted 23 February 2014 - 02:36 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start
HKLM-x32\...\Run: [] - [X]
HKU\S-1-5-21-207386558-4275052178-3415983149-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Chris\AppData\Local\Temp\ssmnvju\srvqxee\wow.dll ATTENTION! ====> ZeroAccess?
S1 MpKsl8cd456b0; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BECFFAE6-1D6F-4FD5-A32A-1E43B50711F9}\MpKsl8cd456b0.sys [X]

end

Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.

Restart the computer normally.

Is the problem persisting?

#7 chrisb10a

chrisb10a
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 23 February 2014 - 03:03 PM

Thank you so much for the quick response. I have run the suggested fix but the problem persists.

 

 

Chris

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-02-2014 01
Ran by Chris at 2014-02-23 14:58:26 Run:1
Running from C:\Users\Chris\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] - [X]
HKU\S-1-5-21-207386558-4275052178-3415983149-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Chris\AppData\Local\Temp\ssmnvju\srvqxee\wow.dll ATTENTION! ====> ZeroAccess?
S1 MpKsl8cd456b0; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BECFFAE6-1D6F-4FD5-A32A-1E43B50711F9}\MpKsl8cd456b0.sys [X]
 
end
 
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKU\S-1-5-21-207386558-4275052178-3415983149-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully.
MpKsl8cd456b0 => Service deleted successfully.
 
==== End of Fixlog ====


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:51 PM

Posted 24 February 2014 - 07:48 AM


The Zero Access infection is still present.

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

#9 chrisb10a

chrisb10a
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 24 February 2014 - 10:16 PM

Thank you for your continued help.

 

I followed these instructions exactly however the Status box never showed the message "Deleting Finished". The scan found a number of issues as noted in the first log below. However, for some reason I cannot connect to a network any more. I get a message about a service not being enabled. I tried to enable all services that were stopped but many of the seeming networking related ones could not be started. Anyway, I let the program run for maybe half an hour but it never got to "Deleting Finished" presumably because I was not online. I ended up stopping the program and rebooting the computer.

 

I ran the program again for a second time and nothing was found. However, the problem of the strange taskbar and window appearance is still there. I can't get online to confirm that the entire problem persists.

 

 

  RogueKiller V8.8.9 _x64_ [Feb 24 2014] by Tigzy

mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Chris [Admin rights]
Mode : Scan -- Date : 02/24/2014 17:47:07
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
[Root.Zekos][File] rpcss.dll : C:\Windows\System32\rpcss.dll [-] --> FOUND
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection : Root.Zekos ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.94.0.1 client.openvpn.net
127.94.0.2 openvpn-client.<edit privacy>.com
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST1000DM003-9YN162 ATA Device +++++
--- User ---
[MBR] 9590895552bbf91b17f9c049659002f3
[BSP] 713848963de93c2295ae5c9676543521 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) M4-CT128M4SSD2 ATA Device +++++
--- User ---
[MBR] 5b513e38837f5f9faa1a8d8fbbf18948
[BSP] 8ef5d0676ea7c707d497d46a22e963e4 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 122002 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_02242014_174707.txt >>
 
 
 
RogueKiller V8.8.9 _x64_ [Feb 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Chris [Admin rights]
Mode : Scan -- Date : 02/24/2014 18:34:58
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 0 ¤¤¤
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.94.0.1 client.openvpn.net
127.94.0.2 openvpn-client.<edit privacy>.com
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST1000DM003-9YN162 ATA Device +++++
--- User ---
[MBR] 9590895552bbf91b17f9c049659002f3
[BSP] 713848963de93c2295ae5c9676543521 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) M4-CT128M4SSD2 ATA Device +++++
--- User ---
[MBR] 5b513e38837f5f9faa1a8d8fbbf18948
[BSP] 8ef5d0676ea7c707d497d46a22e963e4 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 122002 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_02242014_183458.txt >>
 
 
 
 


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:51 PM

Posted 25 February 2014 - 08:14 AM


Execute this and test to see if you can get online.

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.mydigitallife.info/2007/02/17/how-to-open-elevated-command-prompt-with-administrator-privileges-in-windows-vista/
<<<>>>

If you can download this tool from the infected computer or an other machine, download the file and copy it to the Desktop of the problem computer.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
Keep me posted.

#11 chrisb10a

chrisb10a
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 25 February 2014 - 09:06 AM

Here are the logs. The problem still exists. When I check the Network and Sharing Center the "View your basic network information and set up connections" section states "Unknown" and "The dependency service or group failed to start."

 

 

Thank you so much for all of your help,

Chris

 

 

 
C:\>ipconfig /flushdns
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
C:\>ipconfig /renew
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection 2 while it has its media
disconnected.
No operation can be performed on Local Area Connection while it has its media di
sconnected.
No operation can be performed on Wireless Network Connection while it has its me
dia disconnected.
 
C:\>
 
 
Farbar Service Scanner Version: 25-02-2014
Ran by Chris (administrator) on 25-02-2014 at 08:58:21
Running from "C:\Users\Chris\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****


#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:51 PM

Posted 25 February 2014 - 02:13 PM


Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe
  • to run it.
  • Copy and paste the content
  • of the following bold text into the main textfield:
    :filefind
    rpcss.dll
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.



#13 chrisb10a

chrisb10a
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 25 February 2014 - 03:04 PM

Done, thanks.

 

 

Chris

 

 

 

