Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

[SOLVED] random Advertisement/Radio audio, viruses

This is a discussion on [SOLVED] random Advertisement/Radio audio, viruses within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi there folks! Posting on behalf of a friend. Actually, working on a computer on behalf of a friend, posting


 
 
Thread Tools Search this Thread
Old 04-11-2013, 08:20 AM   #1
TSF Enthusiast
 
Join Date: Sep 2010
Location: Bloodymore, Murderland
Posts: 1,009
OS: Mac OSX (10.5.8)



Hi there folks! Posting on behalf of a friend.

Actually, working on a computer on behalf of a friend, posting on my own behalf. I offered to check out her virus problem and quickly realized it was outside my scope of abilities.

As soon as there's an internet connection, computer starts playing audio from random advertisements/internet radio stations of some sort. 1-3 going at once. Fan spins at random speeds, and on some boots svchost will grab 500+ MB and 100% CPU, leading eventually to crash.

Windows Defender had been uninstalled; I rolled back before that point w/system restore, then was able to install malwarebytes and MSE. MWB found 0 viruses (quick), then 2 trojans (full), then 1 trojan (quick), MSE found nothing, computer crashed trying ESET, and I gave up.

I know, the proper thing was to give up before I started and just call y'all . . .

Doing the dds and gmer via flashdrive, so I won't be hooking that machine back up to the internet until your say-so.

Do NOT have access to a windows install disk, or a Boot CD, as far as I know. I'll ask her, but, doubt it.

Thanks in advance!

jw

[EDIT: It's a basic HP desktop w/W7 Home Premium. dunno other specs but if you want them I will look at the machine and figure it out]

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16476
Run by user at 4:42:23 on 2013-04-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2942.1645 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\WUDFHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.drudgereport.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{17E9560D-3F76-44C9-9D56-CE452E47AA95} : DHCPNameServer = 192.168.1.1 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\d41ayao8.default\
FF - prefs.js: browser.startup.homepage - www.drudgereport
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\users\user\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 100328]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
.
=============== Created Last 30 ================
.
2013-04-11 06:51:55 -------- d-----w- c:\program files\ESET
2013-04-11 03:52:45 60872 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5caf78a8-7818-4225-8a58-4586d90cbd0e}\offreg.dll
2013-04-10 20:03:59 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 20:03:57 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 20:03:50 3217408 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 20:03:49 131584 ----a-w- c:\windows\system32\aaclient.dll
2013-04-10 20:03:48 36864 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-10 20:02:24 1212264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 20:00:48 740840 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c78e23f9-a39e-4748-8a11-52d751d755d7}\gapaengine.dll
2013-04-10 20:00:39 7108640 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5caf78a8-7818-4225-8a58-4586d90cbd0e}\mpengine.dll
2013-04-10 19:54:49 -------- d-----w- c:\program files\Microsoft Security Client
2013-04-10 19:54:18 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-10 19:52:13 7108640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{11b76aa2-b743-412d-83e5-33fe1b1e873f}\mpengine.dll
2013-04-08 04:20:03 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes
2013-04-08 04:19:49 -------- d-----w- c:\programdata\Malwarebytes
2013-04-08 04:19:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-08 04:19:19 -------- d-----w- c:\users\user\appdata\local\Programs
2013-03-25 23:52:28 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
==================== Find3M ====================
.
2013-04-02 10:33:22 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-03-13 18:47:12 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 18:47:12 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-22 03:46:00 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-22 03:38:00 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-22 03:34:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-22 03:34:03 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-02-22 03:31:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-12 04:48:31 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-20 19:59:04 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 19:59:04 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-13 21:17:03 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-01-13 20:30:34 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-01-13 20:22:22 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- c:\windows\system32\d3d11.dll
2013-01-13 19:54:01 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-01-13 19:48:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:37:57 3419136 ----a-w- c:\windows\system32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
.
============= FINISH: 4:44:39.47 ===============

__________________
jaythorpe522 is offline  
Old 04-11-2013, 08:59 AM   #2
TSF Enthusiast
 
Join Date: Sep 2010
Location: Bloodymore, Murderland
Posts: 1,009
OS: Mac OSX (10.5.8)



missed the attachment. dangit. here it is. sorry.
Attached Files
File Type: zip attach.zip.zip (4.2 KB, 15 views)

__________________
jaythorpe522 is offline  
Old 04-12-2013, 12:36 AM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 14,727
OS: XP Win7 Ubuntu 10.10



Hello jaythorpe522, welcome to the forum!

Quote:
MWB found 0 viruses (quick), then 2 trojans (full), then 1 trojan (quick)
Please post the logs MWB has created. Open Malwarebytes' Anti-Malware>>Click the 'Logs' tab
Select the log from the date it was run; they're named MBAM-log-2012-xx-xx [10-11-12].txt
then click the 'Open' button.
Please copy/paste the contents of the file.

=================

Next,

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator) At this time, select Yes when prompted to download the Avast database.
Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

==============

Download TDSSKiller.exe and save it to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply
__________________

amateur is offline  
Old 04-12-2013, 12:40 PM   #4
TSF Enthusiast
 
Join Date: Sep 2010
Location: Bloodymore, Murderland
Posts: 1,009
OS: Mac OSX (10.5.8)



Hi Amateur, thanks so much for helping us out here!

(brief aside -- being welcomed to the forum after 3 years and 900+ posts is certainly very friendly, as well!)

Here, I believe, is everything you asked for:

aswMBR log C&P, TDSS log C&P, MBR.dat zipped & attached. MWB logs will be C&P'ed into the next message (separating for length).

Again, THANK YOU!

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-12 08:36:38
-----------------------------
08:36:38.106 OS Version: Windows 6.1.7601 Service Pack 1
08:36:38.106 Number of processors: 2 586 0x6B02
08:36:38.106 ComputerName: WINCTRL-BHLBPQ7 UserName: user
08:36:38.980 Initialize success
08:44:20.618 AVAST engine defs: 13041200
13:40:31.619 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:40:31.635 Disk 0 Vendor: WDC_WD5000AAKB-00H8A0 05.04E05 Size: 476940MB BusType: 3
13:40:31.635 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000051
13:40:31.635 Disk 1 Vendor: ST336032 3.CH Size: 343399MB BusType: 3
13:40:31.635 Device \Driver\nvstor -> MajorFunction 86702c9c
13:40:31.650 Disk 1 MBR read successfully
13:40:31.650 Disk 1 MBR scan
13:40:31.666 Disk 1 Windows 7 default MBR code
13:40:31.666 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:40:31.682 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 343297 MB offset 206848
13:40:31.697 Disk 1 scanning sectors +703279104
13:40:31.775 Disk 1 scanning C:\Windows\system32\drivers
13:40:39.170 Service scanning
13:40:57.188 Modules scanning
13:41:03.864 Disk 1 trace - called modules:
13:41:03.864 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x86702c9c]<<
13:41:03.880 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x862c49d0]
13:41:03.880 3 CLASSPNP.SYS[833ca59e] -> nt!IofCallDriver -> [0x852d99d0]
13:41:03.896 5 ACPI.sys[830263d4] -> nt!IofCallDriver -> \Device\00000051[0x85bd8b10]
13:41:03.896 \Driver\nvstor[0x8635ae30] -> IRP_MJ_CREATE -> 0x86702c9c
13:41:04.629 AVAST engine scan C:\Windows
13:41:06.173 AVAST engine scan C:\Windows\system32
13:43:17.697 AVAST engine scan C:\Windows\system32\drivers
13:43:25.622 AVAST engine scan C:\Users\user
13:51:03.248 AVAST engine scan C:\ProgramData
13:51:24.729 Scan finished successfully
14:04:47.302 Disk 1 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
14:04:47.302 The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"

