Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Search hijack/ bogged down Comp


(!)

jmkxtwo's Avatar
jmkxtwo jmkxtwo is offline
Member with 101 posts.
THREAD STARTER
 
Join Date: Aug 2003
11-Aug-2012, 02:29 AM #1
Search hijack/ bogged down Comp
I have been having issues with my computer, it started with a series of restarts that seemed to stem from Microsoft security essentials having issues. I did some scans and wound up restoring my computer to a previous set point but soon after I was having redirection issues. I also noticed in my task manager that I had several servhost.exe taking up large amounts of resources. I will attached the required logs and also some screen shots of some of the issues.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
jmkxtwo's Avatar
jmkxtwo jmkxtwo is offline
Member with 101 posts.
THREAD STARTER
 
Join Date: Aug 2003
15-Aug-2012, 07:52 PM #2
Any help or ideas on this, or should I just mechanically agitate it into submission?
Mark1956's Avatar
Malware Removal Specialist with 13,961 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
18-Aug-2012, 09:31 AM #3
Hi Jmkxtwo, my name is Mark and I will be helping you.

Please run the following scan and post the log.

Download RogueKiller (by tigzy) and save direct to your Desktop.
On the web page click on this:
  • Quit all running programs
  • Start RogueKiller.exe
  • Wait until Prescan has finished.
  • Ensure all boxes are ticked under "Report" tab.
  • Click on Scan.
  • Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
  • NOTE: DO NOT attempt to remove anything that the scan detects.
Mark1956's Avatar
Malware Removal Specialist with 13,961 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
20-Aug-2012, 01:29 AM #4
It is highly likely that you have the ZeroAccess rootkit infection, the help is here if you need it.

Please respond in the next day or two or I will have to mark this thread as Solved.
Mark1956's Avatar
Malware Removal Specialist with 13,961 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
21-Aug-2012, 05:00 PM #5
Still no reply so I am marking this thread as Solved.

Please feel free to post back if you wish to proceed.
jmkxtwo's Avatar
jmkxtwo jmkxtwo is offline
Member with 101 posts.
THREAD STARTER
 
Join Date: Aug 2003
10-Sep-2012, 03:52 PM #6
Sorry, I gave up on this thread, I just checked back today, if possible I will run suggested scan and report back.
jmkxtwo's Avatar
jmkxtwo jmkxtwo is offline
Member with 101 posts.
THREAD STARTER
 
Join Date: Aug 2003
10-Sep-2012, 04:12 PM #7
I tried to run Rogue Killer, but as It was loading/scanning when it said "loading drivers" I got the magical blue screen. I have included pictures
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
jmkxtwo's Avatar
jmkxtwo jmkxtwo is offline
Member with 101 posts.
THREAD STARTER
 
Join Date: Aug 2003
10-Sep-2012, 04:13 PM #8
Upsidedown pictures, awesome.
Mark1956's Avatar
Malware Removal Specialist with 13,961 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
10-Sep-2012, 05:10 PM #9
Why did you give up??

If you are serious about cleaning this machine I will help you all the way, but if you are not prepared to put the time in and follow my guidance then you would be better off running a format and re-install, it's your choice.

The PC appears to have a fairly severe infection, not many infections cause BSOD's and I've not come across a case before where RogueKiller has trigered one, first time for everything, but it could also be a hardware fault contributing to the problem.

Please run this tool below first and then follow it with another attempt at running RogueKiller, when RogueKiller completes it's full scan (if it gets that far) hit the Delete button and then when it finishes click on the Report button and post the log. Follow that with a reboot and let me know if there has been any improvement.

Please download RKill by Grinler and save it to your desktop.
Link 2
Link 3
Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.

If RKill completes its scan DO NOT reboot the PC before you have run RogueKiller.
jmkxtwo's Avatar
jmkxtwo jmkxtwo is offline
Member with 101 posts.
THREAD STARTER
 
Join Date: Aug 2003
10-Sep-2012, 06:10 PM #10
Ok ran the Rkill scan

Rkill 2.3.11 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/10/2012 03:03:27 PM in x86 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/10/2012 03:03:30 PM
Execution time: 0 hours(s), 0 minute(s), and 2 seconds(s)


Then tried running Rogue again with same results.
Mark1956's Avatar
Malware Removal Specialist with 13,961 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
10-Sep-2012, 06:35 PM #11
Ok, please boot into Safe mode by tapping the F8 key as soon as you switch on, use the arrow keys to select Safe Mode from the boot menu and hit the Enter key.

Then see if RogueKiller will run without a crash (no need to run RKill again as it failed to find anything).

If that does not work then please run a Full system scan with Malwarebytes and select everything it finds for deletion and post the log. If it crashes again try it in Safe Mode.

Last edited by Mark1956; 10-Sep-2012 at 07:01 PM..
Mark1956's Avatar
Malware Removal Specialist with 13,961 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
10-Sep-2012, 07:00 PM #12
As it is getting late in the night here I just wanted to leave you with this. If none of the above produce any results due to continued crashing please run the scan below in Normal Mode and again if it fails try it in Safe Mode. I'll be back in the morning GMT +1Hour.

Please follow the instructions exactly as written, deviating from the instructions and trying to fix anything before I have seen the logs may make your PC unbootable. If TDSSKiller does not offer the Cure option DO NOT select delete as you may remove files needed for the system to operate.
Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!
-- The tool is frequently updated...if you used TDSSKiller before, delete that version and download the most current one before using again.
Be sure to print out and follow the instructions for performing a scan.
  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop.
  • Alternatively, you can download TDSSKiller.exe and use that instead.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If an update is available, TDSSKiller will prompt you to update and download the most current version. Click Load Update. Close TDSSKiller and start again.
  • When the program opens, click the Change parameters.

  • Under "Additional options", check the boxes next to Verify file digital signatures and Detect TDLFS file system, then click OK.

  • Click the Start Scan button.

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If 'Suspicious objects' are detected, the default action will be Skip. Leave the default set to Skip and click on Continue.
  • If Malicious objects are detected, they will show in the Scan results - Select action for found objects and offer three options.

  • Ensure Cure is selected...then click Continue -> Reboot computer for cure completion.

  • Important! -> If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed. If you choose Delete you may remove critical system files and make your PC unstable or possibly unbootable.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C: ).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it to something else before beginning the download and saving to the computer or to perform the scan in "safe mode".
jmkxtwo's Avatar
jmkxtwo jmkxtwo is offline
Member with 101 posts.
THREAD STARTER
 
Join Date: Aug 2003
10-Sep-2012, 07:03 PM #13
When I ran the Rouge Killer in safe mode the <reports> box was unclickable, but the program ran and there was a debug txt i will attach.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Mark1956's Avatar
Malware Removal Specialist with 13,961 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
11-Sep-2012, 04:42 AM #14
When you ran DDS it should have saved a file called Attach.txt to your desktop, please attach that to your next post.

