Slow new laptop, Tojan.LameShield Detected

[sean1604]

Got a new laptop for me and my girlfiend and it seems to be running really slow when its loading up. It has very little on it and it cost around £500 so its right up to date in terms of spec. Ran malwarebytes and found the Trojan.lameshield tojan and wondered if this is something to do with it or if its even something else.

Another thing that worries me is that my girlfriends hotmail was hacked and I wonder if this may be tied in with this.

I have attached the requested files and also the malwarebytes log, please help, thanks!

Attach.txt

DDS.txt

mbam-log-2012-09-25 (17-10-10).txt

[Maurice Naggar]

Hello Sean1604 and welcome to MalwareBytes forums.

Uninstall Azureus and confirm having done so.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

Forum policy on peer-to-peer-programs:

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

http://forums.malwar...showtopic=97700

System has 2 installed and active antivirus apps. This will cause conflicts and actually results in less protection.

If you purchased Comodo and the license is current, either uninstall Avira desktop or insure that it does not start with Windows.

If you did not purchase Comodo, then uninstall Comodo antivirus.

After that restart the system fresh.

Do NOT attach any logs or reports unless we ask you for it. Always copy/paste contents directly into main-body of reply.

Use separate replies as needed.

NEXT:

Disable CD-ROM Emulation Software:

Please download the following tool DeFogger to your desktop.

◦Double click DeFogger to run the tool.

◦The application window will appear

◦Click the Disable button to disable your CD Emulation drivers.

◦Click Yes to continue

◦A 'Finished!' message will appear

◦Click OK

◦DeFogger will now ask to reboot the machine - click OK

◦IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

◦Do not re-enable these drivers until otherwise instructed.

Step 2

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 3

To show all files:

• Go to your Desktop
• Double-Click the Computer icon.
  
• From the menu options, Select Tools, then Folder Options.
  
• Next click the View tab.
  
• Locate and uncheck Hide file extensions for known file types.
  
• Locate and uncheck Hide protected operating system files (Recommended).
  
• Locate and click Show hidden files and folders and drives.
  
• Click Apply > OK.

Step 4

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Do not click any FIX button. We just need an initial report.

Step 5

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
• Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
  If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
  Skip and click on Continue
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

Step 6

• Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
  >> from here <<
  
• Quit all programs that you may have started.
  
• Please disconnect any USB or external drives from the computer before you run this scan!
  
• For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  For Windows XP, double-click to start.
  
• Wait until Prescan has finished ...
  
• Then Click on Scan button at upper right of screen.
  
• Wait until the Status box shows "Scan Finished"
  
• Click on Report and copy/paste the content of the Notepad into your next reply.
  
• The log should be found in RKreport[1].txt on your Desktop
  
• Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 7

RE-Enable your antivirus program.

Then copy/paste the following into your post (in order):

• the contents of aswMBR report;
  
• the contents of TDSSKILLER log;
  
• the contents of RKReport log;
  

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

[sean1604]

Ok I deleted Vuze and Commodo, although I thought this was my firewall? I thought Avira was just an anti-virus.. When i go into avira internet protection is ticked but I can't click on firewall or web protection etc does this mean it is still active though? Is avira doing both my anti virus AND firewall?

The fix button was not active when i ran the aswMBR scan.

Here are the reports you asked for;

aswMBR report:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-09-26 18:57:00

-----------------------------

18:57:00.830 OS Version: Windows x64 6.1.7601 Service Pack 1

18:57:00.830 Number of processors: 4 586 0x3A09

18:57:00.830 ComputerName: DORRIE UserName:

18:57:03.778 Initialize success

18:59:12.198 AVAST engine defs: 12092600

18:59:24.444 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

18:59:24.444 Disk 0 Vendor: ST750LM0 2AR1 Size: 715404MB BusType: 3

18:59:24.476 Disk 0 MBR read successfully

18:59:24.476 Disk 0 MBR scan

18:59:24.491 Disk 0 unknown MBR code

18:59:24.522 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

18:59:24.585 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 690257 MB offset 206848

18:59:24.616 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 25046 MB offset 1413853184

18:59:24.663 Disk 0 scanning C:\windows\system32\drivers

18:59:39.545 Service scanning

19:00:13.600 Modules scanning

19:00:13.600 Scan finished successfully

19:00:41.976 Disk 0 MBR has been saved successfully to "C:\Users\Sean and Emma\Desktop\virus logs and programmes\MBR.dat"

19:00:41.976 The log file has been saved successfully to "C:\Users\Sean and Emma\Desktop\virus logs and programmes\aswMBR.txt"

TDSSKILLER log:

19:01:22.0310 5432 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24

19:01:22.0482 5432 ============================================================

19:01:22.0482 5432 Current date / time: 2012/09/26 19:01:22.0482

19:01:22.0482 5432 SystemInfo:

19:01:22.0482 5432

19:01:22.0482 5432 OS Version: 6.1.7601 ServicePack: 1.0

19:01:22.0482 5432 Product type: Workstation

19:01:22.0482 5432 ComputerName: DORRIE

19:01:22.0482 5432 UserName: Sean and Emma

19:01:22.0482 5432 Windows directory: C:\windows

19:01:22.0482 5432 System windows directory: C:\windows

19:01:22.0482 5432 Running under WOW64

19:01:22.0482 5432 Processor architecture: Intel x64

19:01:22.0482 5432 Number of processors: 4

19:01:22.0482 5432 Page size: 0x1000

19:01:22.0482 5432 Boot type: Normal boot

19:01:22.0482 5432 ============================================================

19:01:23.0106 5432 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

19:01:23.0121 5432 ============================================================

19:01:23.0121 5432 \Device\Harddisk0\DR0:

19:01:23.0121 5432 MBR partitions:

19:01:23.0121 5432 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

19:01:23.0121 5432 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x54428800

19:01:23.0121 5432 ============================================================

19:01:23.0137 5432 C: <-> \Device\Harddisk0\DR0\Partition2

19:01:23.0137 5432 ============================================================

19:01:23.0137 5432 Initialize success

19:01:23.0137 5432 ============================================================

19:01:34.0088 5832 ============================================================

19:01:34.0088 5832 Scan started

19:01:34.0088 5832 Mode: Manual;