********************
********************

1444.0471 2876 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
1444.0502 2876 ============================================================
1444.0502 2876 Current date / time: 2013/04/12 1444.0502
1444.0502 2876 SystemInfo:
1444.0502 2876
1444.0502 2876 OS Version: 6.1.7601 ServicePack: 1.0
1444.0502 2876 Product type: Workstation
1444.0502 2876 ComputerName: WINCTRL-BHLBPQ7
1444.0502 2876 UserName: user
1444.0502 2876 Windows directory: C:\Windows
1444.0502 2876 System windows directory: C:\Windows
1444.0502 2876 Processor architecture: Intel x86
1444.0502 2876 Number of processors: 2
1444.0502 2876 Page size: 0x1000
1444.0502 2876 Boot type: Normal boot
1444.0502 2876 ============================================================
1450.0352 2876 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
1450.0368 2876 Drive \Device\Harddisk1\DR1 - Size: 0x53D67B6000 (335.35 Gb), SectorSize: 0x200, Cylinders: 0xB5B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
1450.0399 2876 Drive \Device\Harddisk6\DR6 - Size: 0x3C100000 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
1450.0399 2876 ============================================================
1450.0399 2876 \Device\Harddisk0\DR0:
1450.0399 2876 MBR partitions:
1450.0399 2876 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x658FB66
1450.0399 2876 \Device\Harddisk1\DR1:
1450.0415 2876 MBR partitions:
1450.0415 2876 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
1450.0415 2876 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x29E80800
1450.0415 2876 \Device\Harddisk6\DR6:
1450.0415 2876 MBR partitions:
1450.0415 2876 \Device\Harddisk6\DR6\Partition1: MBR, Type 0x6, StartLBA 0x1F8, BlocksNum 0x1E0608
1450.0415 2876 ============================================================
1450.0446 2876 C: <-> \Device\Harddisk1\DR1\Partition2
1450.0446 2876 E: <-> \Device\Harddisk0\DR0\Partition1
1450.0446 2876 ============================================================
1450.0446 2876 Initialize success
1450.0446 2876 ============================================================
1458.0121 0340 ============================================================
1458.0121 0340 Scan started
1458.0121 0340 Mode: Manual;
1458.0121 0340 ============================================================
1458.0605 0340 ================ Scan system memory ========================
1458.0605 0340 System memory - ok
1458.0605 0340 ================ Scan services =============================
1458.0714 0340 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
1458.0714 0340 1394ohci - ok
1458.0761 0340 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
1458.0761 0340 ACPI - ok
1458.0776 0340 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
1458.0776 0340 AcpiPmi - ok
1458.0870 0340 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
1458.0870 0340 AdobeARMservice - ok
1458.0932 0340 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
1458.0932 0340 AdobeFlashPlayerUpdateSvc - ok
1458.0964 0340 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
1458.0979 0340 adp94xx - ok
1458.0995 0340 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
1459.0010 0340 adpahci - ok
1459.0026 0340 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
1459.0026 0340 adpu320 - ok
1459.0057 0340 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
1459.0057 0340 AeLookupSvc - ok
1459.0088 0340 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
1459.0088 0340 AFD - ok
1459.0120 0340 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
1459.0120 0340 agp440 - ok
1459.0135 0340 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
1459.0135 0340 aic78xx - ok
1459.0151 0340 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
1459.0151 0340 ALG - ok
1459.0166 0340 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
1459.0166 0340 aliide - ok
1459.0182 0340 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
1459.0198 0340 amdagp - ok
1459.0198 0340 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
1459.0198 0340 amdide - ok
1459.0244 0340 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
1459.0244 0340 AmdK8 - ok
1459.0260 0340 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
1459.0260 0340 AmdPPM - ok
1459.0291 0340 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
1459.0291 0340 amdsata - ok
1459.0307 0340 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
1459.0307 0340 amdsbs - ok
1459.0322 0340 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
1459.0322 0340 amdxata - ok
1459.0354 0340 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
1459.0354 0340 AppID - ok
1459.0385 0340 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
1459.0385 0340 AppIDSvc - ok
1459.0400 0340 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
1459.0400 0340 Appinfo - ok
1459.0416 0340 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
1459.0416 0340 arc - ok
1459.0447 0340 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
1459.0447 0340 arcsas - ok
1459.0478 0340 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
1459.0478 0340 AsyncMac - ok
1459.0494 0340 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
1459.0494 0340 atapi - ok
1459.0541 0340 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
1459.0541 0340 AudioEndpointBuilder - ok
1459.0556 0340 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
1459.0572 0340 Audiosrv - ok
1459.0619 0340 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
1459.0619 0340 AxInstSV - ok
1459.0650 0340 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
1459.0650 0340 b06bdrv - ok
1459.0681 0340 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
1459.0681 0340 b57nd60x - ok
1459.0712 0340 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
1459.0712 0340 BDESVC - ok
1459.0728 0340 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
1459.0728 0340 Beep - ok
1459.0759 0340 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
1459.0759 0340 BFE - ok
1459.0790 0340 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
1459.0806 0340 BITS - ok
1459.0822 0340 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
1459.0822 0340 blbdrive - ok
1459.0853 0340 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
1459.0853 0340 bowser - ok
1459.0868 0340 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
1459.0868 0340 BrFiltLo - ok
1459.0868 0340 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
1459.0868 0340 BrFiltUp - ok
1459.0915 0340 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
1459.0915 0340 Browser - ok
1459.0946 0340 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
1459.0946 0340 Brserid - ok
1459.0946 0340 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
1459.0946 0340 BrSerWdm - ok
1459.0962 0340 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
1459.0962 0340 BrUsbMdm - ok
1459.0978 0340 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
1459.0978 0340 BrUsbSer - ok
1459.0993 0340 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
1459.0993 0340 BTHMODEM - ok
14:07:00.0024 0340 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
14:07:00.0024 0340 bthserv - ok
14:07:00.0056 0340 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:07:00.0056 0340 cdfs - ok
14:07:00.0087 0340 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:07:00.0087 0340 cdrom - ok
14:07:00.0118 0340 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
14:07:00.0118 0340 CertPropSvc - ok
14:07:00.0134 0340 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
14:07:00.0134 0340 circlass - ok
14:07:00.0165 0340 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
14:07:00.0165 0340 CLFS - ok
14:07:00.0227 0340 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:07:00.0227 0340 clr_optimization_v2.0.50727_32 - ok
14:07:00.0321 0340 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:07:00.0336 0340 clr_optimization_v4.0.30319_32 - ok
14:07:00.0352 0340 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
14:07:00.0352 0340 CmBatt - ok
14:07:00.0368 0340 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:07:00.0368 0340 cmdide - ok
14:07:00.0414 0340 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
14:07:00.0414 0340 CNG - ok
14:07:00.0430 0340 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys
14:07:00.0430 0340 Compbatt - ok
14:07:00.0446 0340 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
14:07:00.0446 0340 CompositeBus - ok
14:07:00.0461 0340 COMSysApp - ok
14:07:00.0477 0340 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:07:00.0477 0340 crcdisk - ok
14:07:00.0539 0340 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:07:00.0539 0340 CryptSvc - ok
14:07:00.0586 0340 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
14:07:00.0602 0340 DcomLaunch - ok
14:07:00.0633 0340 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
14:07:00.0633 0340 defragsvc - ok
14:07:00.0648 0340 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:07:00.0648 0340 DfsC - ok
14:07:00.0680 0340 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
14:07:00.0680 0340 Dhcp - ok
14:07:00.0711 0340 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
14:07:00.0711 0340 discache - ok
14:07:00.0726 0340 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
14:07:00.0726 0340 Disk - ok
14:07:00.0758 0340 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:07:00.0758 0340 Dnscache - ok
14:07:00.0789 0340 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
14:07:00.0789 0340 dot3svc - ok
14:07:00.0804 0340 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
14:07:00.0804 0340 DPS - ok
14:07:00.0836 0340 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:07:00.0836 0340 drmkaud - ok
14:07:00.0867 0340 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:07:00.0882 0340 DXGKrnl - ok
14:07:00.0898 0340 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
14:07:00.0898 0340 EapHost - ok
14:07:00.0992 0340 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
14:07:01.0054 0340 ebdrv - ok
14:07:01.0085 0340 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
14:07:01.0085 0340 EFS - ok
14:07:01.0148 0340 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:07:01.0179 0340 ehRecvr - ok
14:07:01.0179 0340 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
14:07:01.0194 0340 ehSched - ok
14:07:01.0226 0340 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:07:01.0226 0340 elxstor - ok
14:07:01.0241 0340 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:07:01.0241 0340 ErrDev - ok
14:07:01.0288 0340 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
14:07:01.0288 0340 EventSystem - ok
14:07:01.0304 0340 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
14:07:01.0319 0340 exfat - ok
14:07:01.0319 0340 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:07:01.0319 0340 fastfat - ok
14:07:01.0366 0340 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
14:07:01.0382 0340 Fax - ok
14:07:01.0413 0340 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
14:07:01.0413 0340 fdc - ok
14:07:01.0413 0340 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
14:07:01.0428 0340 fdPHost - ok
14:07:01.0444 0340 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
14:07:01.0444 0340 FDResPub - ok
14:07:01.0460 0340 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:07:01.0460 0340 FileInfo - ok
14:07:01.0475 0340 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:07:01.0475 0340 Filetrace - ok
14:07:01.0491 0340 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
14:07:01.0491 0340 flpydisk - ok
14:07:01.0506 0340 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:07:01.0506 0340 FltMgr - ok
14:07:01.0584 0340 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
14:07:01.0600 0340 FontCache - ok
14:07:01.0647 0340 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:07:01.0647 0340 FontCache3.0.0.0 - ok
14:07:01.0662 0340 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:07:01.0662 0340 FsDepends - ok
14:07:01.0709 0340 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:07:01.0709 0340 Fs_Rec - ok
14:07:01.0756 0340 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:07:01.0772 0340 fvevol - ok
14:07:01.0803 0340 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:07:01.0803 0340 gagp30kx - ok
14:07:01.0834 0340 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
14:07:01.0850 0340 gpsvc - ok
14:07:01.0865 0340 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:07:01.0865 0340 hcw85cir - ok
14:07:01.0881 0340 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:07:01.0896 0340 HdAudAddService - ok
14:07:01.0912 0340 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:07:01.0912 0340 HDAudBus - ok
14:07:01.0928 0340 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
14:07:01.0928 0340 HidBatt - ok
14:07:01.0943 0340 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:07:01.0943 0340 HidBth - ok
14:07:01.0959 0340 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
14:07:01.0959 0340 HidIr - ok
14:07:01.0974 0340 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
14:07:01.0974 0340 hidserv - ok
14:07:02.0021 0340 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:07:02.0021 0340 HidUsb - ok
14:07:02.0052 0340 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:07:02.0052 0340 hkmsvc - ok
14:07:02.0068 0340 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:07:02.0084 0340 HomeGroupListener - ok
14:07:02.0099 0340 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:07:02.0115 0340 HomeGroupProvider - ok
14:07:02.0130 0340 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:07:02.0130 0340 HpSAMD - ok
14:07:02.0177 0340 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:07:02.0193 0340 HTTP - ok
14:07:02.0208 0340 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:07:02.0208 0340 hwpolicy - ok
14:07:02.0240 0340 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:07:02.0240 0340 i8042prt - ok
14:07:02.0286 0340 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:07:02.0286 0340 iaStorV - ok
14:07:02.0333 0340 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:07:02.0364 0340 idsvc - ok
14:07:02.0380 0340 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:07:02.0380 0340 iirsp - ok
14:07:02.0427 0340 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
14:07:02.0442 0340 IKEEXT - ok
14:07:02.0458 0340 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
14:07:02.0458 0340 intelide - ok
14:07:02.0474 0340 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\drivers\intelppm.sys
14:07:02.0474 0340 intelppm - ok
14:07:02.0489 0340 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:07:02.0505 0340 IPBusEnum - ok
14:07:02.0505 0340 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:07:02.0505 0340 IpFilterDriver - ok
14:07:02.0567 0340 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:07:02.0583 0340 iphlpsvc - ok
14:07:02.0598 0340 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:07:02.0598 0340 IPMIDRV - ok
14:07:02.0598 0340 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:07:02.0614 0340 IPNAT - ok
14:07:02.0630 0340 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:07:02.0630 0340 IRENUM - ok
14:07:02.0630 0340 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:07:02.0645 0340 isapnp - ok
14:07:02.0661 0340 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:07:02.0661 0340 iScsiPrt - ok
14:07:02.0692 0340 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:07:02.0692 0340 kbdclass - ok
14:07:02.0723 0340 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:07:02.0723 0340 kbdhid - ok
14:07:02.0739 0340 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
14:07:02.0739 0340 KeyIso - ok
14:07:02.0786 0340 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:07:02.0786 0340 KSecDD - ok
14:07:02.0832 0340 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:07:02.0832 0340 KSecPkg - ok
14:07:02.0926 0340 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
14:07:02.0942 0340 KtmRm - ok
14:07:02.0957 0340 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
14:07:02.0957 0340 LanmanServer - ok
14:07:03.0004 0340 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:07:03.0004 0340 LanmanWorkstation - ok
14:07:03.0035 0340 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:07:03.0035 0340 lltdio - ok
14:07:03.0082 0340 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:07:03.0082 0340 lltdsvc - ok
14:07:03.0129 0340 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
14:07:03.0129 0340 lmhosts - ok
14:07:03.0144 0340 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:07:03.0144 0340 LSI_FC - ok
14:07:03.0160 0340 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:07:03.0160 0340 LSI_SAS - ok
14:07:03.0160 0340 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
14:07:03.0176 0340 LSI_SAS2 - ok
14:07:03.0207 0340 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:07:03.0207 0340 LSI_SCSI - ok
14:07:03.0238 0340 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
14:07:03.0238 0340 luafv - ok
14:07:03.0269 0340 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:07:03.0269 0340 Mcx2Svc - ok
14:07:03.0316 0340 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
14:07:03.0316 0340 megasas - ok
14:07:03.0378 0340 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
14:07:03.0378 0340 MegaSR - ok
14:07:03.0394 0340 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
14:07:03.0394 0340 MMCSS - ok
14:07:03.0410 0340 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
14:07:03.0410 0340 Modem - ok
14:07:03.0441 0340 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:07:03.0441 0340 monitor - ok
14:07:03.0472 0340 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:07:03.0472 0340 mouclass - ok
14:07:03.0488 0340 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:07:03.0488 0340 mouhid - ok
14:07:03.0519 0340 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:07:03.0519 0340 mountmgr - ok
14:07:03.0550 0340 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:07:03.0550 0340 MozillaMaintenance - ok
14:07:03.0612 0340 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
14:07:03.0612 0340 MpFilter - ok
14:07:03.0628 0340 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
14:07:03.0628 0340 mpio - ok
14:07:03.0644 0340 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:07:03.0644 0340 mpsdrv - ok
14:07:03.0675 0340 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:07:03.0690 0340 MpsSvc - ok
14:07:03.0706 0340 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:07:03.0706 0340 MRxDAV - ok
14:07:03.0737 0340 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:07:03.0737 0340 mrxsmb - ok
14:07:03.0768 0340 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:07:03.0784 0340 mrxsmb10 - ok
14:07:03.0784 0340 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:07:03.0784 0340 mrxsmb20 - ok
14:07:03.0815 0340 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
14:07:03.0815 0340 msahci - ok
14:07:03.0831 0340 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:07:03.0831 0340 msdsm - ok
14:07:03.0846 0340 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
14:07:03.0846 0340 MSDTC - ok
14:07:03.0878 0340 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:07:03.0878 0340 Msfs - ok
14:07:03.0878 0340 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:07:03.0878 0340 mshidkmdf - ok
14:07:03.0893 0340 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:07:03.0893 0340 msisadrv - ok
14:07:03.0924 0340 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:07:03.0924 0340 MSiSCSI - ok
14:07:03.0940 0340 msiserver - ok
14:07:03.0956 0340 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:07:03.0956 0340 MSKSSRV - ok
14:07:04.0049 0340 [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:07:04.0049 0340 MsMpSvc - ok
14:07:04.0080 0340 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:07:04.0080 0340 MSPCLOCK - ok
14:07:04.0080 0340 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:07:04.0080 0340 MSPQM - ok
14:07:04.0096 0340 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:07:04.0096 0340 MsRPC - ok
14:07:04.0127 0340 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:07:04.0127 0340 mssmbios - ok
14:07:04.0143 0340 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:07:04.0143 0340 MSTEE - ok
14:07:04.0158 0340 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
14:07:04.0158 0340 MTConfig - ok
14:07:04.0174 0340 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
14:07:04.0174 0340 Mup - ok
14:07:04.0205 0340 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
14:07:04.0205 0340 napagent - ok
14:07:04.0236 0340 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:07:04.0252 0340 NativeWifiP - ok
14:07:04.0299 0340 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:07:04.0314 0340 NDIS - ok
14:07:04.0330 0340 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:07:04.0330 0340 NdisCap - ok
14:07:04.0346 0340 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:07:04.0346 0340 NdisTapi - ok
14:07:04.0346 0340 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:07:04.0346 0340 Ndisuio - ok
14:07:04.0361 0340 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:07:04.0361 0340 NdisWan - ok
14:07:04.0377 0340 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:07:04.0377 0340 NDProxy - ok
14:07:04.0392 0340 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:07:04.0408 0340 NetBIOS - ok
14:07:04.0424 0340 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:07:04.0424 0340 NetBT - ok
14:07:04.0439 0340 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
14:07:04.0439 0340 Netlogon - ok
14:07:04.0486 0340 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
14:07:04.0486 0340 Netman - ok
14:07:04.0502 0340 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
14:07:04.0517 0340 netprofm - ok
14:07:04.0533 0340 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:07:04.0533 0340 NetTcpPortSharing - ok
14:07:04.0564 0340 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:07:04.0564 0340 nfrd960 - ok
14:07:04.0611 0340 [ 832E098BCA8235436FE2D8AE50AC3718 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:07:04.0611 0340 NisDrv - ok