Ok, the debug log hasn't told me much only that it ran to completion, but no sign in that log if it actually found anything. Did you try and run Malwarebytes as I suggested?

Please now try to run TDSSKiller in Normal Mode.

If that fails then run this first (in Normal Mode) and try again.

Download Yorkyt.exe and save to your Desktop.
Double click the Yorkyt.exe to run it, Vista or Windows 7 user right click and "Run as Administrator"

Select Yes to restart at the prompt.

Let it restart again when prompted.

Be patient as the tool is working after the 2nd reboot.

Attach the Yorkyt.exe.log to your next message (it should be on your desktop)

Last edited by Mark1956; 11-Sep-2012 at 05:24 AM..
jmkxtwo's Avatar
jmkxtwo jmkxtwo is offline
Member with 101 posts.
THREAD STARTER
 
Join Date: Aug 2003
11-Sep-2012, 10:50 AM #15
07:41:30.0748 3608 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
07:41:31.0216 3608 ============================================================
07:41:31.0216 3608 Current date / time: 2012/09/11 07:41:31.0216
07:41:31.0216 3608 SystemInfo:
07:41:31.0216 3608
07:41:31.0216 3608 OS Version: 6.1.7601 ServicePack: 1.0
07:41:31.0216 3608 Product type: Workstation
07:41:31.0216 3608 ComputerName: JOSHSCOMP-PC
07:41:31.0216 3608 UserName: Josh's Comp
07:41:31.0216 3608 Windows directory: C:\Windows
07:41:31.0216 3608 System windows directory: C:\Windows
07:41:31.0216 3608 Processor architecture: Intel x86
07:41:31.0216 3608 Number of processors: 2
07:41:31.0216 3608 Page size: 0x1000
07:41:31.0216 3608 Boot type: Safe boot with network
07:41:31.0216 3608 ============================================================
07:41:31.0638 3608 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:41:31.0654 3608 ============================================================
07:41:31.0654 3608 \Device\Harddisk0\DR0:
07:41:31.0654 3608 MBR partitions:
07:41:31.0654 3608 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x25419CBD
07:41:31.0654 3608 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x6, StartLBA 0x25419CFC, BlocksNum 0xBC43
07:41:31.0654 3608 ============================================================
07:41:31.0716 3608 C: <-> \Device\Harddisk0\DR0\Partition1
07:41:31.0716 3608 ============================================================
07:41:31.0716 3608 Initialize success
07:41:31.0716 3608 ============================================================
07:42:19.0564 2880 ============================================================
07:42:19.0564 2880 Scan started
07:42:19.0564 2880 Mode: Manual; SigCheck; TDLFS;
07:42:19.0564 2880 ============================================================
07:42:20.0330 2880 ================ Scan system memory ========================
07:42:20.0330 2880 System memory - ok
07:42:20.0330 2880 ================ Scan services =============================
07:42:20.0548 2880 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
07:42:20.0642 2880 1394ohci - ok
07:42:20.0705 2880 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
07:42:20.0720 2880 ACPI - ok
07:42:20.0783 2880 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
07:42:20.0861 2880 AcpiPmi - ok
07:42:21.0017 2880 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
07:42:21.0033 2880 AdobeARMservice - ok
07:42:21.0173 2880 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:42:21.0189 2880 AdobeFlashPlayerUpdateSvc - ok
07:42:21.0267 2880 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
07:42:21.0283 2880 adp94xx - ok
07:42:21.0330 2880 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
07:42:21.0345 2880 adpahci - ok
07:42:21.0392 2880 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
07:42:21.0408 2880 adpu320 - ok
07:42:21.0455 2880 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
07:42:21.0486 2880 AeLookupSvc - ok
07:42:21.0548 2880 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
07:42:21.0595 2880 AFD - ok
07:42:21.0642 2880 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
07:42:21.0658 2880 agp440 - ok
07:42:21.0767 2880 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
07:42:21.0783 2880 aic78xx - ok
07:42:21.0830 2880 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
07:42:21.0861 2880 ALG - ok
07:42:21.0939 2880 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
07:42:21.0939 2880 aliide - ok
07:42:22.0001 2880 [ ACD2F2DF292B6CC28F58095BBA63A068 ] Alpham1 C:\Windows\system32\DRIVERS\Alpham1.sys
07:42:22.0033 2880 Alpham1 - ok
07:42:22.0048 2880 [ F4FAFB2E74B83A156408B1B02302799E ] Alpham2 C:\Windows\system32\DRIVERS\Alpham2.sys
07:42:22.0080 2880 Alpham2 - ok
07:42:22.0126 2880 [ F9756A98D69098DCA8945D62858A812C ] amacpi C:\Windows\system32\DRIVERS\null.sys
07:42:22.0220 2880 amacpi - ok
07:42:22.0236 2880 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
07:42:22.0251 2880 amdagp - ok
07:42:22.0314 2880 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
07:42:22.0330 2880 amdide - ok
07:42:22.0392 2880 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
07:42:22.0439 2880 AmdK8 - ok
07:42:22.0486 2880 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
07:42:22.0501 2880 AmdPPM - ok
07:42:22.0548 2880 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
07:42:22.0564 2880 amdsata - ok
07:42:22.0658 2880 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
07:42:22.0673 2880 amdsbs - ok
07:42:22.0705 2880 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
07:42:22.0720 2880 amdxata - ok
07:42:22.0798 2880 [ 40C279A23BD43553BFBA6E88A9B38AE2 ] AnyDVD C:\Windows\system32\Drivers\AnyDVD.sys
07:42:22.0814 2880 AnyDVD - ok
07:42:22.0923 2880 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
07:42:22.0970 2880 AppID - ok
07:42:23.0001 2880 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
07:42:23.0048 2880 AppIDSvc - ok
07:42:23.0111 2880 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
07:42:23.0158 2880 Appinfo - ok
07:42:23.0298 2880 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:42:23.0298 2880 Apple Mobile Device - ok
07:42:23.0345 2880 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
07:42:23.0361 2880 arc - ok
07:42:23.0392 2880 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
07:42:23.0392 2880 arcsas - ok
07:42:23.0470 2880 [ 39CDCB109BF200CC8A05B9C7E6272D11 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
07:42:23.0486 2880 aspnet_state - ok
07:42:23.0517 2880 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
07:42:23.0564 2880 AsyncMac - ok
07:42:23.0611 2880 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
07:42:23.0626 2880 atapi - ok
07:42:23.0673 2880 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:42:23.0736 2880 AudioEndpointBuilder - ok
07:42:23.0751 2880 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
07:42:23.0783 2880 Audiosrv - ok
07:42:23.0845 2880 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
07:42:23.0892 2880 AxInstSV - ok
07:42:23.0939 2880 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
07:42:23.0970 2880 b06bdrv - ok
07:42:24.0017 2880 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
07:42:24.0017 2880 b57nd60x - ok
07:42:24.0048 2880 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
07:42:24.0095 2880 BDESVC - ok
07:42:24.0126 2880 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
07:42:24.0173 2880 Beep - ok
07:42:24.0236 2880 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
07:42:24.0298 2880 BFE - ok
07:42:24.0345 2880 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
07:42:24.0455 2880 BITS - ok