14:50:18.0349 1740  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:50:18.0380 1740  ============================================================
14:50:18.0380 1740  Current date / time: 2014/02/25 14:50:18.0380
14:50:18.0380 1740  SystemInfo:
14:50:18.0380 1740  
14:50:18.0380 1740  OS Version: 6.1.7601 ServicePack: 1.0
14:50:18.0380 1740  Product type: Workstation
14:50:18.0380 1740  ComputerName: HOME-PC
14:50:18.0380 1740  UserName: Chris
14:50:18.0380 1740  Windows directory: C:\Windows
14:50:18.0380 1740  System windows directory: C:\Windows
14:50:18.0380 1740  Running under WOW64
14:50:18.0380 1740  Processor architecture: Intel x64
14:50:18.0380 1740  Number of processors: 4
14:50:18.0380 1740  Page size: 0x1000
14:50:18.0380 1740  Boot type: Normal boot
14:50:18.0380 1740  ============================================================
14:50:18.0692 1740  Drive \Device\Harddisk1\DR1 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:50:18.0692 1740  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:50:18.0707 1740  Drive \Device\Harddisk2\DR2 - Size: 0x1DD7F8000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:50:18.0707 1740  ============================================================
14:50:18.0707 1740  \Device\Harddisk1\DR1:
14:50:18.0707 1740  MBR partitions:
14:50:18.0707 1740  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:50:18.0707 1740  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
14:50:18.0707 1740  \Device\Harddisk0\DR0:
14:50:18.0707 1740  MBR partitions:
14:50:18.0707 1740  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
14:50:18.0707 1740  \Device\Harddisk2\DR2:
14:50:18.0707 1740  MBR partitions:
14:50:18.0707 1740  \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xEEBDA1
14:50:18.0707 1740  ============================================================
14:50:18.0707 1740  C: <-> \Device\Harddisk1\DR1\Partition2
14:50:18.0941 1740  E: <-> \Device\Harddisk0\DR0\Partition1
14:50:18.0941 1740  ============================================================
14:50:18.0941 1740  Initialize success
14:50:18.0941 1740  ============================================================
14:50:38.0129 2224  ============================================================
14:50:38.0129 2224  Scan started
14:50:38.0129 2224  Mode: Manual; SigCheck; TDLFS; 
14:50:38.0129 2224  ============================================================
14:50:38.0207 2224  ================ Scan system memory ========================
14:50:38.0207 2224  System memory - ok
14:50:38.0207 2224  ================ Scan services =============================
14:50:38.0223 2224  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
14:50:38.0301 2224  1394ohci - ok
14:50:38.0301 2224  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:50:38.0317 2224  ACPI - ok
14:50:38.0317 2224  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:50:38.0332 2224  AcpiPmi - ok
14:50:38.0332 2224  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:50:38.0348 2224  AdobeARMservice - ok
14:50:38.0348 2224  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
14:50:38.0363 2224  adp94xx - ok
14:50:38.0363 2224  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
14:50:38.0379 2224  adpahci - ok
14:50:38.0379 2224  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
14:50:38.0395 2224  adpu320 - ok
14:50:38.0395 2224  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:50:38.0441 2224  AeLookupSvc - ok
14:50:38.0441 2224  [ 79059559E89D06E8B80CE2944BE20228 ] AFD             C:\Windows\system32\drivers\afd.sys
14:50:38.0457 2224  AFD - ok
14:50:38.0457 2224  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:50:38.0457 2224  agp440 - ok
14:50:38.0457 2224  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
14:50:38.0473 2224  ALG - ok
14:50:38.0473 2224  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:50:38.0488 2224  aliide - ok
14:50:38.0488 2224  [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:50:38.0504 2224  AMD External Events Utility - ok
14:50:38.0504 2224  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
14:50:38.0519 2224  amdide - ok
14:50:38.0519 2224  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
14:50:38.0519 2224  AmdK8 - ok
14:50:38.0582 2224  [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
14:50:38.0660 2224  amdkmdag - ok
14:50:38.0675 2224  [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
14:50:38.0675 2224  amdkmdap - ok
14:50:38.0691 2224  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
14:50:38.0691 2224  AmdPPM - ok
14:50:38.0691 2224  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:50:38.0707 2224  amdsata - ok
14:50:38.0707 2224  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
14:50:38.0707 2224  amdsbs - ok
14:50:38.0722 2224  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:50:38.0722 2224  amdxata - ok
14:50:38.0722 2224  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
14:50:38.0769 2224  AppID - ok
14:50:38.0769 2224  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:50:38.0800 2224  AppIDSvc - ok
14:50:38.0800 2224  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
14:50:38.0800 2224  Appinfo - ok
14:50:38.0800 2224  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
14:50:38.0816 2224  arc - ok
14:50:38.0816 2224  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:50:38.0816 2224  arcsas - ok
14:50:38.0831 2224  [ 0D721BEDC99072972A1C09C9FE549B07 ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
14:50:38.0847 2224  asmthub3 - ok
14:50:38.0847 2224  [ C401B8F26490DC3E5E47D3A91F87CD00 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
14:50:38.0863 2224  asmtxhci - ok
14:50:38.0863 2224  [ 9A262EDD17F8473B91B333D6B031A901 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:50:38.0878 2224  aspnet_state - ok
14:50:38.0878 2224  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:50:38.0909 2224  AsyncMac - ok
14:50:38.0909 2224  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
14:50:38.0909 2224  atapi - ok
14:50:38.0925 2224  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:50:38.0941 2224  AudioEndpointBuilder - ok
14:50:38.0956 2224  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:50:38.0972 2224  AudioSrv - ok
14:50:38.0972 2224  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:50:39.0003 2224  AxInstSV - ok
14:50:39.0003 2224  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
14:50:39.0019 2224  b06bdrv - ok
14:50:39.0019 2224  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:50:39.0019 2224  b57nd60a - ok
14:50:39.0034 2224  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:50:39.0034 2224  BDESVC - ok
14:50:39.0034 2224  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:50:39.0065 2224  Beep - ok
14:50:39.0065 2224  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
14:50:39.0081 2224  BFE - ok
14:50:39.0097 2224  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
14:50:39.0112 2224  BITS - ok
14:50:39.0128 2224  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:50:39.0128 2224  blbdrive - ok
14:50:39.0128 2224  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:50:39.0143 2224  bowser - ok
14:50:39.0143 2224  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
14:50:39.0143 2224  BrFiltLo - ok
14:50:39.0159 2224  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
14:50:39.0159 2224  BrFiltUp - ok
14:50:39.0159 2224  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
14:50:39.0175 2224  Browser - ok
14:50:39.0175 2224  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:50:39.0190 2224  Brserid - ok
14:50:39.0190 2224  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:50:39.0206 2224  BrSerWdm - ok
14:50:39.0206 2224  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:50:39.0206 2224  BrUsbMdm - ok
14:50:39.0206 2224  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:50:39.0221 2224  BrUsbSer - ok
14:50:39.0221 2224  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
14:50:39.0237 2224  BthEnum - ok
14:50:39.0237 2224  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
14:50:39.0237 2224  BTHMODEM - ok
14:50:39.0237 2224  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
14:50:39.0253 2224  BthPan - ok
14:50:39.0268 2224  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
14:50:39.0284 2224  BTHPORT - ok
14:50:39.0284 2224  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
14:50:39.0299 2224  bthserv - ok
14:50:39.0299 2224  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
14:50:39.0315 2224  BTHUSB - ok
14:50:39.0315 2224  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:50:39.0331 2224  cdfs - ok
14:50:39.0346 2224  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:50:39.0346 2224  cdrom - ok
14:50:39.0346 2224  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
14:50:39.0377 2224  CertPropSvc - ok
14:50:39.0377 2224  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
14:50:39.0377 2224  circlass - ok
14:50:39.0393 2224  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
14:50:39.0393 2224  CLFS - ok
14:50:39.0393 2224  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:50:39.0409 2224  clr_optimization_v2.0.50727_32 - ok
14:50:39.0409 2224  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:50:39.0424 2224  clr_optimization_v2.0.50727_64 - ok
14:50:39.0424 2224  [ E87213F37A13E2B54391E40934F071D0 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:50:39.0440 2224  clr_optimization_v4.0.30319_32 - ok
14:50:39.0440 2224  [ 4AEDAB50F83580D0B4D6CF78191F92AA ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:50:39.0455 2224  clr_optimization_v4.0.30319_64 - ok
14:50:39.0455 2224  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
14:50:39.0471 2224  CmBatt - ok
14:50:39.0471 2224  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:50:39.0471 2224  cmdide - ok
14:50:39.0487 2224  [ EBF28856F69CF094A902F884CF989706 ] CNG             C:\Windows\system32\Drivers\cng.sys
14:50:39.0502 2224  CNG - ok
14:50:39.0502 2224  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
14:50:39.0502 2224  Compbatt - ok
14:50:39.0502 2224  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
14:50:39.0518 2224  CompositeBus - ok
14:50:39.0518 2224  COMSysApp - ok
14:50:39.0518 2224  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