19:01:34.0088 5832 ============================================================

19:01:34.0743 5832 ================ Scan system memory ========================

19:01:34.0743 5832 System memory - ok

19:01:34.0743 5832 ================ Scan services =============================

19:01:34.0931 5832 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys

19:01:34.0946 5832 1394ohci - ok

19:01:34.0977 5832 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys

19:01:34.0993 5832 ACPI - ok

19:01:35.0024 5832 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys

19:01:35.0024 5832 AcpiPmi - ok

19:01:35.0180 5832 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

19:01:35.0180 5832 AdobeARMservice - ok

19:01:35.0227 5832 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys

19:01:35.0243 5832 adp94xx - ok

19:01:35.0289 5832 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys

19:01:35.0289 5832 adpahci - ok

19:01:35.0305 5832 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys

19:01:35.0321 5832 adpu320 - ok

19:01:35.0383 5832 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll

19:01:35.0383 5832 AeLookupSvc - ok

19:01:35.0430 5832 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys

19:01:35.0430 5832 AFD - ok

19:01:35.0461 5832 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys

19:01:35.0461 5832 agp440 - ok

19:01:35.0492 5832 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe

19:01:35.0492 5832 ALG - ok

19:01:35.0523 5832 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys

19:01:35.0523 5832 aliide - ok

19:01:35.0539 5832 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys

19:01:35.0539 5832 amdide - ok

19:01:35.0539 5832 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys

19:01:35.0539 5832 AmdK8 - ok

19:01:35.0555 5832 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys

19:01:35.0555 5832 AmdPPM - ok

19:01:35.0601 5832 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys

19:01:35.0601 5832 amdsata - ok

19:01:35.0648 5832 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys

19:01:35.0648 5832 amdsbs - ok

19:01:35.0679 5832 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys

19:01:35.0679 5832 amdxata - ok

19:01:35.0820 5832 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

19:01:35.0820 5832 AntiVirSchedulerService - ok

19:01:35.0867 5832 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

19:01:35.0867 5832 AntiVirService - ok

19:01:35.0960 5832 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys

19:01:35.0960 5832 AppID - ok

19:01:35.0976 5832 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll

19:01:35.0976 5832 AppIDSvc - ok

19:01:35.0991 5832 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll

19:01:35.0991 5832 Appinfo - ok

19:01:36.0023 5832 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys

19:01:36.0023 5832 arc - ok

19:01:36.0054 5832 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys

19:01:36.0054 5832 arcsas - ok

19:01:36.0085 5832 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys

19:01:36.0085 5832 AsyncMac - ok

19:01:36.0147 5832 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys

19:01:36.0147 5832 atapi - ok

19:01:36.0194 5832 [ BCC09E0B0362741D0C084828A1B950F3 ] AthBTPort C:\windows\system32\DRIVERS\btath_flt.sys

19:01:36.0194 5832 AthBTPort - ok

19:01:36.0319 5832 [ 379A6AB7F2AD8FC61B1306767083D705 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

19:01:36.0335 5832 AtherosSvc - ok

19:01:36.0444 5832 [ 3D68A1EEF77307142636AF5127990BCB ] athr C:\windows\system32\DRIVERS\athrx.sys

19:01:36.0491 5832 athr - ok

19:01:36.0537 5832 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll

19:01:36.0553 5832 AudioEndpointBuilder - ok

19:01:36.0569 5832 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll

19:01:36.0569 5832 AudioSrv - ok

19:01:36.0647 5832 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys

19:01:36.0647 5832 avgntflt - ok

19:01:36.0678 5832 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\windows\system32\DRIVERS\avipbb.sys

19:01:36.0678 5832 avipbb - ok

19:01:36.0725 5832 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys

19:01:36.0740 5832 avkmgr - ok

19:01:36.0771 5832 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll

19:01:36.0771 5832 AxInstSV - ok

19:01:36.0818 5832 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys

19:01:36.0834 5832 b06bdrv - ok

19:01:36.0865 5832 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys

19:01:36.0865 5832 b57nd60a - ok

19:01:36.0943 5832 [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

19:01:36.0943 5832 BBSvc - ok

19:01:36.0974 5832 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll

19:01:36.0974 5832 BDESVC - ok

19:01:37.0021 5832 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys

19:01:37.0021 5832 Beep - ok

19:01:37.0068 5832 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll

19:01:37.0083 5832 BFE - ok

19:01:37.0115 5832 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll

19:01:37.0130 5832 BITS - ok

19:01:37.0146 5832 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys

19:01:37.0146 5832 blbdrive - ok

19:01:37.0193 5832 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys

19:01:37.0193 5832 bowser - ok

19:01:37.0224 5832 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys

19:01:37.0224 5832 BrFiltLo - ok

19:01:37.0224 5832 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys

19:01:37.0224 5832 BrFiltUp - ok

19:01:37.0255 5832 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll

19:01:37.0255 5832 Browser - ok

19:01:37.0302 5832 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys

19:01:37.0302 5832 Brserid - ok

19:01:37.0302 5832 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys

19:01:37.0302 5832 BrSerWdm - ok

19:01:37.0317 5832 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys

19:01:37.0317 5832 BrUsbMdm - ok

19:01:37.0317 5832 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys

19:01:37.0317 5832 BrUsbSer - ok

19:01:37.0364 5832 [ C05ED3246C06EC56F10D85B0304CD09E ] BTATH_A2DP C:\windows\system32\drivers\btath_a2dp.sys

19:01:37.0380 5832 BTATH_A2DP - ok

19:01:37.0380 5832 [ 2D27F7A831657D63AFC78E5E78DCA83F ] btath_avdt C:\windows\system32\drivers\btath_avdt.sys

19:01:37.0395 5832 btath_avdt - ok

19:01:37.0411 5832 [ E6B734A37ADE36FE1A77035F4E484C8C ] BTATH_BUS C:\windows\system32\DRIVERS\btath_bus.sys

19:01:37.0411 5832 BTATH_BUS - ok

19:01:37.0442 5832 [ FB3833E63FF602B69C2FF085846DCF43 ] BTATH_HCRP C:\windows\system32\DRIVERS\btath_hcrp.sys

19:01:37.0442 5832 BTATH_HCRP - ok

19:01:37.0473 5832 [ 371A11C1333BA526263A987A93ACDE3D ] BTATH_LWFLT C:\windows\system32\DRIVERS\btath_lwflt.sys

19:01:37.0473 5832 BTATH_LWFLT - ok

19:01:37.0489 5832 [ ABCD3C16CA850A7594CEB9AD5D966810 ] BTATH_RCP C:\windows\system32\DRIVERS\btath_rcp.sys

19:01:37.0489 5832 BTATH_RCP - ok

19:01:37.0567 5832 [ 13BDB661991ACF40ADCB09BD64A8CBEF ] BtFilter C:\windows\system32\DRIVERS\btfilter.sys

19:01:37.0567 5832 BtFilter - ok

19:01:37.0614 5832 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys

19:01:37.0614 5832 BthEnum - ok

19:01:37.0645 5832 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys

19:01:37.0645 5832 BTHMODEM - ok

19:01:37.0676 5832 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys

19:01:37.0676 5832 BthPan - ok

19:01:37.0692 5832 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys

19:01:37.0707 5832 BTHPORT - ok

19:01:37.0754 5832 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll

19:01:37.0754 5832 bthserv - ok

19:01:37.0785 5832 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys

19:01:37.0785 5832 BTHUSB - ok

19:01:37.0801 5832 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys

19:01:37.0817 5832 cdfs - ok

19:01:37.0848 5832 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys

19:01:37.0863 5832 cdrom - ok

19:01:37.0879 5832 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll

19:01:37.0879 5832 CertPropSvc - ok

19:01:37.0895 5832 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys

19:01:37.0895 5832 circlass - ok

19:01:37.0941 5832 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys

19:01:37.0941 5832 CLFS - ok

19:01:38.0019 5832 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

19:01:38.0019 5832 clr_optimization_v2.0.50727_32 - ok

19:01:38.0082 5832 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

19:01:38.0097 5832 clr_optimization_v2.0.50727_64 - ok

19:01:38.0191 5832 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

19:01:38.0191 5832 clr_optimization_v4.0.30319_32 - ok

19:01:38.0238 5832 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

19:01:38.0253 5832 clr_optimization_v4.0.30319_64 - ok

19:01:38.0300 5832 [ E13A438F9E51DD034730678E33B73290 ] clwvd C:\windows\system32\DRIVERS\clwvd.sys