07:42:24.0470 2880 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
07:42:24.0501 2880 blbdrive - ok
07:42:24.0595 2880 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
07:42:24.0626 2880 Bonjour Service - ok
07:42:24.0658 2880 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
07:42:24.0689 2880 bowser - ok
07:42:24.0705 2880 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:42:24.0783 2880 BrFiltLo - ok
07:42:24.0798 2880 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:42:24.0861 2880 BrFiltUp - ok
07:42:24.0908 2880 [ 6E11F33D14D020F58D5E02E4D67DFA19 ] Browser C:\Windows\System32\browser.dll
07:42:24.0955 2880 Browser - ok
07:42:24.0986 2880 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
07:42:25.0017 2880 Brserid - ok
07:42:25.0033 2880 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
07:42:25.0080 2880 BrSerWdm - ok
07:42:25.0095 2880 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
07:42:25.0126 2880 BrUsbMdm - ok
07:42:25.0142 2880 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
07:42:25.0173 2880 BrUsbSer - ok
07:42:25.0205 2880 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
07:42:25.0236 2880 BTHMODEM - ok
07:42:25.0283 2880 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
07:42:25.0330 2880 bthserv - ok
07:42:25.0361 2880 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
07:42:25.0408 2880 cdfs - ok
07:42:25.0486 2880 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
07:42:25.0517 2880 cdrom - ok
07:42:25.0564 2880 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
07:42:25.0595 2880 CertPropSvc - ok
07:42:25.0626 2880 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
07:42:25.0642 2880 circlass - ok
07:42:25.0673 2880 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
07:42:25.0705 2880 CLFS - ok
07:42:25.0720 2880 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:42:25.0751 2880 clr_optimization_v2.0.50727_32 - ok
07:42:25.0845 2880 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:42:25.0908 2880 clr_optimization_v4.0.30319_32 - ok
07:42:25.0923 2880 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
07:42:25.0955 2880 CmBatt - ok
07:42:25.0986 2880 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
07:42:26.0001 2880 cmdide - ok
07:42:26.0064 2880 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
07:42:26.0095 2880 CNG - ok
07:42:26.0111 2880 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
07:42:26.0111 2880 Compbatt - ok
07:42:26.0173 2880 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
07:42:26.0205 2880 CompositeBus - ok
07:42:26.0220 2880 COMSysApp - ok
07:42:26.0236 2880 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
07:42:26.0251 2880 crcdisk - ok
07:42:26.0314 2880 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
07:42:26.0361 2880 CryptSvc - ok
07:42:26.0423 2880 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
07:42:26.0486 2880 DcomLaunch - ok
07:42:26.0517 2880 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
07:42:26.0564 2880 defragsvc - ok
07:42:26.0595 2880 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
07:42:26.0642 2880 DfsC - ok
07:42:26.0720 2880 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
07:42:26.0767 2880 Dhcp - ok
07:42:26.0798 2880 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
07:42:26.0845 2880 discache - ok
07:42:26.0892 2880 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
07:42:26.0908 2880 Disk - ok
07:42:26.0939 2880 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
07:42:26.0970 2880 Dnscache - ok
07:42:27.0017 2880 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
07:42:27.0064 2880 dot3svc - ok
07:42:27.0111 2880 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
07:42:27.0189 2880 DPS - ok
07:42:27.0251 2880 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
07:42:27.0283 2880 drmkaud - ok
07:42:27.0330 2880 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
07:42:27.0345 2880 DXGKrnl - ok
07:42:27.0376 2880 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
07:42:27.0423 2880 EapHost - ok
07:42:27.0517 2880 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
07:42:27.0580 2880 ebdrv - ok
07:42:27.0626 2880 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
07:42:27.0642 2880 EFS - ok
07:42:27.0705 2880 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
07:42:27.0751 2880 ehRecvr - ok
07:42:27.0798 2880 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
07:42:27.0814 2880 ehSched - ok
07:42:27.0876 2880 [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
07:42:27.0892 2880 ElbyCDIO - ok
07:42:27.0939 2880 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
07:42:27.0970 2880 elxstor - ok
07:42:27.0970 2880 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
07:42:28.0001 2880 ErrDev - ok
07:42:28.0064 2880 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
07:42:28.0111 2880 EventSystem - ok
07:42:28.0158 2880 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
07:42:28.0173 2880 exfat - ok
07:42:28.0205 2880 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
07:42:28.0251 2880 fastfat - ok
07:42:28.0330 2880 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
07:42:28.0361 2880 Fax - ok
07:42:28.0392 2880 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
07:42:28.0408 2880 fdc - ok
07:42:28.0423 2880 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
07:42:28.0455 2880 fdPHost - ok
07:42:28.0501 2880 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
07:42:28.0548 2880 FDResPub - ok
07:42:28.0595 2880 [ F755065F61393A71CB89B2EB24C8CF00 ] FeMouWDM C:\Windows\system32\DRIVERS\FeMouWDM.sys
07:42:28.0611 2880 FeMouWDM ( UnsignedFile.Multi.Generic ) - warning
07:42:28.0611 2880 FeMouWDM - detected UnsignedFile.Multi.Generic (1)
07:42:28.0658 2880 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
07:42:28.0658 2880 FileInfo - ok
07:42:28.0689 2880 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
07:42:28.0720 2880 Filetrace - ok
07:42:28.0720 2880 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
07:42:28.0751 2880 flpydisk - ok
07:42:28.0783 2880 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
07:42:28.0798 2880 FltMgr - ok
07:42:28.0845 2880 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
07:42:28.0908 2880 FontCache - ok
07:42:28.0970 2880 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
07:42:28.0986 2880 FontCache3.0.0.0 - ok
07:42:29.0001 2880 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
07:42:29.0001 2880 FsDepends - ok
07:42:29.0064 2880 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
07:42:29.0080 2880 Fs_Rec - ok
07:42:29.0142 2880 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
07:42:29.0158 2880 fvevol - ok
07:42:29.0189 2880 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
07:42:29.0189 2880 gagp30kx - ok
07:42:29.0251 2880 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:42:29.0251 2880 GEARAspiWDM - ok
07:42:29.0314 2880 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
07:42:29.0376 2880 gpsvc - ok
07:42:29.0470 2880 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
07:42:29.0486 2880 gupdate - ok
07:42:29.0501 2880 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
07:42:29.0517 2880 gupdatem - ok
07:42:29.0533 2880 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
07:42:29.0564 2880 hcw85cir - ok
07:42:29.0626 2880 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:42:29.0658 2880 HdAudAddService - ok
07:42:29.0689 2880 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
