Win 7 Defender removal problem

Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Hi,

Can you try again the usb_prep8 one more time but this time, let the USB plugged into the PC for a while first. How big is the USB drive? If it doesn't work than try the following tools in normal mode (Without a CD drive, recovery environment and USB, our options are limited)

Download TDSSkiller from here
  • Double-Click on TDSSKiller.exe to run the application
  • When TDSSkiller opens, click change parameters , check the box next to Loaded modules . A reboot will be required.
  • After reboot, TDSSKiller will run again. Click Change parameters again and make sure everything is checked.
    clip.jpg
  • click Start scan .
  • If a suspicious object is detected, the default action will be Skip, click on Continue. (If it saids TDL4/TDSS file system, select delete)
  • If malicious objects are found, ensure Cure (default) is selected, then click Continue and Reboot now to finish the cleaning process.

Post the log after (usually C:\ folder in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt

Next,
Download ListParts here: http://www.bleepingcomputer.com/download/listparts/dl/77/ and run it. Click scan. After it finishes, it will generate a log. Please post it in your next reply.
 
A

asdfdav

New Member
Thread author
Verified
Dec 27, 2012
19
Hi, I have tried to leave the USB stick (4gb) in the computer for approx 10 min and nothing happens.

Now, for running TDSSkiller, you mention running it in normal mode - do you mean non safe mode? I still can't do that as the combofix window is flickering all over the screen, and I am unable to run any application I think. Shall I run it in safe mode instead?

Many thanks,
David
 
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Hi David,

Go into safe mode, open OTL. Under custom scan/fixes, copy and paste the following:

:OTL
O4:64bit: - HKLM..\Run: [combofix] C:\ComboFix\CF16149.3XE (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [combofix] C:\ComboFix\CF16149.3XE (Microsoft Corporation)
Click to expand...

Then click Run Fix. Combofix should stop flickering now.

Reboot to non safe mode and perform the TDSS and listparts scans
 
A

asdfdav

New Member
Thread author
Verified
Dec 27, 2012
19
Thank you Fiery, I was now able to run without having combofix flickering.

I ran both scans as your instructions - both logs are attached. However, no threats found.

Any further advise?

TDS Log below, too large to attach for some reason:

22:50:01.0164 4584 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:50:01.0345 4584 ============================================================
22:50:01.0345 4584 Current date / time: 2013/01/05 22:50:01.0345
22:50:01.0345 4584 SystemInfo:
22:50:01.0345 4584
22:50:01.0345 4584 OS Version: 6.1.7600 ServicePack: 0.0
22:50:01.0345 4584 Product type: Workstation
22:50:01.0345 4584 ComputerName: DAVIDACER-PC
22:50:01.0345 4584 UserName: Davidacer
22:50:01.0346 4584 Windows directory: C:\Windows
22:50:01.0346 4584 System windows directory: C:\Windows
22:50:01.0346 4584 Running under WOW64
22:50:01.0346 4584 Processor architecture: Intel x64
22:50:01.0346 4584 Number of processors: 4
22:50:01.0346 4584 Page size: 0x1000
22:50:01.0346 4584 Boot type: Normal boot
22:50:01.0346 4584 ============================================================
22:50:02.0254 4584 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:50:02.0258 4584 ============================================================
22:50:02.0258 4584 \Device\Harddisk0\DR0:
22:50:02.0258 4584 MBR partitions:
22:50:02.0258 4584 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000
22:50:02.0259 4584 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x55BAF6F0
22:50:02.0259 4584 ============================================================
22:50:02.0278 4584 C: <-> \Device\Harddisk0\DR0\Partition2
22:50:02.0278 4584 ============================================================
22:50:02.0278 4584 Initialize success
22:50:02.0278 4584 ============================================================
22:50:27.0496 3272 Deinitialize success
 

Attachments

  • Result.txt
    661 bytes · Views: 102
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Hi,

Can you post the TDSSKiller log directly into a reply instead of attaching it? You can hold Ctrl then press a to select the entire log and copy and paste it here.
 
A

asdfdav

New Member
Thread author
Verified
Dec 27, 2012
19
Hi, sorry, copy and pasted the wrong log file... here's the correct one:

22:55:22.0820 5644 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:55:23.0062 5644 ============================================================
22:55:23.0062 5644 Current date / time: 2013/01/05 22:55:23.0062
22:55:23.0062 5644 SystemInfo:
22:55:23.0062 5644
22:55:23.0062 5644 OS Version: 6.1.7600 ServicePack: 0.0
22:55:23.0062 5644 Product type: Workstation
22:55:23.0062 5644 ComputerName: DAVIDACER-PC
22:55:23.0062 5644 UserName: Davidacer
22:55:23.0062 5644 Windows directory: C:\Windows
22:55:23.0062 5644 System windows directory: C:\Windows
22:55:23.0062 5644 Running under WOW64
22:55:23.0062 5644 Processor architecture: Intel x64
22:55:23.0062 5644 Number of processors: 4
22:55:23.0062 5644 Page size: 0x1000
22:55:23.0062 5644 Boot type: Normal boot
22:55:23.0062 5644 ============================================================
22:55:24.0404 5644 BG loaded
22:55:24.0911 5644 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:55:24.0918 5644 ============================================================
22:55:24.0918 5644 \Device\Harddisk0\DR0:
22:55:24.0918 5644 MBR partitions:
22:55:24.0918 5644 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000
22:55:24.0919 5644 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x55BAF6F0
22:55:24.0919 5644 ============================================================
22:55:24.0947 5644 C: <-> \Device\Harddisk0\DR0\Partition2
22:55:24.0947 5644 ============================================================
22:55:24.0947 5644 Initialize success
22:55:24.0947 5644 ============================================================
22:56:39.0621 5536 ============================================================
22:56:39.0621 5536 Scan started
22:56:39.0621 5536 Mode: Manual; SigCheck; TDLFS;
22:56:39.0621 5536 ============================================================
22:56:39.0896 5536 ================ Scan system memory ========================
22:56:39.0896 5536 System memory - ok
22:56:39.0897 5536 ================ Scan services =============================
22:56:40.0086 5536 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
22:56:40.0288 5536 1394ohci - ok
22:56:40.0331 5536 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
22:56:40.0364 5536 ACPI - ok
22:56:40.0413 5536 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
22:56:40.0497 5536 AcpiPmi - ok
22:56:40.0568 5536 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:56:40.0606 5536 adp94xx - ok
22:56:40.0649 5536 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:56:40.0678 5536 adpahci - ok
22:56:40.0732 5536 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:56:40.0755 5536 adpu320 - ok
22:56:40.0789 5536 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:56:40.0976 5536 AeLookupSvc - ok
22:56:41.0023 5536 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
22:56:41.0091 5536 AFD - ok
22:56:41.0129 5536 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
22:56:41.0148 5536 agp440 - ok
22:56:41.0185 5536 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:56:41.0250 5536 ALG - ok
22:56:41.0301 5536 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
22:56:41.0321 5536 aliide - ok
22:56:41.0403 5536 [ 95BB85F73F6C20B08AB83ED194C2FA1F ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:56:41.0514 5536 AMD External Events Utility - ok
22:56:41.0547 5536 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
22:56:41.0565 5536 amdide - ok
22:56:41.0611 5536 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:56:41.0655 5536 AmdK8 - ok
22:56:41.0831 5536 [ 2AE6AA3632589AC805432863D3605EA9 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
22:56:41.0996 5536 amdkmdag - ok
22:56:42.0026 5536 [ 206C28BFA8D52250D163B85E891527E5 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
22:56:42.0056 5536 amdkmdap - ok
22:56:42.0078 5536 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:56:42.0122 5536 AmdPPM - ok
22:56:42.0185 5536 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:56:42.0208 5536 amdsata - ok
22:56:42.0266 5536 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:56:42.0292 5536 amdsbs - ok
22:56:42.0334 5536 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:56:42.0352 5536 amdxata - ok
22:56:42.0435 5536 [ 391887990CDAA83DE5C56C3FDE966DA1 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
22:56:42.0483 5536 AmUStor - ok
22:56:42.0551 5536 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
22:56:42.0672 5536 AppID - ok
22:56:42.0718 5536 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:56:42.0798 5536 AppIDSvc - ok
22:56:42.0823 5536 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
22:56:42.0886 5536 Appinfo - ok
22:56:42.0980 5536 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:56:43.0002 5536 arc - ok
22:56:43.0047 5536 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:56:43.0071 5536 arcsas - ok
22:56:43.0143 5536 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:56:43.0196 5536 AsyncMac - ok
22:56:43.0265 5536 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
22:56:43.0284 5536 atapi - ok
22:56:43.0373 5536 [ AAAE03F8EDA817EC28C5445193EA8BF3 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
22:56:43.0392 5536 AthBTPort - ok
22:56:43.0463 5536 [ 4ECC791539F23982411864037D1AC8FC ] ATHDFU C:\Windows\system32\Drivers\AthDfu.sys
22:56:43.0802 5536 ATHDFU - ok
22:56:43.0894 5536 [ 07D15AA6E882E598918E66E02C17EA95 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
22:56:43.0909 5536 AtherosSvc - ok
22:56:43.0996 5536 [ E642491F64E58CD5BC8FB8B347DCF65F ] athr C:\Windows\system32\DRIVERS\athrx.sys
22:56:44.0064 5536 athr - ok
22:56:44.0145 5536 [ D048E78B8B6416A0A5A18843867C9973 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
22:56:44.0165 5536 AtiHDAudioService - ok
22:56:44.0241 5536 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:56:44.0334 5536 AudioEndpointBuilder - ok
22:56:44.0361 5536 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:56:44.0410 5536 AudioSrv - ok
22:56:44.0458 5536 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:56:44.0519 5536 AxInstSV - ok
22:56:44.0579 5536 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:56:44.0650 5536 b06bdrv - ok
22:56:44.0716 5536 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:56:44.0763 5536 b57nd60a - ok
22:56:44.0815 5536 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
22:56:44.0884 5536 BCM43XX - ok
22:56:44.0931 5536 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:56:44.0999 5536 BDESVC - ok
22:56:45.0021 5536 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:56:45.0087 5536 Beep - ok
22:56:45.0183 5536 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
22:56:45.0260 5536 BFE - ok
22:56:45.0302 5536 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
22:56:45.0379 5536 BITS - ok
22:56:45.0411 5536 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:56:45.0455 5536 blbdrive - ok
22:56:45.0509 5536 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:56:45.0571 5536 bowser - ok
22:56:45.0613 5536 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:56:45.0640 5536 BrFiltLo - ok
22:56:45.0658 5536 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:56:45.0704 5536 BrFiltUp - ok
22:56:45.0746 5536 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
22:56:45.0840 5536 BridgeMP - ok
22:56:45.0885 5536 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
22:56:45.0944 5536 Browser - ok
22:56:45.0975 5536 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:56:46.0036 5536 Brserid - ok
22:56:46.0054 5536 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:56:46.0098 5536 BrSerWdm - ok
22:56:46.0148 5536 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:56:46.0194 5536 BrUsbMdm - ok
22:56:46.0215 5536 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:56:46.0235 5536 BrUsbSer - ok
22:56:46.0283 5536 [ 9DF8CF0E37D9F97FDE77E67B852E2808 ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
22:56:46.0307 5536 BTATH_A2DP - ok