19:01:38.0300 5832 clwvd - ok

19:01:38.0316 5832 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys

19:01:38.0316 5832 CmBatt - ok

19:01:38.0347 5832 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys

19:01:38.0347 5832 cmdide - ok

19:01:38.0409 5832 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys

19:01:38.0409 5832 CNG - ok

19:01:38.0425 5832 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys

19:01:38.0441 5832 Compbatt - ok

19:01:38.0456 5832 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys

19:01:38.0456 5832 CompositeBus - ok

19:01:38.0472 5832 COMSysApp - ok

19:01:38.0550 5832 [ C50FCA785F1AA611A7F49A84AB9C30FE ] cphs C:\windows\SysWow64\IntelCpHeciSvc.exe

19:01:38.0565 5832 cphs - ok

19:01:38.0597 5832 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys

19:01:38.0597 5832 crcdisk - ok

19:01:38.0675 5832 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll

19:01:38.0675 5832 CryptSvc - ok

19:01:38.0721 5832 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll

19:01:38.0737 5832 DcomLaunch - ok

19:01:38.0784 5832 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll

19:01:38.0784 5832 defragsvc - ok

19:01:38.0831 5832 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys

19:01:38.0831 5832 DfsC - ok

19:01:38.0862 5832 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll

19:01:38.0862 5832 Dhcp - ok

19:01:38.0877 5832 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys

19:01:38.0877 5832 discache - ok

19:01:38.0909 5832 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys

19:01:38.0909 5832 Disk - ok

19:01:38.0955 5832 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll

19:01:38.0955 5832 Dnscache - ok

19:01:38.0987 5832 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll

19:01:39.0002 5832 dot3svc - ok

19:01:39.0002 5832 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll

19:01:39.0002 5832 DPS - ok

19:01:39.0033 5832 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys

19:01:39.0033 5832 drmkaud - ok

19:01:39.0096 5832 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\windows\system32\DRIVERS\dtsoftbus01.sys

19:01:39.0096 5832 dtsoftbus01 - ok

19:01:39.0143 5832 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys

19:01:39.0158 5832 DXGKrnl - ok

19:01:39.0189 5832 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll

19:01:39.0189 5832 EapHost - ok

19:01:39.0283 5832 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys

19:01:39.0330 5832 ebdrv - ok

19:01:39.0361 5832 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe

19:01:39.0361 5832 EFS - ok

19:01:39.0439 5832 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe

19:01:39.0455 5832 ehRecvr - ok

19:01:39.0455 5832 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe

19:01:39.0455 5832 ehSched - ok

19:01:39.0486 5832 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys

19:01:39.0501 5832 elxstor - ok

19:01:39.0517 5832 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys

19:01:39.0517 5832 ErrDev - ok

19:01:39.0564 5832 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll

19:01:39.0564 5832 EventSystem - ok

19:01:39.0595 5832 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys

19:01:39.0595 5832 exfat - ok

19:01:39.0611 5832 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys

19:01:39.0611 5832 fastfat - ok

19:01:39.0642 5832 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe

19:01:39.0657 5832 Fax - ok

19:01:39.0673 5832 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys

19:01:39.0673 5832 fdc - ok

19:01:39.0704 5832 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll

19:01:39.0704 5832 fdPHost - ok

19:01:39.0704 5832 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll

19:01:39.0720 5832 FDResPub - ok

19:01:39.0735 5832 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys

19:01:39.0735 5832 FileInfo - ok

19:01:39.0751 5832 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys

19:01:39.0751 5832 Filetrace - ok

19:01:39.0767 5832 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys

19:01:39.0782 5832 flpydisk - ok

19:01:39.0782 5832 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys

19:01:39.0782 5832 FltMgr - ok

19:01:39.0845 5832 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll

19:01:39.0860 5832 FontCache - ok

19:01:39.0923 5832 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

19:01:39.0923 5832 FontCache3.0.0.0 - ok

19:01:39.0938 5832 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys

19:01:39.0938 5832 FsDepends - ok

19:01:39.0985 5832 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys

19:01:39.0985 5832 Fs_Rec - ok

19:01:40.0032 5832 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys

19:01:40.0032 5832 fvevol - ok

19:01:40.0063 5832 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys

19:01:40.0063 5832 gagp30kx - ok

19:01:40.0125 5832 [ 521A469CAF61F00E1DE081CC2099C1D6 ] GameConsoleService C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe

19:01:40.0141 5832 GameConsoleService - ok

19:01:40.0172 5832 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll

19:01:40.0188 5832 gpsvc - ok

19:01:40.0203 5832 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys

19:01:40.0203 5832 hcw85cir - ok

19:01:40.0235 5832 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys

19:01:40.0235 5832 HdAudAddService - ok

19:01:40.0266 5832 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys

19:01:40.0266 5832 HDAudBus - ok

19:01:40.0281 5832 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys

19:01:40.0281 5832 HidBatt - ok

19:01:40.0281 5832 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys

19:01:40.0297 5832 HidBth - ok

19:01:40.0313 5832 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys

19:01:40.0313 5832 HidIr - ok

19:01:40.0328 5832 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll

19:01:40.0328 5832 hidserv - ok

19:01:40.0375 5832 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys

19:01:40.0375 5832 HidUsb - ok

19:01:40.0406 5832 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll

19:01:40.0406 5832 hkmsvc - ok

19:01:40.0422 5832 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll

19:01:40.0422 5832 HomeGroupListener - ok

19:01:40.0453 5832 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll

19:01:40.0453 5832 HomeGroupProvider - ok

19:01:40.0484 5832 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys

19:01:40.0484 5832 HpSAMD - ok

19:01:40.0515 5832 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys

19:01:40.0515 5832 HTTP - ok

19:01:40.0547 5832 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys

19:01:40.0547 5832 hwpolicy - ok

19:01:40.0578 5832 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys

19:01:40.0578 5832 i8042prt - ok

19:01:40.0671 5832 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\windows\system32\DRIVERS\iaStor.sys

19:01:40.0671 5832 iaStor - ok

19:01:40.0718 5832 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys

19:01:40.0734 5832 iaStorV - ok

19:01:40.0796 5832 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

19:01:40.0827 5832 idsvc - ok

19:01:41.0155 5832 [ 54E37A4E66B2CA1C38E9728FAD5F9822 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys

19:01:41.0436 5832 igfx - ok

19:01:41.0483 5832 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys

19:01:41.0483 5832 iirsp - ok

19:01:41.0545 5832 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll

19:01:41.0545 5832 IKEEXT - ok

19:01:41.0685 5832 [ 6EF96DF5184DDB95A12107B8D7531FB7 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys

19:01:41.0763 5832 IntcAzAudAddService - ok

19:01:41.0810 5832 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys

19:01:41.0826 5832 IntcDAud - ok

19:01:41.0935 5832 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe

19:01:41.0935 5832 Intel® Capability Licensing Service Interface - ok

19:01:42.0013 5832 [ 9571D8BDB56EBC52280E8020574508E6 ] Intel® ME Service C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

19:01:42.0013 5832 Intel® ME Service - ok

19:01:42.0029 5832 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys

19:01:42.0029 5832 intelide - ok

19:01:42.0075 5832 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys

19:01:42.0075 5832 intelppm - ok

19:01:42.0107 5832 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll

19:01:42.0107 5832 IPBusEnum - ok

19:01:42.0138 5832 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys

19:01:42.0138 5832 IpFilterDriver - ok

19:01:42.0169 5832 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll

19:01:42.0185 5832 iphlpsvc - ok

19:01:42.0185 5832 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys

19:01:42.0185 5832 IPMIDRV - ok

19:01:42.0200 5832 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys

19:01:42.0200 5832 IPNAT - ok

19:01:42.0231 5832 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys

19:01:42.0231 5832 IRENUM - ok

19:01:42.0263 5832 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys

19:01:42.0263 5832 isapnp - ok

19:01:42.0294 5832 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys

19:01:42.0294 5832 iScsiPrt - ok

19:01:42.0341 5832 [ DBD76BC1D498FE368F2C8CB76C3E00A4 ] jhi_service C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

19:01:42.0341 5832 jhi_service - ok

19:01:42.0372 5832 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys

19:01:42.0372 5832 kbdclass - ok

19:01:42.0403 5832 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys

19:01:42.0403 5832 kbdhid - ok

19:01:42.0434 5832 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe

19:01:42.0434 5832 KeyIso - ok

19:01:42.0465 5832 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys

19:01:42.0465 5832 KSecDD - ok

19:01:42.0481 5832 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys

19:01:42.0497 5832 KSecPkg - ok

19:01:42.0497 5832 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys

19:01:42.0497 5832 ksthunk - ok

19:01:42.0528 5832 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll

19:01:42.0559 5832 KtmRm - ok

19:01:42.0590 5832 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll

19:01:42.0590 5832 LanmanServer - ok

19:01:42.0621 5832 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll

19:01:42.0637 5832 LanmanWorkstation - ok

19:01:42.0668 5832 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys

19:01:42.0668 5832 lltdio - ok

19:01:42.0715 5832 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll

19:01:42.0731 5832 lltdsvc - ok

19:01:42.0746 5832 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll

19:01:42.0762 5832 lmhosts - ok

19:01:42.0824 5832 [ 86E4CC39C953D11EF57CF54C4DC78238 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