07:42:29.0720 2880 HDAudBus - ok
07:42:29.0751 2880 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
07:42:29.0783 2880 HidBatt - ok
07:42:29.0814 2880 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
07:42:29.0845 2880 HidBth - ok
07:42:29.0876 2880 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
07:42:29.0908 2880 HidIr - ok
07:42:29.0939 2880 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
07:42:29.0986 2880 hidserv - ok
07:42:30.0048 2880 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
07:42:30.0080 2880 HidUsb - ok
07:42:30.0111 2880 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
07:42:30.0158 2880 hkmsvc - ok
07:42:30.0220 2880 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:42:30.0236 2880 HomeGroupListener - ok
07:42:30.0267 2880 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:42:30.0314 2880 HomeGroupProvider - ok
07:42:30.0361 2880 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
07:42:30.0376 2880 HpSAMD - ok
07:42:30.0423 2880 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
07:42:30.0470 2880 HTTP - ok
07:42:30.0501 2880 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
07:42:30.0517 2880 hwpolicy - ok
07:42:30.0580 2880 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
07:42:30.0611 2880 i8042prt - ok
07:42:30.0642 2880 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
07:42:30.0673 2880 iaStorV - ok
07:42:30.0736 2880 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:42:30.0783 2880 idsvc - ok
07:42:30.0830 2880 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
07:42:30.0830 2880 iirsp - ok
07:42:30.0908 2880 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
07:42:30.0970 2880 IKEEXT - ok
07:42:31.0080 2880 [ 3914EA9111DBEFFAF1C68200817768AD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
07:42:31.0142 2880 IntcAzAudAddService - ok
07:42:31.0189 2880 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
07:42:31.0189 2880 intelide - ok
07:42:31.0220 2880 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
07:42:31.0251 2880 intelppm - ok
07:42:31.0283 2880 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
07:42:31.0330 2880 IPBusEnum - ok
07:42:31.0345 2880 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:42:31.0392 2880 IpFilterDriver - ok
07:42:31.0455 2880 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
07:42:31.0501 2880 iphlpsvc - ok
07:42:31.0548 2880 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
07:42:31.0580 2880 IPMIDRV - ok
07:42:31.0595 2880 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
07:42:31.0642 2880 IPNAT - ok
07:42:31.0736 2880 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
07:42:31.0767 2880 iPod Service - ok
07:42:31.0783 2880 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
07:42:31.0814 2880 IRENUM - ok
07:42:31.0845 2880 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
07:42:31.0861 2880 isapnp - ok
07:42:31.0908 2880 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
07:42:31.0923 2880 iScsiPrt - ok
07:42:31.0955 2880 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
07:42:31.0970 2880 kbdclass - ok
07:42:32.0017 2880 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
07:42:32.0048 2880 kbdhid - ok
07:42:32.0064 2880 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
07:42:32.0080 2880 KeyIso - ok
07:42:32.0111 2880 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
07:42:32.0126 2880 KSecDD - ok
07:42:32.0173 2880 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
07:42:32.0189 2880 KSecPkg - ok
07:42:32.0220 2880 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
07:42:32.0283 2880 KtmRm - ok
07:42:32.0314 2880 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
07:42:32.0376 2880 LanmanServer - ok
07:42:32.0392 2880 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:42:32.0455 2880 LanmanWorkstation - ok
07:42:32.0486 2880 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
07:42:32.0533 2880 lltdio - ok
07:42:32.0564 2880 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
07:42:32.0611 2880 lltdsvc - ok
07:42:32.0626 2880 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
07:42:32.0673 2880 lmhosts - ok
07:42:32.0705 2880 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
07:42:32.0720 2880 LSI_FC - ok
07:42:32.0751 2880 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
07:42:32.0767 2880 LSI_SAS - ok
07:42:32.0783 2880 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:42:32.0798 2880 LSI_SAS2 - ok
07:42:32.0830 2880 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:42:32.0830 2880 LSI_SCSI - ok
07:42:32.0876 2880 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
07:42:32.0923 2880 luafv - ok
07:42:33.0017 2880 [ 98FAD18BEB4462067DA17BA44921CE74 ] lxdeCATSCustConnectService C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdeserv.exe
07:42:33.0033 2880 lxdeCATSCustConnectService - ok
07:42:33.0064 2880 lxde_device - ok
07:42:33.0126 2880 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
07:42:33.0142 2880 McComponentHostService - ok
07:42:33.0205 2880 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
07:42:33.0220 2880 Mcx2Svc - ok
07:42:33.0251 2880 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
07:42:33.0251 2880 megasas - ok
07:42:33.0283 2880 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
07:42:33.0298 2880 MegaSR - ok
07:42:33.0330 2880 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
07:42:33.0392 2880 MMCSS - ok
07:42:33.0408 2880 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
07:42:33.0455 2880 Modem - ok
07:42:33.0486 2880 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
07:42:33.0517 2880 monitor - ok
07:42:33.0564 2880 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
07:42:33.0580 2880 mouclass - ok
07:42:33.0595 2880 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
07:42:33.0626 2880 mouhid - ok
07:42:33.0658 2880 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
07:42:33.0673 2880 mountmgr - ok
07:42:33.0736 2880 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
07:42:33.0751 2880 MpFilter - ok
07:42:33.0767 2880 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
07:42:33.0767 2880 mpio - ok
07:42:33.0939 2880 [ A69630D039C38018689190234F866D77 ] MpKsl54fe4254 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5DEBB3FA-4B90-4F7A-A7DB-0D4432C20FFD}\MpKsl54fe4254.sys
07:42:33.0939 2880 Suspicious file (Forged): c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5DEBB3FA-4B90-4F7A-A7DB-0D4432C20FFD}\MpKsl54fe4254.sys. Real md5: A69630D039C38018689190234F866D77, Fake md5: 4137EE420481D10734DA3018D0325582
07:42:33.0939 2880 MpKsl54fe4254 ( ForgedFile.Multi.Generic ) - warning
07:42:33.0939 2880 MpKsl54fe4254 - detected ForgedFile.Multi.Generic (1)
07:42:33.0970 2880 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
07:42:34.0017 2880 mpsdrv - ok
07:42:34.0064 2880 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
07:42:34.0126 2880 MpsSvc - ok
07:42:34.0158 2880 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
07:42:34.0173 2880 MRxDAV - ok
07:42:34.0220 2880 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
07:42:34.0267 2880 mrxsmb - ok
07:42:34.0314 2880 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:42:34.0330 2880 mrxsmb10 - ok
07:42:34.0376 2880 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:42:34.0392 2880 mrxsmb20 - ok
07:42:34.0439 2880 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
07:42:34.0455 2880 msahci - ok
07:42:34.0486 2880 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