14:07:04.0673 0340 [ E570ECA850F30EB740C2E9699DF3D2BD ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
14:07:04.0673 0340 NisSrv - ok
14:07:04.0720 0340 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
14:07:04.0736 0340 NlaSvc - ok
14:07:04.0736 0340 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:07:04.0736 0340 Npfs - ok
14:07:04.0767 0340 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
14:07:04.0767 0340 nsi - ok
14:07:04.0782 0340 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:07:04.0782 0340 nsiproxy - ok
14:07:04.0845 0340 [ 9CDAEBE5160B9AF02AE17C62BDB6C4B5 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:07:04.0876 0340 Ntfs - ok
14:07:04.0892 0340 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
14:07:04.0892 0340 Null - ok
14:07:04.0923 0340 [ B5E37E31C053BC9950455A257526514B ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys
14:07:04.0938 0340 NVENETFD - ok
14:07:05.0126 0340 [ B0881DDA5A8160422561FFAB7F0008B1 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:07:05.0328 0340 nvlddmkm - ok
14:07:05.0360 0340 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:07:05.0360 0340 nvraid - ok
14:07:05.0391 0340 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:07:05.0391 0340 nvstor - ok
14:07:05.0406 0340 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:07:05.0406 0340 nv_agp - ok
14:07:05.0422 0340 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:07:05.0422 0340 ohci1394 - ok
14:07:05.0484 0340 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:07:05.0484 0340 ose - ok
14:07:05.0656 0340 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:07:05.0750 0340 osppsvc - ok
14:07:05.0781 0340 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:07:05.0796 0340 p2pimsvc - ok
14:07:05.0828 0340 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
14:07:05.0828 0340 p2psvc - ok
14:07:05.0843 0340 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
14:07:05.0843 0340 Parport - ok
14:07:05.0874 0340 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:07:05.0874 0340 partmgr - ok
14:07:05.0874 0340 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
14:07:05.0874 0340 Parvdm - ok
14:07:05.0906 0340 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:07:05.0906 0340 PcaSvc - ok
14:07:05.0921 0340 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
14:07:05.0921 0340 pci - ok
14:07:05.0937 0340 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
14:07:05.0937 0340 pciide - ok
14:07:05.0952 0340 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:07:05.0968 0340 pcmcia - ok
14:07:05.0984 0340 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
14:07:05.0984 0340 pcw - ok
14:07:05.0999 0340 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:07:06.0015 0340 PEAUTH - ok
14:07:06.0077 0340 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
14:07:06.0108 0340 pla - ok
14:07:06.0155 0340 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:07:06.0171 0340 PlugPlay - ok
14:07:06.0186 0340 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:07:06.0186 0340 PNRPAutoReg - ok
14:07:06.0202 0340 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:07:06.0202 0340 PNRPsvc - ok
14:07:06.0249 0340 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:07:06.0249 0340 PolicyAgent - ok
14:07:06.0280 0340 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
14:07:06.0280 0340 Power - ok
14:07:06.0311 0340 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:07:06.0311 0340 PptpMiniport - ok
14:07:06.0327 0340 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
14:07:06.0327 0340 Processor - ok
14:07:06.0389 0340 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
14:07:06.0389 0340 ProfSvc - ok
14:07:06.0405 0340 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:07:06.0405 0340 ProtectedStorage - ok
14:07:06.0436 0340 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:07:06.0436 0340 Psched - ok
14:07:06.0467 0340 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:07:06.0498 0340 ql2300 - ok
14:07:06.0514 0340 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:07:06.0514 0340 ql40xx - ok
14:07:06.0545 0340 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
14:07:06.0545 0340 QWAVE - ok
14:07:06.0561 0340 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:07:06.0561 0340 QWAVEdrv - ok
14:07:06.0561 0340 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:07:06.0576 0340 RasAcd - ok
14:07:06.0592 0340 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:07:06.0592 0340 RasAgileVpn - ok
14:07:06.0608 0340 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
14:07:06.0623 0340 RasAuto - ok
14:07:06.0623 0340 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:07:06.0623 0340 Rasl2tp - ok
14:07:06.0654 0340 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
14:07:06.0670 0340 RasMan - ok
14:07:06.0670 0340 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:07:06.0670 0340 RasPppoe - ok
14:07:06.0701 0340 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:07:06.0701 0340 RasSstp - ok
14:07:06.0732 0340 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:07:06.0732 0340 rdbss - ok
14:07:06.0748 0340 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
14:07:06.0748 0340 rdpbus - ok
14:07:06.0764 0340 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:07:06.0764 0340 RDPCDD - ok
14:07:06.0795 0340 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:07:06.0795 0340 RDPENCDD - ok
14:07:06.0810 0340 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:07:06.0810 0340 RDPREFMP - ok
14:07:06.0857 0340 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:07:06.0857 0340 RDPWD - ok
14:07:06.0888 0340 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:07:06.0888 0340 rdyboost - ok
14:07:06.0920 0340 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
14:07:06.0920 0340 RemoteAccess - ok
14:07:06.0935 0340 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:07:06.0935 0340 RemoteRegistry - ok
14:07:06.0966 0340 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:07:06.0966 0340 RpcEptMapper - ok
14:07:06.0998 0340 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
14:07:06.0998 0340 RpcLocator - ok
14:07:07.0013 0340 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
14:07:07.0029 0340 RpcSs - ok
14:07:07.0060 0340 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:07:07.0060 0340 rspndr - ok
14:07:07.0091 0340 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
14:07:07.0091 0340 SamSs - ok
14:07:07.0107 0340 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:07:07.0107 0340 sbp2port - ok
14:07:07.0169 0340 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:07:07.0169 0340 SCardSvr - ok
14:07:07.0185 0340 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:07:07.0185 0340 scfilter - ok
14:07:07.0216 0340 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
14:07:07.0232 0340 Schedule - ok
14:07:07.0247 0340 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:07:07.0247 0340 SCPolicySvc - ok
14:07:07.0263 0340 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:07:07.0263 0340 SDRSVC - ok
14:07:07.0294 0340 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:07:07.0294 0340 secdrv - ok
14:07:07.0310 0340 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
14:07:07.0325 0340 seclogon - ok
14:07:07.0341 0340 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
14:07:07.0341 0340 SENS - ok
14:07:07.0356 0340 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:07:07.0372 0340 SensrSvc - ok
14:07:07.0372 0340 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\drivers\serenum.sys
14:07:07.0372 0340 Serenum - ok
14:07:07.0388 0340 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\drivers\serial.sys
14:07:07.0388 0340 Serial - ok
14:07:07.0419 0340 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:07:07.0419 0340 sermouse - ok
14:07:07.0450 0340 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
14:07:07.0450 0340 SessionEnv - ok
14:07:07.0466 0340 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:07:07.0466 0340 sffdisk - ok
14:07:07.0481 0340 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:07:07.0481 0340 sffp_mmc - ok
14:07:07.0497 0340 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:07:07.0497 0340 sffp_sd - ok
14:07:07.0497 0340 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:07:07.0497 0340 sfloppy - ok
14:07:07.0528 0340 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:07:07.0544 0340 SharedAccess - ok
14:07:07.0559 0340 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:07:07.0575 0340 ShellHWDetection - ok
14:07:07.0590 0340 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
14:07:07.0590 0340 sisagp - ok
14:07:07.0606 0340 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
14:07:07.0606 0340 SiSRaid2 - ok
14:07:07.0622 0340 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:07:07.0622 0340 SiSRaid4 - ok
14:07:07.0637 0340 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:07:07.0637 0340 Smb - ok
14:07:07.0668 0340 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:07:07.0668 0340 SNMPTRAP - ok
14:07:07.0684 0340 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
14:07:07.0684 0340 spldr - ok
14:07:07.0731 0340 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
14:07:07.0746 0340 Spooler - ok
14:07:07.0824 0340 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
14:07:07.0902 0340 sppsvc - ok
14:07:07.0934 0340 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:07:07.0934 0340 sppuinotify - ok
14:07:07.0949 0340 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:07:07.0965 0340 srv - ok
14:07:07.0980 0340 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:07:07.0996 0340 srv2 - ok
14:07:08.0012 0340 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:07:08.0012 0340 srvnet - ok
14:07:08.0058 0340 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:07:08.0058 0340 SSDPSRV - ok
14:07:08.0074 0340 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:07:08.0074 0340 SstpSvc - ok
14:07:08.0090 0340 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
14:07:08.0090 0340 stexstor - ok
14:07:08.0136 0340 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
14:07:08.0152 0340 StiSvc - ok
14:07:08.0152 0340 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:07:08.0152 0340 swenum - ok
14:07:08.0168 0340 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
14:07:08.0183 0340 swprv - ok
14:07:08.0214 0340 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
14:07:08.0246 0340 SysMain - ok
14:07:08.0261 0340 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:07:08.0261 0340 TabletInputService - ok
14:07:08.0277 0340 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
14:07:08.0292 0340 TapiSrv - ok
14:07:08.0308 0340 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
14:07:08.0308 0340 TBS - ok
14:07:08.0386 0340 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:07:08.0417 0340 Tcpip - ok
14:07:08.0464 0340 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:07:08.0480 0340 TCPIP6 - ok
14:07:08.0511 0340 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:07:08.0526 0340 tcpipreg - ok
14:07:08.0542 0340 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:07:08.0542 0340 TDPIPE - ok
14:07:08.0558 0340 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:07:08.0558 0340 TDTCP - ok
14:07:08.0573 0340 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:07:08.0573 0340 tdx - ok
14:07:08.0589 0340 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:07:08.0589 0340 TermDD - ok
14:07:08.0604 0340 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
14:07:08.0620 0340 TermService - ok
14:07:08.0636 0340 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
14:07:08.0636 0340 Themes - ok
14:07:08.0651 0340 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
14:07:08.0651 0340 THREADORDER - ok
14:07:08.0682 0340 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
14:07:08.0682 0340 TrkWks - ok
14:07:08.0729 0340 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:07:08.0729 0340 TrustedInstaller - ok
14:07:08.0776 0340 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:07:08.0776 0340 tssecsrv - ok
14:07:08.0776 0340 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:07:08.0776 0340 TsUsbFlt - ok
14:07:08.0792 0340 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
14:07:08.0792 0340 TsUsbGD - ok
14:07:08.0807 0340 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:07:08.0807 0340 tunnel - ok
14:07:08.0823 0340 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:07:08.0823 0340 uagp35 - ok
14:07:08.0838 0340 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:07:08.0854 0340 udfs - ok
14:07:08.0885 0340 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:07:08.0885 0340 UI0Detect - ok
14:07:08.0885 0340 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:07:08.0885 0340 uliagpkx - ok
14:07:08.0901 0340 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:07:08.0901 0340 umbus - ok
14:07:08.0916 0340 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
14:07:08.0916 0340 UmPass - ok
14:07:08.0932 0340 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
14:07:08.0948 0340 upnphost - ok
14:07:08.0963 0340 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:07:08.0963 0340 usbccgp - ok
14:07:08.0979 0340 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:07:08.0979 0340 usbcir - ok
14:07:08.0994 0340 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:07:08.0994 0340 usbehci - ok
14:07:09.0010 0340 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:07:09.0026 0340 usbhub - ok
14:07:09.0041 0340 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:07:09.0041 0340 usbohci - ok
14:07:09.0057 0340 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:07:09.0057 0340 usbprint - ok
14:07:09.0072 0340 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:07:09.0072 0340 USBSTOR - ok
14:07:09.0088 0340 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:07:09.0088 0340 usbuhci - ok
14:07:09.0119 0340 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
14:07:09.0119 0340 UxSms - ok
14:07:09.0150 0340 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
14:07:09.0150 0340 VaultSvc - ok
14:07:09.0182 0340 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:07:09.0182 0340 vdrvroot - ok
14:07:09.0197 0340 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
14:07:09.0213 0340 vds - ok
14:07:09.0228 0340 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:07:09.0228 0340 vga - ok
14:07:09.0244 0340 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
14:07:09.0244 0340 VgaSave - ok
14:07:09.0260 0340 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:07:09.0260 0340 vhdmp - ok
14:07:09.0275 0340 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
14:07:09.0275 0340 viaagp - ok
14:07:09.0275 0340 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
14:07:09.0275 0340 ViaC7 - ok
14:07:09.0291 0340 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
14:07:09.0291 0340 viaide - ok
14:07:09.0306 0340 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:07:09.0306 0340 volmgr - ok
14:07:09.0338 0340 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:07:09.0338 0340 volmgrx - ok
14:07:09.0353 0340 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:07:09.0369 0340 volsnap - ok
14:07:09.0384 0340 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:07:09.0384 0340 vsmraid - ok
14:07:09.0431 0340 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
14:07:09.0462 0340 VSS - ok
14:07:09.0494 0340 [ 682FCF7D2EB5158CD30408E976562408 ] VSTHWBS2 C:\Windows\system32\DRIVERS\VSTBS23.SYS
14:07:09.0509 0340 VSTHWBS2 - ok
14:07:09.0540 0340 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] VST_DPV C:\Windows\system32\DRIVERS\VSTDPV3.SYS
14:07:09.0572 0340 VST_DPV - ok
14:07:09.0572 0340 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
14:07:09.0572 0340 vwifibus - ok
14:07:09.0603 0340 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
14:07:09.0603 0340 W32Time - ok
14:07:09.0618 0340 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:07:09.0634 0340 WacomPen - ok
14:07:09.0650 0340 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:07:09.0650 0340 WANARP - ok
14:07:09.0650 0340 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:07:09.0665 0340 Wanarpv6 - ok
14:07:09.0712 0340 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:07:09.0743 0340 WatAdminSvc - ok
14:07:09.0806 0340 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
14:07:09.0837 0340 wbengine - ok
14:07:09.0852 0340 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:07:09.0868 0340 WbioSrvc - ok
14:07:09.0884 0340 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:07:09.0884 0340 wcncsvc - ok
14:07:09.0899 0340 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:07:09.0899 0340 WcsPlugInService - ok
14:07:09.0930 0340 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
14:07:09.0930 0340 Wd - ok
14:07:09.0977 0340 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:07:09.0977 0340 Wdf01000 - ok
14:07:09.0993 0340 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:07:09.0993 0340 WdiServiceHost - ok
14:07:10.0008 0340 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:07:10.0008 0340 WdiSystemHost - ok
14:07:10.0024 0340 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
14:07:10.0040 0340 WebClient - ok
14:07:10.0040 0340 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:07:10.0055 0340 Wecsvc - ok
14:07:10.0071 0340 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:07:10.0071 0340 wercplsupport - ok
14:07:10.0086 0340 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
14:07:10.0102 0340 WerSvc - ok
14:07:10.0118 0340 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:07:10.0118 0340 WfpLwf - ok
14:07:10.0133 0340 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:07:10.0133 0340 WIMMount - ok
14:07:10.0164 0340 [ BC0C7EA89194C299F051C24119000E17 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
14:07:10.0164 0340 winachsf - ok
14:07:10.0227 0340 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
14:07:10.0242 0340 WinDefend - ok
14:07:10.0242 0340 WinHttpAutoProxySvc - ok
14:07:10.0289 0340 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:07:10.0289 0340 Winmgmt - ok
14:07:10.0336 0340 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
14:07:10.0367 0340 WinRM - ok
14:07:10.0430 0340 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:07:10.0445 0340 Wlansvc - ok
14:07:10.0461 0340 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:07:10.0461 0340 WmiAcpi - ok
14:07:10.0492 0340 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:07:10.0492 0340 wmiApSrv - ok
14:07:10.0570 0340 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
14:07:10.0586 0340 WMPNetworkSvc - ok
14:07:10.0601 0340 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:07:10.0601 0340 WPCSvc - ok
14:07:10.0632 0340 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:07:10.0632 0340 WPDBusEnum - ok
14:07:10.0648 0340 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:07:10.0648 0340 ws2ifsl - ok
14:07:10.0664 0340 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
14:07:10.0664 0340 wscsvc - ok
14:07:10.0679 0340 WSearch - ok
14:07:10.0757 0340 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
14:07:10.0804 0340 wuauserv - ok
14:07:10.0851 0340 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:07:10.0851 0340 WudfPf - ok
14:07:10.0866 0340 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:07:10.0866 0340 WUDFRd - ok
14:07:10.0929 0340 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:07:10.0929 0340 wudfsvc - ok
14:07:10.0960 0340 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
14:07:10.0960 0340 WwanSvc - ok
14:07:10.0976 0340 ================ Scan global ===============================
14:07:10.0976 0340 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
14:07:11.0022 0340 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
14:07:11.0038 0340 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
14:07:11.0069 0340 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
14:07:11.0085 0340 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
14:07:11.0085 0340 [Global] - ok
14:07:11.0085 0340 ================ Scan MBR ==================================
14:07:11.0116 0340 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
14:07:11.0241 0340 \Device\Harddisk0\DR0 - ok
14:07:11.0241 0340 [ C3C93F1CA51BBACBABEA804D2CC62CA1 ] \Device\Harddisk1\DR1
14:07:11.0241 0340 Suspicious mbr (Forged): \Device\Harddisk1\DR1
14:07:11.0288 0340 \Device\Harddisk1\DR1 ( Rootkit.Boot.Harbinger.a ) - infected
14:07:11.0288 0340 \Device\Harddisk1\DR1 - detected Rootkit.Boot.Harbinger.a (0)
14:07:11.0303 0340 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk6\DR6
14:07:11.0319 0340 \Device\Harddisk6\DR6 - ok
14:07:11.0319 0340 ================ Scan VBR ==================================
14:07:11.0334 0340 [ 8536861B68D1E477E0F812153318EE1B ] \Device\Harddisk0\DR0\Partition1
14:07:11.0334 0340 \Device\Harddisk0\DR0\Partition1 - ok
14:07:11.0334 0340 [ 6FDB15E83ED833F734910F29E3AB393B ] \Device\Harddisk1\DR1\Partition1
14:07:11.0350 0340 \Device\Harddisk1\DR1\Partition1 - ok
14:07:11.0350 0340 [ 7287E0077163A0A9C41F257C5F7667DA ] \Device\Harddisk1\DR1\Partition2
14:07:11.0366 0340 \Device\Harddisk1\DR1\Partition2 - ok
14:07:11.0366 0340 [ 6A55D8127E8841742D33AA97FBB59AC4 ] \Device\Harddisk6\DR6\Partition1
14:07:11.0366 0340 \Device\Harddisk6\DR6\Partition1 - ok
14:07:11.0366 0340 ============================================================
14:07:11.0366 0340 Scan finished
14:07:11.0366 0340 ============================================================
14:07:11.0381 3864 Detected object count: 1
14:07:11.0381 3864 Actual detected object count: 1
14:07:25.0655 3864 \Device\Harddisk1\DR1 ( Rootkit.Boot.Harbinger.a ) - skipped by user
14:07:25.0655 3864 \Device\Harddisk1\DR1 ( Rootkit.Boot.Harbinger.a ) - User select action: Skip
14:07:53.0532 2068 Deinitialize success
Attached Files
File Type: zip MBR.zip (559 Bytes, 8 views)
__________________
jaythorpe522 is offline  
Old 04-12-2013, 12:42 PM   #5
TSF Enthusiast
 