19:01:42.0824 5832 LMS - ok

19:01:42.0855 5832 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys

19:01:42.0855 5832 LSI_FC - ok

19:01:42.0887 5832 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys

19:01:42.0887 5832 LSI_SAS - ok

19:01:42.0902 5832 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys

19:01:42.0902 5832 LSI_SAS2 - ok

19:01:42.0918 5832 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys

19:01:42.0918 5832 LSI_SCSI - ok

19:01:42.0933 5832 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys

19:01:42.0949 5832 luafv - ok

19:01:42.0980 5832 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll

19:01:42.0980 5832 Mcx2Svc - ok

19:01:43.0011 5832 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys

19:01:43.0011 5832 megasas - ok

19:01:43.0043 5832 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys

19:01:43.0043 5832 MegaSR - ok

19:01:43.0089 5832 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys

19:01:43.0089 5832 MEIx64 - ok

19:01:43.0167 5832 Microsoft SharePoint Workspace Audit Service - ok

19:01:43.0183 5832 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll

19:01:43.0199 5832 MMCSS - ok

19:01:43.0214 5832 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys

19:01:43.0214 5832 Modem - ok

19:01:43.0245 5832 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys

19:01:43.0261 5832 monitor - ok

19:01:43.0277 5832 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys

19:01:43.0277 5832 mouclass - ok

19:01:43.0323 5832 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys

19:01:43.0339 5832 mouhid - ok

19:01:43.0339 5832 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys

19:01:43.0339 5832 mountmgr - ok

19:01:43.0401 5832 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

19:01:43.0401 5832 MozillaMaintenance - ok

19:01:43.0417 5832 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys

19:01:43.0433 5832 mpio - ok

19:01:43.0448 5832 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys

19:01:43.0448 5832 mpsdrv - ok

19:01:43.0495 5832 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll

19:01:43.0511 5832 MpsSvc - ok

19:01:43.0526 5832 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys

19:01:43.0526 5832 MRxDAV - ok

19:01:43.0557 5832 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys

19:01:43.0557 5832 mrxsmb - ok

19:01:43.0573 5832 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys

19:01:43.0573 5832 mrxsmb10 - ok

19:01:43.0589 5832 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys

19:01:43.0604 5832 mrxsmb20 - ok

19:01:43.0620 5832 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys

19:01:43.0620 5832 msahci - ok

19:01:43.0651 5832 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys

19:01:43.0651 5832 msdsm - ok

19:01:43.0667 5832 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe

19:01:43.0682 5832 MSDTC - ok

19:01:43.0698 5832 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys

19:01:43.0698 5832 Msfs - ok

19:01:43.0729 5832 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys

19:01:43.0729 5832 mshidkmdf - ok

19:01:43.0729 5832 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys

19:01:43.0729 5832 msisadrv - ok

19:01:43.0760 5832 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll

19:01:43.0776 5832 MSiSCSI - ok

19:01:43.0776 5832 msiserver - ok

19:01:43.0823 5832 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys

19:01:43.0823 5832 MSKSSRV - ok

19:01:43.0823 5832 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys

19:01:43.0823 5832 MSPCLOCK - ok

19:01:43.0838 5832 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys

19:01:43.0854 5832 MSPQM - ok

19:01:43.0869 5832 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys

19:01:43.0869 5832 MsRPC - ok

19:01:43.0885 5832 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys

19:01:43.0901 5832 mssmbios - ok

19:01:43.0916 5832 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys

19:01:43.0916 5832 MSTEE - ok

19:01:43.0932 5832 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys

19:01:43.0932 5832 MTConfig - ok

19:01:43.0932 5832 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys

19:01:43.0932 5832 Mup - ok

19:01:43.0979 5832 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll

19:01:43.0994 5832 napagent - ok

19:01:44.0025 5832 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys

19:01:44.0041 5832 NativeWifiP - ok

19:01:44.0103 5832 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys

19:01:44.0119 5832 NDIS - ok

19:01:44.0150 5832 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys

19:01:44.0150 5832 NdisCap - ok

19:01:44.0181 5832 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys

19:01:44.0181 5832 NdisTapi - ok

19:01:44.0197 5832 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys

19:01:44.0197 5832 Ndisuio - ok

19:01:44.0197 5832 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys

19:01:44.0197 5832 NdisWan - ok

19:01:44.0228 5832 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys

19:01:44.0228 5832 NDProxy - ok

19:01:44.0244 5832 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys

19:01:44.0244 5832 NetBIOS - ok

19:01:44.0259 5832 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys

19:01:44.0259 5832 NetBT - ok

19:01:44.0275 5832 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe

19:01:44.0291 5832 Netlogon - ok

19:01:44.0322 5832 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll

19:01:44.0322 5832 Netman - ok

19:01:44.0337 5832 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll

19:01:44.0353 5832 netprofm - ok

19:01:44.0384 5832 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

19:01:44.0400 5832 NetTcpPortSharing - ok

19:01:44.0431 5832 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys

19:01:44.0431 5832 nfrd960 - ok

19:01:44.0462 5832 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll

19:01:44.0462 5832 NlaSvc - ok

19:01:44.0571 5832 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

19:01:44.0603 5832 NOBU - ok

19:01:44.0618 5832 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys

19:01:44.0618 5832 Npfs - ok

19:01:44.0649 5832 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll

19:01:44.0649 5832 nsi - ok

19:01:44.0665 5832 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys

19:01:44.0665 5832 nsiproxy - ok

19:01:44.0727 5832 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys

19:01:44.0743 5832 Ntfs - ok

19:01:44.0774 5832 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys

19:01:44.0774 5832 Null - ok

19:01:45.0133 5832 [ 62CFE4DB3B014D248B70D1076636B001 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys

19:01:45.0445 5832 nvlddmkm - ok

19:01:45.0492 5832 [ 9FD33B959A8FA8912D84589140D18AF5 ] nvpciflt C:\windows\system32\DRIVERS\nvpciflt.sys

19:01:45.0492 5832 nvpciflt - ok

19:01:45.0523 5832 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys

19:01:45.0523 5832 nvraid - ok

19:01:45.0539 5832 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys

19:01:45.0554 5832 nvstor - ok

19:01:45.0601 5832 [ 09EA4E7A5BB2F65DB0818CC5385E0A19 ] nvsvc C:\windows\system32\nvvsvc.exe

19:01:45.0617 5832 nvsvc - ok

19:01:45.0710 5832 [ 961A4BD1A239F032056CE5F9B61CAE6D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

19:01:45.0741 5832 nvUpdatusService - ok

19:01:45.0773 5832 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys

19:01:45.0788 5832 nv_agp - ok

19:01:45.0788 5832 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys

19:01:45.0804 5832 ohci1394 - ok

19:01:45.0866 5832 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

19:01:45.0866 5832 ose - ok

19:01:46.0069 5832 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

19:01:46.0163 5832 osppsvc - ok

19:01:46.0209 5832 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll

19:01:46.0209 5832 p2pimsvc - ok

19:01:46.0241 5832 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll

19:01:46.0256 5832 p2psvc - ok

19:01:46.0272 5832 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys

19:01:46.0272 5832 Parport - ok

19:01:46.0319 5832 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys

19:01:46.0319 5832 partmgr - ok

19:01:46.0334 5832 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll

19:01:46.0334 5832 PcaSvc - ok

19:01:46.0350 5832 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys

19:01:46.0365 5832 pci - ok

19:01:46.0381 5832 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys

19:01:46.0381 5832 pciide - ok

19:01:46.0397 5832 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys

19:01:46.0397 5832 pcmcia - ok

19:01:46.0412 5832 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys

19:01:46.0412 5832 pcw - ok

19:01:46.0428 5832 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys

19:01:46.0443 5832 PEAUTH - ok

19:01:46.0506 5832 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe

19:01:46.0521 5832 PerfHost - ok

19:01:46.0584 5832 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll

19:01:46.0599 5832 pla - ok

19:01:46.0662 5832 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll

19:01:46.0662 5832 PlugPlay - ok

19:01:46.0693 5832 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll

19:01:46.0693 5832 PNRPAutoReg - ok

19:01:46.0709 5832 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll

19:01:46.0709 5832 PNRPsvc - ok

19:01:46.0740 5832 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll

19:01:46.0755 5832 PolicyAgent - ok

19:01:46.0802 5832 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll

19:01:46.0802 5832 Power - ok

19:01:46.0833 5832 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys

19:01:46.0849 5832 PptpMiniport - ok

19:01:46.0849 5832 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys

19:01:46.0865 5832 Processor - ok

19:01:46.0896 5832 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll

19:01:46.0911 5832 ProfSvc - ok

19:01:46.0927 5832 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe

19:01:46.0927 5832 ProtectedStorage - ok

19:01:46.0958 5832 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys

19:01:46.0958 5832 Psched - ok

19:01:47.0005 5832 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys

19:01:47.0021 5832 ql2300 - ok

19:01:47.0036 5832 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys

19:01:47.0036 5832 ql40xx - ok

19:01:47.0067 5832 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll

19:01:47.0067 5832 QWAVE - ok

19:01:47.0083 5832 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys

19:01:47.0083 5832 QWAVEdrv - ok

19:01:47.0099 5832 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys

19:01:47.0099 5832 RasAcd - ok

19:01:47.0145 5832 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys

19:01:47.0145 5832 RasAgileVpn - ok

19:01:47.0161 5832 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll

19:01:47.0161 5832 RasAuto - ok

19:01:47.0177 5832 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys

19:01:47.0177 5832 Rasl2tp - ok

19:01:47.0192 5832 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll

19:01:47.0208 5832 RasMan - ok

19:01:47.0208 5832 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys

19:01:47.0208 5832 RasPppoe - ok

19:01:47.0208 5832 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys

19:01:47.0223 5832 RasSstp - ok

19:01:47.0239 5832 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys

19:01:47.0239 5832 rdbss - ok

19:01:47.0255 5832 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys

19:01:47.0255 5832 rdpbus - ok

19:01:47.0286 5832 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys

19:01:47.0286 5832 RDPCDD - ok

19:01:47.0317 5832 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys

19:01:47.0317 5832 RDPENCDD - ok

19:01:47.0333 5832 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys

19:01:47.0348 5832 RDPREFMP - ok

19:01:47.0379 5832 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys

19:01:47.0379 5832 RDPWD - ok

19:01:47.0395 5832 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys

19:01:47.0395 5832 rdyboost - ok

19:01:47.0426 5832 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll

19:01:47.0442 5832 RemoteAccess - ok

19:01:47.0457 5832 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll

19:01:47.0457 5832 RemoteRegistry - ok

19:01:47.0504 5832 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys

19:01:47.0504 5832 RFCOMM - ok

19:01:47.0567 5832 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

19:01:47.0582 5832 RichVideo - ok

19:01:47.0598 5832 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll

19:01:47.0598 5832 RpcEptMapper - ok

19:01:47.0645 5832 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe

19:01:47.0645 5832 RpcLocator - ok

19:01:47.0660 5832 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll

19:01:47.0676 5832 RpcSs - ok

19:01:47.0707 5832 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys

19:01:47.0707 5832 rspndr - ok

19:01:47.0785 5832 [ 6CF9DB101A75360E98659F823852E540 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys

19:01:47.0785 5832 RTL8167 - ok

19:01:47.0816 5832 [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI C:\windows\system32\Drivers\SABI.sys

19:01:47.0816 5832 SABI - ok

19:01:47.0847 5832 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe

19:01:47.0847 5832 SamSs - ok

19:01:47.0910 5832 [ 5E66ABD041D76C46CBF55AEF910FCA56 ] SamsungDeviceConfigurationWinService C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe

19:01:47.0910 5832 SamsungDeviceConfigurationWinService - ok

19:01:47.0925 5832 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys

19:01:47.0925 5832 sbp2port - ok

19:01:47.0957 5832 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll

19:01:47.0957 5832 SCardSvr - ok

19:01:47.0972 5832 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys

19:01:47.0972 5832 scfilter - ok

19:01:48.0019 5832 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll

19:01:48.0019 5832 Schedule - ok

19:01:48.0050 5832 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll

19:01:48.0066 5832 SCPolicySvc - ok

19:01:48.0081 5832 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll

19:01:48.0097 5832 SDRSVC - ok

19:01:48.0159 5832 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

19:01:48.0159 5832 SeaPort - ok

19:01:48.0206 5832 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys

19:01:48.0206 5832 secdrv - ok

19:01:48.0222 5832 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll

19:01:48.0222 5832 seclogon - ok

19:01:48.0237 5832 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll

19:01:48.0237 5832 SENS - ok

19:01:48.0269 5832 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll

19:01:48.0284 5832 SensrSvc - ok

19:01:48.0300 5832 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys

19:01:48.0300 5832 Serenum - ok

19:01:48.0331 5832 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys

19:01:48.0331 5832 Serial - ok

19:01:48.0347 5832 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys

19:01:48.0347 5832 sermouse - ok

19:01:48.0378 5832 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll

19:01:48.0378 5832 SessionEnv - ok

19:01:48.0393 5832 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys

19:01:48.0393 5832 sffdisk - ok

19:01:48.0393 5832 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys

19:01:48.0393 5832 sffp_mmc - ok

19:01:48.0393 5832 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys

19:01:48.0409 5832 sffp_sd - ok

19:01:48.0425 5832 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys

19:01:48.0425 5832 sfloppy - ok

19:01:48.0456 5832 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll

19:01:48.0456 5832 SharedAccess - ok

19:01:48.0503 5832 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll

19:01:48.0503 5832 ShellHWDetection - ok

19:01:48.0549 5832 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys

19:01:48.0549 5832 SiSRaid2 - ok

19:01:48.0565 5832 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys

19:01:48.0565 5832 SiSRaid4 - ok

19:01:48.0612 5832 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

19:01:48.0627 5832 SkypeUpdate - ok

19:01:48.0643 5832 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys

19:01:48.0643 5832 Smb - ok

19:01:48.0674 5832 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe

19:01:48.0674 5832 SNMPTRAP - ok

19:01:48.0690 5832 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys

19:01:48.0690 5832 spldr - ok

19:01:48.0737 5832 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe

19:01:48.0737 5832 Spooler - ok

19:01:48.0830 5832 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe

19:01:48.0877 5832 sppsvc - ok

19:01:48.0877 5832 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll

19:01:48.0893 5832 sppuinotify - ok

19:01:48.0908 5832 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys

19:01:48.0924 5832 srv - ok

19:01:48.0939 5832 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys

19:01:48.0939 5832 srv2 - ok

19:01:48.0955 5832 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys

19:01:48.0955 5832 srvnet - ok

19:01:49.0002 5832 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll

19:01:49.0002 5832 SSDPSRV - ok

19:01:49.0017 5832 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll

19:01:49.0033 5832 SstpSvc - ok

19:01:49.0049 5832 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys

19:01:49.0049 5832 stexstor - ok

19:01:49.0095 5832 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll

19:01:49.0095 5832 stisvc - ok

19:01:49.0127 5832 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys

19:01:49.0127 5832 swenum - ok

19:01:49.0142 5832 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll

19:01:49.0158 5832 swprv - ok

19:01:49.0205 5832 [ 7E488378004FF5F9DCD1711522B1241A ] SynTP C:\windows\system32\DRIVERS\SynTP.sys

19:01:49.0205 5832 SynTP - ok

19:01:49.0267 5832 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll

19:01:49.0283 5832 SysMain - ok

19:01:49.0314 5832 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll

19:01:49.0314 5832 TabletInputService - ok

19:01:49.0329 5832 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll

19:01:49.0345 5832 TapiSrv - ok

19:01:49.0361 5832 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll

19:01:49.0361 5832 TBS - ok

19:01:49.0454 5832 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys

19:01:49.0470 5832 Tcpip - ok

19:01:49.0517 5832 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys

19:01:49.0532 5832 TCPIP6 - ok

19:01:49.0579 5832 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys

19:01:49.0579 5832 tcpipreg - ok

19:01:49.0595 5832 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys

19:01:49.0595 5832 TDPIPE - ok

19:01:49.0626 5832 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys

19:01:49.0626 5832 TDTCP - ok

19:01:49.0641 5832 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys

19:01:49.0641 5832 tdx - ok

19:01:49.0657 5832 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys

19:01:49.0657 5832 TermDD - ok

19:01:49.0704 5832 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll

19:01:49.0704 5832 TermService - ok

19:01:49.0719 5832 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll

19:01:49.0719 5832 Themes - ok

19:01:49.0751 5832 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll

19:01:49.0766 5832 THREADORDER - ok

19:01:49.0782 5832 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll

19:01:49.0782 5832 TrkWks - ok

19:01:49.0829 5832 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe

19:01:49.0829 5832 TrustedInstaller - ok

19:01:49.0860 5832 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys

19:01:49.0860 5832 tssecsrv - ok

19:01:49.0891 5832 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys

19:01:49.0891 5832 TsUsbFlt - ok

19:01:49.0907 5832 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys

19:01:49.0907 5832 TsUsbGD - ok

19:01:49.0938 5832 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys

19:01:49.0953 5832 tunnel - ok

19:01:49.0969 5832 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys

19:01:49.0969 5832 uagp35 - ok

19:01:49.0985 5832 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys

19:01:49.0985 5832 udfs - ok

19:01:50.0031 5832 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe

19:01:50.0031 5832 UI0Detect - ok

19:01:50.0078 5832 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys

19:01:50.0078 5832 uliagpkx - ok

19:01:50.0094 5832 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys

19:01:50.0109 5832 umbus - ok

19:01:50.0141 5832 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys

19:01:50.0141 5832 UmPass - ok

19:01:50.0265 5832 [ D80B1075B69B57A3AB78F750CE463ECE ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