07:42:34.0501 2880 msdsm - ok
07:42:34.0533 2880 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
07:42:34.0564 2880 MSDTC - ok
07:42:34.0595 2880 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
07:42:34.0626 2880 Msfs - ok
07:42:34.0642 2880 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
07:42:34.0689 2880 mshidkmdf - ok
07:42:34.0720 2880 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
07:42:34.0736 2880 msisadrv - ok
07:42:34.0767 2880 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
07:42:34.0814 2880 MSiSCSI - ok
07:42:34.0814 2880 msiserver - ok
07:42:34.0845 2880 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
07:42:34.0892 2880 MSKSSRV - ok
07:42:34.0970 2880 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
07:42:34.0970 2880 MsMpSvc - ok
07:42:35.0001 2880 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
07:42:35.0033 2880 MSPCLOCK - ok
07:42:35.0080 2880 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
07:42:35.0126 2880 MSPQM - ok
07:42:35.0142 2880 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
07:42:35.0158 2880 MsRPC - ok
07:42:35.0220 2880 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
07:42:35.0236 2880 mssmbios - ok
07:42:35.0267 2880 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
07:42:35.0283 2880 MSTEE - ok
07:42:35.0330 2880 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
07:42:35.0345 2880 MTConfig - ok
07:42:35.0361 2880 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
07:42:35.0376 2880 Mup - ok
07:42:35.0423 2880 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
07:42:35.0470 2880 napagent - ok
07:42:35.0501 2880 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
07:42:35.0517 2880 NativeWifiP - ok
07:42:35.0564 2880 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
07:42:35.0595 2880 NDIS - ok
07:42:35.0611 2880 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
07:42:35.0658 2880 NdisCap - ok
07:42:35.0689 2880 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
07:42:35.0736 2880 NdisTapi - ok
07:42:35.0783 2880 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
07:42:35.0814 2880 Ndisuio - ok
07:42:35.0861 2880 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
07:42:35.0876 2880 NdisWan - ok
07:42:35.0923 2880 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
07:42:35.0955 2880 NDProxy - ok
07:42:35.0955 2880 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
07:42:36.0001 2880 NetBIOS - ok
07:42:36.0064 2880 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
07:42:36.0095 2880 NetBT - ok
07:42:36.0142 2880 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
07:42:36.0158 2880 Netlogon - ok
07:42:36.0189 2880 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
07:42:36.0236 2880 Netman - ok
07:42:36.0251 2880 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
07:42:36.0298 2880 netprofm - ok
07:42:36.0330 2880 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:42:36.0345 2880 NetTcpPortSharing - ok
07:42:36.0408 2880 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
07:42:36.0408 2880 nfrd960 - ok
07:42:36.0439 2880 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
07:42:36.0455 2880 NisDrv - ok
07:42:36.0501 2880 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
07:42:36.0517 2880 NisSrv - ok
07:42:36.0580 2880 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
07:42:36.0626 2880 NlaSvc - ok
07:42:36.0642 2880 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
07:42:36.0689 2880 Npfs - ok
07:42:36.0720 2880 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
07:42:36.0783 2880 nsi - ok
07:42:36.0798 2880 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
07:42:36.0845 2880 nsiproxy - ok
07:42:36.0923 2880 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
07:42:36.0955 2880 Ntfs - ok
07:42:36.0970 2880 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
07:42:37.0001 2880 Null - ok
07:42:37.0048 2880 [ B5E37E31C053BC9950455A257526514B ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys
07:42:37.0064 2880 NVENETFD - ok
07:42:37.0314 2880 [ B0881DDA5A8160422561FFAB7F0008B1 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
07:42:37.0486 2880 nvlddmkm - ok
07:42:37.0533 2880 [ 5BF9C11586F4764446407F509F1BECA8 ] NVNET C:\Windows\system32\DRIVERS\nvmf6232.sys
07:42:37.0548 2880 NVNET - ok
07:42:37.0564 2880 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
07:42:37.0580 2880 nvraid - ok
07:42:37.0626 2880 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
07:42:37.0642 2880 nvstor - ok
07:42:37.0658 2880 [ 7EBA6C9A0A295B1559EFB9062E701218 ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys
07:42:37.0673 2880 nvstor32 - ok
07:42:37.0705 2880 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
07:42:37.0720 2880 nv_agp - ok
07:42:37.0751 2880 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
07:42:37.0783 2880 ohci1394 - ok
07:42:37.0830 2880 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
07:42:37.0861 2880 p2pimsvc - ok
07:42:37.0908 2880 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
07:42:37.0923 2880 p2psvc - ok
07:42:37.0970 2880 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
07:42:37.0986 2880 Parport - ok
07:42:38.0033 2880 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
07:42:38.0033 2880 partmgr - ok
07:42:38.0048 2880 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
07:42:38.0080 2880 Parvdm - ok
07:42:38.0111 2880 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
07:42:38.0126 2880 PcaSvc - ok
07:42:38.0189 2880 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
07:42:38.0205 2880 pci - ok
07:42:38.0236 2880 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
07:42:38.0251 2880 pciide - ok
07:42:38.0283 2880 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
07:42:38.0298 2880 pcmcia - ok
07:42:38.0314 2880 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
07:42:38.0330 2880 pcw - ok
07:42:38.0345 2880 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
07:42:38.0408 2880 PEAUTH - ok
07:42:38.0501 2880 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
07:42:38.0595 2880 pla - ok
07:42:38.0658 2880 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
07:42:38.0705 2880 PlugPlay - ok
07:42:38.0736 2880 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
07:42:38.0767 2880 PNRPAutoReg - ok
07:42:38.0798 2880 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
07:42:38.0814 2880 PNRPsvc - ok
07:42:38.0861 2880 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
07:42:38.0908 2880 PolicyAgent - ok
07:42:38.0955 2880 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
07:42:38.0986 2880 Power - ok
07:42:39.0001 2880 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
07:42:39.0033 2880 PptpMiniport - ok
07:42:39.0064 2880 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
07:42:39.0064 2880 Processor - ok
07:42:39.0126 2880 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
07:42:39.0158 2880 ProfSvc - ok
07:42:39.0189 2880 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
07:42:39.0189 2880 ProtectedStorage - ok
07:42:39.0220 2880 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
07:42:39.0251 2880 Psched - ok
07:42:39.0314 2880 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
07:42:39.0361 2880 ql2300 - ok
07:42:39.0376 2880 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
07:42:39.0392 2880 ql40xx - ok
07:42:39.0408 2880 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
07:42:39.0455 2880 QWAVE - ok