Join Date: Sep 2010
Location: Bloodymore, Murderland
Posts: 1,009
OS: Mac OSX (10.5.8)



And here are the MWB logs (I was wrong before about which was quick and which long scan -- children will steal your brain cells)

Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free anti-malware download

Database version: v2013.04.10.13

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
user :: WINCTRL-BHLBPQ7 [administrator]

4/10/2013 423 PM
mbam-log-2013-04-10 (16-06-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193977
Time elapsed: 8 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\user\AppData\Local\Temp\0.08425655034286561 (Trojan.Dropper.ED) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\45E.tmp (Trojan.Fareit.RRE) -> Quarantined and deleted successfully.

(end)

********************
********************

Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free anti-malware download

Database version: v2013.04.10.13

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
user :: WINCTRL-BHLBPQ7 [administrator]

4/10/2013 4:21:13 PM
mbam-log-2013-04-10 (16-21-13).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 345462
Time elapsed: 1 hour(s), 24 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\user\AppData\LocalLow\F466.tmp (Trojan.Fareit.RRE) -> Quarantined and deleted successfully.

(end)
__________________
jaythorpe522 is offline  
Old 04-12-2013, 01:18 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 14,727
OS: XP Win7 Ubuntu 10.10



You're welcome.

Please run TDSKiller once again, and allow it to Cure what it detects this time.
Reboot at the prompt.
Once complete, as before, a log will be produced at the root drive which is typically C:\ for example, C:\TDSSKiller.<version_date_time>log.txt.
Please post the contents of the log in your next reply.
__________________

amateur is offline  
Old 04-12-2013, 04:02 PM   #7
TSF Enthusiast
 
Join Date: Sep 2010
Location: Bloodymore, Murderland
Posts: 1,009
OS: Mac OSX (10.5.8)



Howdy'gain. Thanks for helping! Looks like a positive move, to be sure. I am off the internet for the next 26 hours or so, so I won't be responding or following orders for that amount of time, but I'll be back tomorrow night.