22:56:46.0347 5536 [ 2D0446336D9DB55A742B999EC16ADF15 ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys
22:56:46.0358 5536 BTATH_BUS - ok
22:56:46.0394 5536 [ 9A9694BBEB2849EAF95DFFCAE5DF02AD ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys
22:56:46.0415 5536 BTATH_HCRP - ok
22:56:46.0431 5536 [ D8E5F51B3816E196C130BD6AEB68F09D ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
22:56:46.0446 5536 BTATH_LWFLT - ok
22:56:46.0486 5536 [ 5EB4815CBDDBA4541F2380DAE6E269AB ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys
22:56:46.0505 5536 BTATH_RCP - ok
22:56:46.0552 5536 [ 4882E5C8F37F7500B3C7AD689F90FF53 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
22:56:46.0574 5536 BtFilter - ok
22:56:46.0621 5536 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
22:56:46.0664 5536 BthEnum - ok
22:56:46.0682 5536 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:56:46.0727 5536 BTHMODEM - ok
22:56:46.0757 5536 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
22:56:46.0784 5536 BthPan - ok
22:56:46.0809 5536 [ D59773C7FDD3D795D6FE402EEEA8D71E ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
22:56:46.0859 5536 BTHPORT - ok
22:56:46.0923 5536 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:56:47.0000 5536 bthserv - ok
22:56:47.0022 5536 [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
22:56:47.0053 5536 BTHUSB - ok
22:56:47.0220 5536 catchme - ok
22:56:47.0274 5536 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:56:47.0371 5536 cdfs - ok
22:56:47.0413 5536 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:56:47.0439 5536 cdrom - ok
22:56:47.0478 5536 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
22:56:47.0554 5536 CertPropSvc - ok
22:56:47.0593 5536 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:56:47.0642 5536 circlass - ok
22:56:47.0668 5536 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:56:47.0700 5536 CLFS - ok
22:56:47.0764 5536 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:56:47.0784 5536 clr_optimization_v2.0.50727_32 - ok
22:56:47.0823 5536 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:56:47.0842 5536 clr_optimization_v2.0.50727_64 - ok
22:56:47.0918 5536 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:56:48.0037 5536 clr_optimization_v4.0.30319_32 - ok
22:56:48.0080 5536 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:56:48.0091 5536 clr_optimization_v4.0.30319_64 - ok
22:56:48.0127 5536 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:56:48.0146 5536 CmBatt - ok
22:56:48.0182 5536 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
22:56:48.0202 5536 cmdide - ok
22:56:48.0265 5536 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
22:56:48.0311 5536 CNG - ok
22:56:48.0354 5536 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:56:48.0375 5536 Compbatt - ok
22:56:48.0414 5536 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
22:56:48.0462 5536 CompositeBus - ok
22:56:48.0468 5536 COMSysApp - ok
22:56:48.0499 5536 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:56:48.0517 5536 crcdisk - ok
22:56:48.0559 5536 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:56:48.0621 5536 CryptSvc - ok
22:56:48.0668 5536 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:56:48.0738 5536 DcomLaunch - ok
22:56:48.0808 5536 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:56:48.0924 5536 defragsvc - ok
22:56:48.0973 5536 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:56:49.0033 5536 DfsC - ok
22:56:49.0084 5536 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
22:56:49.0191 5536 Dhcp - ok
22:56:49.0253 5536 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:56:49.0326 5536 discache - ok
22:56:49.0379 5536 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:56:49.0445 5536 Disk - ok
22:56:49.0489 5536 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:56:49.0548 5536 Dnscache - ok
22:56:49.0570 5536 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
22:56:49.0644 5536 dot3svc - ok
22:56:49.0665 5536 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
22:56:49.0713 5536 DPS - ok
22:56:49.0755 5536 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:56:49.0799 5536 drmkaud - ok
22:56:49.0848 5536 [ 9CF46FDF163E06B83D03FF929EF2296C ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
22:56:50.0013 5536 DsiWMIService - ok
22:56:50.0067 5536 [ EBCE0B0924835F635F620D19F0529DCE ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:56:50.0117 5536 DXGKrnl - ok
22:56:50.0127 5536 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:56:50.0201 5536 EapHost - ok
22:56:50.0280 5536 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:56:50.0408 5536 ebdrv - ok
22:56:50.0440 5536 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
22:56:50.0500 5536 EFS - ok
22:56:50.0597 5536 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:56:50.0673 5536 ehRecvr - ok
22:56:50.0690 5536 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:56:50.0756 5536 ehSched - ok
22:56:50.0801 5536 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:56:50.0839 5536 elxstor - ok
22:56:50.0953 5536 [ EB78FBD1C3DB8223EEB364D485627EF1 ] ePowerSvc C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
22:56:50.0988 5536 ePowerSvc - ok
22:56:51.0008 5536 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
22:56:51.0038 5536 ErrDev - ok
22:56:51.0085 5536 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:56:51.0155 5536 EventSystem - ok
22:56:51.0211 5536 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:56:51.0285 5536 exfat - ok
22:56:51.0310 5536 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:56:51.0361 5536 fastfat - ok
22:56:51.0412 5536 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
22:56:51.0483 5536 Fax - ok
22:56:51.0497 5536 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:56:51.0517 5536 fdc - ok
22:56:51.0553 5536 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:56:51.0625 5536 fdPHost - ok
22:56:51.0647 5536 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:56:51.0722 5536 FDResPub - ok
22:56:51.0754 5536 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:56:51.0773 5536 FileInfo - ok
22:56:51.0791 5536 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:56:51.0888 5536 Filetrace - ok
22:56:51.0906 5536 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:56:51.0922 5536 flpydisk - ok
22:56:51.0939 5536 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:56:51.0957 5536 FltMgr - ok
22:56:52.0010 5536 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
22:56:52.0106 5536 FontCache - ok
22:56:52.0157 5536 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:56:52.0174 5536 FontCache3.0.0.0 - ok
22:56:52.0195 5536 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:56:52.0214 5536 FsDepends - ok
22:56:52.0245 5536 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:56:52.0257 5536 Fs_Rec - ok
22:56:52.0322 5536 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:56:52.0342 5536 fvevol - ok
22:56:52.0385 5536 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:56:52.0403 5536 gagp30kx - ok
22:56:52.0439 5536 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
22:56:52.0487 5536 gpsvc - ok
22:56:52.0568 5536 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
22:56:52.0584 5536 GREGService - ok
22:56:52.0641 5536 [ 2ED7FF3E1ADA4092632393781518B3A7 ] grmnusb C:\Windows\system32\drivers\grmnusb.sys
22:56:52.0659 5536 grmnusb - ok
22:56:52.0752 5536 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:56:52.0769 5536 gupdate - ok
22:56:52.0831 5536 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:56:52.0847 5536 gupdatem - ok
22:56:52.0868 5536 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:56:52.0901 5536 hcw85cir - ok
22:56:52.0951 5536 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:56:53.0006 5536 HdAudAddService - ok
22:56:53.0040 5536 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:56:53.0091 5536 HDAudBus - ok
22:56:53.0126 5536 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