07:42:39.0486 2880 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
07:42:39.0501 2880 QWAVEdrv - ok
07:42:39.0564 2880 [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
07:42:39.0580 2880 RapiMgr - ok
07:42:39.0595 2880 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
07:42:39.0642 2880 RasAcd - ok
07:42:39.0689 2880 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
07:42:39.0736 2880 RasAgileVpn - ok
07:42:39.0751 2880 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
07:42:39.0783 2880 RasAuto - ok
07:42:39.0814 2880 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
07:42:39.0861 2880 Rasl2tp - ok
07:42:39.0923 2880 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
07:42:39.0970 2880 RasMan - ok
07:42:40.0001 2880 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
07:42:40.0033 2880 RasPppoe - ok
07:42:40.0048 2880 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
07:42:40.0095 2880 RasSstp - ok
07:42:40.0126 2880 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
07:42:40.0173 2880 rdbss - ok
07:42:40.0205 2880 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
07:42:40.0220 2880 rdpbus - ok
07:42:40.0267 2880 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
07:42:40.0298 2880 RDPCDD - ok
07:42:40.0345 2880 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
07:42:40.0392 2880 RDPENCDD - ok
07:42:40.0455 2880 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
07:42:40.0501 2880 RDPREFMP - ok
07:42:40.0533 2880 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
07:42:40.0564 2880 RDPWD - ok
07:42:40.0626 2880 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
07:42:40.0642 2880 rdyboost - ok
07:42:40.0658 2880 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
07:42:40.0689 2880 RemoteAccess - ok
07:42:40.0736 2880 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
07:42:40.0767 2880 RemoteRegistry - ok
07:42:40.0783 2880 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
07:42:40.0830 2880 RpcEptMapper - ok
07:42:40.0861 2880 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
07:42:40.0892 2880 RpcLocator - ok
07:42:40.0923 2880 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\System32\rpcss.dll
07:42:40.0955 2880 RpcSs - ok
07:42:40.0986 2880 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
07:42:41.0048 2880 rspndr - ok
07:42:41.0064 2880 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
07:42:41.0080 2880 SamSs - ok
07:42:41.0111 2880 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
07:42:41.0126 2880 sbp2port - ok
07:42:41.0267 2880 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
07:42:41.0314 2880 SBSDWSCService - ok
07:42:41.0345 2880 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
07:42:41.0392 2880 SCardSvr - ok
07:42:41.0408 2880 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
07:42:41.0455 2880 scfilter - ok
07:42:41.0533 2880 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
07:42:41.0595 2880 Schedule - ok
07:42:41.0642 2880 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
07:42:41.0673 2880 SCPolicySvc - ok
07:42:41.0720 2880 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
07:42:41.0751 2880 SDRSVC - ok
07:42:41.0798 2880 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
07:42:41.0845 2880 secdrv - ok
07:42:41.0861 2880 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
07:42:41.0908 2880 seclogon - ok
07:42:41.0939 2880 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
07:42:41.0986 2880 SENS - ok
07:42:42.0017 2880 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
07:42:42.0048 2880 SensrSvc - ok
07:42:42.0064 2880 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
07:42:42.0080 2880 Serenum - ok
07:42:42.0111 2880 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
07:42:42.0126 2880 Serial - ok
07:42:42.0142 2880 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
07:42:42.0158 2880 sermouse - ok
07:42:42.0251 2880 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
07:42:42.0283 2880 SessionEnv - ok
07:42:42.0314 2880 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
07:42:42.0330 2880 sffdisk - ok
07:42:42.0345 2880 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
07:42:42.0376 2880 sffp_mmc - ok
07:42:42.0408 2880 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
07:42:42.0439 2880 sffp_sd - ok
07:42:42.0470 2880 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
07:42:42.0501 2880 sfloppy - ok
07:42:42.0564 2880 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
07:42:42.0611 2880 SharedAccess - ok
07:42:42.0658 2880 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:42:42.0689 2880 ShellHWDetection - ok
07:42:42.0720 2880 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
07:42:42.0736 2880 sisagp - ok
07:42:42.0751 2880 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:42:42.0767 2880 SiSRaid2 - ok
07:42:42.0783 2880 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
07:42:42.0798 2880 SiSRaid4 - ok
07:42:42.0845 2880 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
07:42:42.0876 2880 Smb - ok
07:42:42.0908 2880 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
07:42:42.0923 2880 SNMPTRAP - ok
07:42:42.0923 2880 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
07:42:42.0939 2880 spldr - ok
07:42:43.0001 2880 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
07:42:43.0048 2880 Spooler - ok
07:42:43.0158 2880 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
07:42:43.0298 2880 sppsvc - ok
07:42:43.0330 2880 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
07:42:43.0361 2880 sppuinotify - ok
07:42:43.0439 2880 [ D15DA1BA189770D93EEA2D7E18F95AF9 ] sptd C:\Windows\system32\Drivers\sptd.sys
07:42:43.0439 2880 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: D15DA1BA189770D93EEA2D7E18F95AF9
07:42:43.0439 2880 sptd ( LockedFile.Multi.Generic ) - warning
07:42:43.0439 2880 sptd - detected LockedFile.Multi.Generic (1)
07:42:43.0486 2880 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
07:42:43.0548 2880 srv - ok
07:42:43.0580 2880 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
07:42:43.0611 2880 srv2 - ok
07:42:43.0689 2880 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
07:42:43.0720 2880 srvnet - ok
07:42:43.0783 2880 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
07:42:43.0814 2880 ssadbus - ok
07:42:43.0876 2880 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
07:42:43.0892 2880 ssadmdfl - ok
07:42:43.0939 2880 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
07:42:43.0955 2880 ssadmdm - ok
07:42:44.0001 2880 [ 1A5A397BC459F346AB56492B61EF79F6 ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
07:42:44.0033 2880 ssadserd - ok
07:42:44.0064 2880 [ D5DFFEAA1E15D4EFFABB9D9A3068AC5B ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
07:42:44.0095 2880 sscdbus - ok
07:42:44.0126 2880 [ 8A1BE0C347814F482F493AEA619D57F6 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
07:42:44.0158 2880 sscdmdfl - ok
07:42:44.0173 2880 [ 5AB0B1987F682A59B15B78F84C6AD7D0 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
07:42:44.0205 2880 sscdmdm - ok
07:42:44.0251 2880 [ 751E66EB32EFA80633B80F5D7FF0A1D8 ] sscdserd C:\Windows\system32\DRIVERS\sscdserd.sys
07:42:44.0267 2880 sscdserd - ok
07:42:44.0298 2880 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
07:42:44.0345 2880 SSDPSRV - ok
07:42:44.0361 2880 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
07:42:44.0392 2880 SstpSvc - ok
07:42:44.0455 2880 Steam Client Service - ok
07:42:44.0486 2880 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