TDSSKiller made two logs -- one before, one after boot. Both in one post is too long for the forum; here's before boot:

16:27:37.0145 2180 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:27:37.0160 2180 ============================================================
16:27:37.0160 2180 Current date / time: 2013/04/12 16:27:37.0160
16:27:37.0160 2180 SystemInfo:
16:27:37.0160 2180
16:27:37.0160 2180 OS Version: 6.1.7601 ServicePack: 1.0
16:27:37.0160 2180 Product type: Workstation
16:27:37.0160 2180 ComputerName: WINCTRL-BHLBPQ7
16:27:37.0160 2180 UserName: user
16:27:37.0160 2180 Windows directory: C:\Windows
16:27:37.0160 2180 System windows directory: C:\Windows
16:27:37.0160 2180 Processor architecture: Intel x86
16:27:37.0160 2180 Number of processors: 2
16:27:37.0160 2180 Page size: 0x1000
16:27:37.0160 2180 Boot type: Normal boot
16:27:37.0160 2180 ============================================================
16:27:43.0026 2180 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:27:43.0042 2180 Drive \Device\Harddisk1\DR1 - Size: 0x53D67B6000 (335.35 Gb), SectorSize: 0x200, Cylinders: 0xB5B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
16:27:43.0057 2180 ============================================================
16:27:43.0057 2180 \Device\Harddisk0\DR0:
16:27:43.0057 2180 MBR partitions:
16:27:43.0057 2180 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x658FB66
16:27:43.0057 2180 \Device\Harddisk1\DR1:
16:27:43.0057 2180 MBR partitions:
16:27:43.0057 2180 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:27:43.0057 2180 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x29E80800
16:27:43.0057 2180 ============================================================
16:27:43.0073 2180 C: <-> \Device\Harddisk1\DR1\Partition2
16:27:43.0088 2180 E: <-> \Device\Harddisk0\DR0\Partition1
16:27:43.0088 2180 ============================================================
16:27:43.0088 2180 Initialize success
16:27:43.0088 2180 ============================================================
16:27:46.0396 1744 ============================================================
16:27:46.0396 1744 Scan started
16:27:46.0396 1744 Mode: Manual;
16:27:46.0396 1744 ============================================================
16:27:46.0864 1744 ================ Scan system memory ========================
16:27:46.0864 1744 System memory - ok
16:27:46.0864 1744 ================ Scan services =============================
16:27:47.0051 1744 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
16:27:47.0051 1744 1394ohci - ok
16:27:47.0082 1744 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:27:47.0082 1744 ACPI - ok
16:27:47.0098 1744 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:27:47.0098 1744 AcpiPmi - ok
16:27:47.0191 1744 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:27:47.0191 1744 AdobeARMservice - ok
16:27:47.0238 1744 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:27:47.0254 1744 AdobeFlashPlayerUpdateSvc - ok
16:27:47.0285 1744 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:27:47.0285 1744 adp94xx - ok
16:27:47.0316 1744 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:27:47.0316 1744 adpahci - ok
16:27:47.0332 1744 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:27:47.0332 1744 adpu320 - ok
16:27:47.0363 1744 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:27:47.0363 1744 AeLookupSvc - ok
16:27:47.0394 1744 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
16:27:47.0394 1744 AFD - ok
16:27:47.0410 1744 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
16:27:47.0410 1744 agp440 - ok
16:27:47.0441 1744 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
16:27:47.0441 1744 aic78xx - ok
16:27:47.0456 1744 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
16:27:47.0456 1744 ALG - ok
16:27:47.0472 1744 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
16:27:47.0472 1744 aliide - ok
16:27:47.0503 1744 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:27:47.0503 1744 amdagp - ok
16:27:47.0503 1744 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
16:27:47.0503 1744 amdide - ok
16:27:47.0534 1744 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:27:47.0550 1744 AmdK8 - ok
16:27:47.0566 1744 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
16:27:47.0566 1744 AmdPPM - ok
16:27:47.0597 1744 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:27:47.0597 1744 amdsata - ok
16:27:47.0597 1744 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:27:47.0597 1744 amdsbs - ok
16:27:47.0628 1744 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:27:47.0628 1744 amdxata - ok
16:27:47.0644 1744 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
16:27:47.0644 1744 AppID - ok
16:27:47.0675 1744 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:27:47.0675 1744 AppIDSvc - ok
16:27:47.0706 1744 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
16:27:47.0706 1744 Appinfo - ok
16:27:47.0722 1744 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
16:27:47.0722 1744 arc - ok
16:27:47.0737 1744 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:27:47.0737 1744 arcsas - ok
16:27:47.0753 1744 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:27:47.0753 1744 AsyncMac - ok
16:27:47.0784 1744 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
16:27:47.0784 1744 atapi - ok
16:27:47.0815 1744 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:27:47.0815 1744 AudioEndpointBuilder - ok
16:27:47.0831 1744 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:27:47.0831 1744 Audiosrv - ok
16:27:47.0862 1744 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:27:47.0862 1744 AxInstSV - ok
16:27:47.0893 1744 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
16:27:47.0893 1744 b06bdrv - ok
16:27:47.0940 1744 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
16:27:47.0940 1744 b57nd60x - ok
16:27:47.0987 1744 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
16:27:47.0987 1744 BDESVC - ok
16:27:48.0002 1744 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
16:27:48.0002 1744 Beep - ok
16:27:48.0034 1744 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
16:27:48.0034 1744 BFE - ok
16:27:48.0080 1744 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
16:27:48.0096 1744 BITS - ok
16:27:48.0096 1744 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:27:48.0096 1744 blbdrive - ok
16:27:48.0143 1744 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:27:48.0143 1744 bowser - ok
16:27:48.0221 1744 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:27:48.0221 1744 BrFiltLo - ok
16:27:48.0221 1744 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:27:48.0221 1744 BrFiltUp - ok
16:27:48.0268 1744 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
16:27:48.0268 1744 Browser - ok
16:27:48.0283 1744 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:27:48.0283 1744 Brserid - ok
16:27:48.0283 1744 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:27:48.0299 1744 BrSerWdm - ok
16:27:48.0299 1744 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:27:48.0299 1744 BrUsbMdm - ok
16:27:48.0314 1744 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:27:48.0314 1744 BrUsbSer - ok
16:27:48.0314 1744 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:27:48.0314 1744 BTHMODEM - ok
16:27:48.0346 1744 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
16:27:48.0361 1744 bthserv - ok
16:27:48.0377 1744 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:27:48.0377 1744 cdfs - ok
16:27:48.0424 1744 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:27:48.0424 1744 cdrom - ok
16:27:48.0439 1744 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
16:27:48.0439 1744 CertPropSvc - ok
16:27:48.0455 1744 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
16:27:48.0455 1744 circlass - ok
16:27:48.0470 1744 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
16:27:48.0486 1744 CLFS - ok
16:27:48.0548 1744 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:27:48.0548 1744 clr_optimization_v2.0.50727_32 - ok
16:27:48.0626 1744 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:27:48.0642 1744 clr_optimization_v4.0.30319_32 - ok
16:27:48.0658 1744 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
16:27:48.0658 1744 CmBatt - ok
16:27:48.0658 1744 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:27:48.0658 1744 cmdide - ok
16:27:48.0704 1744 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
16:27:48.0704 1744 CNG - ok
16:27:48.0736 1744 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys
16:27:48.0736 1744 Compbatt - ok
16:27:48.0751 1744 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:27:48.0751 1744 CompositeBus - ok
16:27:48.0751 1744 COMSysApp - ok
16:27:48.0767 1744 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:27:48.0767 1744 crcdisk - ok
16:27:48.0814 1744 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:27:48.0814 1744 CryptSvc - ok
16:27:48.0845 1744 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
16:27:48.0860 1744 DcomLaunch - ok
16:27:48.0892 1744 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
16:27:48.0892 1744 defragsvc - ok
16:27:48.0907 1744 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:27:48.0907 1744 DfsC - ok
16:27:48.0938 1744 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
16:27:48.0938 1744 Dhcp - ok
16:27:48.0954 1744 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
16:27:48.0954 1744 discache - ok
16:27:48.0970 1744 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
16:27:48.0970 1744 Disk - ok
16:27:49.0001 1744 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:27:49.0001 1744 Dnscache - ok
16:27:49.0032 1744 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
16:27:49.0032 1744 dot3svc - ok
16:27:49.0048 1744 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
16:27:49.0063 1744 DPS - ok
16:27:49.0079 1744 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:27:49.0079 1744 drmkaud - ok
16:27:49.0110 1744 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:27:49.0110 1744 DXGKrnl - ok
16:27:49.0126 1744 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
16:27:49.0126 1744 EapHost - ok
16:27:49.0219 1744 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
16:27:49.0235 1744 ebdrv - ok
16:27:49.0250 1744 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
16:27:49.0266 1744 EFS - ok
16:27:49.0313 1744 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:27:49.0313 1744 ehRecvr - ok
16:27:49.0328 1744 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
16:27:49.0328 1744 ehSched - ok
16:27:49.0360 1744 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:27:49.0375 1744 elxstor - ok
16:27:49.0375 1744 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:27:49.0375 1744 ErrDev - ok
16:27:49.0422 1744 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
16:27:49.0422 1744 EventSystem - ok
16:27:49.0438 1744 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
16:27:49.0438 1744 exfat - ok
16:27:49.0453 1744 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:27:49.0453 1744 fastfat - ok
16:27:49.0500 1744 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
16:27:49.0500 1744 Fax - ok
16:27:49.0516 1744 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
16:27:49.0516 1744 fdc - ok
16:27:49.0531 1744 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
16:27:49.0531 1744 fdPHost - ok
16:27:49.0531 1744 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
16:27:49.0547 1744 FDResPub - ok
16:27:49.0547 1744 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:27:49.0547 1744 FileInfo - ok
16:27:49.0578 1744 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:27:49.0578 1744 Filetrace - ok
16:27:49.0578 1744 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
16:27:49.0578 1744 flpydisk - ok
16:27:49.0609 1744 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:27:49.0609 1744 FltMgr - ok
16:27:49.0672 1744 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
16:27:49.0672 1744 FontCache - ok
16:27:49.0718 1744 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:27:49.0718 1744 FontCache3.0.0.0 - ok
16:27:49.0734 1744 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:27:49.0734 1744 FsDepends - ok
16:27:49.0781 1744 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:27:49.0781 1744 Fs_Rec - ok
16:27:49.0843 1744 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:27:49.0843 1744 fvevol - ok
16:27:49.0874 1744 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:27:49.0874 1744 gagp30kx - ok
16:27:49.0906 1744 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
16:27:49.0921 1744 gpsvc - ok
16:27:49.0937 1744 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:27:49.0937 1744 hcw85cir - ok
16:27:49.0952 1744 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:27:49.0968 1744 HdAudAddService - ok
16:27:49.0984 1744 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:27:49.0984 1744 HDAudBus - ok
16:27:49.0999 1744 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
16:27:49.0999 1744 HidBatt - ok
16:27:50.0015 1744 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:27:50.0015 1744 HidBth - ok
16:27:50.0030 1744 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
16:27:50.0030 1744 HidIr - ok
16:27:50.0062 1744 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
16:27:50.0062 1744 hidserv - ok
16:27:50.0093 1744 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:27:50.0093 1744 HidUsb - ok
16:27:50.0124 1744 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:27:50.0124 1744 hkmsvc - ok
16:27:50.0155 1744 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:27:50.0155 1744 HomeGroupListener - ok
16:27:50.0171 1744 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:27:50.0171 1744 HomeGroupProvider - ok
16:27:50.0186 1744 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:27:50.0202 1744 HpSAMD - ok
16:27:50.0218 1744 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:27:50.0233 1744 HTTP - ok
16:27:50.0249 1744 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:27:50.0249 1744 hwpolicy - ok
16:27:50.0280 1744 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:27:50.0280 1744 i8042prt - ok
16:27:50.0311 1744 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:27:50.0311 1744 iaStorV - ok
16:27:50.0358 1744 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:27:50.0358 1744 idsvc - ok
16:27:50.0374 1744 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:27:50.0374 1744 iirsp - ok
16:27:50.0420 1744 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
16:27:50.0436 1744 IKEEXT - ok
16:27:50.0452 1744 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
16:27:50.0452 1744 intelide - ok
16:27:50.0467 1744 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\drivers\intelppm.sys
16:27:50.0467 1744 intelppm - ok
16:27:50.0483 1744 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:27:50.0483 1744 IPBusEnum - ok
16:27:50.0483 1744 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:27:50.0483 1744 IpFilterDriver - ok
16:27:50.0545 1744 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:27:50.0545 1744 iphlpsvc - ok
16:27:50.0561 1744 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:27:50.0561 1744 IPMIDRV - ok
16:27:50.0561 1744 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:27:50.0576 1744 IPNAT - ok
16:27:50.0576 1744 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:27:50.0576 1744 IRENUM - ok
16:27:50.0592 1744 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:27:50.0592 1744 isapnp - ok
16:27:50.0608 1744 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:27:50.0608 1744 iScsiPrt - ok
16:27:50.0639 1744 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:27:50.0639 1744 kbdclass - ok
16:27:50.0670 1744 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:27:50.0670 1744 kbdhid - ok
16:27:50.0686 1744 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
16:27:50.0686 1744 KeyIso - ok
16:27:50.0732 1744 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:27:50.0732 1744 KSecDD - ok
16:27:50.0764 1744 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:27:50.0764 1744 KSecPkg - ok
16:27:50.0795 1744 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
16:27:50.0795 1744 KtmRm - ok
16:27:50.0810 1744 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
16:27:50.0810 1744 LanmanServer - ok
16:27:50.0842 1744 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:27:50.0842 1744 LanmanWorkstation - ok
16:27:50.0873 1744 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:27:50.0873 1744 lltdio - ok
16:27:50.0904 1744 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:27:50.0904 1744 lltdsvc - ok
16:27:50.0904 1744 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
16:27:50.0920 1744 lmhosts - ok
16:27:50.0935 1744 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:27:50.0935 1744 LSI_FC - ok
16:27:50.0935 1744 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:27:50.0935 1744 LSI_SAS - ok
16:27:50.0951 1744 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:27:50.0951 1744 LSI_SAS2 - ok
16:27:50.0966 1744 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:27:50.0966 1744 LSI_SCSI - ok
16:27:50.0982 1744 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
16:27:50.0982 1744 luafv - ok
16:27:51.0013 1744 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:27:51.0013 1744 Mcx2Svc - ok
16:27:51.0029 1744 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
16:27:51.0029 1744 megasas - ok
16:27:51.0029 1744 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:27:51.0044 1744 MegaSR - ok
16:27:51.0060 1744 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
16:27:51.0076 1744 MMCSS - ok
16:27:51.0107 1744 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
16:27:51.0122 1744 Modem - ok
16:27:51.0154 1744 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:27:51.0154 1744 monitor - ok
16:27:51.0185 1744 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:27:51.0185 1744 mouclass - ok
16:27:51.0216 1744 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:27:51.0216 1744 mouhid - ok
16:27:51.0232 1744 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:27:51.0232 1744 mountmgr - ok
16:27:51.0278 1744 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:27:51.0278 1744 MozillaMaintenance - ok
16:27:51.0341 1744 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
16:27:51.0341 1744 MpFilter - ok
16:27:51.0356 1744 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
16:27:51.0356 1744 mpio - ok
16:27:51.0372 1744 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:27:51.0372 1744 mpsdrv - ok
16:27:51.0403 1744 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:27:51.0403 1744 MpsSvc - ok
16:27:51.0419 1744 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:27:51.0419 1744 MRxDAV - ok
16:27:51.0450 1744 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:27:51.0450 1744 mrxsmb - ok
16:27:51.0481 1744 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:27:51.0481 1744 mrxsmb10 - ok
16:27:51.0481 1744 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:27:51.0497 1744 mrxsmb20 - ok
16:27:51.0512 1744 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
16:27:51.0512 1744 msahci - ok
16:27:51.0528 1744 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:27:51.0528 1744 msdsm - ok
16:27:51.0544 1744 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
16:27:51.0559 1744 MSDTC - ok
16:27:51.0575 1744 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:27:51.0575 1744 Msfs - ok
16:27:51.0590 1744 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:27:51.0590 1744 mshidkmdf - ok
16:27:51.0590 1744 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:27:51.0590 1744 msisadrv - ok
16:27:51.0622 1744 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:27:51.0622 1744 MSiSCSI - ok
16:27:51.0637 1744 msiserver - ok
16:27:51.0653 1744 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:27:51.0653 1744 MSKSSRV - ok
16:27:51.0746 1744 [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:27:51.0746 1744 MsMpSvc - ok
16:27:51.0762 1744 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:27:51.0762 1744 MSPCLOCK - ok
16:27:51.0778 1744 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:27:51.0778 1744 MSPQM - ok
16:27:51.0793 1744 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:27:51.0793 1744 MsRPC - ok
16:27:51.0809 1744 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:27:51.0809 1744 mssmbios - ok
16:27:51.0824 1744 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:27:51.0824 1744 MSTEE - ok
16:27:51.0824 1744 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
16:27:51.0840 1744 MTConfig - ok
16:27:51.0856 1744 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
16:27:51.0856 1744 Mup - ok
16:27:51.0871 1744 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
16:27:51.0887 1744 napagent - ok
16:27:51.0902 1744 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:27:51.0902 1744 NativeWifiP - ok
16:27:51.0980 1744 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:27:51.0980 1744 NDIS - ok
16:27:51.0996 1744 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:27:52.0012 1744 NdisCap - ok
16:27:52.0043 1744 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:27:52.0043 1744 NdisTapi - ok
16:27:52.0058 1744 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:27:52.0058 1744 Ndisuio - ok
16:27:52.0121 1744 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:27:52.0121 1744 NdisWan - ok
16:27:52.0121 1744 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:27:52.0136 1744 NDProxy - ok
16:27:52.0136 1744 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:27:52.0136 1744 NetBIOS - ok
16:27:52.0152 1744 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:27:52.0152 1744 NetBT - ok
16:27:52.0183 1744 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
16:27:52.0183 1744 Netlogon - ok
16:27:52.0214 1744 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
16:27:52.0230 1744 Netman - ok
16:27:52.0246 1744 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
16:27:52.0246 1744 netprofm - ok
16:27:52.0277 1744 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:27:52.0277 1744 NetTcpPortSharing - ok