22:56:53.0142 5536 HECIx64 - ok
22:56:53.0161 5536 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:56:53.0181 5536 HidBatt - ok
22:56:53.0203 5536 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:56:53.0246 5536 HidBth - ok
22:56:53.0280 5536 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:56:53.0300 5536 HidIr - ok
22:56:53.0329 5536 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
22:56:53.0369 5536 hidserv - ok
22:56:53.0419 5536 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:56:53.0458 5536 HidUsb - ok
22:56:53.0503 5536 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:56:53.0582 5536 hkmsvc - ok
22:56:53.0621 5536 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:56:53.0683 5536 HomeGroupListener - ok
22:56:53.0716 5536 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:56:53.0762 5536 HomeGroupProvider - ok
22:56:53.0800 5536 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
22:56:53.0823 5536 HpSAMD - ok
22:56:53.0857 5536 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:56:53.0948 5536 HTTP - ok
22:56:53.0970 5536 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:56:53.0987 5536 hwpolicy - ok
22:56:54.0026 5536 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:56:54.0046 5536 i8042prt - ok
22:56:54.0087 5536 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
22:56:54.0110 5536 iaStor - ok
22:56:54.0164 5536 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:56:54.0188 5536 iaStorV - ok
22:56:54.0237 5536 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:56:54.0270 5536 idsvc - ok
22:56:54.0504 5536 [ FBACBED7A37B3223822470FF1D8EA00F ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
22:56:54.0837 5536 igfx - ok
22:56:54.0863 5536 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:56:54.0876 5536 iirsp - ok
22:56:54.0902 5536 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
22:56:54.0988 5536 IKEEXT - ok
22:56:55.0042 5536 [ 36FDF367A1DABFF903E2214023D71368 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
22:56:55.0094 5536 Impcd - ok
22:56:55.0185 5536 [ E8017F1662D9142F45CEAB694D013C00 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:56:55.0270 5536 IntcAzAudAddService - ok
22:56:55.0294 5536 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
22:56:55.0307 5536 intelide - ok
22:56:55.0540 5536 [ FBACBED7A37B3223822470FF1D8EA00F ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys
22:56:55.0674 5536 intelkmd - ok
22:56:55.0720 5536 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:56:55.0741 5536 intelppm - ok
22:56:55.0781 5536 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:56:55.0863 5536 IPBusEnum - ok
22:56:55.0901 5536 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:56:55.0968 5536 IpFilterDriver - ok
22:56:56.0012 5536 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:56:56.0101 5536 iphlpsvc - ok
22:56:56.0126 5536 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:56:56.0141 5536 IPMIDRV - ok
22:56:56.0163 5536 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:56:56.0231 5536 IPNAT - ok
22:56:56.0262 5536 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:56:56.0308 5536 IRENUM - ok
22:56:56.0326 5536 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
22:56:56.0345 5536 isapnp - ok
22:56:56.0372 5536 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:56:56.0396 5536 iScsiPrt - ok
22:56:56.0410 5536 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:56:56.0423 5536 kbdclass - ok
22:56:56.0466 5536 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:56:56.0502 5536 kbdhid - ok
22:56:56.0528 5536 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
22:56:56.0549 5536 KeyIso - ok
22:56:56.0586 5536 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:56:56.0610 5536 KSecDD - ok
22:56:56.0631 5536 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:56:56.0659 5536 KSecPkg - ok
22:56:56.0679 5536 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:56:56.0736 5536 ksthunk - ok
22:56:56.0779 5536 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:56:56.0846 5536 KtmRm - ok
22:56:56.0903 5536 [ A4A9CA24E54E81C6C3E469EAEB4B3F42 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
22:56:56.0921 5536 L1C - ok
22:56:56.0943 5536 [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys
22:56:56.0965 5536 L1E - ok
22:56:57.0000 5536 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
22:56:57.0064 5536 LanmanServer - ok
22:56:57.0098 5536 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:56:57.0173 5536 LanmanWorkstation - ok
22:56:57.0234 5536 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:56:57.0322 5536 lltdio - ok
22:56:57.0382 5536 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:56:57.0446 5536 lltdsvc - ok
22:56:57.0476 5536 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:56:57.0532 5536 lmhosts - ok
22:56:57.0633 5536 [ 23DE5B62B0445A6F874BE633C95B483E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:56:57.0644 5536 LMS - ok
22:56:57.0704 5536 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:56:57.0716 5536 LSI_FC - ok
22:56:57.0728 5536 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:56:57.0740 5536 LSI_SAS - ok
22:56:57.0782 5536 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:56:57.0794 5536 LSI_SAS2 - ok
22:56:57.0811 5536 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:56:57.0823 5536 LSI_SCSI - ok
22:56:57.0839 5536 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:56:57.0889 5536 luafv - ok
22:56:57.0921 5536 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:56:57.0934 5536 Mcx2Svc - ok
22:56:57.0951 5536 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:56:57.0961 5536 megasas - ok
22:56:57.0983 5536 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:56:57.0999 5536 MegaSR - ok
22:56:58.0021 5536 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:56:58.0088 5536 MMCSS - ok
22:56:58.0107 5536 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:56:58.0197 5536 Modem - ok
22:56:58.0362 5536 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:56:58.0398 5536 monitor - ok
22:56:58.0442 5536 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:56:58.0451 5536 mouclass - ok
22:56:58.0530 5536 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:56:58.0576 5536 mouhid - ok
22:56:58.0619 5536 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:56:58.0642 5536 mountmgr - ok
22:56:58.0925 5536 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
22:56:58.0948 5536 MpFilter - ok
22:56:59.0008 5536 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
22:56:59.0032 5536 mpio - ok
22:56:59.0058 5536 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:56:59.0121 5536 mpsdrv - ok
22:56:59.0149 5536 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:56:59.0218 5536 MpsSvc - ok
22:56:59.0272 5536 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:56:59.0323 5536 MRxDAV - ok
22:56:59.0405 5536 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:56:59.0491 5536 mrxsmb - ok
22:56:59.0625 5536 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:56:59.0677 5536 mrxsmb10 - ok
22:56:59.0714 5536 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:56:59.0762 5536 mrxsmb20 - ok
22:56:59.0785 5536 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
22:56:59.0802 5536 msahci - ok
22:56:59.0820 5536 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
22:56:59.0833 5536 msdsm - ok
22:56:59.0851 5536 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:56:59.0913 5536 MSDTC - ok
22:56:59.0947 5536 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:57:00.0039 5536 Msfs - ok
22:57:00.0085 5536 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:57:00.0172 5536 mshidkmdf - ok
22:57:00.0189 5536 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
22:57:00.0201 5536 msisadrv - ok
22:57:00.0248 5536 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:57:00.0336 5536 MSiSCSI - ok
22:57:00.0340 5536 msiserver - ok
22:57:00.0390 5536 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:57:00.0454 5536 MSKSSRV - ok
22:57:00.0599 5536 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:57:00.0623 5536 MsMpSvc - ok
22:57:00.0681 5536 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:57:00.0750 5536 MSPCLOCK - ok
22:57:00.0769 5536 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:57:00.0866 5536 MSPQM - ok
22:57:00.0972 5536 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:57:00.0988 5536 MsRPC - ok
22:57:01.0023 5536 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:57:01.0032 5536 mssmbios - ok
22:57:01.0044 5536 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:57:01.0099 5536 MSTEE - ok
22:57:01.0121 5536 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:57:01.0155 5536 MTConfig - ok
22:57:01.0184 5536 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:57:01.0206 5536 Mup - ok
22:57:01.0253 5536 [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
22:57:01.0270 5536 mwlPSDFilter - ok
22:57:01.0276 5536 [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
22:57:01.0292 5536 mwlPSDNServ - ok
22:57:01.0309 5536 [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
22:57:01.0324 5536 mwlPSDVDisk - ok
22:57:01.0409 5536 [ 3E5E20817259F7328C8F3BE5421F35B9 ] MWLService C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
22:57:01.0433 5536 MWLService - ok
22:57:01.0469 5536 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
22:57:01.0558 5536 napagent - ok
22:57:01.0611 5536 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:57:01.0647 5536 NativeWifiP - ok
22:57:01.0701 5536 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
22:57:01.0756 5536 NDIS - ok
22:57:01.0801 5536 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:57:01.0869 5536 NdisCap - ok
22:57:01.0965 5536 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:57:02.0032 5536 NdisTapi - ok
22:57:02.0067 5536 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:57:02.0149 5536 Ndisuio - ok
22:57:02.0171 5536 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:57:02.0214 5536 NdisWan - ok
22:57:02.0256 5536 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:57:02.0340 5536 NDProxy - ok
22:57:02.0380 5536 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:57:02.0471 5536 NetBIOS - ok
22:57:02.0500 5536 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:57:02.0545 5536 NetBT - ok
22:57:02.0661 5536 [ 15DBD5483BE3BFCD44E63A5F1A6F250B ] NETGEARGenieDaemon C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
22:57:02.0747 5536 NETGEARGenieDaemon - ok
22:57:02.0762 5536 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
22:57:02.0775 5536 Netlogon - ok
22:57:02.0835 5536 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:57:02.0905 5536 Netman - ok
22:57:02.0914 5536 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:57:02.0980 5536 netprofm - ok
22:57:03.0009 5536 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:57:03.0027 5536 NetTcpPortSharing - ok
22:57:03.0075 5536 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:57:03.0097 5536 nfrd960 - ok
22:57:03.0162 5536 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:57:03.0189 5536 NisDrv - ok
22:57:03.0247 5536 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
22:57:03.0277 5536 NisSrv - ok
22:57:03.0325 5536 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:57:03.0412 5536 NlaSvc - ok
22:57:03.0453 5536 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\Windows\system32\drivers\NPF.sys
22:57:03.0467 5536 NPF - ok
22:57:03.0477 5536 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:57:03.0558 5536 Npfs - ok
22:57:03.0581 5536 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:57:03.0658 5536 nsi - ok
22:57:03.0677 5536 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:57:03.0745 5536 nsiproxy - ok
22:57:03.0811 5536 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:57:03.0907 5536 Ntfs - ok
22:57:03.0922 5536 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:57:04.0008 5536 Null - ok
22:57:04.0065 5536 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:57:04.0090 5536 nvraid - ok
22:57:04.0129 5536 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:57:04.0155 5536 nvstor - ok
22:57:04.0172 5536 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
22:57:04.0194 5536 nv_agp - ok
22:57:04.0213 5536 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
22:57:04.0233 5536 ohci1394 - ok
22:57:04.0339 5536 [ 447D71FFCEFAD01D6787422A6286A182 ] OpenVPNService C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
22:57:04.0394 5536 OpenVPNService ( UnsignedFile.Multi.Generic ) - warning
22:57:04.0395 5536 OpenVPNService - detected UnsignedFile.Multi.Generic (1)
22:57:04.0426 5536 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:57:04.0496 5536 p2pimsvc - ok
22:57:04.0526 5536 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:57:04.0563 5536 p2psvc - ok
22:57:04.0591 5536 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:57:04.0609 5536 Parport - ok
22:57:04.0640 5536 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:57:04.0656 5536 partmgr - ok
22:57:04.0676 5536 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:57:04.0703 5536 PcaSvc - ok
22:57:04.0722 5536 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
22:57:04.0741 5536 pci - ok
22:57:04.0759 5536 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
22:57:04.0773 5536 pciide - ok
22:57:04.0787 5536 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:57:04.0802 5536 pcmcia - ok
22:57:04.0815 5536 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:57:04.0826 5536 pcw - ok
22:57:04.0850 5536 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:57:04.0904 5536 PEAUTH - ok
22:57:05.0012 5536 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:57:05.0036 5536 PerfHost - ok
22:57:05.0151 5536 [ 09CA0E8C9AE1470DD8FC0440773A9238 ] PhoneMyPC_Helper C:\Program Files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe
22:57:05.0183 5536 PhoneMyPC_Helper ( UnsignedFile.Multi.Generic ) - warning
22:57:05.0183 5536 PhoneMyPC_Helper - detected UnsignedFile.Multi.Generic (1)
22:57:05.0223 5536 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
22:57:05.0332 5536 pla - ok
22:57:05.0381 5536 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:57:05.0452 5536 PlugPlay - ok
22:57:05.0493 5536 PnkBstrA - ok
22:57:05.0510 5536 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:57:05.0551 5536 PNRPAutoReg - ok
22:57:05.0582 5536 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:57:05.0606 5536 PNRPsvc - ok
22:57:05.0647 5536 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:57:05.0740 5536 PolicyAgent - ok
22:57:05.0785 5536 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:57:05.0859 5536 Power - ok
22:57:05.0909 5536 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:57:05.0990 5536 PptpMiniport - ok
22:57:06.0022 5536 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:57:06.0038 5536 Processor - ok
22:57:06.0077 5536 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
22:57:06.0112 5536 ProfSvc - ok
22:57:06.0128 5536 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:57:06.0146 5536 ProtectedStorage - ok
22:57:06.0191 5536 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:57:06.0276 5536 Psched - ok
22:57:06.0346 5536 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:57:06.0429 5536 ql2300 - ok
22:57:06.0453 5536 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:57:06.0468 5536 ql40xx - ok
22:57:06.0507 5536 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:57:06.0531 5536 QWAVE - ok
22:57:06.0543 5536 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:57:06.0564 5536 QWAVEdrv - ok
22:57:06.0585 5536 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:57:06.0630 5536 RasAcd - ok
22:57:06.0683 5536 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:57:06.0767 5536 RasAgileVpn - ok
22:57:06.0805 5536 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:57:06.0848 5536 RasAuto - ok
22:57:06.0864 5536 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:57:06.0920 5536 Rasl2tp - ok
22:57:06.0992 5536 [ DB71D159446014C302FA59531BE2C4B7 ] RasMan C:\Windows\System32\rasmans.dll
22:57:07.0029 5536 RasMan - ok
22:57:07.0074 5536 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:57:07.0160 5536 RasPppoe - ok
22:57:07.0187 5536 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:57:07.0249 5536 RasSstp - ok
22:57:07.0286 5536 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:57:07.0346 5536 rdbss - ok
22:57:07.0362 5536 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:57:07.0382 5536 rdpbus - ok
22:57:07.0414 5536 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:57:07.0493 5536 RDPCDD - ok
22:57:07.0507 5536 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:57:07.0571 5536 RDPENCDD - ok
22:57:07.0599 5536 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:57:07.0662 5536 RDPREFMP - ok
22:57:07.0704 5536 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:57:07.0762 5536 RDPWD - ok
22:57:07.0801 5536 [ E5DC9BA9E439D6DBDD79F8CAACB5BF01 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:57:07.0827 5536 rdyboost - ok
22:57:07.0858 5536 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:57:07.0925 5536 RemoteAccess - ok
22:57:07.0978 5536 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:57:08.0067 5536 RemoteRegistry - ok
22:57:08.0122 5536 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
22:57:08.0175 5536 RFCOMM - ok
22:57:08.0201 5536 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:57:08.0288 5536 RpcEptMapper - ok
22:57:08.0317 5536 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:57:08.0352 5536 RpcLocator - ok
22:57:08.0389 5536 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
22:57:08.0459 5536 RpcSs - ok
22:57:08.0470 5536 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:57:08.0534 5536 rspndr - ok
22:57:08.0550 5536 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
22:57:08.0564 5536 SamSs - ok
22:57:08.0579 5536 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
22:57:08.0595 5536 sbp2port - ok
22:57:08.0733 5536 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
22:57:08.0778 5536 SBSDWSCService - ok
22:57:08.0809 5536 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:57:08.0887 5536 SCardSvr - ok
22:57:08.0905 5536 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:57:08.0944 5536 scfilter - ok
22:57:08.0981 5536 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
22:57:09.0040 5536 Schedule - ok
22:57:09.0065 5536 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:57:09.0123 5536 SCPolicySvc - ok
22:57:09.0129 5536 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:57:09.0166 5536 SDRSVC - ok
22:57:09.0203 5536 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:57:09.0289 5536 secdrv - ok
22:57:09.0310 5536 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
22:57:09.0358 5536 seclogon - ok
22:57:09.0398 5536 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
22:57:09.0457 5536 SENS - ok
22:57:09.0462 5536 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:57:09.0511 5536 SensrSvc - ok
22:57:09.0528 5536 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:57:09.0558 5536 Serenum - ok
22:57:09.0585 5536 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:57:09.0631 5536 Serial - ok
22:57:09.0678 5536 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:57:09.0698 5536 sermouse - ok
22:57:09.0722 5536 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
22:57:09.0775 5536 SessionEnv - ok
22:57:09.0802 5536 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
22:57:09.0824 5536 sffdisk - ok
22:57:09.0835 5536 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:57:09.0849 5536 sffp_mmc - ok
22:57:09.0864 5536 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
22:57:09.0880 5536 sffp_sd - ok
22:57:09.0892 5536 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:57:09.0907 5536 sfloppy - ok
22:57:09.0952 5536 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:57:10.0027 5536 SharedAccess - ok
22:57:10.0051 5536 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:57:10.0091 5536 ShellHWDetection - ok
22:57:10.0116 5536 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:57:10.0129 5536 SiSRaid2 - ok
22:57:10.0135 5536 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:57:10.0149 5536 SiSRaid4 - ok
22:57:10.0227 5536 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:57:10.0246 5536 SkypeUpdate - ok
22:57:10.0290 5536 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:57:10.0351 5536 Smb - ok
22:57:10.0385 5536 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:57:10.0420 5536 SNMPTRAP - ok
22:57:10.0445 5536 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:57:10.0460 5536 spldr - ok
22:57:10.0498 5536 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
22:57:10.0562 5536 Spooler - ok
22:57:10.0644 5536 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
22:57:10.0738 5536 sppsvc - ok
22:57:10.0763 5536 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:57:10.0855 5536 sppuinotify - ok
22:57:10.0897 5536 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:57:10.0931 5536 srv - ok
22:57:10.0957 5536 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:57:11.0002 5536 srv2 - ok
22:57:11.0041 5536 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:57:11.0060 5536 srvnet - ok
22:57:11.0108 5536 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:57:11.0176 5536 SSDPSRV - ok
22:57:11.0203 5536 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:57:11.0273 5536 SstpSvc - ok
22:57:11.0359 5536 Steam Client Service - ok
22:57:11.0386 5536 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:57:11.0405 5536 stexstor - ok
22:57:11.0444 5536 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
22:57:11.0506 5536 stisvc - ok
22:57:11.0533 5536 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:57:11.0549 5536 swenum - ok
22:57:11.0570 5536 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:57:11.0637 5536 swprv - ok
22:57:11.0695 5536 [ ED6D1424E5B0C21A57B28DD8508D6843 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
22:57:11.0720 5536 SynTP - ok
22:57:11.0763 5536 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
22:57:11.0839 5536 SysMain - ok
22:57:11.0860 5536 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:57:11.0894 5536 TabletInputService - ok
22:57:11.0946 5536 [ 3B73C849B41FB20D77B0E553214061A5 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
22:57:12.0003 5536 tap0901 - ok
22:57:12.0015 5536 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
22:57:12.0083 5536 TapiSrv - ok
22:57:12.0125 5536 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:57:12.0169 5536 TBS - ok
22:57:12.0273 5536 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:57:12.0379 5536 Tcpip - ok
22:57:12.0447 5536 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:57:12.0525 5536 TCPIP6 - ok
22:57:12.0553 5536 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:57:12.0643 5536 tcpipreg - ok
22:57:12.0669 5536 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:57:12.0692 5536 TDPIPE - ok
22:57:12.0729 5536 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:57:12.0786 5536 TDTCP - ok
22:57:12.0812 5536 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:57:12.0873 5536 tdx - ok
22:57:12.0894 5536 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:57:12.0907 5536 TermDD - ok
22:57:12.0921 5536 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
22:57:13.0012 5536 TermService - ok
22:57:13.0043 5536 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:57:13.0075 5536 Themes - ok
22:57:13.0097 5536 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:57:13.0158 5536 THREADORDER - ok
22:57:13.0174 5536 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:57:13.0214 5536 TrkWks - ok