07:42:44.0501 2880 stexstor - ok
07:42:44.0564 2880 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
07:42:44.0611 2880 StiSvc - ok
07:42:44.0689 2880 [ 33E26F67B49480AE8238A1C89F6CDE92 ] StumbleUponUpdateService C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe
07:42:44.0705 2880 StumbleUponUpdateService - ok
07:42:44.0751 2880 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
07:42:44.0767 2880 swenum - ok
07:42:44.0783 2880 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
07:42:44.0845 2880 swprv - ok
07:42:44.0892 2880 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
07:42:44.0955 2880 SysMain - ok
07:42:44.0986 2880 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:42:45.0001 2880 TabletInputService - ok
07:42:45.0048 2880 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
07:42:45.0095 2880 TapiSrv - ok
07:42:45.0126 2880 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
07:42:45.0173 2880 TBS - ok
07:42:45.0283 2880 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
07:42:45.0314 2880 Tcpip - ok
07:42:45.0361 2880 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
07:42:45.0392 2880 TCPIP6 - ok
07:42:45.0439 2880 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
07:42:45.0486 2880 tcpipreg - ok
07:42:45.0533 2880 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
07:42:45.0548 2880 TDPIPE - ok
07:42:45.0595 2880 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
07:42:45.0626 2880 TDTCP - ok
07:42:45.0658 2880 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
07:42:45.0689 2880 tdx - ok
07:42:45.0720 2880 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
07:42:45.0736 2880 TermDD - ok
07:42:45.0783 2880 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
07:42:45.0845 2880 TermService - ok
07:42:45.0861 2880 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
07:42:45.0923 2880 Themes - ok
07:42:45.0939 2880 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
07:42:45.0970 2880 THREADORDER - ok
07:42:45.0986 2880 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
07:42:46.0033 2880 TrkWks - ok
07:42:46.0111 2880 [ C11362058918CD38C8B8D3E265DA80F5 ] TrueSight C:\Windows\system32\drivers\TrueSight.sys
07:42:46.0126 2880 TrueSight ( UnsignedFile.Multi.Generic ) - warning
07:42:46.0126 2880 TrueSight - detected UnsignedFile.Multi.Generic (1)
07:42:46.0205 2880 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:42:46.0251 2880 TrustedInstaller - ok
07:42:46.0298 2880 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
07:42:46.0330 2880 tssecsrv - ok
07:42:46.0376 2880 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
07:42:46.0408 2880 TsUsbFlt - ok
07:42:46.0439 2880 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
07:42:46.0486 2880 tunnel - ok
07:42:46.0517 2880 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
07:42:46.0533 2880 uagp35 - ok
07:42:46.0580 2880 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
07:42:46.0626 2880 udfs - ok
07:42:46.0658 2880 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
07:42:46.0705 2880 UI0Detect - ok
07:42:46.0736 2880 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
07:42:46.0751 2880 uliagpkx - ok
07:42:46.0767 2880 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
07:42:46.0783 2880 umbus - ok
07:42:46.0798 2880 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
07:42:46.0814 2880 UmPass - ok
07:42:46.0861 2880 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
07:42:46.0908 2880 upnphost - ok
07:42:46.0986 2880 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
07:42:47.0001 2880 USBAAPL - ok
07:42:47.0048 2880 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
07:42:47.0064 2880 usbccgp - ok
07:42:47.0111 2880 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
07:42:47.0126 2880 usbcir - ok
07:42:47.0173 2880 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
07:42:47.0173 2880 usbehci - ok
07:42:47.0205 2880 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
07:42:47.0236 2880 usbhub - ok
07:42:47.0267 2880 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
07:42:47.0283 2880 usbohci - ok
07:42:47.0314 2880 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
07:42:47.0330 2880 usbprint - ok
07:42:47.0361 2880 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
07:42:47.0392 2880 usbscan - ok
07:42:47.0423 2880 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:42:47.0455 2880 USBSTOR - ok
07:42:47.0470 2880 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
07:42:47.0486 2880 usbuhci - ok
07:42:47.0533 2880 [ D82F43D15FDAA666856C0190CB73E7C9 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
07:42:47.0564 2880 usb_rndisx - ok
07:42:47.0595 2880 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
07:42:47.0626 2880 UxSms - ok
07:42:47.0642 2880 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
07:42:47.0658 2880 VaultSvc - ok
07:42:47.0689 2880 [ 94D73B62E458FB56C9CE60AA96D914F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
07:42:47.0720 2880 VClone - ok
07:42:47.0736 2880 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
07:42:47.0736 2880 vdrvroot - ok
07:42:47.0798 2880 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
07:42:47.0845 2880 vds - ok
07:42:47.0892 2880 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
07:42:47.0923 2880 vga - ok
07:42:47.0939 2880 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
07:42:47.0970 2880 VgaSave - ok
07:42:48.0001 2880 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
07:42:48.0017 2880 vhdmp - ok
07:42:48.0033 2880 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
07:42:48.0048 2880 viaagp - ok
07:42:48.0064 2880 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
07:42:48.0095 2880 ViaC7 - ok
07:42:48.0126 2880 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
07:42:48.0142 2880 viaide - ok
07:42:48.0158 2880 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
07:42:48.0173 2880 volmgr - ok
07:42:48.0189 2880 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
07:42:48.0205 2880 volmgrx - ok
07:42:48.0251 2880 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
07:42:48.0267 2880 volsnap - ok
07:42:48.0283 2880 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
07:42:48.0298 2880 vsmraid - ok
07:42:48.0376 2880 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
07:42:48.0455 2880 VSS - ok
07:42:48.0486 2880 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
07:42:48.0517 2880 vwifibus - ok
07:42:48.0564 2880 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
07:42:48.0626 2880 W32Time - ok
07:42:48.0642 2880 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
07:42:48.0673 2880 WacomPen - ok
07:42:48.0720 2880 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
07:42:48.0767 2880 WANARP - ok
07:42:48.0767 2880 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
07:42:48.0798 2880 Wanarpv6 - ok
07:42:48.0908 2880 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
07:42:48.0970 2880 WatAdminSvc - ok
07:42:49.0017 2880 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
07:42:49.0080 2880 wbengine - ok
07:42:49.0111 2880 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
07:42:49.0158 2880 WbioSrvc - ok
07:42:49.0205 2880 [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
07:42:49.0236 2880 WcesComm - ok
07:42:49.0283 2880 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
07:42:49.0314 2880 wcncsvc - ok
07:42:49.0330 2880 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:42:49.0361 2880 WcsPlugInService - ok