19:01:50.0265 5832 UNS - ok

19:01:50.0281 5832 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll

19:01:50.0297 5832 upnphost - ok

19:01:50.0328 5832 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys

19:01:50.0328 5832 usbccgp - ok

19:01:50.0343 5832 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys

19:01:50.0343 5832 usbcir - ok

19:01:50.0375 5832 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys

19:01:50.0375 5832 usbehci - ok

19:01:50.0406 5832 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys

19:01:50.0406 5832 usbhub - ok

19:01:50.0421 5832 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys

19:01:50.0421 5832 usbohci - ok

19:01:50.0437 5832 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys

19:01:50.0437 5832 usbprint - ok

19:01:50.0468 5832 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS

19:01:50.0468 5832 USBSTOR - ok

19:01:50.0499 5832 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys

19:01:50.0499 5832 usbuhci - ok

19:01:50.0546 5832 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys

19:01:50.0546 5832 usbvideo - ok

19:01:50.0593 5832 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll

19:01:50.0593 5832 UxSms - ok

19:01:50.0609 5832 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe

19:01:50.0624 5832 VaultSvc - ok

19:01:50.0655 5832 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys

19:01:50.0655 5832 vdrvroot - ok

19:01:50.0687 5832 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe

19:01:50.0687 5832 vds - ok

19:01:50.0718 5832 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys

19:01:50.0718 5832 vga - ok

19:01:50.0718 5832 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys

19:01:50.0718 5832 VgaSave - ok

19:01:50.0780 5832 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys

19:01:50.0796 5832 vhdmp - ok

19:01:50.0811 5832 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys

19:01:50.0811 5832 viaide - ok

19:01:50.0827 5832 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys

19:01:50.0827 5832 volmgr - ok

19:01:50.0843 5832 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys

19:01:50.0858 5832 volmgrx - ok

19:01:50.0874 5832 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys

19:01:50.0889 5832 volsnap - ok

19:01:50.0967 5832 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys

19:01:50.0967 5832 vsmraid - ok

19:01:51.0061 5832 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe

19:01:51.0077 5832 VSS - ok

19:01:51.0123 5832 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys

19:01:51.0123 5832 vwifibus - ok

19:01:51.0155 5832 [ 13A0DECD1794DE60A8427862C8669D27 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys

19:01:51.0155 5832 vwififlt - ok

19:01:51.0201 5832 [ 49003B357D101CDC474937437ECF5ABC ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys

19:01:51.0201 5832 vwifimp - ok

19:01:51.0248 5832 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll

19:01:51.0248 5832 W32Time - ok

19:01:51.0279 5832 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys

19:01:51.0279 5832 WacomPen - ok

19:01:51.0326 5832 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys

19:01:51.0326 5832 WANARP - ok

19:01:51.0326 5832 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys

19:01:51.0342 5832 Wanarpv6 - ok

19:01:51.0404 5832 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe

19:01:51.0451 5832 WatAdminSvc - ok

19:01:51.0513 5832 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe

19:01:51.0529 5832 wbengine - ok

19:01:51.0560 5832 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll

19:01:51.0560 5832 WbioSrvc - ok

19:01:51.0576 5832 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll

19:01:51.0576 5832 wcncsvc - ok

19:01:51.0607 5832 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll

19:01:51.0607 5832 WcsPlugInService - ok

19:01:51.0638 5832 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys

19:01:51.0638 5832 Wd - ok

19:01:51.0685 5832 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys

19:01:51.0685 5832 Wdf01000 - ok

19:01:51.0701 5832 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll

19:01:51.0701 5832 WdiServiceHost - ok

19:01:51.0701 5832 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll

19:01:51.0716 5832 WdiSystemHost - ok

19:01:51.0732 5832 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll

19:01:51.0732 5832 WebClient - ok

19:01:51.0763 5832 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll

19:01:51.0779 5832 Wecsvc - ok

19:01:51.0779 5832 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll

19:01:51.0794 5832 wercplsupport - ok

19:01:51.0810 5832 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll

19:01:51.0810 5832 WerSvc - ok

19:01:51.0825 5832 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys

19:01:51.0841 5832 WfpLwf - ok

19:01:51.0857 5832 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys

19:01:51.0857 5832 WIMMount - ok

19:01:51.0888 5832 WinDefend - ok

19:01:51.0888 5832 WinHttpAutoProxySvc - ok

19:01:51.0966 5832 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll

19:01:51.0981 5832 Winmgmt - ok

19:01:52.0028 5832 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll

19:01:52.0059 5832 WinRM - ok

19:01:52.0137 5832 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll

19:01:52.0153 5832 Wlansvc - ok

19:01:52.0215 5832 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

19:01:52.0215 5832 wlcrasvc - ok

19:01:52.0325 5832 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

19:01:52.0356 5832 wlidsvc - ok

19:01:52.0371 5832 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys

19:01:52.0371 5832 WmiAcpi - ok

19:01:52.0403 5832 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe

19:01:52.0403 5832 wmiApSrv - ok

19:01:52.0434 5832 WMPNetworkSvc - ok

19:01:52.0465 5832 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll

19:01:52.0465 5832 WPCSvc - ok

19:01:52.0481 5832 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll

19:01:52.0481 5832 WPDBusEnum - ok

19:01:52.0512 5832 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys

19:01:52.0512 5832 ws2ifsl - ok

19:01:52.0527 5832 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll

19:01:52.0527 5832 wscsvc - ok

19:01:52.0543 5832 WSearch - ok

19:01:52.0621 5832 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll

19:01:52.0652 5832 wuauserv - ok

19:01:52.0683 5832 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys

19:01:52.0683 5832 WudfPf - ok

19:01:52.0746 5832 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys

19:01:52.0746 5832 WUDFRd - ok

19:01:52.0777 5832 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll

19:01:52.0777 5832 wudfsvc - ok

19:01:52.0793 5832 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll

19:01:52.0808 5832 WwanSvc - ok

19:01:52.0886 5832 [ A5B25E310678175F4779499FFF7D0994 ] ZAtheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

19:01:52.0886 5832 ZAtheros Bt&Wlan Coex Agent - ok

19:01:52.0933 5832 ================ Scan global ===============================

19:01:52.0964 5832 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll

19:01:52.0995 5832 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll

19:01:53.0011 5832 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll

19:01:53.0042 5832 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll

19:01:53.0089 5832 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe

19:01:53.0089 5832 [Global] - ok

19:01:53.0089 5832 ================ Scan MBR ==================================

19:01:53.0105 5832 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0

19:01:53.0339 5832 \Device\Harddisk0\DR0 - ok

19:01:53.0339 5832 ================ Scan VBR ==================================

19:01:53.0339 5832 [ 14EBED93A4EA68FE60406008EB0D8E85 ] \Device\Harddisk0\DR0\Partition1

19:01:53.0339 5832 \Device\Harddisk0\DR0\Partition1 - ok

19:01:53.0354 5832 [ 975A35D2D4DA727F4B1160760DE1F7AF ] \Device\Harddisk0\DR0\Partition2

19:01:53.0354 5832 \Device\Harddisk0\DR0\Partition2 - ok

19:01:53.0354 5832 ============================================================

19:01:53.0354 5832 Scan finished

19:01:53.0354 5832 ============================================================

19:01:53.0370 5664 Detected object count: 0

19:01:53.0370 5664 Actual detected object count: 0

19:03:01.0823 0736 Deinitialize success

RKReport log

RogueKiller V8.0.5 [09/23/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Sean and Emma [Admin rights]

Mode : Scan -- Date : 09/26/2012 19:05:25

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST750LM022 HN-M750MBB +++++

--- User ---

[MBR] f8cb6d41857151d96c83fd1db7031311

[bSP] 6999a457c453a9ecd767a271bcda63c6 : KIWI Image system MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 690257 Mo

2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1413853184 | Size: 25046 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Thanks for the help!