14:50:39.0533 2224  crcdisk - ok
14:50:39.0533 2224  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:50:39.0533 2224  CryptSvc - ok
14:50:39.0549 2224  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:50:39.0565 2224  DcomLaunch - ok
14:50:39.0580 2224  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
14:50:39.0596 2224  defragsvc - ok
14:50:39.0596 2224  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:50:39.0627 2224  DfsC - ok
14:50:39.0627 2224  [ E428DFFA96FAD07D8CA3C9082563A225 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
14:50:39.0643 2224  dg_ssudbus - ok
14:50:39.0643 2224  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:50:39.0658 2224  Dhcp - ok
14:50:39.0658 2224  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
14:50:39.0674 2224  discache - ok
14:50:39.0674 2224  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
14:50:39.0689 2224  Disk - ok
14:50:39.0689 2224  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:50:39.0689 2224  Dnscache - ok
14:50:39.0705 2224  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:50:39.0721 2224  dot3svc - ok
14:50:39.0721 2224  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
14:50:39.0752 2224  DPS - ok
14:50:39.0752 2224  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:50:39.0752 2224  drmkaud - ok
14:50:39.0767 2224  [ 88612F1CE3BF42256913BF6E61C70D52 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:50:39.0783 2224  DXGKrnl - ok
14:50:39.0783 2224  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
14:50:39.0799 2224  EapHost - ok
14:50:39.0830 2224  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
14:50:39.0861 2224  ebdrv - ok
14:50:39.0861 2224  [ 4D71227301DD8D09097B9E4CC6527E5A ] EFS             C:\Windows\System32\lsass.exe
14:50:39.0877 2224  EFS - ok
14:50:39.0877 2224  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:50:39.0892 2224  ehRecvr - ok
14:50:39.0908 2224  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
14:50:39.0908 2224  ehSched - ok
14:50:39.0908 2224  [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
14:50:39.0923 2224  ElbyCDIO - ok
14:50:39.0923 2224  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
14:50:39.0939 2224  elxstor - ok
14:50:39.0939 2224  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:50:39.0955 2224  ErrDev - ok
14:50:39.0955 2224  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
14:50:39.0986 2224  EventSystem - ok
14:50:39.0986 2224  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
14:50:40.0001 2224  exfat - ok
14:50:40.0001 2224  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:50:40.0033 2224  fastfat - ok
14:50:40.0033 2224  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
14:50:40.0048 2224  Fax - ok
14:50:40.0048 2224  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
14:50:40.0064 2224  fdc - ok
14:50:40.0064 2224  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
14:50:40.0079 2224  fdPHost - ok
14:50:40.0079 2224  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:50:40.0111 2224  FDResPub - ok
14:50:40.0111 2224  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:50:40.0111 2224  FileInfo - ok
14:50:40.0111 2224  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:50:40.0142 2224  Filetrace - ok
14:50:40.0142 2224  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
14:50:40.0142 2224  flpydisk - ok
14:50:40.0157 2224  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:50:40.0157 2224  FltMgr - ok
14:50:40.0173 2224  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
14:50:40.0189 2224  FontCache - ok
14:50:40.0189 2224  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:50:40.0204 2224  FontCache3.0.0.0 - ok
14:50:40.0204 2224  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:50:40.0204 2224  FsDepends - ok
14:50:40.0204 2224  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:50:40.0220 2224  Fs_Rec - ok
14:50:40.0220 2224  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:50:40.0235 2224  fvevol - ok
14:50:40.0235 2224  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:50:40.0235 2224  gagp30kx - ok
14:50:40.0251 2224  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
14:50:40.0267 2224  gpsvc - ok
14:50:40.0282 2224  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:50:40.0282 2224  hcw85cir - ok
14:50:40.0282 2224  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:50:40.0298 2224  HdAudAddService - ok
14:50:40.0298 2224  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
14:50:40.0313 2224  HDAudBus - ok
14:50:40.0313 2224  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
14:50:40.0329 2224  HidBatt - ok
14:50:40.0329 2224  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
14:50:40.0329 2224  HidBth - ok
14:50:40.0345 2224  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
14:50:40.0345 2224  HidIr - ok
14:50:40.0345 2224  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
14:50:40.0376 2224  hidserv - ok
14:50:40.0376 2224  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:50:40.0376 2224  HidUsb - ok
14:50:40.0376 2224  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:50:40.0407 2224  hkmsvc - ok
14:50:40.0407 2224  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:50:40.0423 2224  HomeGroupListener - ok
14:50:40.0423 2224  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:50:40.0423 2224  HomeGroupProvider - ok
14:50:40.0438 2224  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:50:40.0438 2224  HpSAMD - ok
14:50:40.0454 2224  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:50:40.0469 2224  HTTP - ok
14:50:40.0469 2224  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:50:40.0485 2224  hwpolicy - ok
14:50:40.0485 2224  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
14:50:40.0485 2224  i8042prt - ok
14:50:40.0501 2224  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:50:40.0501 2224  iaStorV - ok
14:50:40.0516 2224  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:50:40.0532 2224  idsvc - ok
14:50:40.0532 2224  IEEtwCollectorService - ok
14:50:40.0532 2224  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
14:50:40.0547 2224  iirsp - ok
14:50:40.0547 2224  [ 344789398EC3EE5A4E00C52B31847946 ] IKEEXT          C:\Windows\System32\ikeext.dll
14:50:40.0563 2224  IKEEXT - ok
14:50:40.0563 2224  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
14:50:40.0579 2224  intelide - ok
14:50:40.0579 2224  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:50:40.0579 2224  intelppm - ok
14:50:40.0579 2224  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:50:40.0610 2224  IPBusEnum - ok
14:50:40.0610 2224  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:50:40.0625 2224  IpFilterDriver - ok
14:50:40.0641 2224  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:50:40.0657 2224  iphlpsvc - ok
14:50:40.0657 2224  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:50:40.0657 2224  IPMIDRV - ok
14:50:40.0657 2224  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:50:40.0688 2224  IPNAT - ok
14:50:40.0688 2224  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:50:40.0703 2224  IRENUM - ok
14:50:40.0703 2224  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:50:40.0703 2224  isapnp - ok
14:50:40.0703 2224  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
14:50:40.0719 2224  iScsiPrt - ok
14:50:40.0719 2224  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:50:40.0719 2224  kbdclass - ok
14:50:40.0735 2224  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:50:40.0735 2224  kbdhid - ok
14:50:40.0735 2224  [ 4D71227301DD8D09097B9E4CC6527E5A ] KeyIso          C:\Windows\system32\lsass.exe
14:50:40.0750 2224  KeyIso - ok
14:50:40.0750 2224  [ 8F489706472F7E9A06BAAA198703FA64 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:50:40.0750 2224  KSecDD - ok
14:50:40.0750 2224  [ 868A2CAAB12EFC7A021682BCA0EEC54C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:50:40.0766 2224  KSecPkg - ok
14:50:40.0766 2224  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:50:40.0781 2224  ksthunk - ok
14:50:40.0797 2224  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:50:40.0813 2224  KtmRm - ok
14:50:40.0813 2224  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:50:40.0844 2224  LanmanServer - ok
14:50:40.0844 2224  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:50:40.0859 2224  LanmanWorkstation - ok
14:50:40.0875 2224  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:50:40.0891 2224  lltdio - ok
14:50:40.0891 2224  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:50:40.0922 2224  lltdsvc - ok
14:50:40.0922 2224  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:50:40.0937 2224  lmhosts - ok
14:50:40.0937 2224  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
14:50:40.0953 2224  LSI_FC - ok
14:50:40.0953 2224  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
14:50:40.0969 2224  LSI_SAS - ok
14:50:40.0969 2224  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
14:50:40.0969 2224  LSI_SAS2 - ok
14:50:40.0969 2224  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:50:40.0984 2224  LSI_SCSI - ok
14:50:40.0984 2224  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
14:50:41.0000 2224  luafv - ok
14:50:41.0015 2224  [ A832517901EEF41C206D70FCEC89B275 ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
14:50:41.0015 2224  LVRS64 - ok
14:50:41.0047 2224  [ 644E919936A8017B5F205E7FE7EDD19F ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
14:50:41.0109 2224  LVUVC64 - ok
14:50:41.0125 2224  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:50:41.0125 2224  Mcx2Svc - ok
14:50:41.0125 2224  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
14:50:41.0140 2224  megasas - ok
14:50:41.0140 2224  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
14:50:41.0156 2224  MegaSR - ok
14:50:41.0156 2224  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
14:50:41.0156 2224  MEIx64 - ok
14:50:41.0156 2224  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
14:50:41.0187 2224  MMCSS - ok
14:50:41.0187 2224  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
14:50:41.0203 2224  Modem - ok
14:50:41.0203 2224  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:50:41.0218 2224  monitor - ok