07:42:49.0376 2880 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
07:42:49.0392 2880 Wd - ok
07:42:49.0423 2880 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
07:42:49.0455 2880 Wdf01000 - ok
07:42:49.0470 2880 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
07:42:49.0501 2880 WdiServiceHost - ok
07:42:49.0501 2880 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
07:42:49.0517 2880 WdiSystemHost - ok
07:42:49.0642 2880 [ B1EC8C9300C58CE5E90990F71EEA644C ] Web Assistant Updater C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
07:42:49.0642 2880 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - warning
07:42:49.0642 2880 Web Assistant Updater - detected UnsignedFile.Multi.Generic (1)
07:42:49.0689 2880 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
07:42:49.0720 2880 WebClient - ok
07:42:49.0751 2880 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
07:42:49.0798 2880 Wecsvc - ok
07:42:49.0814 2880 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
07:42:49.0861 2880 wercplsupport - ok
07:42:49.0908 2880 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
07:42:49.0939 2880 WerSvc - ok
07:42:49.0970 2880 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
07:42:50.0001 2880 WfpLwf - ok
07:42:50.0017 2880 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
07:42:50.0033 2880 WIMMount - ok
07:42:50.0080 2880 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
07:42:50.0142 2880 WinDefend - ok
07:42:50.0142 2880 WinHttpAutoProxySvc - ok
07:42:50.0205 2880 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
07:42:50.0236 2880 Winmgmt - ok
07:42:50.0314 2880 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
07:42:50.0376 2880 WinRM - ok
07:42:50.0439 2880 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
07:42:50.0470 2880 WinUsb - ok
07:42:50.0517 2880 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
07:42:50.0580 2880 Wlansvc - ok
07:42:50.0673 2880 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:42:50.0751 2880 wlidsvc - ok
07:42:50.0783 2880 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
07:42:50.0798 2880 WmiAcpi - ok
07:42:50.0830 2880 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
07:42:50.0845 2880 wmiApSrv - ok
07:42:50.0939 2880 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
07:42:50.0986 2880 WMPNetworkSvc - ok
07:42:51.0017 2880 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
07:42:51.0017 2880 WPCSvc - ok
07:42:51.0064 2880 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
07:42:51.0095 2880 WPDBusEnum - ok
07:42:51.0126 2880 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
07:42:51.0173 2880 ws2ifsl - ok
07:42:51.0189 2880 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
07:42:51.0236 2880 wscsvc - ok
07:42:51.0236 2880 WSearch - ok
07:42:51.0314 2880 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
07:42:51.0392 2880 wuauserv - ok
07:42:51.0439 2880 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
07:42:51.0486 2880 WudfPf - ok
07:42:51.0548 2880 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
07:42:51.0580 2880 WUDFRd - ok
07:42:51.0642 2880 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
07:42:51.0673 2880 wudfsvc - ok
07:42:51.0689 2880 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
07:42:51.0720 2880 WwanSvc - ok
07:42:51.0814 2880 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
07:42:51.0845 2880 YahooAUService - ok
07:42:51.0876 2880 ================ Scan global ===============================
07:42:51.0923 2880 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
07:42:51.0986 2880 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
07:42:52.0001 2880 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
07:42:52.0017 2880 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
07:42:52.0064 2880 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
07:42:52.0064 2880 [Global] - ok
07:42:52.0064 2880 ================ Scan MBR ==================================
07:42:52.0095 2880 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
07:42:52.0095 2880 Suspicious mbr (Forged): \Device\Harddisk0\DR0
07:42:52.0126 2880 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
07:42:52.0126 2880 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
07:42:52.0142 2880 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
07:42:52.0142 2880 \Device\Harddisk0\DR0 - detected TDSS File System (1)
07:42:52.0158 2880 ================ Scan VBR ==================================
07:42:52.0158 2880 [ E181B9FB7C7DABAD77F21414BC04167E ] \Device\Harddisk0\DR0\Partition1
07:42:52.0158 2880 \Device\Harddisk0\DR0\Partition1 - ok
07:42:52.0173 2880 [ 9D1622CC41E7A0DAECF7C6001943E04B ] \Device\Harddisk0\DR0\Partition2
07:42:52.0173 2880 \Device\Harddisk0\DR0\Partition2 - ok
07:42:52.0173 2880 ============================================================
07:42:52.0173 2880 Scan finished
07:42:52.0173 2880 ============================================================
07:42:52.0189 3864 Detected object count: 7
07:42:52.0189 3864 Actual detected object count: 7
07:44:00.0201 3864 FeMouWDM ( UnsignedFile.Multi.Generic ) - skipped by user
07:44:00.0201 3864 FeMouWDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:44:00.0201 3864 MpKsl54fe4254 ( ForgedFile.Multi.Generic ) - skipped by user
07:44:00.0201 3864 MpKsl54fe4254 ( ForgedFile.Multi.Generic ) - User select action: Skip
07:44:00.0216 3864 sptd ( LockedFile.Multi.Generic ) - skipped by user
07:44:00.0216 3864 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
07:44:00.0216 3864 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
07:44:00.0216 3864 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:44:00.0216 3864 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - skipped by user
07:44:00.0216 3864 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:44:01.0107 3864 \Device\Harddisk0\DR0\# - copied to quarantine
07:44:01.0107 3864 \Device\Harddisk0\DR0 - copied to quarantine
07:44:01.0138 3864 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
07:44:01.0154 3864 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
07:44:01.0154 3864 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
07:44:01.0154 3864 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
07:44:01.0154 3864 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
07:44:01.0169 3864 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
07:44:01.0169 3864 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
07:44:01.0169 3864 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
07:44:01.0185 3864 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
07:44:01.0185 3864 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
07:44:01.0185 3864 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
07:44:01.0185 3864 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
07:44:01.0185 3864 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
07:44:01.0185 3864 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
07:44:01.0201 3864 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
07:44:01.0201 3864 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
07:44:01.0201 3864 \Device\Harddisk0\DR0 - ok
07:44:01.0232 3864 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
07:44:01.0232 3864 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
07:44:01.0232 3864 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
07:44:09.0982 1772 Deinitialize success
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