[Maurice Naggar]

The standard Avira is an antivirus (ie the Avira AntiVir free) as opposed to Avira Internet Security which does include a firewall.

Did you buy either one of Avira or Comodo ? Let me know.

It is just that you had 2 active antivirus apps, which is not a good idea.

Clear out temp files

Download TFC by OldTimer and SAVE it to your desktop

• Double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
  

New MBAM scan

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Reply with copy/paste of the latest MBAM scan log, and confirm for me please, that your have run TFC.

Next

Download Security Check by screen317 from here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Edited September 26, 2012 by Maurice Naggar

[sean1604]

I thought one of them was a firewall but no neither of them were the paid version, windows firewall is now enabled which you can see in the last log you asked for, any tips on a good free firewall then? I have this set up on another computer so i'll need to look at this! Also should I delete the original trojan file from the quarantine on mbam or does this matter?

Here are the logs;

MBAM log and TFC was run

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.26.12

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Sean and Emma :: DORRIE [administrator]

26/09/2012 21:29:56

mbam-log-2012-09-26 (21-29-56).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 238932

Time elapsed: 3 minute(s), 40 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Security check checkup

Results of screen317's Security Check version 0.99.51

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Avira Desktop

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.0.1400

Adobe Flash Player 11.4.402.265

Adobe Reader X (10.1.4)

Mozilla Firefox (15.0)

````````Process Check: objlist.exe by Laurent````````

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

Symantec Norton Online Backup NOBuAgent.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

[Maurice Naggar]

The results of MBAM and Security Check are very good.

On antivirus, the principle is to have just 1 antivirus as the active, realtime monitor. Having 2 active antiviruses leads to conflicts.

On firewall, if you wish to have a 3rd-party firewall, since you already have the antivirus, you would only get the firewall component only (NO additional antivirus).

Frankly, if you have a hardware router (between the incoming internet modem and your computer) then you do not need a 3rd-party one; the Windows 7 firewall does a good job.

IF and only if you decide you do want the 3rd-party firewall, the plain-vanilla Comodo "firewall-only" will do.

You may have MBAM retain the quarantine item (it won't go anywhere) OR you can go to the Quarantine tab and do a Delete All.

The last MBAM scan, as I said, is very good.

Download Dr.Web CureIt to the desktop.

• Turn OFF your antivirus program.
  How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  
• Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  
• Once the short scan has finished, chose the Complete Scan.
  
• Select all drives. A red dot shows which drives have been chosen.
  
• Click the green arrow at the right, and the scan will start.
  
• Click 'Yes to all' if it asks if you want to cure/move the file.
  
• When the scan has finished, look and see if you can click the following icon next to the files found:
  
  
• If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
  
• This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  
• Save the report to your desktop. The report will be called DrWeb.csv
  
• Close Dr.Web Cureit.
  
• Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  
• After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
  

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Re-Enable your antivirus program when all done.

[sean1604]

I ran the scan, both express and complete scan (took a while) and it wouldn't let me save a report but there was no virus's reported in either. I guess that might be why. Am I all good now or is there anything else you want me to run mate?

[sean1604]

Sorry I couldn't edit my post, also could you post a list of anything I need to undo that you have asked me to do?

[Maurice Naggar]

Hello Sean,

Have your friend change all her passwords (especially for Hotmail) on all her online accounts.

Use strong passwords as per this document at MS http://www.microsoft.com/security/online-privacy/passwords-create.aspx

We can wrap this up now. I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used. Advise me after you have completed the cleanups.

• Download OTC to your desktop and run it
  
• Click Yes to beginning the Cleanup process and remove these components, including this application.
  
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  

To re-enable CD Emulation programs using DeFogger please perform these steps:

Please download >> DeFogger <<and save it to your desktop.

• Once downloaded, double-click on the DeFogger icon to start the tool.
  
• The application window will appear.
  
• You should now click on the Enable button to re-enable your CD Emulation drivers.
  
• When it prompts you whether or not you want to continue, please click on the Yes button to continue.
  
• When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  
• If CD Emulation programs are present and have been enabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.

ERUNT you should keep and use periodically to backup Windows registry.

Delete the following if still present:

aswMBR.exe

RogueKiller.exe

TDSSKILLER.exe

SecurityCheck.exe

Dr Web Cure-It

Safer practices & malware prevention

• Have a hardware router between the incoming internet-modem and your computer.
  
• Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.
  
• Check in at Windows Update and install any Critical Updates offered.
  
• Make certain that Automatic Updates is enabled.
  How to configure and use Automatic Updates in Windows
  http://support.microsoft.com/kb/306525
  
• Check on other update issues as well, visit Secunia Online Software Inspector (OSI)
  See How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector
  
• Download, install, and keep updated Spyware Blaster (free): http://www.javacoolsoftware.com/spywareblaster.html (all Protections should be enabled at all times)
  Tutorial for Spywareblaster: Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware
  
• I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm
  See the FAQ page http://mvps.org/winhelp2002/hostsfaq.htm
  That would help to keep your browser away from known spyware/malware sites.
  
• Make regular backups of your system to removable media: DVD, USB external hard drive, etc.
  Having a total image backup of your system stored on DVD/CD is highly important.
  Get and make use of imaging-backup utilities and save them to offline media. That way you have something to fall back to if another disaster hits.
  Examples of image backup software: Acronis True Image, or the free (for personal use) Macrium Reflect http://www.macrium.com/reflectfree.asp
  or Paragon Backup & Recovery http://www.paragon-software.com/home/br-free/download.html
  
• Consider using Web of Trust WOT add-on for your browser(s)
  http://www.mywot.com/en/download
  http://www.mywot.com/en/faq/add-on
  On some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:
  ESET Online Scanner
  BitDefender Quickscan
  Trend Micro Housecall
  F-Secure Online Scanner
  Microsoft Safety Scanner
  Panda ActiveScan
  
• See Six tips to help you stay safer online
  
• Never, ever download free games, free tools, videos, mutli-media files or anything free unless you can be absolutely sure the source is safe !
  

We are finished here. Best regards.

[sean1604]

Thanks for all your help with this!

[Maurice Naggar]

You are very welcome Glad to be of help.

All the best.