16:27:52.0308 1744 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:27:52.0308 1744 nfrd960 - ok
16:27:52.0355 1744 [ 832E098BCA8235436FE2D8AE50AC3718 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:27:52.0355 1744 NisDrv - ok
16:27:52.0417 1744 [ E570ECA850F30EB740C2E9699DF3D2BD ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
16:27:52.0417 1744 NisSrv - ok
16:27:52.0464 1744 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
16:27:52.0464 1744 NlaSvc - ok
16:27:52.0480 1744 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:27:52.0480 1744 Npfs - ok
16:27:52.0511 1744 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
16:27:52.0511 1744 nsi - ok
16:27:52.0526 1744 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:27:52.0526 1744 nsiproxy - ok
16:27:52.0573 1744 [ 9CDAEBE5160B9AF02AE17C62BDB6C4B5 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:27:52.0589 1744 Ntfs - ok
16:27:52.0604 1744 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
16:27:52.0604 1744 Null - ok
16:27:52.0636 1744 [ B5E37E31C053BC9950455A257526514B ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys
16:27:52.0651 1744 NVENETFD - ok
16:27:52.0838 1744 [ B0881DDA5A8160422561FFAB7F0008B1 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:27:52.0901 1744 nvlddmkm - ok
16:27:52.0932 1744 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:27:52.0948 1744 nvraid - ok
16:27:52.0963 1744 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:27:52.0963 1744 nvstor - ok
16:27:52.0979 1744 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:27:52.0979 1744 nv_agp - ok
16:27:52.0994 1744 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:27:53.0010 1744 ohci1394 - ok
16:27:53.0104 1744 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:27:53.0104 1744 ose - ok
16:27:53.0275 1744 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:27:53.0306 1744 osppsvc - ok
16:27:53.0353 1744 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:27:53.0353 1744 p2pimsvc - ok
16:27:53.0384 1744 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
16:27:53.0384 1744 p2psvc - ok
16:27:53.0400 1744 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
16:27:53.0400 1744 Parport - ok
16:27:53.0416 1744 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:27:53.0416 1744 partmgr - ok
16:27:53.0431 1744 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
16:27:53.0431 1744 Parvdm - ok
16:27:53.0447 1744 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:27:53.0447 1744 PcaSvc - ok
16:27:53.0462 1744 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
16:27:53.0462 1744 pci - ok
16:27:53.0478 1744 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
16:27:53.0478 1744 pciide - ok
16:27:53.0494 1744 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:27:53.0494 1744 pcmcia - ok
16:27:53.0509 1744 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
16:27:53.0509 1744 pcw - ok
16:27:53.0540 1744 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:27:53.0540 1744 PEAUTH - ok
16:27:53.0618 1744 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
16:27:53.0618 1744 pla - ok
16:27:53.0665 1744 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:27:53.0665 1744 PlugPlay - ok
16:27:53.0681 1744 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:27:53.0681 1744 PNRPAutoReg - ok
16:27:53.0696 1744 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:27:53.0696 1744 PNRPsvc - ok
16:27:53.0728 1744 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:27:53.0743 1744 PolicyAgent - ok
16:27:53.0759 1744 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
16:27:53.0759 1744 Power - ok
16:27:53.0790 1744 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:27:53.0790 1744 PptpMiniport - ok
16:27:53.0806 1744 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
16:27:53.0806 1744 Processor - ok
16:27:53.0852 1744 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
16:27:53.0852 1744 ProfSvc - ok
16:27:53.0868 1744 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:27:53.0868 1744 ProtectedStorage - ok
16:27:53.0899 1744 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:27:53.0899 1744 Psched - ok
16:27:53.0946 1744 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:27:53.0946 1744 ql2300 - ok
16:27:53.0977 1744 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:27:53.0977 1744 ql40xx - ok
16:27:54.0008 1744 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
16:27:54.0008 1744 QWAVE - ok
16:27:54.0024 1744 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:27:54.0024 1744 QWAVEdrv - ok
16:27:54.0024 1744 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:27:54.0024 1744 RasAcd - ok
16:27:54.0055 1744 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:27:54.0055 1744 RasAgileVpn - ok
16:27:54.0055 1744 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
16:27:54.0071 1744 RasAuto - ok
16:27:54.0071 1744 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:27:54.0071 1744 Rasl2tp - ok
16:27:54.0102 1744 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
16:27:54.0118 1744 RasMan - ok
16:27:54.0118 1744 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:27:54.0118 1744 RasPppoe - ok
16:27:54.0133 1744 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:27:54.0133 1744 RasSstp - ok
16:27:54.0149 1744 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:27:54.0149 1744 rdbss - ok
16:27:54.0180 1744 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
16:27:54.0180 1744 rdpbus - ok
16:27:54.0180 1744 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:27:54.0180 1744 RDPCDD - ok
16:27:54.0211 1744 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:27:54.0211 1744 RDPENCDD - ok
16:27:54.0227 1744 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:27:54.0227 1744 RDPREFMP - ok
16:27:54.0274 1744 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:27:54.0274 1744 RDPWD - ok
16:27:54.0305 1744 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:27:54.0305 1744 rdyboost - ok
16:27:54.0336 1744 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
16:27:54.0336 1744 RemoteAccess - ok
16:27:54.0352 1744 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:27:54.0352 1744 RemoteRegistry - ok
16:27:54.0383 1744 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:27:54.0383 1744 RpcEptMapper - ok
16:27:54.0414 1744 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
16:27:54.0414 1744 RpcLocator - ok
16:27:54.0430 1744 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
16:27:54.0430 1744 RpcSs - ok
16:27:54.0461 1744 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:27:54.0461 1744 rspndr - ok
16:27:54.0476 1744 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
16:27:54.0476 1744 SamSs - ok
16:27:54.0476 1744 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:27:54.0476 1744 sbp2port - ok
16:27:54.0508 1744 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:27:54.0508 1744 SCardSvr - ok
16:27:54.0523 1744 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:27:54.0523 1744 scfilter - ok
16:27:54.0554 1744 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
16:27:54.0554 1744 Schedule - ok
16:27:54.0570 1744 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:27:54.0570 1744 SCPolicySvc - ok
16:27:54.0601 1744 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:27:54.0601 1744 SDRSVC - ok
16:27:54.0632 1744 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:27:54.0632 1744 secdrv - ok
16:27:54.0648 1744 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
16:27:54.0648 1744 seclogon - ok
16:27:54.0664 1744 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
16:27:54.0664 1744 SENS - ok
16:27:54.0695 1744 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:27:54.0695 1744 SensrSvc - ok
16:27:54.0710 1744 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\drivers\serenum.sys
16:27:54.0726 1744 Serenum - ok
16:27:54.0742 1744 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\drivers\serial.sys
16:27:54.0742 1744 Serial - ok
16:27:54.0773 1744 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:27:54.0773 1744 sermouse - ok
16:27:54.0804 1744 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
16:27:54.0804 1744 SessionEnv - ok
16:27:54.0820 1744 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:27:54.0820 1744 sffdisk - ok
16:27:54.0835 1744 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:27:54.0835 1744 sffp_mmc - ok
16:27:54.0851 1744 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:27:54.0851 1744 sffp_sd - ok
16:27:54.0851 1744 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:27:54.0866 1744 sfloppy - ok
16:27:54.0898 1744 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:27:54.0898 1744 SharedAccess - ok
16:27:54.0913 1744 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:27:54.0929 1744 ShellHWDetection - ok
16:27:54.0944 1744 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:27:54.0944 1744 sisagp - ok
16:27:54.0960 1744 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:27:54.0960 1744 SiSRaid2 - ok
16:27:54.0960 1744 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:27:54.0960 1744 SiSRaid4 - ok
16:27:54.0976 1744 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:27:54.0976 1744 Smb - ok
16:27:55.0007 1744 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:27:55.0022 1744 SNMPTRAP - ok
16:27:55.0022 1744 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
16:27:55.0022 1744 spldr - ok
16:27:55.0085 1744 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
16:27:55.0085 1744 Spooler - ok
16:27:55.0178 1744 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
16:27:55.0210 1744 sppsvc - ok
16:27:55.0225 1744 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:27:55.0225 1744 sppuinotify - ok
16:27:55.0241 1744 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:27:55.0256 1744 srv - ok
16:27:55.0272 1744 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:27:55.0272 1744 srv2 - ok
16:27:55.0288 1744 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:27:55.0288 1744 srvnet - ok
16:27:55.0319 1744 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:27:55.0319 1744 SSDPSRV - ok
16:27:55.0334 1744 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:27:55.0334 1744 SstpSvc - ok
16:27:55.0350 1744 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:27:55.0350 1744 stexstor - ok
16:27:55.0397 1744 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
16:27:55.0397 1744 StiSvc - ok
16:27:55.0412 1744 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:27:55.0412 1744 swenum - ok
16:27:55.0444 1744 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
16:27:55.0444 1744 swprv - ok
16:27:55.0475 1744 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
16:27:55.0490 1744 SysMain - ok
16:27:55.0522 1744 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:27:55.0522 1744 TabletInputService - ok
16:27:55.0537 1744 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
16:27:55.0553 1744 TapiSrv - ok
16:27:55.0553 1744 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
16:27:55.0553 1744 TBS - ok
16:27:55.0631 1744 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:27:55.0646 1744 Tcpip - ok
16:27:55.0693 1744 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:27:55.0693 1744 TCPIP6 - ok
16:27:55.0740 1744 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:27:55.0740 1744 tcpipreg - ok
16:27:55.0771 1744 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:27:55.0771 1744 TDPIPE - ok
16:27:55.0787 1744 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:27:55.0787 1744 TDTCP - ok
16:27:55.0802 1744 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:27:55.0802 1744 tdx - ok
16:27:55.0802 1744 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:27:55.0802 1744 TermDD - ok
16:27:55.0834 1744 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
16:27:55.0834 1744 TermService - ok
16:27:55.0865 1744 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
16:27:55.0865 1744 Themes - ok
16:27:55.0880 1744 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
16:27:55.0880 1744 THREADORDER - ok
16:27:55.0896 1744 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
16:27:55.0896 1744 TrkWks - ok
16:27:55.0943 1744 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:27:55.0958 1744 TrustedInstaller - ok
16:27:55.0990 1744 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:27:55.0990 1744 tssecsrv - ok
16:27:55.0990 1744 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:27:55.0990 1744 TsUsbFlt - ok
16:27:56.0005 1744 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
16:27:56.0005 1744 TsUsbGD - ok
16:27:56.0021 1744 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:27:56.0021 1744 tunnel - ok
16:27:56.0036 1744 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:27:56.0036 1744 uagp35 - ok
16:27:56.0052 1744 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:27:56.0052 1744 udfs - ok
16:27:56.0083 1744 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:27:56.0083 1744 UI0Detect - ok
16:27:56.0114 1744 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:27:56.0114 1744 uliagpkx - ok
16:27:56.0130 1744 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:27:56.0130 1744 umbus - ok
16:27:56.0146 1744 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
16:27:56.0146 1744 UmPass - ok
16:27:56.0161 1744 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
16:27:56.0161 1744 upnphost - ok
16:27:56.0177 1744 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:27:56.0177 1744 usbccgp - ok
16:27:56.0192 1744 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:27:56.0192 1744 usbcir - ok
16:27:56.0208 1744 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:27:56.0208 1744 usbehci - ok
16:27:56.0239 1744 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:27:56.0239 1744 usbhub - ok
16:27:56.0255 1744 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
16:27:56.0255 1744 usbohci - ok
16:27:56.0270 1744 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:27:56.0270 1744 usbprint - ok
16:27:56.0286 1744 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:27:56.0286 1744 USBSTOR - ok
16:27:56.0317 1744 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:27:56.0317 1744 usbuhci - ok
16:27:56.0333 1744 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
16:27:56.0333 1744 UxSms - ok
16:27:56.0348 1744 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
16:27:56.0348 1744 VaultSvc - ok
16:27:56.0380 1744 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:27:56.0380 1744 vdrvroot - ok
16:27:56.0395 1744 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
16:27:56.0411 1744 vds - ok
16:27:56.0426 1744 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:27:56.0426 1744 vga - ok
16:27:56.0426 1744 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:27:56.0426 1744 VgaSave - ok
16:27:56.0442 1744 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:27:56.0442 1744 vhdmp - ok
16:27:56.0458 1744 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:27:56.0458 1744 viaagp - ok
16:27:56.0473 1744 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
16:27:56.0473 1744 ViaC7 - ok
16:27:56.0489 1744 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
16:27:56.0489 1744 viaide - ok
16:27:56.0504 1744 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:27:56.0504 1744 volmgr - ok
16:27:56.0520 1744 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:27:56.0536 1744 volmgrx - ok
16:27:56.0551 1744 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:27:56.0551 1744 volsnap - ok
16:27:56.0567 1744 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:27:56.0567 1744 vsmraid - ok
16:27:56.0614 1744 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
16:27:56.0629 1744 VSS - ok
16:27:56.0660 1744 [ 682FCF7D2EB5158CD30408E976562408 ] VSTHWBS2 C:\Windows\system32\DRIVERS\VSTBS23.SYS
16:27:56.0660 1744 VSTHWBS2 - ok
16:27:56.0692 1744 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] VST_DPV C:\Windows\system32\DRIVERS\VSTDPV3.SYS
16:27:56.0707 1744 VST_DPV - ok
16:27:56.0707 1744 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
16:27:56.0707 1744 vwifibus - ok
16:27:56.0723 1744 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
16:27:56.0738 1744 W32Time - ok
16:27:56.0754 1744 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:27:56.0754 1744 WacomPen - ok
16:27:56.0770 1744 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:27:56.0770 1744 WANARP - ok
16:27:56.0785 1744 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:27:56.0785 1744 Wanarpv6 - ok
16:27:56.0848 1744 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:27:56.0848 1744 WatAdminSvc - ok
16:27:56.0894 1744 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
16:27:56.0910 1744 wbengine - ok
16:27:56.0926 1744 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:27:56.0926 1744 WbioSrvc - ok
16:27:56.0957 1744 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:27:56.0957 1744 wcncsvc - ok
16:27:56.0972 1744 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:27:56.0972 1744 WcsPlugInService - ok
16:27:57.0004 1744 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
16:27:57.0004 1744 Wd - ok
16:27:57.0050 1744 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:27:57.0050 1744 Wdf01000 - ok
16:27:57.0097 1744 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:27:57.0097 1744 WdiServiceHost - ok
16:27:57.0113 1744 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:27:57.0113 1744 WdiSystemHost - ok
16:27:57.0128 1744 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
16:27:57.0144 1744 WebClient - ok
16:27:57.0160 1744 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:27:57.0160 1744 Wecsvc - ok
16:27:57.0175 1744 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:27:57.0175 1744 wercplsupport - ok
16:27:57.0206 1744 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
16:27:57.0206 1744 WerSvc - ok
16:27:57.0222 1744 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:27:57.0238 1744 WfpLwf - ok
16:27:57.0238 1744 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:27:57.0238 1744 WIMMount - ok
16:27:57.0269 1744 [ BC0C7EA89194C299F051C24119000E17 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
16:27:57.0269 1744 winachsf - ok
16:27:57.0331 1744 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:27:57.0331 1744 WinDefend - ok
16:27:57.0347 1744 WinHttpAutoProxySvc - ok
16:27:57.0394 1744 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:27:57.0394 1744 Winmgmt - ok
16:27:57.0440 1744 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
16:27:57.0456 1744 WinRM - ok
16:27:57.0503 1744 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:27:57.0503 1744 Wlansvc - ok
16:27:57.0534 1744 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:27:57.0534 1744 WmiAcpi - ok
16:27:57.0565 1744 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:27:57.0565 1744 wmiApSrv - ok
16:27:57.0628 1744 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:27:57.0628 1744 WMPNetworkSvc - ok
16:27:57.0659 1744 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:27:57.0659 1744 WPCSvc - ok
16:27:57.0674 1744 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:27:57.0674 1744 WPDBusEnum - ok
16:27:57.0706 1744 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:27:57.0706 1744 ws2ifsl - ok
16:27:57.0721 1744 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
16:27:57.0721 1744 wscsvc - ok
16:27:57.0737 1744 WSearch - ok
16:27:57.0815 1744 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
16:27:57.0830 1744 wuauserv - ok
16:27:57.0877 1744 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:27:57.0877 1744 WudfPf - ok
16:27:57.0908 1744 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:27:57.0908 1744 WUDFRd - ok
16:27:57.0955 1744 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:27:57.0971 1744 wudfsvc - ok
16:27:57.0986 1744 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
16:27:57.0986 1744 WwanSvc - ok
16:27:58.0002 1744 ================ Scan global ===============================
16:27:58.0033 1744 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
16:27:58.0080 1744 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
16:27:58.0096 1744 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
16:27:58.0111 1744 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
16:27:58.0127 1744 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
16:27:58.0142 1744 [Global] - ok
16:27:58.0142 1744 ================ Scan MBR ==================================
16:27:58.0158 1744 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
16:27:58.0283 1744 \Device\Harddisk0\DR0 - ok
16:27:58.0298 1744 [ C3C93F1CA51BBACBABEA804D2CC62CA1 ] \Device\Harddisk1\DR1
16:27:58.0298 1744 Suspicious mbr (Forged): \Device\Harddisk1\DR1
16:27:58.0345 1744 \Device\Harddisk1\DR1 ( Rootkit.Boot.Harbinger.a ) - infected
16:27:58.0345 1744 \Device\Harddisk1\DR1 - detected Rootkit.Boot.Harbinger.a (0)
16:27:58.0345 1744 ================ Scan VBR ==================================
16:27:58.0345 1744 [ 8536861B68D1E477E0F812153318EE1B ] \Device\Harddisk0\DR0\Partition1
16:27:58.0345 1744 \Device\Harddisk0\DR0\Partition1 - ok
16:27:58.0361 1744 [ 6FDB15E83ED833F734910F29E3AB393B ] \Device\Harddisk1\DR1\Partition1
16:27:58.0361 1744 \Device\Harddisk1\DR1\Partition1 - ok
16:27:58.0376 1744 [ 7287E0077163A0A9C41F257C5F7667DA ] \Device\Harddisk1\DR1\Partition2
16:27:58.0376 1744 \Device\Harddisk1\DR1\Partition2 - ok
16:27:58.0376 1744 ============================================================
16:27:58.0376 1744 Scan finished
16:27:58.0376 1744 ============================================================
16:27:58.0392 3864 Detected object count: 1
16:27:58.0392 3864 Actual detected object count: 1
16:28:02.0464 3864 \Device\Harddisk1\DR1\# - copied to quarantine
16:28:02.0479 3864 \Device\Harddisk1\DR1 - copied to quarantine
16:28:02.0542 3864 \Device\Harddisk1\DR1 ( Rootkit.Boot.Harbinger.a ) - will be cured on reboot
16:28:02.0542 3864 \Device\Harddisk1\DR1 - ok
16:28:02.0557 3864 \Device\Harddisk1\DR1 ( Rootkit.Boot.Harbinger.a ) - User select action: Cure
16:28:12.0588 2888 Deinitialize success
__________________
jaythorpe522 is offline  
Old 04-12-2013, 04:03 PM   #8
TSF Enthusiast
 