22:57:13.0272 5536 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:57:13.0299 5536 TrustedInstaller - ok
22:57:13.0316 5536 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:57:13.0365 5536 tssecsrv - ok
22:57:13.0410 5536 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:57:13.0472 5536 tunnel - ok
22:57:13.0493 5536 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:57:13.0508 5536 uagp35 - ok
22:57:13.0534 5536 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:57:13.0586 5536 udfs - ok
22:57:13.0606 5536 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:57:13.0650 5536 UI0Detect - ok
22:57:13.0674 5536 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
22:57:13.0692 5536 uliagpkx - ok
22:57:13.0723 5536 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:57:13.0744 5536 umbus - ok
22:57:13.0779 5536 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:57:13.0801 5536 UmPass - ok
22:57:13.0965 5536 [ CC3775100ABA633984F73DFAE1F55CAE ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:57:14.0037 5536 UNS - ok
22:57:14.0110 5536 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
22:57:14.0132 5536 Updater Service - ok
22:57:14.0155 5536 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:57:14.0229 5536 upnphost - ok
22:57:14.0261 5536 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:57:14.0293 5536 usbccgp - ok
22:57:14.0312 5536 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
22:57:14.0355 5536 usbcir - ok
22:57:14.0383 5536 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\drivers\usbehci.sys
22:57:14.0418 5536 usbehci - ok
22:57:14.0460 5536 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:57:14.0486 5536 usbhub - ok
22:57:14.0528 5536 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:57:14.0573 5536 usbohci - ok
22:57:14.0598 5536 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:57:14.0650 5536 usbprint - ok
22:57:14.0689 5536 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:57:14.0741 5536 USBSTOR - ok
22:57:14.0760 5536 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:57:14.0792 5536 usbuhci - ok
22:57:14.0839 5536 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
22:57:14.0864 5536 usbvideo - ok
22:57:14.0882 5536 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:57:14.0926 5536 UxSms - ok
22:57:14.0939 5536 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
22:57:14.0951 5536 VaultSvc - ok
22:57:14.0989 5536 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
22:57:15.0000 5536 vdrvroot - ok
22:57:15.0025 5536 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
22:57:15.0047 5536 vds - ok
22:57:15.0067 5536 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:57:15.0091 5536 vga - ok
22:57:15.0113 5536 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:57:15.0199 5536 VgaSave - ok
22:57:15.0227 5536 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
22:57:15.0244 5536 vhdmp - ok
22:57:15.0259 5536 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
22:57:15.0269 5536 viaide - ok
22:57:15.0283 5536 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
22:57:15.0295 5536 volmgr - ok
22:57:15.0308 5536 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:57:15.0326 5536 volmgrx - ok
22:57:15.0366 5536 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:57:15.0423 5536 volsnap - ok
22:57:15.0464 5536 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:57:15.0490 5536 vsmraid - ok
22:57:15.0538 5536 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
22:57:15.0639 5536 VSS - ok
22:57:15.0663 5536 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:57:15.0686 5536 vwifibus - ok
22:57:15.0701 5536 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:57:15.0753 5536 vwififlt - ok
22:57:15.0787 5536 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:57:15.0831 5536 vwifimp - ok
22:57:15.0862 5536 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:57:15.0933 5536 W32Time - ok
22:57:15.0952 5536 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:57:15.0985 5536 WacomPen - ok
22:57:16.0010 5536 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:57:16.0073 5536 WANARP - ok
22:57:16.0086 5536 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:57:16.0138 5536 Wanarpv6 - ok
22:57:16.0234 5536 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:57:16.0305 5536 WatAdminSvc - ok
22:57:16.0344 5536 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
22:57:16.0404 5536 wbengine - ok
22:57:16.0419 5536 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:57:16.0442 5536 WbioSrvc - ok
22:57:16.0491 5536 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:57:16.0537 5536 wcncsvc - ok
22:57:16.0553 5536 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:57:16.0586 5536 WcsPlugInService - ok
22:57:16.0608 5536 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:57:16.0626 5536 Wd - ok
22:57:16.0682 5536 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:57:16.0730 5536 Wdf01000 - ok
22:57:16.0746 5536 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:57:16.0798 5536 WdiServiceHost - ok
22:57:16.0803 5536 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:57:16.0834 5536 WdiSystemHost - ok
22:57:16.0872 5536 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
22:57:16.0919 5536 WebClient - ok
22:57:16.0942 5536 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:57:17.0020 5536 Wecsvc - ok
22:57:17.0042 5536 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:57:17.0122 5536 wercplsupport - ok
22:57:17.0158 5536 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:57:17.0204 5536 WerSvc - ok
22:57:17.0246 5536 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:57:17.0334 5536 WfpLwf - ok
22:57:17.0352 5536 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:57:17.0363 5536 WIMMount - ok
22:57:17.0384 5536 WinDefend - ok
22:57:17.0389 5536 WinHttpAutoProxySvc - ok
22:57:17.0450 5536 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:57:17.0516 5536 Winmgmt - ok
22:57:17.0568 5536 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
22:57:17.0687 5536 WinRM - ok
22:57:17.0760 5536 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:57:17.0789 5536 WinUsb - ok
22:57:17.0828 5536 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:57:17.0876 5536 Wlansvc - ok
22:57:18.0021 5536 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:57:18.0079 5536 wlidsvc - ok
22:57:18.0095 5536 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:57:18.0107 5536 WmiAcpi - ok
22:57:18.0128 5536 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:57:18.0159 5536 wmiApSrv - ok
22:57:18.0201 5536 WMPNetworkSvc - ok
22:57:18.0217 5536 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:57:18.0243 5536 WPCSvc - ok
22:57:18.0259 5536 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:57:18.0301 5536 WPDBusEnum - ok
22:57:18.0323 5536 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:57:18.0407 5536 ws2ifsl - ok
22:57:18.0447 5536 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll
22:57:18.0470 5536 wscsvc - ok
22:57:18.0474 5536 WSearch - ok
22:57:18.0559 5536 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:57:18.0624 5536 wuauserv - ok
22:57:18.0668 5536 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:57:18.0717 5536 WudfPf - ok
22:57:18.0781 5536 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:57:18.0805 5536 WUDFRd - ok
22:57:18.0846 5536 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:57:18.0869 5536 wudfsvc - ok
22:57:18.0889 5536 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:57:18.0927 5536 WwanSvc - ok
22:57:18.0970 5536 ================ Scan global ===============================
22:57:18.0994 5536 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:57:19.0035 5536 [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\Windows\system32\winsrv.dll
22:57:19.0045 5536 [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\Windows\system32\winsrv.dll
22:57:19.0080 5536 [ D6160F9D869BA
 
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Hi David,

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool(For Vista or Windows 7, right-click and select Run as Administrator to start)
  • Click delete
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt

Download Malwarebytes Anti-Rootkit from here to your Desktop
  • Unzip the contents to a folder on your Desktop.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
  • After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
  • When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)
 
A

asdfdav

New Member
Thread author
Verified
Dec 27, 2012
19
Thank you.

Attached are the logs. When running mbar it did not prompt me for any cleanup, but I did reboot and scan one more time.

Does this mean I'm in the clean now? the folder program data is still in c: however, which as far as I understood, is a part of the malware.

Thank you!
 

Attachments

  • AdwCleaner[S1].txt
    4.2 KB · Views: 95
  • mbar-log-2013-01-06 (10-57-51).txt
    1.8 KB · Views: 95
  • mbar-log-2013-01-06 (11-11-26).txt
    1.8 KB · Views: 94
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Hi,

Can you go to C:\Qoobox\, locate the quarantine folder and see if there's anything inside? If so, can you type out the names of those files?

DO NOT delete your ProgramData folder, it is a Windows folder that contains important files for your programs. Whoever suggested you to delete that folder is insane or was trolling you.

How is your PC running?
 
A

asdfdav

New Member
Thread author
Verified
Dec 27, 2012
19
Hi,

In Qoobox there are a few files/dirs:

File called: catchme.txt

Directory called: C\Windows\SysWOW64
With two files: Packet.dll.vir & wpcap.dll.vir

Directory called: Registry_backups
With three files: Legacy_NPF.reg.dat, Service_NPF.reg.dat and Tcpip (registry entry)

Ok, back when it first started looking into this i might have missunderstood someone. I did delete the complete folder but a few files which windows did not let me delete. However, the computer is running OK now, no real issues at the moment.
 
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Hi,

Ok, it seems that Combofix did remove some malware even though it wasn't able to product a log. Let's do one last scan and if nothing shows up, we will cleanup. Don't be alarmed if ESET finds multiple threats, most/all of them are likely already quarantined.

Run Eset NOD32 Online AntiVirus

Note: You will need to use Internet Explorer for this scan.
Vista / 7 users: You will need to to right-click on the Internet Explorer icon and select Run as Administrator
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Un-checked, and the following Advance Settings are Checked
    • Scan unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your antivirus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
 
A

asdfdav

New Member
Thread author
Verified
Dec 27, 2012
19
Hi,

Ran the scan - seems a bit too good to be true - no threats?
 

Attachments

  • log.txt
    696 bytes · Views: 96
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Hi,

It seems that your PC is now clean! Unless you are currently experiencing any other issues, we can clean up.

Double click on OTL to run it
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes
  • This will remove itself and other tools we may have used.

Should you wish to receive feedback and recommendation on your security setup, post a thread here. Our community will gladly assist you in setting up the best possible defense against future malware infections.
 
A

asdfdav

New Member
Thread author
Verified
Dec 27, 2012
19
Thank you - I'll run the cleanup. However, there's still two things that are not working properly for me - I totally forgot. The first one I think it has something to do when I deleted the appdata folder and then performed the system restore point. This partially fixed the original pop-up problem of the malware, but did not cure it completely. However, still when I boot up I get a pop up from 'shredder'. (illustrated in the attached)

Also, when trying to enable the correct Windows Defender, I am unable for some reason. I try to enable it in the action center, but it just flickers between off and not updated. (also in the attached)

Do you have any advise please?
 

Attachments

  • shredder.doc
    102.5 KB · Views: 375
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Hi,

Is it possible to reinstall Shredder? Uninstall and install it again since that sounds like an installation issue.

As for Windows Defender, using Microsoft Security Essential automatically disables Windows Defender so nothing to worry about there.
 
A

asdfdav

New Member
Thread author
Verified
Dec 27, 2012
19
Thank you Fiery. I just uninstalled spybot S&D which was the program shredder came with. Also, thanks for letting me know regarding win defender - then its all OK I suppose! I ran the OTL cleanup - no problem at all.

Many thanks for you prompt help on my malware problems! Greatly appreciated.
 
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Your welcome :D

Now that your PC is clean, I recommend you to create a new System Restore point then purge the old ones after.

For XP
How to create a Restore Point in XP
Delete all restore points except the most recent one

For Vista
Create a restore point
Delete all but the most recent restore point

For Windows 7
Create a restore point
Delete all but the most recent restore point - Click the Delete all but the most recent restore point link



Keep your system updated
  • Keeping your programs (especially Adobe and Java products) updated is essential. Update Checker will notify you if any of your programs require an update.
  • Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office product bugs and vulnerabilities.
  • Please ensure you update your system regularly and have automatic updates on. You can learn how to turn Automatic Updates on here

I also recommend you to switch your antivirus program to a better one. Here are some suggestions:

In addition to your antivirus, you need additional protection such as a firewall and behavioural blocker.


Here are only a few suggestions that will improve your system security. Should you wish to allow us to make full recommendations and set your PC up with maximum security, please start a thread here. Our community of PC enthusiasts and experts will give you feedback and help you secure your system from future malware infections.

Internet Explorer may be the most popular browser but it's definitely not the most secure browser. Consider using other browsers with addition add-ons to safeguard your system while browsing the internet.

Firefox is a more secure, faster browser than Internet Explorer. Firefox contains less vulnerabilities, reducing the risk of drive-by downloads. In addition, you can add the following add-ons to increase security.
  • KeyScramber - Encrypts your keystrokes to protect you against keyloggers that steals personal & banking information
  • AdBlock - Disable/blocks advertisements on websites so you won't accidentally click on a malicious ad.
  • NoScript - Disables Flash & Java contents to avoid exploits or drive-by attacks
  • Web of Trust - Shows the website rating by other users and blocks dangerous and poor-rated sites

Google Chrome is another good browser that is faster and more secure than Internet Explorer by having a sandbox feature. Additionally, you can add the following add-on to Chrome to heighten security.

Lastly, it is important to perform system maintenance on a regular basis. Here are a few tools and on-demand scanners that you should keep & use every 1-2 weeks to keep your system healthy.

Other than that, stay safe out there! If you have any other questions or concerns, feel free to ask :)
 

Similar threads

skeptfusky
  • Locked
Still having the Boyu problem despite doing the instructions provided ready.
Replies
10
Views
760
Windows Malware Removal Help & Support
nasdaq
nasdaq
hunainkonan
  • Locked
nslookup.exe high ram usage (windows 11)
Replies
4
Views
485
Windows Malware Removal Help & Support
nasdaq
nasdaq
NooX
    • Like
  • Locked
Unsigned WinTab32.dll in \System32
Replies
3
Views
223
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top