14:50:41.0218 2224  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:50:41.0234 2224  mouclass - ok
14:50:41.0234 2224  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:50:41.0234 2224  mouhid - ok
14:50:41.0234 2224  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:50:41.0249 2224  mountmgr - ok
14:50:41.0249 2224  [ C6B88D62F20AC646C6BD5C032EC2FAF9 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
14:50:41.0265 2224  MpFilter - ok
14:50:41.0265 2224  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:50:41.0265 2224  mpio - ok
14:50:41.0281 2224  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:50:41.0296 2224  mpsdrv - ok
14:50:41.0296 2224  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:50:41.0327 2224  MpsSvc - ok
14:50:41.0327 2224  [ 1A4F75E63C9FB84B85DFFC6B63FD5404 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:50:41.0343 2224  MRxDAV - ok
14:50:41.0343 2224  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:50:41.0359 2224  mrxsmb - ok
14:50:41.0359 2224  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:50:41.0374 2224  mrxsmb10 - ok
14:50:41.0374 2224  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:50:41.0374 2224  mrxsmb20 - ok
14:50:41.0374 2224  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:50:41.0390 2224  msahci - ok
14:50:41.0390 2224  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:50:41.0390 2224  msdsm - ok
14:50:41.0405 2224  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
14:50:41.0405 2224  MSDTC - ok
14:50:41.0405 2224  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:50:41.0437 2224  Msfs - ok
14:50:41.0437 2224  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:50:41.0452 2224  mshidkmdf - ok
14:50:41.0452 2224  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:50:41.0468 2224  msisadrv - ok
14:50:41.0468 2224  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:50:41.0483 2224  MSiSCSI - ok
14:50:41.0483 2224  msiserver - ok
14:50:41.0499 2224  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:50:41.0515 2224  MSKSSRV - ok
14:50:41.0515 2224  [ 7675E15D1B2180745E4DA4D26AAD7385 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
14:50:41.0530 2224  MsMpSvc - ok
14:50:41.0530 2224  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:50:41.0546 2224  MSPCLOCK - ok
14:50:41.0546 2224  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:50:41.0561 2224  MSPQM - ok
14:50:41.0577 2224  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:50:41.0577 2224  MsRPC - ok
14:50:41.0577 2224  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
14:50:41.0593 2224  mssmbios - ok
14:50:41.0593 2224  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:50:41.0608 2224  MSTEE - ok
14:50:41.0608 2224  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
14:50:41.0624 2224  MTConfig - ok
14:50:41.0624 2224  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
14:50:41.0624 2224  Mup - ok
14:50:41.0639 2224  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
14:50:41.0655 2224  napagent - ok
14:50:41.0671 2224  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:50:41.0671 2224  NativeWifiP - ok
14:50:41.0686 2224  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:50:41.0702 2224  NDIS - ok
14:50:41.0702 2224  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:50:41.0733 2224  NdisCap - ok
14:50:41.0733 2224  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:50:41.0749 2224  NdisTapi - ok
14:50:41.0749 2224  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:50:41.0764 2224  Ndisuio - ok
14:50:41.0780 2224  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:50:41.0795 2224  NdisWan - ok
14:50:41.0795 2224  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:50:41.0811 2224  NDProxy - ok
14:50:41.0827 2224  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:50:41.0842 2224  NetBIOS - ok
14:50:41.0842 2224  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:50:41.0873 2224  NetBT - ok
14:50:41.0873 2224  [ 4D71227301DD8D09097B9E4CC6527E5A ] Netlogon        C:\Windows\system32\lsass.exe
14:50:41.0873 2224  Netlogon - ok
14:50:41.0873 2224  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
14:50:41.0905 2224  Netman - ok
14:50:41.0905 2224  [ 21318671BCAD3ACF16638F98D4D00973 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:50:41.0920 2224  NetMsmqActivator - ok
14:50:41.0920 2224  [ 21318671BCAD3ACF16638F98D4D00973 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:50:41.0936 2224  NetPipeActivator - ok
14:50:41.0936 2224  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
14:50:41.0951 2224  netprofm - ok
14:50:41.0967 2224  [ 21318671BCAD3ACF16638F98D4D00973 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:50:41.0967 2224  NetTcpActivator - ok
14:50:41.0967 2224  [ 21318671BCAD3ACF16638F98D4D00973 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:50:41.0983 2224  NetTcpPortSharing - ok
14:50:41.0983 2224  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
14:50:41.0983 2224  nfrd960 - ok
14:50:41.0998 2224  [ ACE8C64C57E4A711473C8BC10ADF692B ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:50:41.0998 2224  NisDrv - ok
14:50:41.0998 2224  [ 6247E8B31ED0A9D6BC5A26276E49BEB3 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
14:50:42.0014 2224  NisSrv - ok
14:50:42.0014 2224  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:50:42.0029 2224  NlaSvc - ok
14:50:42.0029 2224  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:50:42.0045 2224  Npfs - ok
14:50:42.0045 2224  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
14:50:42.0076 2224  nsi - ok
14:50:42.0076 2224  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:50:42.0092 2224  nsiproxy - ok
14:50:42.0107 2224  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:50:42.0139 2224  Ntfs - ok
14:50:42.0139 2224  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
14:50:42.0154 2224  Null - ok
14:50:42.0154 2224  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:50:42.0170 2224  nvraid - ok
14:50:42.0170 2224  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:50:42.0170 2224  nvstor - ok
14:50:42.0185 2224  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:50:42.0185 2224  nv_agp - ok
14:50:42.0185 2224  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:50:42.0201 2224  ohci1394 - ok
14:50:42.0201 2224  [ 6FF6EF1CC25E558CF0335928B658D11E ] OpenVPNAccessClient C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
14:50:42.0201 2224  OpenVPNAccessClient ( UnsignedFile.Multi.Generic ) - warning
14:50:42.0201 2224  OpenVPNAccessClient - detected UnsignedFile.Multi.Generic (1)
14:50:42.0201 2224  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:50:42.0217 2224  ose - ok
14:50:42.0248 2224  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:50:42.0310 2224  osppsvc - ok
14:50:42.0310 2224  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:50:42.0326 2224  p2pimsvc - ok
14:50:42.0326 2224  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:50:42.0341 2224  p2psvc - ok
14:50:42.0341 2224  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
14:50:42.0357 2224  Parport - ok
14:50:42.0357 2224  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:50:42.0357 2224  partmgr - ok
14:50:42.0357 2224  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:50:42.0373 2224  PcaSvc - ok
14:50:42.0373 2224  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
14:50:42.0388 2224  pci - ok
14:50:42.0388 2224  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
14:50:42.0388 2224  pciide - ok
14:50:42.0404 2224  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:50:42.0404 2224  pcmcia - ok
14:50:42.0404 2224  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:50:42.0419 2224  pcw - ok
14:50:42.0419 2224  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:50:42.0451 2224  PEAUTH - ok
14:50:42.0466 2224  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:50:42.0482 2224  PerfHost - ok
14:50:42.0482 2224  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
14:50:42.0529 2224  pla - ok
14:50:42.0529 2224  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:50:42.0544 2224  PlugPlay - ok
14:50:42.0544 2224  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:50:42.0544 2224  PNRPAutoReg - ok
14:50:42.0560 2224  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:50:42.0560 2224  PNRPsvc - ok
14:50:42.0560 2224  [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64         C:\Windows\system32\DRIVERS\point64.sys
14:50:42.0575 2224  Point64 - ok
14:50:42.0575 2224  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:50:42.0607 2224  PolicyAgent - ok
14:50:42.0607 2224  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
14:50:42.0622 2224  Power - ok
14:50:42.0622 2224  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:50:42.0653 2224  PptpMiniport - ok
14:50:42.0653 2224  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
14:50:42.0653 2224  Processor - ok
14:50:42.0669 2224  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:50:42.0669 2224  ProfSvc - ok
14:50:42.0669 2224  [ 4D71227301DD8D09097B9E4CC6527E5A ] ProtectedStorage C:\Windows\system32\lsass.exe
14:50:42.0685 2224  ProtectedStorage - ok
14:50:42.0685 2224  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:50:42.0700 2224  Psched - ok
14:50:42.0716 2224  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
14:50:42.0747 2224  ql2300 - ok
14:50:42.0747 2224  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
14:50:42.0763 2224  ql40xx - ok
14:50:42.0763 2224  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
14:50:42.0778 2224  QWAVE - ok
14:50:42.0778 2224  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:50:42.0778 2224  QWAVEdrv - ok
14:50:42.0794 2224  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:50:42.0809 2224  RasAcd - ok
14:50:42.0809 2224  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:50:42.0825 2224  RasAgileVpn - ok
14:50:42.0841 2224  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
14:50:42.0856 2224  RasAuto - ok
14:50:42.0856 2224  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:50:42.0887 2224  Rasl2tp - ok
14:50:42.0887 2224  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
14:50:42.0903 2224  RasMan - ok
14:50:42.0903 2224  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:50:42.0934 2224  RasPppoe - ok
14:50:42.0934 2224  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:50:42.0950 2224  RasSstp - ok
14:50:42.0965 2224  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:50:42.0981 2224  rdbss - ok
14:50:42.0981 2224  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
14:50:42.0997 2224  rdpbus - ok
14:50:42.0997 2224  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:50:43.0012 2224  RDPCDD - ok
14:50:43.0012 2224  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:50:43.0043 2224  RDPENCDD - ok
14:50:43.0043 2224  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:50:43.0059 2224  RDPREFMP - ok
14:50:43.0059 2224  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:50:43.0075 2224  RdpVideoMiniport - ok
14:50:43.0075 2224  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:50:43.0090 2224  RDPWD - ok
14:50:43.0090 2224  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:50:43.0090 2224  rdyboost - ok
14:50:43.0106 2224  [ EA569D48B2E755AF6D96F03F3335D98A ] Realtek11nCU    C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe
14:50:43.0106 2224  Realtek11nCU ( UnsignedFile.Multi.Generic ) - warning
14:50:43.0106 2224  Realtek11nCU - detected UnsignedFile.Multi.Generic (1)
14:50:43.0106 2224  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:50:43.0121 2224  RemoteAccess - ok
14:50:43.0137 2224  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:50:43.0153 2224  RemoteRegistry - ok
14:50:43.0153 2224  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
14:50:43.0168 2224  RFCOMM - ok
14:50:43.0168 2224  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:50:43.0184 2224  RpcEptMapper - ok
14:50:43.0199 2224  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
14:50:43.0199 2224  RpcLocator - ok
14:50:43.0199 2224  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
14:50:43.0231 2224  RpcSs - ok
14:50:43.0231 2224  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:50:43.0246 2224  rspndr - ok
14:50:43.0262 2224  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
14:50:43.0277 2224  RTL8167 - ok
14:50:43.0277 2224  [ A4F7F9BB5576BF1D3A57F785C5DBEDB7 ] RTL8192cu       C:\Windows\system32\DRIVERS\RTL8192cu.sys
14:50:43.0293 2224  RTL8192cu - ok
14:50:43.0293 2224  [ B3F36B4B3F192EA87DDC119F3A0B3E45 ] RTL8192su       C:\Windows\system32\DRIVERS\RTL8192su.sys
14:50:43.0309 2224  RTL8192su - ok
14:50:43.0324 2224  [ 4D71227301DD8D09097B9E4CC6527E5A ] SamSs           C:\Windows\system32\lsass.exe
14:50:43.0324 2224  SamSs - ok
14:50:43.0324 2224  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:50:43.0340 2224  sbp2port - ok
14:50:43.0340 2224  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:50:43.0355 2224  SCardSvr - ok
14:50:43.0355 2224  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:50:43.0387 2224  scfilter - ok
14:50:43.0387 2224  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
14:50:43.0418 2224  Schedule - ok
14:50:43.0418 2224  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:50:43.0449 2224  SCPolicySvc - ok
14:50:43.0449 2224  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:50:43.0449 2224  SDRSVC - ok
14:50:43.0465 2224  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:50:43.0480 2224  secdrv - ok
14:50:43.0480 2224  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
14:50:43.0496 2224  seclogon - ok
14:50:43.0496 2224  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
14:50:43.0527 2224  SENS - ok
14:50:43.0527 2224  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:50:43.0527 2224  SensrSvc - ok
14:50:43.0543 2224  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
14:50:43.0543 2224  Serenum - ok
14:50:43.0543 2224  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
14:50:43.0558 2224  Serial - ok
14:50:43.0558 2224  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
14:50:43.0558 2224  sermouse - ok
14:50:43.0574 2224  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:50:43.0589 2224  SessionEnv - ok
14:50:43.0589 2224  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:50:43.0605 2224  sffdisk - ok
14:50:43.0605 2224  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:50:43.0605 2224  sffp_mmc - ok
14:50:43.0621 2224  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:50:43.0621 2224  sffp_sd - ok
14:50:43.0621 2224  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
14:50:43.0636 2224  sfloppy - ok
14:50:43.0636 2224  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:50:43.0667 2224  SharedAccess - ok
14:50:43.0667 2224  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:50:43.0683 2224  ShellHWDetection - ok
14:50:43.0699 2224  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
14:50:43.0699 2224  SiSRaid2 - ok
14:50:43.0699 2224  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:50:43.0714 2224  SiSRaid4 - ok
14:50:43.0714 2224  [ 50D9949020E02B847CD48F1243FCB895 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
14:50:43.0714 2224  SkypeUpdate - ok
14:50:43.0730 2224  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:50:43.0745 2224  Smb - ok
14:50:43.0745 2224  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:50:43.0761 2224  SNMPTRAP - ok
14:50:43.0761 2224  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:50:43.0761 2224  spldr - ok
14:50:43.0777 2224  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
14:50:43.0777 2224  Spooler - ok
14:50:43.0808 2224  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
14:50:43.0855 2224  sppsvc - ok
14:50:43.0855 2224  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:50:43.0886 2224  sppuinotify - ok
14:50:43.0886 2224  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:50:43.0901 2224  srv - ok
14:50:43.0901 2224  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:50:43.0917 2224  srv2 - ok
14:50:43.0917 2224  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:50:43.0917 2224  srvnet - ok
14:50:43.0933 2224  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:50:43.0948 2224  SSDPSRV - ok
14:50:43.0948 2224  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:50:43.0979 2224  SstpSvc - ok
14:50:43.0979 2224  [ AAF6F247F1DC370C593B4430974EAD9C ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
14:50:43.0979 2224  ssudmdm - ok
14:50:43.0995 2224  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
14:50:43.0995 2224  stexstor - ok
14:50:43.0995 2224  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\drivers\serscan.sys
14:50:44.0011 2224  StillCam - ok
14:50:44.0011 2224  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
14:50:44.0026 2224  stisvc - ok
14:50:44.0026 2224  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
14:50:44.0042 2224  swenum - ok
14:50:44.0042 2224  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
14:50:44.0057 2224  swprv - ok
14:50:44.0073 2224  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
14:50:44.0104 2224  SysMain - ok
14:50:44.0104 2224  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:50:44.0120 2224  TabletInputService - ok
14:50:44.0120 2224  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:50:44.0151 2224  TapiSrv - ok
14:50:44.0151 2224  [ 927D0CDB3F96EFC1E98FB1A2C9FB67AD ] tapoas          C:\Windows\system32\DRIVERS\tapoas.sys
14:50:44.0151 2224  tapoas - ok
14:50:44.0167 2224  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
14:50:44.0182 2224  TBS - ok
14:50:44.0198 2224  [ 40AF23633D197905F03AB5628C558C51 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:50:44.0213 2224  Tcpip - ok
14:50:44.0229 2224  [ 40AF23633D197905F03AB5628C558C51 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:50:44.0260 2224  TCPIP6 - ok
14:50:44.0260 2224  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:50:44.0260 2224  tcpipreg - ok
14:50:44.0276 2224  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:50:44.0276 2224  TDPIPE - ok
14:50:44.0276 2224  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:50:44.0291 2224  TDTCP - ok
14:50:44.0291 2224  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:50:44.0307 2224  tdx - ok
14:50:44.0307 2224  [ BB676D2C7AD5E7131D12417E4691F9B9 ] Te.Service      C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe
14:50:44.0323 2224  Te.Service ( UnsignedFile.Multi.Generic ) - warning
14:50:44.0323 2224  Te.Service - detected UnsignedFile.Multi.Generic (1)
14:50:44.0323 2224  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
14:50:44.0323 2224  TermDD - ok
14:50:44.0338 2224  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
14:50:44.0369 2224  TermService - ok
14:50:44.0369 2224  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
14:50:44.0369 2224  Themes - ok
14:50:44.0385 2224  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
14:50:44.0401 2224  THREADORDER - ok
14:50:44.0401 2224  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
14:50:44.0416 2224  TrkWks - ok
14:50:44.0432 2224  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:50:44.0447 2224  TrustedInstaller - ok
14:50:44.0447 2224  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:50:44.0463 2224  tssecsrv - ok
14:50:44.0463 2224  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:50:44.0463 2224  TsUsbFlt - ok
14:50:44.0463 2224  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
14:50:44.0479 2224  TsUsbGD - ok
14:50:44.0479 2224  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:50:44.0494 2224  tunnel - ok
14:50:44.0510 2224  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:50:44.0510 2224  uagp35 - ok
14:50:44.0510 2224  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:50:44.0541 2224  udfs - ok
14:50:44.0541 2224  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:50:44.0557 2224  UI0Detect - ok
14:50:44.0557 2224  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:50:44.0557 2224  uliagpkx - ok
14:50:44.0557 2224  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:50:44.0572 2224  umbus - ok
14:50:44.0572 2224  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
14:50:44.0572 2224  UmPass - ok
14:50:44.0588 2224  [ AEBE8F338432F9DE5AE0CAE4D4BAED76 ] UMVPFSrv        C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
14:50:44.0603 2224  UMVPFSrv - ok
14:50:44.0603 2224  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
14:50:44.0635 2224  upnphost - ok
14:50:44.0635 2224  [ B0435098C81D04CAFFF80DDB746CD3A2 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
14:50:44.0635 2224  usbaudio - ok
14:50:44.0650 2224  [ DCA68B0943D6FA415F0C56C92158A83A ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:50:44.0650 2224  usbccgp - ok
14:50:44.0650 2224  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:50:44.0666 2224  usbcir - ok
14:50:44.0666 2224  [ 18A85013A3E0F7E1755365D287443965 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
14:50:44.0666 2224  usbehci - ok
14:50:44.0681 2224  [ 8D1196CFBB223621F2C67D45710F25BA ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:50:44.0681 2224  usbhub - ok
14:50:44.0681 2224  [ 765A92D428A8DB88B960DA5A8D6089DC ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:50:44.0697 2224  usbohci - ok
14:50:44.0697 2224  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:50:44.0713 2224  usbprint - ok
14:50:44.0713 2224  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
14:50:44.0713 2224  usbscan - ok
14:50:44.0713 2224  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:50:44.0728 2224  USBSTOR - ok
14:50:44.0728 2224  [ DD253AFC3BC6CBA412342DE60C3647F3 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:50:44.0744 2224  usbuhci - ok
14:50:44.0744 2224  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
14:50:44.0759 2224  UxSms - ok
14:50:44.0759 2224  [ 4D71227301DD8D09097B9E4CC6527E5A ] VaultSvc        C:\Windows\system32\lsass.exe
14:50:44.0775 2224  VaultSvc - ok
14:50:44.0775 2224  [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
14:50:44.0775 2224  VClone - ok
14:50:44.0791 2224  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:50:44.0791 2224  vdrvroot - ok
14:50:44.0791 2224  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
14:50:44.0853 2224  vds - ok
14:50:44.0853 2224  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:50:44.0869 2224  vga - ok
14:50:44.0869 2224  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:50:44.0884 2224  VgaSave - ok
14:50:44.0884 2224  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:50:44.0900 2224  vhdmp - ok
14:50:44.0900 2224  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:50:44.0900 2224  viaide - ok
14:50:44.0900 2224  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:50:44.0915 2224  volmgr - ok
14:50:44.0915 2224  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:50:44.0931 2224  volmgrx - ok
14:50:44.0931 2224  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:50:44.0947 2224  volsnap - ok
14:50:44.0947 2224  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
14:50:44.0947 2224  vsmraid - ok
14:50:44.0962 2224  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
14:50:45.0009 2224  VSS - ok
14:50:45.0009 2224  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
14:50:45.0009 2224  vwifibus - ok
14:50:45.0009 2224  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
14:50:45.0025 2224  vwififlt - ok
14:50:45.0025 2224  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
14:50:45.0040 2224  vwifimp - ok
14:50:45.0040 2224  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
14:50:45.0071 2224  W32Time - ok
14:50:45.0071 2224  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
14:50:45.0071 2224  WacomPen - ok
14:50:45.0071 2224  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:50:45.0103 2224  WANARP - ok
14:50:45.0103 2224  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:50:45.0118 2224  Wanarpv6 - ok
14:50:45.0134 2224  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
14:50:45.0149 2224  WatAdminSvc - ok
14:50:45.0165 2224  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
14:50:45.0181 2224  wbengine - ok
14:50:45.0181 2224  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:50:45.0196 2224  WbioSrvc - ok
14:50:45.0196 2224  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:50:45.0212 2224  wcncsvc - ok
14:50:45.0227 2224  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:50:45.0227 2224  WcsPlugInService - ok
14:50:45.0227 2224  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
14:50:45.0243 2224  Wd - ok
14:50:45.0243 2224  [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
14:50:45.0243 2224  WDC_SAM - ok
14:50:45.0243 2224  [ E2C933EDBC389386EBE6D2BA953F43D8 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:50:45.0259 2224  Wdf01000 - ok
14:50:45.0274 2224  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:50:45.0290 2224  WdiServiceHost - ok
14:50:45.0290 2224  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:50:45.0305 2224  WdiSystemHost - ok
14:50:45.0305 2224  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D ] WebClient       C:\Windows\System32\webclnt.dll
14:50:45.0321 2224  WebClient - ok
14:50:45.0321 2224  [ D5BA7D43FA2EF656BF7E98A188391E40 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:50:45.0321 2224  Wecsvc - ok
14:50:45.0337 2224  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:50:45.0352 2224  wercplsupport - ok
14:50:45.0352 2224  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:50:45.0383 2224  WerSvc - ok
14:50:45.0383 2224  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:50:45.0399 2224  WfpLwf - ok
14:50:45.0399 2224  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:50:45.0415 2224  WIMMount - ok
14:50:45.0415 2224  WinDefend - ok
14:50:45.0415 2224  WinHttpAutoProxySvc - ok
14:50:45.0415 2224  [ 136760C1E9697BAF4ECDEAE5590A0806 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:50:45.0430 2224  Winmgmt - ok
14:50:45.0446 2224  [ 3BB6B401A780BF434C8F58137DE10BF7 ] WinRM           C:\Windows\system32\WsmSvc.dll
14:50:45.0477 2224  WinRM - ok
14:50:45.0477 2224  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:50:45.0493 2224  WinUsb - ok
14:50:45.0493 2224  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:50:45.0524 2224  Wlansvc - ok
14:50:45.0539 2224  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:50:45.0571 2224  wlidsvc - ok
14:50:45.0571 2224  [ 680A7846370000D20D7E74917D5B7936 ] WmBEnum         C:\Windows\system32\drivers\WmBEnum.sys
14:50:45.0571 2224  WmBEnum - ok
14:50:45.0586 2224  [ 14C35BA8189C6F65D839163AA285E954 ] WmFilter        C:\Windows\system32\drivers\WmFilter.sys
14:50:45.0586 2224  WmFilter - ok
14:50:45.0586 2224  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
14:50:45.0602 2224  WmiAcpi - ok
14:50:45.0602 2224  [ 4DF841632B62A7CF19A79A05046A8AB1 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:50:45.0617 2224  wmiApSrv - ok
14:50:45.0617 2224  WMPNetworkSvc - ok
14:50:45.0617 2224  [ 8488DD91A3EE54A8E29F02AD7BB8201E ] WmVirHid        C:\Windows\system32\drivers\WmVirHid.sys
14:50:45.0617 2224  WmVirHid - ok
14:50:45.0617 2224  [ 14802B3A30AA849C97CB968CCC813BF3 ] WmXlCore        C:\Windows\system32\drivers\WmXlCore.sys
14:50:45.0633 2224  WmXlCore - ok
14:50:45.0633 2224  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:50:45.0633 2224  WPCSvc - ok
14:50:45.0649 2224  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:50:45.0649 2224  WPDBusEnum - ok
14:50:45.0664 2224  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:50:45.0680 2224  ws2ifsl - ok
14:50:45.0680 2224  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
14:50:45.0695 2224  wscsvc - ok
14:50:45.0695 2224  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
14:50:45.0695 2224  WSDPrintDevice - ok
14:50:45.0711 2224  WSearch - ok
14:50:45.0727 2224  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:50:45.0758 2224  wuauserv - ok
14:50:45.0758 2224  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:50:45.0758 2224  WudfPf - ok
14:50:45.0773 2224  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:50:45.0773 2224  WUDFRd - ok
14:50:45.0773 2224  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:50:45.0789 2224  wudfsvc - ok
14:50:45.0789 2224  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:50:45.0805 2224  WwanSvc - ok
14:50:45.0805 2224  ================ Scan global ===============================
14:50:45.0805 2224  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:50:45.0820 2224  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
14:50:45.0820 2224  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
14:50:45.0820 2224  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:50:45.0820 2224  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:50:45.0820 2224  [Global] - ok
14:50:45.0836 2224  ================ Scan MBR ==================================
14:50:45.0836 2224  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
14:50:45.0898 2224  \Device\Harddisk1\DR1 - ok
14:50:45.0898 2224  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:50:45.0992 2224  \Device\Harddisk0\DR0 - ok
14:50:46.0007 2224  [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk2\DR2
14:50:46.0070 2224  \Device\Harddisk2\DR2 - ok
14:50:46.0070 2224  ================ Scan VBR ==================================
14:50:46.0070 2224  [ 18A5560DFAFDD36FB690074F066DF277 ] \Device\Harddisk1\DR1\Partition1
14:50:46.0070 2224  \Device\Harddisk1\DR1\Partition1 - ok
14:50:46.0070 2224  [ 2BA4D0529D589083DA9E132E30FEAA70 ] \Device\Harddisk1\DR1\Partition2
14:50:46.0070 2224  \Device\Harddisk1\DR1\Partition2 - ok
14:50:46.0070 2224  [ C4C1C5CE5899D8496782992ECB91830F ] \Device\Harddisk0\DR0\Partition1
14:50:46.0070 2224  \Device\Harddisk0\DR0\Partition1 - ok
14:50:46.0070 2224  [ B8BC1B221F81C089E052FF4D010DDC25 ] \Device\Harddisk2\DR2\Partition1
14:50:46.0070 2224  \Device\Harddisk2\DR2\Partition1 - ok
14:50:46.0070 2224  ============================================================
14:50:46.0070 2224  Scan finished
14:50:46.0070 2224  ============================================================
14:50:46.0070 2216  Detected object count: 3
14:50:46.0070 2216  Actual detected object count: 3
14:52:14.0818 2216  OpenVPNAccessClient ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:14.0818 2216  OpenVPNAccessClient ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:52:14.0818 2216  Realtek11nCU ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:14.0818 2216  Realtek11nCU ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:52:14.0834 2216  Te.Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:14.0834 2216  Te.Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
 
 
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-02-25 14:54:17
-----------------------------
14:54:17.125    OS Version: Windows x64 6.1.7601 Service Pack 1
14:54:17.125    Number of processors: 4 586 0x2A07
14:54:17.125    ComputerName: HOME-PC  UserName: Chris
14:54:17.234    Initialize success
14:54:31.741    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4
14:54:31.741    Disk 0 Vendor: ST1000DM003-9YN162 CC46 Size: 953869MB BusType: 11
14:54:31.741    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-3
14:54:31.741    Disk 1 Vendor: M4-CT128M4SSD2 040H Size: 122104MB BusType: 11
14:54:31.757    Disk 1 MBR read successfully
14:54:31.757    Disk 1 MBR scan
14:54:31.757    Disk 1 Windows 7 default MBR code
14:54:31.757    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
14:54:31.757    Disk 1 Partition 2 00     07    HPFS/NTFS NTFS       122002 MB offset 206848
14:54:31.757    Disk 1 scanning C:\Windows\system32\drivers
14:54:32.397    Service scanning
14:54:34.487    Modules scanning
14:54:34.487    Disk 1 trace - called modules:
14:54:34.487    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
14:54:34.986    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8007df2060]
14:54:34.986    3 CLASSPNP.SYS[fffff880019a343f] -> nt!IofCallDriver -> [0xfffffa8007b401e0]
14:54:34.986    5 ACPI.sys[fffff88000edf7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa8007b40680]
14:54:34.986    Scan finished successfully
14:54:57.076    Disk 1 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
14:54:57.076    The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR.txt"
 
 
SystemLook 30.07.11 by jpshortstuff
Log created at 14:56 on 25/02/2014 by Chris
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "rpcss.dll"
C:\Windows\System32\rpcss.dll --a---- 512000 bytes [22:49 24/02/2014] [03:24 21/11/2010] 5C627D1B1138676C0A7AB2C2C190D123
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll --a---- 512000 bytes [03:24 21/11/2010] [03:24 21/11/2010] 5C627D1B1138676C0A7AB2C2C190D123
 
-= EOF =-
 

Attached Files

  • Attached File  MBR.zip   560bytes   0 downloads


#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:51 PM

Posted 26 February 2014 - 08:44 AM



Is the problem still persisting?

On Feb 22 your DcomLaunch was corropted
The value 25E25A158967F7A282A235EDEE416B2B was wrong.

10:27:49.0110 1488 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:27:49.0141 1488 ============================================================
10:27:49.0141 1488 Current date / time: 2014/02/22 10:27:49.0141

10:28:16.0706 1844 [ 25E25A158967F7A282A235EDEE416B2B ] DcomLaunch C:\Windows\system32\rpcss.dll
10:28:16.0722 1844 DcomLaunch ( UnsignedFile.Multi.Generic ) - warning
10:28:16.0722 1844 DcomLaunch - detected UnsignedFile.Multi.Generic (1)

===

Yesterday you ran the TDSS tool and now the value is good.

14:50:18.0349 1740 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:50:18.0380 1740 ============================================================
14:50:18.0380 1740 Current date / time: 2014/02/25 14:50:18.0380


14:50:39.0549 2224 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:50:39.0565 2224 DcomLaunch - ok

===

#15 chrisb10a

chrisb10a
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 26 February 2014 - 09:34 AM

Yes, I am still seeing a problem. My taskbar and open windows all have a strange look. Also, neither of my wireless adapters are working so I cannot test to see if the dllhost.exe process issue is still present. I have rebooted the PC several times and have several other computers using the wireless network without any issues.

 

I did some looking around on my own and found that a number of my network related windows services were shut off. I turned many of them back on. Maybe there are more services that were disabled that I need to re-enable? The strange taskbar and windows appearance has me very concerned.

 

 

 

Thanks,

Chris






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users