Join Date: Sep 2010
Location: Bloodymore, Murderland
Posts: 1,009
OS: Mac OSX (10.5.8)



Here's after boot:

16:29:33.0251 0516 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:29:33.0267 0516 ============================================================
16:29:33.0267 0516 Current date / time: 2013/04/12 16:29:33.0267
16:29:33.0267 0516 SystemInfo:
16:29:33.0267 0516
16:29:33.0267 0516 OS Version: 6.1.7601 ServicePack: 1.0
16:29:33.0267 0516 Product type: Workstation
16:29:33.0267 0516 ComputerName: WINCTRL-BHLBPQ7
16:29:33.0267 0516 UserName: user
16:29:33.0267 0516 Windows directory: C:\Windows
16:29:33.0267 0516 System windows directory: C:\Windows
16:29:33.0267 0516 Processor architecture: Intel x86
16:29:33.0267 0516 Number of processors: 2
16:29:33.0267 0516 Page size: 0x1000
16:29:33.0267 0516 Boot type: Normal boot
16:29:33.0267 0516 ============================================================
16:29:34.0936 0516 BG loaded
16:29:36.0730 0516 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:29:36.0730 0516 Drive \Device\Harddisk1\DR1 - Size: 0x53D67B6000 (335.35 Gb), SectorSize: 0x200, Cylinders: 0xB5B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
16:29:36.0746 0516 ============================================================
16:29:36.0746 0516 \Device\Harddisk0\DR0:
16:29:36.0746 0516 MBR partitions:
16:29:36.0746 0516 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x658FB66
16:29:36.0746 0516 \Device\Harddisk1\DR1:
16:29:36.0761 0516 MBR partitions:
16:29:36.0761 0516 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:29:36.0761 0516 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x29E80800
16:29:36.0761 0516 ============================================================
16:29:36.0792 0516 C: <-> \Device\Harddisk1\DR1\Partition2
16:29:36.0808 0516 E: <-> \Device\Harddisk0\DR0\Partition1
16:29:36.0808 0516 ============================================================
16:29:36.0808 0516 Initialize success
16:29:36.0808 0516 ============================================================
16:30:26.0390 2348 ============================================================
16:30:26.0390 2348 Scan started
16:30:26.0390 2348 Mode: Manual;
16:30:26.0390 2348 ============================================================
16:30:27.0903 2348 ================ Scan system memory ========================
16:30:27.0903 2348 System memory - ok
16:30:27.0903 2348 ================ Scan services =============================
16:30:28.0012 2348 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
16:30:28.0012 2348 1394ohci - ok
16:30:28.0044 2348 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:30:28.0044 2348 ACPI - ok
16:30:28.0059 2348 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:30:28.0059 2348 AcpiPmi - ok
16:30:28.0168 2348 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:30:28.0168 2348 AdobeARMservice - ok
16:30:28.0231 2348 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:30:28.0231 2348 AdobeFlashPlayerUpdateSvc - ok
16:30:28.0262 2348 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:30:28.0278 2348 adp94xx - ok
16:30:28.0309 2348 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:30:28.0309 2348 adpahci - ok
16:30:28.0340 2348 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:30:28.0340 2348 adpu320 - ok
16:30:28.0371 2348 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:30:28.0371 2348 AeLookupSvc - ok
16:30:28.0402 2348 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
16:30:28.0402 2348 AFD - ok
16:30:28.0418 2348 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
16:30:28.0418 2348 agp440 - ok
16:30:28.0449 2348 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
16:30:28.0449 2348 aic78xx - ok
16:30:28.0465 2348 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
16:30:28.0465 2348 ALG - ok
16:30:28.0480 2348 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
16:30:28.0480 2348 aliide - ok
16:30:28.0512 2348 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:30:28.0512 2348 amdagp - ok
16:30:28.0512 2348 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
16:30:28.0512 2348 amdide - ok
16:30:28.0558 2348 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:30:28.0558 2348 AmdK8 - ok
16:30:28.0558 2348 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
16:30:28.0574 2348 AmdPPM - ok
16:30:28.0605 2348 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:30:28.0605 2348 amdsata - ok
16:30:28.0621 2348 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:30:28.0621 2348 amdsbs - ok
16:30:28.0636 2348 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:30:28.0636 2348 amdxata - ok
16:30:28.0652 2348 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
16:30:28.0652 2348 AppID - ok
16:30:28.0683 2348 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:30:28.0683 2348 AppIDSvc - ok
16:30:28.0699 2348 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
16:30:28.0714 2348 Appinfo - ok
16:30:28.0730 2348 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
16:30:28.0730 2348 arc - ok
16:30:28.0746 2348 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:30:28.0746 2348 arcsas - ok
16:30:28.0761 2348 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:30:28.0761 2348 AsyncMac - ok
16:30:28.0777 2348 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
16:30:28.0777 2348 atapi - ok
16:30:28.0808 2348 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:30:28.0808 2348 AudioEndpointBuilder - ok
16:30:28.0839 2348 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:30:28.0839 2348 Audiosrv - ok
16:30:28.0855 2348 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:30:28.0855 2348 AxInstSV - ok
16:30:28.0886 2348 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
16:30:28.0902 2348 b06bdrv - ok
16:30:28.0933 2348 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
16:30:28.0948 2348 b57nd60x - ok
16:30:28.0980 2348 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
16:30:28.0980 2348 BDESVC - ok
16:30:28.0995 2348 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
16:30:28.0995 2348 Beep - ok
16:30:29.0026 2348 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
16:30:29.0026 2348 BFE - ok
16:30:29.0058 2348 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
16:30:29.0073 2348 BITS - ok
16:30:29.0089 2348 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:30:29.0089 2348 blbdrive - ok
16:30:29.0120 2348 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:30:29.0120 2348 bowser - ok
16:30:29.0120 2348 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:30:29.0120 2348 BrFiltLo - ok
16:30:29.0120 2348 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:30:29.0136 2348 BrFiltUp - ok
16:30:29.0167 2348 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
16:30:29.0167 2348 Browser - ok
16:30:29.0198 2348 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:30:29.0198 2348 Brserid - ok
16:30:29.0198 2348 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:30:29.0214 2348 BrSerWdm - ok
16:30:29.0214 2348 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:30:29.0214 2348 BrUsbMdm - ok
16:30:29.0229 2348 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:30:29.0229 2348 BrUsbSer - ok
16:30:29.0229 2348 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:30:29.0245 2348 BTHMODEM - ok
16:30:29.0292 2348 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
16:30:29.0292 2348 bthserv - ok
16:30:29.0307 2348 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:30:29.0307 2348 cdfs - ok
16:30:29.0354 2348 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:30:29.0354 2348 cdrom - ok
16:30:29.0385 2348 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
16:30:29.0385 2348 CertPropSvc - ok
16:30:29.0385 2348 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
16:30:29.0385 2348 circlass - ok
16:30:29.0416 2348 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
16:30:29.0416 2348 CLFS - ok
16:30:29.0479 2348 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:30:29.0479 2348 clr_optimization_v2.0.50727_32 - ok
16:30:29.0572 2348 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:30:29.0588 2348 clr_optimization_v4.0.30319_32 - ok
16:30:29.0619 2348 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
16:30:29.0619 2348 CmBatt - ok
16:30:29.0635 2348 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:30:29.0635 2348 cmdide - ok
16:30:29.0666 2348 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
16:30:29.0682 2348 CNG - ok
16:30:29.0682 2348 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys
16:30:29.0682 2348 Compbatt - ok
16:30:29.0713 2348 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:30:29.0713 2348 CompositeBus - ok
16:30:29.0713 2348 COMSysApp - ok
16:30:29.0728 2348 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:30:29.0728 2348 crcdisk - ok
16:30:29.0775 2348 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:30:29.0791 2348 CryptSvc - ok
16:30:29.0822 2348 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
16:30:29.0822 2348 DcomLaunch - ok
16:30:29.0838 2348 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
16:30:29.0853 2348 defragsvc - ok
16:30:29.0869 2348 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:30:29.0869 2348 DfsC - ok
16:30:29.0884 2348 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
16:30:29.0884 2348 Dhcp - ok
16:30:29.0900 2348 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
16:30:29.0900 2348 discache - ok
16:30:29.0931 2348 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
16:30:29.0931 2348 Disk - ok
16:30:29.0947 2348 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:30:29.0947 2348 Dnscache - ok
16:30:29.0978 2348 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
16:30:29.0978 2348 dot3svc - ok
16:30:30.0009 2348 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
16:30:30.0009 2348 DPS - ok
16:30:30.0040 2348 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:30:30.0040 2348 drmkaud - ok
16:30:30.0072 2348 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:30:30.0087 2348 DXGKrnl - ok
16:30:30.0118 2348 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
16:30:30.0118 2348 EapHost - ok
16:30:30.0196 2348 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
16:30:30.0274 2348 ebdrv - ok
16:30:30.0290 2348 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
16:30:30.0290 2348 EFS - ok
16:30:30.0352 2348 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:30:30.0352 2348 ehRecvr - ok
16:30:30.0352 2348 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
16:30:30.0368 2348 ehSched - ok
16:30:30.0384 2348 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:30:30.0399 2348 elxstor - ok
16:30:30.0399 2348 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:30:30.0399 2348 ErrDev - ok
16:30:30.0446 2348 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
16:30:30.0446 2348 EventSystem - ok
16:30:30.0462 2348 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
16:30:30.0462 2348 exfat - ok
16:30:30.0477 2348 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:30:30.0477 2348 fastfat - ok
16:30:30.0524 2348 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
16:30:30.0524 2348 Fax - ok
16:30:30.0555 2348 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
16:30:30.0555 2348 fdc - ok
16:30:30.0555 2348 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
16:30:30.0571 2348 fdPHost - ok
16:30:30.0571 2348 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
16:30:30.0571 2348 FDResPub - ok
16:30:30.0586 2348 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:30:30.0586 2348 FileInfo - ok
16:30:30.0602 2348 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:30:30.0602 2348 Filetrace - ok
16:30:30.0618 2348 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
16:30:30.0618 2348 flpydisk - ok
16:30:30.0633 2348 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:30:30.0633 2348 FltMgr - ok
16:30:30.0696 2348 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
16:30:30.0711 2348 FontCache - ok
16:30:30.0758 2348 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:30:30.0758 2348 FontCache3.0.0.0 - ok
16:30:30.0774 2348 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:30:30.0774 2348 FsDepends - ok
16:30:30.0820 2348 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:30:30.0820 2348 Fs_Rec - ok
16:30:30.0883 2348 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:30:30.0883 2348 fvevol - ok
16:30:30.0914 2348 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:30:30.0914 2348 gagp30kx - ok
16:30:30.0945 2348 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
16:30:30.0961 2348 gpsvc - ok
16:30:30.0976 2348 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:30:30.0976 2348 hcw85cir - ok
16:30:31.0008 2348 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:30:31.0008 2348 HdAudAddService - ok
16:30:31.0039 2348 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:30:31.0039 2348 HDAudBus - ok
16:30:31.0054 2348 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
16:30:31.0054 2348 HidBatt - ok
16:30:31.0070 2348 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:30:31.0070 2348 HidBth - ok
16:30:31.0086 2348 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
16:30:31.0086 2348 HidIr - ok
16:30:31.0117 2348 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
16:30:31.0117 2348 hidserv - ok
16:30:31.0148 2348 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:30:31.0148 2348 HidUsb - ok
16:30:31.0179 2348 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:30:31.0195 2348 hkmsvc - ok
16:30:31.0210 2348 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:30:31.0210 2348 HomeGroupListener - ok
16:30:31.0242 2348 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:30:31.0242 2348 HomeGroupProvider - ok
16:30:31.0273 2348 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:30:31.0273 2348 HpSAMD - ok
16:30:31.0304 2348 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:30:31.0320 2348 HTTP - ok
16:30:31.0320 2348 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:30:31.0335 2348 hwpolicy - ok
16:30:31.0366 2348 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:30:31.0366 2348 i8042prt - ok
16:30:31.0398 2348 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:30:31.0413 2348 iaStorV - ok
16:30:31.0460 2348 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:30:31.0491 2348 idsvc - ok
16:30:31.0507 2348 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:30:31.0507 2348 iirsp - ok
16:30:31.0554 2348 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
16:30:31.0569 2348 IKEEXT - ok
16:30:31.0585 2348 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
16:30:31.0585 2348 intelide - ok
16:30:31.0600 2348 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\drivers\intelppm.sys
16:30:31.0600 2348 intelppm - ok
16:30:31.0616 2348 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:30:31.0616 2348 IPBusEnum - ok
16:30:31.0632 2348 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:30:31.0632 2348 IpFilterDriver - ok
16:30:31.0678 2348 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:30:31.0678 2348 iphlpsvc - ok
16:30:31.0710 2348 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:30:31.0710 2348 IPMIDRV - ok
16:30:31.0725 2348 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:30:31.0725 2348 IPNAT - ok
16:30:31.0725 2348 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:30:31.0725 2348 IRENUM - ok
16:30:31.0741 2348 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:30:31.0741 2348 isapnp - ok
16:30:31.0756 2348 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:30:31.0772 2348 iScsiPrt - ok
16:30:31.0803 2348 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:30:31.0803 2348 kbdclass - ok
16:30:31.0819 2348 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:30:31.0819 2348 kbdhid - ok
16:30:31.0834 2348 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
16:30:31.0834 2348 KeyIso - ok
16:30:31.0881 2348 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:30:31.0897 2348 KSecDD - ok
16:30:31.0912 2348 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:30:31.0912 2348 KSecPkg - ok
16:30:31.0944 2348 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
16:30:31.0959 2348 KtmRm - ok
16:30:31.0990 2348 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
16:30:31.0990 2348 LanmanServer - ok
16:30:32.0022 2348 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:30:32.0022 2348 LanmanWorkstation - ok
16:30:32.0053 2348 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:30:32.0053 2348 lltdio - ok
16:30:32.0084 2348 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:30:32.0100 2348 lltdsvc - ok
16:30:32.0115 2348 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
16:30:32.0115 2348 lmhosts - ok
16:30:32.0131 2348 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:30:32.0146 2348 LSI_FC - ok
16:30:32.0162 2348 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:30:32.0162 2348 LSI_SAS - ok
16:30:32.0162 2348 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:30:32.0162 2348 LSI_SAS2 - ok
16:30:32.0178 2348 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:30:32.0178 2348 LSI_SCSI - ok
16:30:32.0193 2348 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
16:30:32.0209 2348 luafv - ok
16:30:32.0224 2348 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:30:32.0240 2348 Mcx2Svc - ok
16:30:32.0240 2348 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
16:30:32.0240 2348 megasas - ok
16:30:32.0256 2348 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:30:32.0256 2348 MegaSR - ok
16:30:32.0287 2348 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
16:30:32.0287 2348 MMCSS - ok
16:30:32.0302 2348 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
16:30:32.0302 2348 Modem - ok
16:30:32.0318 2348 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:30:32.0318 2348 monitor - ok
16:30:32.0349 2348 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:30:32.0349 2348 mouclass - ok
16:30:32.0365 2348 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:30:32.0365 2348 mouhid - ok
16:30:32.0396 2348 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:30:32.0396 2348 mountmgr - ok
16:30:32.0427 2348 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:30:32.0427 2348 MozillaMaintenance - ok
16:30:32.0490 2348 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
16:30:32.0490 2348 MpFilter - ok
16:30:32.0505 2348 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
16:30:32.0505 2348 mpio - ok
16:30:32.0521 2348 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:30:32.0521 2348 mpsdrv - ok
16:30:32.0552 2348 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:30:32.0552 2348 MpsSvc - ok
16:30:32.0568 2348 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:30:32.0568 2348 MRxDAV - ok
16:30:32.0599 2348 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:30:32.0599 2348 mrxsmb - ok
16:30:32.0630 2348 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:30:32.0630 2348 mrxsmb10 - ok
16:30:32.0646 2348 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:30:32.0646 2348 mrxsmb20 - ok
16:30:32.0661 2348 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
16:30:32.0661 2348 msahci - ok
16:30:32.0677 2348 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:30:32.0677 2348 msdsm - ok
16:30:32.0708 2348 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
16:30:32.0708 2348 MSDTC - ok
16:30:32.0724 2348 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:30:32.0724 2348 Msfs - ok
16:30:32.0739 2348 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:30:32.0739 2348 mshidkmdf - ok
16:30:32.0739 2348 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:30:32.0739 2348 msisadrv - ok
16:30:32.0770 2348 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:30:32.0786 2348 MSiSCSI - ok
16:30:32.0786 2348 msiserver - ok
16:30:32.0817 2348 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:30:32.0817 2348 MSKSSRV - ok
16:30:32.0895 2348 [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:30:32.0911 2348 MsMpSvc - ok
16:30:32.0911 2348 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:30:32.0911 2348 MSPCLOCK - ok
16:30:32.0926 2348 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:30:32.0926 2348 MSPQM - ok
16:30:32.0942 2348 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:30:32.0958 2348 MsRPC - ok
16:30:32.0973 2348 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:30:32.0973 2348 mssmbios - ok
16:30:32.0989 2348 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:30:32.0989 2348 MSTEE - ok
16:30:32.0989 2348 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
16:30:32.0989 2348 MTConfig - ok
16:30:33.0004 2348 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
16:30:33.0004 2348 Mup - ok
16:30:33.0051 2348 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
16:30:33.0051 2348 napagent - ok
16:30:33.0067 2348 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:30:33.0082 2348 NativeWifiP - ok
16:30:33.0129 2348 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:30:33.0145 2348 NDIS - ok
16:30:33.0160 2348 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:30:33.0160 2348 NdisCap - ok
16:30:33.0160 2348 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:30:33.0160 2348 NdisTapi - ok
16:30:33.0176 2348 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:30:33.0176 2348 Ndisuio - ok
16:30:33.0192 2348 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:30:33.0192 2348 NdisWan - ok
16:30:33.0207 2348 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:30:33.0207 2348 NDProxy - ok
16:30:33.0223 2348 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:30:33.0223 2348 NetBIOS - ok
16:30:33.0254 2348 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:30:33.0254 2348 NetBT - ok
16:30:33.0270 2348 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
16:30:33.0270 2348 Netlogon - ok
16:30:33.0316 2348 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
16:30:33.0316 2348 Netman - ok
16:30:33.0332 2348 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
16:30:33.0332 2348 netprofm - ok
16:30:33.0363 2348 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:30:33.0363 2348 NetTcpPortSharing - ok
16:30:33.0394 2348 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:30:33.0394 2348 nfrd960 - ok
16:30:33.0441 2348 [ 832E098BCA8235436FE2D8AE50AC3718 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:30:33.0441 2348 NisDrv - ok
16:30:33.0504 2348 [ E570ECA850F30EB740C2E9699DF3D2BD ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
16:30:33.0504 2348 NisSrv - ok
16:30:33.0550 2348 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
16:30:33.0550 2348 NlaSvc - ok
16:30:33.0582 2348 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:30:33.0582 2348 Npfs - ok
16:30:33.0597 2348 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
16:30:33.0597 2348 nsi - ok
16:30:33.0613 2348 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:30:33.0613 2348 nsiproxy - ok
16:30:33.0675 2348 [ 9CDAEBE5160B9AF02AE17C62BDB6C4B5 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:30:33.0706 2348 Ntfs - ok
16:30:33.0738 2348 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
16:30:33.0738 2348 Null - ok
16:30:33.0769 2348 [ B5E37E31C053BC9950455A257526514B ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys
16:30:33.0769 2348 NVENETFD - ok
16:30:33.0972 2348 [ B0881DDA5A8160422561FFAB7F0008B1 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:30:34.0034 2348 nvlddmkm - ok
16:30:34.0050 2348 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:30:34.0065 2348 nvraid - ok
16:30:34.0096 2348 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:30:34.0096 2348 nvstor - ok
16:30:34.0112 2348 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:30:34.0112 2348 nv_agp - ok
16:30:34.0143 2348 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:30:34.0143 2348 ohci1394 - ok
16:30:34.0206 2348 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:30:34.0206 2348 ose - ok
16:30:34.0377 2348 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:30:34.0471 2348 osppsvc - ok
16:30:34.0518 2348 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:30:34.0518 2348 p2pimsvc - ok
16:30:34.0549 2348 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
16:30:34.0549 2348 p2psvc - ok
16:30:34.0564 2348 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
16:30:34.0564 2348 Parport - ok
16:30:34.0596 2348 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:30:34.0596 2348 partmgr - ok
16:30:34.0596 2348 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
16:30:34.0611 2348 Parvdm - ok
16:30:34.0627 2348 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:30:34.0627 2348 PcaSvc - ok
16:30:34.0642 2348 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
16:30:34.0642 2348 pci - ok
16:30:34.0658 2348 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
16:30:34.0658 2348 pciide - ok
16:30:34.0689 2348 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:30:34.0689 2348 pcmcia - ok
16:30:34.0705 2348 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
16:30:34.0705 2348 pcw - ok
16:30:34.0736 2348 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:30:34.0736 2348 PEAUTH - ok
16:30:34.0798 2348 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
16:30:34.0845 2348 pla - ok
16:30:34.0892 2348 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:30:34.0892 2348 PlugPlay - ok
16:30:34.0908 2348 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:30:34.0908 2348 PNRPAutoReg - ok
16:30:34.0923 2348 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:30:34.0923 2348 PNRPsvc - ok
16:30:34.0954 2348 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:30:34.0970 2348 PolicyAgent - ok
16:30:35.0001 2348 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
16:30:35.0001 2348 Power - ok
16:30:35.0032 2348 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:30:35.0032 2348 PptpMiniport - ok
16:30:35.0048 2348 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
16:30:35.0048 2348 Processor - ok
16:30:35.0095 2348 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
16:30:35.0095 2348 ProfSvc - ok
16:30:35.0110 2348 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:30:35.0110 2348 ProtectedStorage - ok
16:30:35.0126 2348 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:30:35.0126 2348 Psched - ok
16:30:35.0173 2348 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:30:35.0204 2348 ql2300 - ok
16:30:35.0235 2348 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:30:35.0235 2348 ql40xx - ok
16:30:35.0266 2348 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
16:30:35.0266 2348 QWAVE - ok
16:30:35.0282 2348 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:30:35.0282 2348 QWAVEdrv - ok
16:30:35.0282 2348 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:30:35.0282 2348 RasAcd - ok
16:30:35.0313 2348 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:30:35.0313 2348 RasAgileVpn - ok
16:30:35.0329 2348 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
16:30:35.0329 2348 RasAuto - ok
16:30:35.0329 2348 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:30:35.0329 2348 Rasl2tp - ok
16:30:35.0360 2348 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
16:30:35.0376 2348 RasMan - ok
16:30:35.0376 2348 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:30:35.0376 2348 RasPppoe - ok
16:30:35.0407 2348 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:30:35.0407 2348 RasSstp - ok
16:30:35.0422 2348 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:30:35.0422 2348 rdbss - ok
16:30:35.0454 2348 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
16:30:35.0454 2348 rdpbus - ok
16:30:35.0469 2348 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:30:35.0469 2348 RDPCDD - ok
16:30:35.0500 2348 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:30:35.0500 2348 RDPENCDD - ok
16:30:35.0500 2348 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:30:35.0500 2348 RDPREFMP - ok
16:30:35.0547 2348 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:30:35.0547 2348 RDPWD - ok
16:30:35.0578 2348 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:30:35.0578 2348 rdyboost - ok
16:30:35.0610 2348 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
16:30:35.0610 2348 RemoteAccess - ok
16:30:35.0625 2348 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:30:35.0625 2348 RemoteRegistry - ok
16:30:35.0656 2348 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:30:35.0656 2348 RpcEptMapper - ok
16:30:35.0688 2348 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
16:30:35.0688 2348 RpcLocator - ok
16:30:35.0703 2348 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
16:30:35.0719 2348 RpcSs - ok
16:30:35.0719 2348 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:30:35.0734 2348 rspndr - ok
16:30:35.0750 2348 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
16:30:35.0750 2348 SamSs - ok
16:30:35.0766 2348 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:30:35.0766 2348 sbp2port - ok
16:30:35.0781 2348 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:30:35.0797 2348 SCardSvr - ok
16:30:35.0797 2348 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:30:35.0812 2348 scfilter - ok
16:30:35.0844 2348 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
16:30:35.0844 2348 Schedule - ok
16:30:35.0859 2348 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:30:35.0859 2348 SCPolicySvc - ok
16:30:35.0875 2348 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:30:35.0875 2348 SDRSVC - ok
16:30:35.0906 2348 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:30:35.0906 2348 secdrv - ok
16:30:35.0922 2348 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
16:30:35.0922 2348 seclogon - ok
16:30:35.0937 2348 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
16:30:35.0937 2348 SENS - ok
16:30:35.0968 2348 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:30:35.0968 2348 SensrSvc - ok
16:30:35.0984 2348 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\drivers\serenum.sys
16:30:35.0984 2348 Serenum - ok
16:30:36.0000 2348 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\drivers\serial.sys
16:30:36.0000 2348 Serial - ok
16:30:36.0015 2348 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:30:36.0015 2348 sermouse - ok
16:30:36.0062 2348 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
16:30:36.0062 2348 SessionEnv - ok
16:30:36.0078 2348 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:30:36.0078 2348 sffdisk - ok
16:30:36.0093 2348 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:30:36.0093 2348 sffp_mmc - ok
16:30:36.0109 2348 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:30:36.0109 2348 sffp_sd - ok
16:30:36.0124 2348 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:30:36.0124 2348 sfloppy - ok
16:30:36.0156 2348 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:30:36.0187 2348 SharedAccess - ok
16:30:36.0218 2348 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:30:36.0218 2348 ShellHWDetection - ok
16:30:36.0218 2348 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:30:36.0218 2348 sisagp - ok
16:30:36.0265 2348 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:30:36.0265 2348 SiSRaid2 - ok
16:30:36.0280 2348 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:30:36.0280 2348 SiSRaid4 - ok
16:30:36.0296 2348 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:30:36.0296 2348 Smb - ok
16:30:36.0327 2348 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:30:36.0327 2348 SNMPTRAP - ok
16:30:36.0343 2348 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
16:30:36.0343 2348 spldr - ok
16:30:36.0390 2348 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
16:30:36.0405 2348 Spooler - ok
16:30:36.0483 2348 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
16:30:36.0546 2348 sppsvc - ok
16:30:36.0577 2348 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:30:36.0577 2348 sppuinotify - ok
16:30:36.0608 2348 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:30:36.0608 2348 srv - ok
16:30:36.0624 2348 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:30:36.0624 2348 srv2 - ok
16:30:36.0639 2348 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:30:36.0639 2348 srvnet - ok
16:30:36.0670 2348 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:30:36.0670 2348 SSDPSRV - ok
16:30:36.0686 2348 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:30:36.0686 2348 SstpSvc - ok
16:30:36.0717 2348 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:30:36.0717 2348 stexstor - ok
16:30:36.0748 2348 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
16:30:36.0764 2348 StiSvc - ok
16:30:36.0764 2348 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:30:36.0764 2348 swenum - ok
16:30:36.0795 2348 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
16:30:36.0795 2348 swprv - ok
16:30:36.0826 2348 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
16:30:36.0842 2348 SysMain - ok
16:30:36.0858 2348 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:30:36.0858 2348 TabletInputService - ok
16:30:36.0889 2348 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
16:30:36.0889 2348 TapiSrv - ok
16:30:36.0904 2348 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
16:30:36.0904 2348 TBS - ok
16:30:36.0982 2348 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:30:37.0014 2348 Tcpip - ok
16:30:37.0060 2348 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:30:37.0076 2348 TCPIP6 - ok
16:30:37.0123 2348 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:30:37.0123 2348 tcpipreg - ok
16:30:37.0154 2348 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:30:37.0154 2348 TDPIPE - ok
16:30:37.0170 2348 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:30:37.0170 2348 TDTCP - ok
16:30:37.0185 2348 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:30:37.0185 2348 tdx - ok
16:30:37.0185 2348 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:30:37.0201 2348 TermDD - ok
16:30:37.0232 2348 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
16:30:37.0232 2348 TermService - ok
16:30:37.0248 2348 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
16:30:37.0248 2348 Themes - ok
16:30:37.0263 2348 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
16:30:37.0263 2348 THREADORDER - ok
16:30:37.0279 2348 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
16:30:37.0279 2348 TrkWks - ok
16:30:37.0326 2348 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:30:37.0341 2348 TrustedInstaller - ok
16:30:37.0357 2348 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:30:37.0357 2348 tssecsrv - ok
16:30:37.0372 2348 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:30:37.0372 2348 TsUsbFlt - ok
16:30:37.0372 2348 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
16:30:37.0372 2348 TsUsbGD - ok
16:30:37.0404 2348 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:30:37.0404 2348 tunnel - ok
16:30:37.0404 2348 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:30:37.0404 2348 uagp35 - ok
16:30:37.0435 2348 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:30:37.0435 2348 udfs - ok
16:30:37.0466 2348 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:30:37.0482 2348 UI0Detect - ok
16:30:37.0482 2348 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:30:37.0497 2348 uliagpkx - ok
16:30:37.0513 2348 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:30:37.0513 2348 umbus - ok
16:30:37.0528 2348 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
16:30:37.0528 2348 UmPass - ok
16:30:37.0560 2348 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
16:30:37.0560 2348 upnphost - ok
16:30:37.0591 2348 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:30:37.0591 2348 usbccgp - ok
16:30:37.0606 2348 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:30:37.0606 2348 usbcir - ok
16:30:37.0622 2348 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:30:37.0622 2348 usbehci - ok
16:30:37.0653 2348 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:30:37.0653 2348 usbhub - ok
16:30:37.0669 2348 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
16:30:37.0669 2348 usbohci - ok
16:30:37.0700 2348 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:30:37.0700 2348 usbprint - ok
16:30:37.0716 2348 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:30:37.0716 2348 USBSTOR - ok
16:30:37.0747 2348 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:30:37.0762 2348 usbuhci - ok
16:30:37.0825 2348 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
16:30:37.0825 2348 UxSms - ok
16:30:37.0856 2348 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
16:30:37.0856 2348 VaultSvc - ok
16:30:37.0918 2348 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:30:37.0934 2348 vdrvroot - ok
16:30:38.0059 2348 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
16:30:38.0090 2348 vds - ok
16:30:38.0168 2348 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:30:38.0199 2348 vga - ok
16:30:38.0215 2348 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:30:38.0215 2348 VgaSave - ok
16:30:38.0246 2348 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:30:38.0246 2348 vhdmp - ok
16:30:38.0262 2348 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:30:38.0262 2348 viaagp - ok
16:30:38.0277 2348 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
16:30:38.0277 2348 ViaC7 - ok
16:30:38.0293 2348 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
16:30:38.0293 2348 viaide - ok
16:30:38.0308 2348 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:30:38.0308 2348 volmgr - ok
16:30:38.0324 2348 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:30:38.0340 2348 volmgrx - ok
16:30:38.0355 2348 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:30:38.0355 2348 volsnap - ok
16:30:38.0371 2348 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:30:38.0371 2348 vsmraid - ok
16:30:38.0418 2348 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
16:30:38.0449 2348 VSS - ok
16:30:38.0480 2348 [ 682FCF7D2EB5158CD30408E976562408 ] VSTHWBS2 C:\Windows\system32\DRIVERS\VSTBS23.SYS
16:30:38.0480 2348 VSTHWBS2 - ok
16:30:38.0527 2348 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] VST_DPV C:\Windows\system32\DRIVERS\VSTDPV3.SYS
16:30:38.0527 2348 VST_DPV - ok
16:30:38.0542 2348 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
16:30:38.0542 2348 vwifibus - ok
16:30:38.0558 2348 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
16:30:38.0574 2348 W32Time - ok
16:30:38.0589 2348 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:30:38.0589 2348 WacomPen - ok
16:30:38.0620 2348 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:30:38.0620 2348 WANARP - ok
16:30:38.0620 2348 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:30:38.0620 2348 Wanarpv6 - ok
16:30:38.0683 2348 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:30:38.0714 2348 WatAdminSvc - ok
16:30:38.0761 2348 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
16:30:38.0792 2348 wbengine - ok
16:30:38.0823 2348 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:30:38.0823 2348 WbioSrvc - ok
16:30:38.0854 2348 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:30:38.0854 2348 wcncsvc - ok
16:30:38.0870 2348 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:30:38.0870 2348 WcsPlugInService - ok
16:30:38.0886 2348 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
16:30:38.0901 2348 Wd - ok
16:30:38.0948 2348 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:30:38.0948 2348 Wdf01000 - ok
16:30:38.0964 2348 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:30:38.0964 2348 WdiServiceHost - ok
16:30:38.0979 2348 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:30:38.0979 2348 WdiSystemHost - ok
16:30:38.0995 2348 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
16:30:39.0010 2348 WebClient - ok
16:30:39.0026 2348 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:30:39.0026 2348 Wecsvc - ok
16:30:39.0042 2348 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:30:39.0042 2348 wercplsupport - ok
16:30:39.0057 2348 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
16:30:39.0057 2348 WerSvc - ok
16:30:39.0088 2348 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:30:39.0088 2348 WfpLwf - ok
16:30:39.0088 2348 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:30:39.0088 2348 WIMMount - ok
16:30:39.0120 2348 [ BC0C7EA89194C299F051C24119000E17 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
16:30:39.0135 2348 winachsf - ok
16:30:39.0182 2348 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:30:39.0198 2348 WinDefend - ok
16:30:39.0213 2348 WinHttpAutoProxySvc - ok
16:30:39.0260 2348 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:30:39.0260 2348 Winmgmt - ok
16:30:39.0307 2348 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
16:30:39.0338 2348 WinRM - ok
16:30:39.0385 2348 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:30:39.0416 2348 Wlansvc - ok
16:30:39.0432 2348 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:30:39.0432 2348 WmiAcpi - ok
16:30:39.0463 2348 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:30:39.0463 2348 wmiApSrv - ok
16:30:39.0525 2348 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:30:39.0541 2348 WMPNetworkSvc - ok
16:30:39.0572 2348 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:30:39.0572 2348 WPCSvc - ok
16:30:39.0588 2348 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:30:39.0588 2348 WPDBusEnum - ok
16:30:39.0619 2348 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:30:39.0619 2348 ws2ifsl - ok
16:30:39.0634 2348 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
16:30:39.0634 2348 wscsvc - ok
16:30:39.0650 2348 WSearch - ok
16:30:39.0728 2348 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
16:30:39.0775 2348 wuauserv - ok
16:30:39.0806 2348 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:30:39.0806 2348 WudfPf - ok
16:30:39.0853 2348 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:30:39.0868 2348 WUDFRd - ok
16:30:39.0915 2348 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:30:39.0915 2348 wudfsvc - ok
16:30:39.0946 2348 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
16:30:39.0946 2348 WwanSvc - ok
16:30:39.0962 2348 ================ Scan global ===============================
16:30:39.0978 2348 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
16:30:40.0024 2348 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
16:30:40.0040 2348 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
16:30:40.0071 2348 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
16:30:40.0087 2348 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
16:30:40.0087 2348 [Global] - ok
16:30:40.0102 2348 ================ Scan MBR ==================================
16:30:40.0118 2348 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
16:30:40.0243 2348 \Device\Harddisk0\DR0 - ok
16:30:40.0258 2348 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
16:30:40.0680 2348 \Device\Harddisk1\DR1 - ok
16:30:40.0680 2348 ================ Scan VBR ==================================
16:30:40.0695 2348 [ 8536861B68D1E477E0F812153318EE1B ] \Device\Harddisk0\DR0\Partition1
16:30:40.0695 2348 \Device\Harddisk0\DR0\Partition1 - ok
16:30:40.0695 2348 [ 6FDB15E83ED833F734910F29E3AB393B ] \Device\Harddisk1\DR1\Partition1
16:30:40.0695 2348 \Device\Harddisk1\DR1\Partition1 - ok
16:30:40.0711 2348 [ 7287E0077163A0A9C41F257C5F7667DA ] \Device\Harddisk1\DR1\Partition2
16:30:40.0711 2348 \Device\Harddisk1\DR1\Partition2 - ok
16:30:40.0711 2348 ============================================================
16:30:40.0711 2348 Scan finished
16:30:40.0711 2348 ============================================================
16:30:40.0726 2340 Detected object count: 0
16:30:40.0726 2340 Actual detected object count: 0
16:30:47.0590 1520 Deinitialize success
__________________
jaythorpe522 is offline  
Old 04-12-2013, 10:01 PM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 14,727
OS: XP Win7 Ubuntu 10.10



This looks much better. When you're back, please continue with the following steps:
  1. Download ComboFix from here:

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    * IMPORTANT !!! Place ComboFix.exe on your Desktop

  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

    How to Disable Your Security Applications

  3. Double click on ComboFix.exe & follow the prompts.

  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
__________________

amateur is offline  
Old 04-14-2013, 04:01 PM   #10
TSF Enthusiast
 
Join Date: Sep 2010
Location: Bloodymore, Murderland
Posts: 1,009
OS: Mac OSX (10.5.8)



ComboFix 13-04-14.01 - user 04/14/2013 9:49.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2942.2195 [GMT -4:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\F455.tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-03-14 to 2013-04-14 )))))))))))))))))))))))))))))))
.
.
2013-04-14 13:53 . 2013-04-14 13:54 -------- d-----w- c:\users\user\AppData\Local\temp
2013-04-14 13:53 . 2013-04-14 13:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-12 20:28 . 2013-04-12 20:28 -------- d-----w- C:\TDSSKiller_Quarantine
2013-04-12 17:39 . 2013-03-15 04:21 7108640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43D56B70-B728-4B44-917D-1E4AA2C9D2E0}\mpengine.dll
2013-04-11 06:51 . 2013-04-11 06:51 -------- d-----w- c:\program files\ESET
2013-04-10 20:03 . 2013-03-01 03:09 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 20:03 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 20:03 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 20:03 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 20:03 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 20:03 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe
2013-04-10 20:03 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 20:03 . 2013-02-15 04:34 131584 ----a-w- c:\windows\system32\aaclient.dll
2013-04-10 20:03 . 2013-02-15 03:25 36864 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-10 20:02 . 2013-03-02 05:07 1212264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 20:00 . 2013-04-10 20:00 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C78E23F9-A39E-4748-8A11-52D751D755D7}\gapaengine.dll
2013-04-10 20:00 . 2013-03-15 04:21 7108640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-10 19:54 . 2013-04-10 19:55 -------- d-----w- c:\program files\Microsoft Security Client
2013-04-10 19:54 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-10 19:52 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{11B76AA2-B743-412D-83E5-33FE1B1E873F}\mpengine.dll
2013-04-08 04:20 . 2013-04-08 04:20 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes
2013-04-08 04:19 . 2013-04-08 04:19 -------- d-----w- c:\programdata\Malwarebytes
2013-04-08 04:19 . 2013-04-10 19:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-08 04:19 . 2013-04-08 04:19 -------- d-----w- c:\users\user\AppData\Local\Programs
2013-03-25 23:52 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-02 10:33 . 2012-06-03 06:10 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-03-13 18:47 . 2012-06-03 21:35 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 18:47 . 2012-06-03 21:35 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-12 04:48 . 2013-03-12 17:28 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-12 17:28 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-20 19:59 . 2013-01-20 19:59 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 19:59 . 2013-01-20 19:59 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-03-08 04:54 . 2013-03-08 04:54 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-03 18:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.drudgereport.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\d41ayao8.default\
FF - prefs.js: browser.startup.homepage - www.drudgereport
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-89075663.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-14 09:55:28
ComboFix-quarantined-files.txt 2013-04-14 13:55
.
Pre-Run: 306,359,861,248 bytes free
Post-Run: 327,267,000,320 bytes free
.
- - End Of File - - A8766DFC5F0901112581A9AD2A1681DB
__________________
jaythorpe522 is offline  
Old 04-14-2013, 10:31 PM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 14,727
OS: XP Win7 Ubuntu 10.10



Thanks. How is the system behaving now?

Let's look for remnants, if any.

Since you already have Malwarebytes Anti malware installed, please update it to it's latest definitions, and run a new Quick Scan.
  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

===============

Please try running ESET again. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
__________________

amateur is offline  
Old 04-15-2013, 06:44 PM   #12
TSF Enthusiast
 
Join Date: Sep 2010
Location: Bloodymore, Murderland
Posts: 1,009
OS: Mac OSX (10.5.8)



Hey man :) don't thank me, I thank you!!

No more unexplained audio, but the IE warning "you are about to view pages over a secure connection" popped up where I wouldn't necessarily expect it (tho' I'm not familiar with that page, so ?perhaps? it was legit).

ESET did find 3 threats:

C:\Users\user\Downloads\FoxitReader514.0104_enu_Setup.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\407791DL\index[1].htm JS/Fraud.NAS trojan
E:\Documents and Settings\All Users\Start Menu\Programs\eBay.url Win32/Adware.ADON application

((THE E DRIVE is her old system HDD from a previous computer, I believe))

I wound up running MWB twice; dunno why/how. here they are in reverse chronological order:

Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free anti-malware download

Database version: v2013.04.10.13

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
user :: WINCTRL-BHLBPQ7 [administrator]

4/15/2013 9:13:11 AM
mbam-log-2013-04-15 (09-13-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196499
Time elapsed: 3 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

********************
********************

Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free anti-malware download

Database version: v2013.04.10.13

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
user :: WINCTRL-BHLBPQ7 [administrator]

4/15/2013 2:04:35 PM
mbam-log-2013-04-15 (14-04-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196327
Time elapsed: 2 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
__________________
jaythorpe522 is offline  
Old 04-15-2013, 10:27 PM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 14,727
OS: XP Win7 Ubuntu 10.10



Glad to hear that. From this end, the logs are looking good. ESET is flagging the Foxit Reader because it is a setup file and may bundle the Ask toolbar. eBay link in E drive is also reported for a similar reason. The following commands will remove them, if you wish to do so:

Press the Windows and R keys on the keyboard simultaneously to bring up the Run box, and copy/paste the following, then press Enter:

cmd /c del /a /f /q "C:\Users\user\Downloads\FoxitReader514.0104_enu_Setup.exe"

Repeat the process but this time copy/paste the following command and press Enter:

cmd /c del /a /f /q "E:\Documents and Settings\All Users\Start Menu\Programs\eBay.url"

=============

The following tool will clean the temporary internet files, which is where the third ESET detection is. Before running it will stop Explorer and all other running apps. (so don't be alarmed when your desktop disappears) It requires a reboot to fully clean the files, so close all open folders before running it.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
It's normal after running TFC cleaner that the PC will be slower to boot the first time.

==================

I
Quote:
E warning "you are about to view pages over a secure connection" popped up where I wouldn't necessarily expect it (tho' I'm not familiar with that page, so ?perhaps? it was legit).
That's indeed a legit warning. Either the secure page contained a link to pages in a non-secure environment, or was getting items from a non-secure environment. There's a good write up about it here, if you'd like to take a look:


http://www.uvm.edu/hrs/skills/manuals/browser.pdf (Secure and Non Secure Items Dialog Box section)

=========

If you have no further issues, we can proceed with the final housekeeping. Please do not skip this step as it will implement important cleanup procedures, as well as reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point for you.

Please disable all protection applications as before .
  • Click Start thenRun
  • Now type ComboFix /Uninstall in the run box and click OK. Notice the space between the Combofix and the /

This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore to prevent reinfection from old restore points.

You may re-enable your security applications now.

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article:

Strong passwords: How to create and use them


You may also consider a password keeper, to keep all your passwords safe.

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

It's vital that you keep all your software up-to-date as older versions may have some security vulnerabilities. Secunia Software Inspector Scan can help you find out which programs need to be updated.
  • Java is a vulnerable application. You may want to consider uninstalling it. However, Secunia Online Inspector needs Java in order to run. So if you choose to use Secunia or regularly use any programs/websites that require Java, you may not want to uninstall it. If that is the case, we recommend at least disabling Java in your browsers and enabling it only when it is needed (for certain websites, for example). Please see here: Disable Java in browsers

Please respond to this thread one more time so we can mark this thread as resolved.

Surf Safely and Think Prevention!
__________________

amateur is offline  
Old 04-18-2013, 07:42 AM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 14,727
OS: XP Win7 Ubuntu 10.10



Since this issue appears resolved, this topic will now be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

__________________

amateur is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Projector set up
I am attemptiong to set up a BENQ ms510 on my laptop. I am running Windows 7 Home Premium on an Asus G74S with 16GB DDR3, 2 x 500GB hard drive plus 2 externals. When I attempt to download the user manual from Benq it crashes IE. When I attempt to use the supplied disc, it also crashes ie. I do...
ricochet53 Windows 7 Support, Windows Vista Support 6 04-08-2012 11:48 AM
Computer periodically freezes on games
I'm new to this forum and I'm posting here because I have a very unusual problem with my computer at the moment, and haven't been able to find anything about it anywhere else on the web thus far. My computer's specs: AMD Phenom 8750B Triple-Core 2.39GHz 2 sticks of 2GB RAM (3.25GB available)...
wolfups PC Gaming Support 12 08-31-2011 12:37 PM
PC Performance Lapse - advice please?
Good evening chaps, I've tried a couple of things myself but my PC performance just won't return to its normal self. When I first bought my PC a couple of years ago, it was able to run games like WoW on consistent 60+ (sometimes way higher) FPS and even capable of running Crysis on fairly decent...
FlyingWolves PC Gaming Support 5 05-30-2011 06:32 AM
Random audio clips virus malware???
I've recently (2 days ago) noticed random audio clip/s starting up in the backround and playing for anything from a few seconds(4-5) right up to about 30 seconds. I know there are posts on this website relating to this problem but I thought I'd keep my issues specific so as not to confuse with...
JonnyCD Inactive Malware Help Topics 11 02-21-2011 09:26 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 07:00 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts