Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Mother's laptop was taken over remotely...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Mother's laptop was taken over remotely...

Unread postby Jimin » April 20th, 2012, 1:40 pm

By those nasty types who phone you up and tell you that you have a virus.

So she found that when connected to the internet, everything ran super slow. I tried booting in safe mode and running anti malware software. It wouldn't load such programs from disc. So I used Emsisoft anti malware from a USB stick. That found no problems.

I've ended up here. (Hello, everyone!) Below are the contents of the DDS scan I ran.

.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 9.0.8112.16421
Run by Iaino at 17:26:42 on 2012-04-20
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.1982.1335 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
E:\ANTI~1\RUN~1\a2emergencykit.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
StartupFolder: c:\users\iaino\appdata\roaming\micros~1\windows\startm~1\programs\startup\impuls~1.lnk - c:\program files\stardock\impulse\now\ImpulseNow.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{68AF6F8C-CB02-43E5-AC7D-6F388CF99C18} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{68AF6F8C-CB02-43E5-AC7D-6F388CF99C18}\24F6F647562737D277962756C6563737 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{68AF6F8C-CB02-43E5-AC7D-6F388CF99C18}\37A6C6F667567627F66756 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{68AF6F8C-CB02-43E5-AC7D-6F388CF99C18}\4586F6D637F6E6 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{68AF6F8C-CB02-43E5-AC7D-6F388CF99C18}\F42716E67656640373242423 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D817CF52-3B53-48A4-B4A8-6A654DF13D77} : DhcpNameServer = 192.168.0.1
.
============= SERVICES / DRIVERS ===============
.
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
.
=============== Created Last 30 ================
.
2012-04-12 10:35:03 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fa7aceda-7d09-4ef9-88df-3ea7a9e85f78}\mpengine.dll
2012-04-09 14:55:03 -------- d-----w- c:\program files\Microsoft Security Client
.
==================== Find3M ====================
.
2012-02-17 05:34:22 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-03 03:54:27 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44:05 237072 ----a-w- c:\windows\system32\MpSigStub.exe
2012-01-25 05:32:35 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:32:34 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27:51 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
============= FINISH: 17:29:06.38 ===============

And:

DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 12/01/2011 01:25:24
System Uptime: 20/04/2012 15:12:22 (2 hours ago)
.
Motherboard: FUJITSU SIEMENS | | AMILO PRO V2055
Processor: Intel(R) Celeron(R) M CPU 420 @ 1.60GHz | mPGA 479M | 1596/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 37 GiB total, 14.542 GiB free.
D: is CDROM (CDFS)
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VIA Rhine II Compatible Fast Ethernet Adapter
Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_10CA1734&REV_78\3&18D45AA6&0&90
Manufacturer: VIA Technologies, Inc.
Name: VIA Rhine II Compatible Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_10CA1734&REV_78\3&18D45AA6&0&90
Service: FETNDIS
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID:
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_10CA1734&REV_80\3&18D45AA6&0&8E
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_10CA1734&REV_80\3&18D45AA6&0&8E
Service:
.
==== System Restore Points ===================
.
RP121: 31/03/2012 12:52:17 - Windows Update
RP122: 04/04/2012 12:00:19 - Windows Update
RP123: 07/04/2012 13:02:56 - Windows Update
RP124: 09/04/2012 14:54:31 - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Advanced SystemCare 3
Apple Application Support
Apple Software Update
CCleaner
D3DX10
Digital Camera
FUJIFILM MyFinePix Studio 2.0
Google Chrome
Google Talk (remove only)
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
QuickTime
RAF
Realtek AC'97 Audio
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
20/04/2012 16:17:43, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
20/04/2012 15:35:10, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
20/04/2012 15:24:21, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1283.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 61FCBCFCDE Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
20/04/2012 15:24:21, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1283.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 61FCBCFCDE Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
20/04/2012 15:24:21, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1283.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 61FCBCFCDE Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
20/04/2012 15:24:20, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1283.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 61FCBCFCDE Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
20/04/2012 15:24:19, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1283.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
20/04/2012 15:13:49, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
20/04/2012 15:13:49, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
20/04/2012 15:13:47, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
20/04/2012 15:13:47, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
20/04/2012 15:13:45, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
20/04/2012 15:13:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
20/04/2012 15:13:31, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
20/04/2012 15:13:31, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
20/04/2012 15:13:31, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
20/04/2012 15:13:31, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
20/04/2012 15:13:31, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
20/04/2012 15:13:31, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
20/04/2012 15:13:31, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
20/04/2012 15:13:31, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
20/04/2012 15:13:31, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
20/04/2012 15:13:31, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
20/04/2012 15:13:31, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================


If anyone can make head or tail of the above, I'd be interested to hear. Frankly, I'm resigned to losing the laptop, I imagine it's been irretrievably hijacked.

Anyhow, thanks for reading.

Jim
Jimin
Active Member
 
Posts: 7
Joined: April 20th, 2012, 11:45 am
Advertisement
Register to Remove

Re: Mother's laptop was taken over remotely...

Unread postby deltalima » April 20th, 2012, 3:36 pm

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Mother's laptop was taken over remotely...

Unread postby deltalima » April 20th, 2012, 3:41 pm

Hi Jimin,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
    • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  6. Copy and paste the contents of that file in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Mother's laptop was taken over remotely...

Unread postby Jimin » April 21st, 2012, 7:57 am

Hi

Thanks ever so much for helping.

So, I did as advised. The scan ran fine, I didn't need to rename anything.

However it didn't detect anything. I have a copy of the log file, but I won't post it up since there is nothing to see, right?

No rush, but I look forward to your next advice.

Thanks again

Jim
Jimin
Active Member
 
Posts: 7
Joined: April 20th, 2012, 11:45 am

Re: Mother's laptop was taken over remotely...

Unread postby deltalima » April 21st, 2012, 8:04 am

Please post the log.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Mother's laptop was taken over remotely...

Unread postby Jimin » April 21st, 2012, 8:27 am

Sure sorry.

11:48:49.0991 3772 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
11:48:50.0038 3772 ============================================================
11:48:50.0038 3772 Current date / time: 2012/04/21 11:48:50.0038
11:48:50.0038 3772 SystemInfo:
11:48:50.0038 3772
11:48:50.0038 3772 OS Version: 6.1.7601 ServicePack: 1.0
11:48:50.0038 3772 Product type: Workstation
11:48:50.0038 3772 ComputerName: IAINO-PC
11:48:50.0038 3772 UserName: Iaino
11:48:50.0038 3772 Windows directory: C:\Windows
11:48:50.0038 3772 System windows directory: C:\Windows
11:48:50.0038 3772 Processor architecture: Intel x86
11:48:50.0038 3772 Number of processors: 1
11:48:50.0038 3772 Page size: 0x1000
11:48:50.0038 3772 Boot type: Normal boot
11:48:50.0038 3772 ============================================================
11:48:52.0381 3772 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:48:52.0397 3772 \Device\Harddisk0\DR0:
11:48:52.0397 3772 MBR partitions:
11:48:52.0397 3772 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A81400
11:48:52.0397 3772 C: <-> \Device\Harddisk0\DR0\Partition0
11:48:52.0397 3772 Initialize success
11:48:52.0397 3772 ============================================================
11:49:04.0881 3368 ============================================================
11:49:04.0881 3368 Scan started
11:49:04.0881 3368 Mode: Manual;
11:49:04.0881 3368 ============================================================
11:49:06.0694 3368 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
11:49:06.0725 3368 1394ohci - ok
11:49:06.0850 3368 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
11:49:06.0850 3368 ACPI - ok
11:49:06.0913 3368 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
11:49:06.0928 3368 AcpiPmi - ok
11:49:07.0444 3368 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
11:49:07.0491 3368 adp94xx - ok
11:49:07.0569 3368 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
11:49:07.0584 3368 adpahci - ok
11:49:07.0647 3368 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
11:49:07.0663 3368 adpu320 - ok
11:49:07.0772 3368 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
11:49:07.0772 3368 AeLookupSvc - ok
11:49:08.0084 3368 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys
11:49:08.0100 3368 Afc - ok
11:49:08.0209 3368 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
11:49:08.0225 3368 AFD - ok
11:49:08.0288 3368 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
11:49:08.0303 3368 agp440 - ok
11:49:08.0616 3368 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
11:49:08.0616 3368 aic78xx - ok
11:49:09.0678 3368 ALCXWDM (7997b6f02cbda0e31fa18cc85871b938) C:\Windows\system32\drivers\RTKVAC.SYS
11:49:09.0866 3368 ALCXWDM - ok
11:49:10.0069 3368 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
11:49:10.0084 3368 ALG - ok
11:49:10.0209 3368 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
11:49:10.0241 3368 aliide - ok
11:49:10.0319 3368 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
11:49:10.0334 3368 amdagp - ok
11:49:10.0413 3368 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
11:49:10.0428 3368 amdide - ok
11:49:10.0600 3368 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
11:49:10.0616 3368 AmdK8 - ok
11:49:10.0725 3368 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
11:49:10.0725 3368 AmdPPM - ok
11:49:10.0834 3368 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
11:49:10.0850 3368 amdsata - ok
11:49:10.0959 3368 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
11:49:10.0991 3368 amdsbs - ok
11:49:11.0209 3368 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
11:49:11.0241 3368 amdxata - ok
11:49:11.0350 3368 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
11:49:11.0350 3368 AppID - ok
11:49:11.0475 3368 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
11:49:11.0491 3368 AppIDSvc - ok
11:49:11.0663 3368 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
11:49:11.0694 3368 Appinfo - ok
11:49:11.0881 3368 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
11:49:11.0881 3368 AppMgmt - ok
11:49:11.0991 3368 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
11:49:12.0022 3368 arc - ok
11:49:12.0069 3368 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
11:49:12.0069 3368 arcsas - ok
11:49:12.0241 3368 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
11:49:12.0256 3368 AsyncMac - ok
11:49:12.0350 3368 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
11:49:12.0350 3368 atapi - ok
11:49:12.0694 3368 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
11:49:12.0709 3368 athr - ok
11:49:12.0975 3368 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
11:49:13.0006 3368 AudioEndpointBuilder - ok
11:49:13.0038 3368 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
11:49:13.0038 3368 Audiosrv - ok
11:49:13.0194 3368 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
11:49:13.0209 3368 AxInstSV - ok
11:49:13.0491 3368 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
11:49:13.0522 3368 b06bdrv - ok
11:49:13.0663 3368 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
11:49:13.0663 3368 b57nd60x - ok
11:49:13.0819 3368 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
11:49:13.0834 3368 BDESVC - ok
11:49:13.0913 3368 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
11:49:13.0928 3368 Beep - ok
11:49:14.0131 3368 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
11:49:14.0163 3368 BFE - ok
11:49:14.0506 3368 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
11:49:14.0522 3368 BITS - ok
11:49:14.0663 3368 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
11:49:14.0678 3368 blbdrive - ok
11:49:14.0834 3368 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
11:49:14.0850 3368 bowser - ok
11:49:14.0913 3368 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:49:14.0928 3368 BrFiltLo - ok
11:49:14.0991 3368 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:49:15.0006 3368 BrFiltUp - ok
11:49:15.0131 3368 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
11:49:15.0147 3368 Browser - ok
11:49:15.0459 3368 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
11:49:15.0459 3368 Brserid - ok
11:49:15.0506 3368 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
11:49:15.0506 3368 BrSerWdm - ok
11:49:15.0553 3368 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:49:15.0553 3368 BrUsbMdm - ok
11:49:15.0600 3368 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
11:49:15.0616 3368 BrUsbSer - ok
11:49:15.0647 3368 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
11:49:15.0647 3368 BTHMODEM - ok
11:49:15.0959 3368 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
11:49:15.0959 3368 bthserv - ok
11:49:16.0100 3368 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
11:49:16.0116 3368 cdfs - ok
11:49:16.0444 3368 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
11:49:16.0459 3368 cdrom - ok
11:49:16.0538 3368 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
11:49:16.0538 3368 CertPropSvc - ok
11:49:16.0663 3368 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
11:49:16.0678 3368 circlass - ok
11:49:16.0897 3368 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
11:49:16.0913 3368 CLFS - ok
11:49:17.0100 3368 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:49:17.0272 3368 clr_optimization_v2.0.50727_32 - ok
11:49:17.0475 3368 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:49:17.0475 3368 clr_optimization_v4.0.30319_32 - ok
11:49:17.0741 3368 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
11:49:17.0756 3368 CmBatt - ok
11:49:17.0834 3368 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
11:49:17.0834 3368 cmdide - ok
11:49:17.0913 3368 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
11:49:17.0928 3368 CNG - ok
11:49:18.0038 3368 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
11:49:18.0038 3368 Compbatt - ok
11:49:18.0194 3368 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
11:49:18.0209 3368 CompositeBus - ok
11:49:18.0334 3368 COMSysApp - ok
11:49:18.0475 3368 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
11:49:18.0491 3368 crcdisk - ok
11:49:18.0694 3368 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
11:49:18.0709 3368 CryptSvc - ok
11:49:18.0897 3368 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
11:49:18.0913 3368 CSC - ok
11:49:19.0100 3368 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
11:49:19.0116 3368 CscService - ok
11:49:19.0366 3368 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
11:49:19.0381 3368 DcomLaunch - ok
11:49:19.0491 3368 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
11:49:19.0506 3368 defragsvc - ok
11:49:19.0647 3368 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
11:49:19.0663 3368 DfsC - ok
11:49:19.0975 3368 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
11:49:19.0975 3368 Dhcp - ok
11:49:20.0038 3368 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
11:49:20.0069 3368 discache - ok
11:49:20.0334 3368 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
11:49:20.0428 3368 Disk - ok
11:49:20.0663 3368 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
11:49:20.0663 3368 Dnscache - ok
11:49:20.0756 3368 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
11:49:20.0788 3368 dot3svc - ok
11:49:20.0913 3368 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
11:49:20.0928 3368 DPS - ok
11:49:21.0131 3368 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
11:49:21.0131 3368 drmkaud - ok
11:49:21.0303 3368 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
11:49:21.0319 3368 DXGKrnl - ok
11:49:21.0444 3368 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
11:49:21.0459 3368 EapHost - ok
11:49:22.0163 3368 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
11:49:22.0319 3368 ebdrv - ok
11:49:22.0553 3368 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
11:49:22.0569 3368 EFS - ok
11:49:22.0725 3368 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
11:49:22.0850 3368 ehRecvr - ok
11:49:22.0944 3368 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
11:49:22.0991 3368 ehSched - ok
11:49:23.0303 3368 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
11:49:23.0303 3368 elxstor - ok
11:49:23.0366 3368 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
11:49:23.0381 3368 ErrDev - ok
11:49:23.0694 3368 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
11:49:23.0709 3368 EventSystem - ok
11:49:23.0834 3368 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
11:49:23.0850 3368 exfat - ok
11:49:23.0913 3368 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
11:49:23.0913 3368 fastfat - ok
11:49:24.0163 3368 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
11:49:24.0178 3368 Fax - ok
11:49:24.0303 3368 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
11:49:24.0303 3368 fdc - ok
11:49:24.0444 3368 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
11:49:24.0475 3368 fdPHost - ok
11:49:24.0663 3368 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
11:49:24.0694 3368 FDResPub - ok
11:49:24.0850 3368 FETNDIS (f5cb6cb6d12f495516be27cffccde4bf) C:\Windows\system32\DRIVERS\fetnd6.sys
11:49:24.0866 3368 FETNDIS - ok
11:49:25.0069 3368 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
11:49:25.0084 3368 FileInfo - ok
11:49:25.0381 3368 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
11:49:25.0413 3368 Filetrace - ok
11:49:25.0569 3368 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
11:49:25.0569 3368 flpydisk - ok
11:49:25.0694 3368 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
11:49:25.0694 3368 FltMgr - ok
11:49:25.0944 3368 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
11:49:25.0959 3368 FontCache - ok
11:49:26.0256 3368 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:49:26.0272 3368 FontCache3.0.0.0 - ok
11:49:26.0538 3368 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
11:49:26.0569 3368 FsDepends - ok
11:49:26.0616 3368 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
11:49:26.0616 3368 Fs_Rec - ok
11:49:26.0741 3368 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
11:49:26.0756 3368 fvevol - ok
11:49:26.0834 3368 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:49:26.0850 3368 gagp30kx - ok
11:49:27.0225 3368 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
11:49:27.0256 3368 gpsvc - ok
11:49:27.0381 3368 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
11:49:27.0413 3368 hcw85cir - ok
11:49:27.0616 3368 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
11:49:27.0616 3368 HDAudBus - ok
11:49:27.0694 3368 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
11:49:27.0694 3368 HidBatt - ok
11:49:27.0741 3368 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
11:49:27.0741 3368 HidBth - ok
11:49:27.0819 3368 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
11:49:27.0819 3368 HidIr - ok
11:49:27.0881 3368 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
11:49:27.0913 3368 hidserv - ok
11:49:28.0022 3368 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
11:49:28.0038 3368 HidUsb - ok
11:49:28.0163 3368 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
11:49:28.0178 3368 hkmsvc - ok
11:49:28.0381 3368 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
11:49:28.0397 3368 HomeGroupListener - ok
11:49:28.0491 3368 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
11:49:28.0506 3368 HomeGroupProvider - ok
11:49:28.0694 3368 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
11:49:28.0709 3368 HpSAMD - ok
11:49:28.0897 3368 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
11:49:28.0913 3368 HTTP - ok
11:49:29.0022 3368 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
11:49:29.0038 3368 hwpolicy - ok
11:49:29.0241 3368 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
11:49:29.0256 3368 i8042prt - ok
11:49:29.0381 3368 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
11:49:29.0413 3368 iaStorV - ok
11:49:29.0647 3368 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:49:30.0131 3368 idsvc - ok
11:49:30.0444 3368 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
11:49:30.0459 3368 iirsp - ok
11:49:30.0678 3368 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
11:49:30.0709 3368 IKEEXT - ok
11:49:30.0928 3368 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
11:49:30.0944 3368 intelide - ok
11:49:31.0084 3368 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
11:49:31.0084 3368 intelppm - ok
11:49:31.0209 3368 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
11:49:31.0225 3368 IPBusEnum - ok
11:49:31.0538 3368 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:49:31.0538 3368 IpFilterDriver - ok
11:49:31.0694 3368 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
11:49:31.0709 3368 iphlpsvc - ok
11:49:31.0991 3368 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
11:49:32.0006 3368 IPMIDRV - ok
11:49:32.0116 3368 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
11:49:32.0131 3368 IPNAT - ok
11:49:32.0272 3368 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
11:49:32.0288 3368 IRENUM - ok
11:49:32.0428 3368 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
11:49:32.0444 3368 isapnp - ok
11:49:32.0569 3368 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
11:49:32.0584 3368 iScsiPrt - ok
11:49:32.0881 3368 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
11:49:32.0897 3368 kbdclass - ok
11:49:32.0975 3368 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
11:49:32.0975 3368 kbdhid - ok
11:49:33.0022 3368 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:49:33.0038 3368 KeyIso - ok
11:49:33.0209 3368 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
11:49:33.0209 3368 KSecDD - ok
11:49:33.0256 3368 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
11:49:33.0256 3368 KSecPkg - ok
11:49:33.0366 3368 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
11:49:33.0381 3368 KtmRm - ok
11:49:33.0475 3368 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
11:49:33.0475 3368 LanmanServer - ok
11:49:33.0647 3368 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
11:49:33.0663 3368 LanmanWorkstation - ok
11:49:33.0850 3368 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
11:49:33.0850 3368 lltdio - ok
11:49:33.0991 3368 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
11:49:34.0006 3368 lltdsvc - ok
11:49:34.0100 3368 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
11:49:34.0100 3368 lmhosts - ok
11:49:34.0397 3368 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:49:34.0413 3368 LSI_FC - ok
11:49:34.0475 3368 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:49:34.0475 3368 LSI_SAS - ok
11:49:34.0538 3368 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:49:34.0553 3368 LSI_SAS2 - ok
11:49:34.0600 3368 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:49:34.0616 3368 LSI_SCSI - ok
11:49:34.0897 3368 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
11:49:34.0897 3368 luafv - ok
11:49:35.0022 3368 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
11:49:35.0053 3368 Mcx2Svc - ok
11:49:35.0303 3368 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
11:49:35.0334 3368 megasas - ok
11:49:35.0444 3368 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
11:49:35.0444 3368 MegaSR - ok
11:49:35.0506 3368 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
11:49:35.0522 3368 MMCSS - ok
11:49:35.0741 3368 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
11:49:35.0741 3368 Modem - ok
11:49:35.0881 3368 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
11:49:35.0881 3368 monitor - ok
11:49:36.0334 3368 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
11:49:36.0334 3368 mouclass - ok
11:49:36.0491 3368 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
11:49:36.0506 3368 mouhid - ok
11:49:36.0694 3368 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
11:49:36.0709 3368 mountmgr - ok
11:49:36.0850 3368 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\Windows\system32\DRIVERS\MpFilter.sys
11:49:36.0866 3368 MpFilter - ok
11:49:37.0100 3368 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
11:49:37.0116 3368 mpio - ok
11:49:37.0241 3368 MpNWMon (aeb186afff5d9cfed823c15d846aac3b) C:\Windows\system32\DRIVERS\MpNWMon.sys
11:49:37.0241 3368 MpNWMon - ok
11:49:37.0319 3368 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
11:49:37.0319 3368 mpsdrv - ok
11:49:37.0600 3368 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
11:49:37.0616 3368 MpsSvc - ok
11:49:37.0741 3368 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
11:49:37.0756 3368 MRxDAV - ok
11:49:37.0959 3368 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:49:37.0975 3368 mrxsmb - ok
11:49:38.0069 3368 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:49:38.0084 3368 mrxsmb10 - ok
11:49:38.0194 3368 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:49:38.0194 3368 mrxsmb20 - ok
11:49:38.0381 3368 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
11:49:38.0397 3368 msahci - ok
11:49:38.0506 3368 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
11:49:38.0538 3368 msdsm - ok
11:49:38.0616 3368 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
11:49:38.0631 3368 MSDTC - ok
11:49:38.0819 3368 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
11:49:38.0850 3368 Msfs - ok
11:49:38.0928 3368 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
11:49:38.0928 3368 mshidkmdf - ok
11:49:39.0022 3368 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
11:49:39.0022 3368 msisadrv - ok
11:49:39.0147 3368 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
11:49:39.0163 3368 MSiSCSI - ok
11:49:39.0272 3368 msiserver - ok
11:49:39.0397 3368 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
11:49:39.0428 3368 MSKSSRV - ok
11:49:39.0616 3368 MsMpSvc (578c809bf745608646ea338a9ac48158) c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
11:49:39.0616 3368 MsMpSvc - ok
11:49:39.0850 3368 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
11:49:39.0866 3368 MSPCLOCK - ok
11:49:39.0928 3368 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
11:49:39.0928 3368 MSPQM - ok
11:49:39.0975 3368 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
11:49:39.0991 3368 MsRPC - ok
11:49:40.0069 3368 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
11:49:40.0069 3368 mssmbios - ok
11:49:40.0381 3368 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
11:49:40.0397 3368 MSTEE - ok
11:49:40.0444 3368 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
11:49:40.0444 3368 MTConfig - ok
11:49:40.0491 3368 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
11:49:40.0491 3368 Mup - ok
11:49:40.0584 3368 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
11:49:40.0631 3368 napagent - ok
11:49:41.0006 3368 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
11:49:41.0006 3368 NativeWifiP - ok
11:49:41.0131 3368 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
11:49:41.0147 3368 NDIS - ok
11:49:41.0319 3368 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
11:49:41.0334 3368 NdisCap - ok
11:49:41.0506 3368 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
11:49:41.0522 3368 NdisTapi - ok
11:49:41.0631 3368 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
11:49:41.0631 3368 Ndisuio - ok
11:49:41.0944 3368 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
11:49:41.0959 3368 NdisWan - ok
11:49:42.0022 3368 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
11:49:42.0038 3368 NDProxy - ok
11:49:42.0163 3368 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
11:49:42.0163 3368 NetBIOS - ok
11:49:42.0319 3368 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
11:49:42.0334 3368 NetBT - ok
11:49:42.0413 3368 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:49:42.0413 3368 Netlogon - ok
11:49:42.0616 3368 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
11:49:42.0647 3368 Netman - ok
11:49:42.0913 3368 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
11:49:42.0928 3368 netprofm - ok
11:49:43.0147 3368 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:49:43.0209 3368 NetTcpPortSharing - ok
11:49:43.0444 3368 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
11:49:43.0444 3368 nfrd960 - ok
11:49:43.0522 3368 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
11:49:43.0522 3368 NlaSvc - ok
11:49:43.0569 3368 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
11:49:43.0584 3368 Npfs - ok
11:49:43.0850 3368 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
11:49:43.0850 3368 nsi - ok
11:49:43.0944 3368 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
11:49:43.0959 3368 nsiproxy - ok
11:49:44.0163 3368 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
11:49:44.0194 3368 Ntfs - ok
11:49:44.0444 3368 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
11:49:44.0459 3368 Null - ok
11:49:44.0506 3368 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
11:49:44.0538 3368 nvraid - ok
11:49:44.0584 3368 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
11:49:44.0584 3368 nvstor - ok
11:49:44.0647 3368 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
11:49:44.0663 3368 nv_agp - ok
11:49:44.0881 3368 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
11:49:44.0897 3368 ohci1394 - ok
11:49:44.0975 3368 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
11:49:45.0006 3368 p2pimsvc - ok
11:49:45.0053 3368 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
11:49:45.0100 3368 p2psvc - ok
11:49:45.0459 3368 PAC207 (dca942c0a19a0ad2abcd9acf94eb4b10) C:\Windows\system32\DRIVERS\PFC027.SYS
11:49:45.0491 3368 PAC207 - ok
11:49:45.0569 3368 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
11:49:45.0584 3368 Parport - ok
11:49:45.0788 3368 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
11:49:45.0819 3368 partmgr - ok
11:49:45.0959 3368 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
11:49:45.0975 3368 Parvdm - ok
11:49:46.0038 3368 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
11:49:46.0053 3368 PcaSvc - ok
11:49:46.0272 3368 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
11:49:46.0272 3368 pci - ok
11:49:46.0366 3368 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
11:49:46.0381 3368 pciide - ok
11:49:46.0459 3368 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
11:49:46.0475 3368 pcmcia - ok
11:49:46.0694 3368 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
11:49:46.0694 3368 pcw - ok
11:49:46.0881 3368 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
11:49:46.0913 3368 PEAUTH - ok
11:49:47.0256 3368 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
11:49:47.0288 3368 PeerDistSvc - ok
11:49:47.0678 3368 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
11:49:47.0772 3368 pla - ok
11:49:47.0975 3368 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
11:49:47.0991 3368 PlugPlay - ok
11:49:48.0084 3368 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
11:49:48.0163 3368 PNRPAutoReg - ok
11:49:48.0241 3368 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
11:49:48.0241 3368 PNRPsvc - ok
11:49:48.0428 3368 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
11:49:48.0444 3368 PolicyAgent - ok
11:49:48.0616 3368 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
11:49:48.0631 3368 Power - ok
11:49:48.0788 3368 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
11:49:48.0788 3368 PptpMiniport - ok
11:49:48.0913 3368 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
11:49:48.0913 3368 Processor - ok
11:49:49.0131 3368 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
11:49:49.0131 3368 ProfSvc - ok
11:49:49.0209 3368 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:49:49.0225 3368 ProtectedStorage - ok
11:49:49.0366 3368 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
11:49:49.0381 3368 Psched - ok
11:49:49.0616 3368 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
11:49:49.0694 3368 ql2300 - ok
11:49:49.0834 3368 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
11:49:49.0850 3368 ql40xx - ok
11:49:50.0038 3368 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
11:49:50.0038 3368 QWAVE - ok
11:49:50.0084 3368 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
11:49:50.0116 3368 QWAVEdrv - ok
11:49:50.0163 3368 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
11:49:50.0163 3368 RasAcd - ok
11:49:50.0303 3368 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:49:50.0303 3368 RasAgileVpn - ok
11:49:50.0334 3368 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
11:49:50.0334 3368 RasAuto - ok
11:49:50.0428 3368 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:49:50.0444 3368 Rasl2tp - ok
11:49:50.0663 3368 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
11:49:50.0678 3368 RasMan - ok
11:49:50.0834 3368 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
11:49:50.0850 3368 RasPppoe - ok
11:49:50.0897 3368 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
11:49:50.0897 3368 RasSstp - ok
11:49:51.0116 3368 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
11:49:51.0116 3368 rdbss - ok
11:49:51.0147 3368 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
11:49:51.0163 3368 rdpbus - ok
11:49:51.0241 3368 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:49:51.0241 3368 RDPCDD - ok
11:49:51.0350 3368 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
11:49:51.0350 3368 RDPDR - ok
11:49:51.0506 3368 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
11:49:51.0522 3368 RDPENCDD - ok
11:49:51.0756 3368 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
11:49:51.0788 3368 RDPREFMP - ok
11:49:51.0959 3368 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
11:49:51.0991 3368 RdpVideoMiniport - ok
11:49:52.0147 3368 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
11:49:52.0163 3368 RDPWD - ok
11:49:52.0397 3368 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
11:49:52.0397 3368 rdyboost - ok
11:49:52.0631 3368 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
11:49:52.0647 3368 RemoteAccess - ok
11:49:52.0709 3368 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
11:49:52.0725 3368 RemoteRegistry - ok
11:49:52.0897 3368 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys
11:49:52.0928 3368 RimUsb - ok
11:49:53.0053 3368 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
11:49:53.0084 3368 RpcEptMapper - ok
11:49:53.0194 3368 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
11:49:53.0209 3368 RpcLocator - ok
11:49:53.0350 3368 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
11:49:53.0350 3368 RpcSs - ok
11:49:53.0569 3368 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
11:49:53.0584 3368 rspndr - ok
11:49:53.0663 3368 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
11:49:53.0663 3368 s3cap - ok
11:49:53.0788 3368 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:49:53.0788 3368 SamSs - ok
11:49:53.0975 3368 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
11:49:54.0006 3368 sbp2port - ok
11:49:54.0069 3368 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
11:49:54.0100 3368 SCardSvr - ok
11:49:54.0209 3368 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
11:49:54.0225 3368 scfilter - ok
11:49:54.0444 3368 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
11:49:54.0475 3368 Schedule - ok
11:49:54.0647 3368 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
11:49:54.0647 3368 SCPolicySvc - ok
11:49:54.0772 3368 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
11:49:54.0788 3368 SDRSVC - ok
11:49:54.0881 3368 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:49:54.0881 3368 secdrv - ok
11:49:54.0944 3368 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
11:49:54.0959 3368 seclogon - ok
11:49:55.0069 3368 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
11:49:55.0084 3368 SENS - ok
11:49:55.0178 3368 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
11:49:55.0194 3368 SensrSvc - ok
11:49:55.0366 3368 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
11:49:55.0381 3368 Serenum - ok
11:49:55.0491 3368 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
11:49:55.0506 3368 Serial - ok
11:49:55.0616 3368 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
11:49:55.0631 3368 sermouse - ok
11:49:55.0803 3368 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
11:49:55.0819 3368 SessionEnv - ok
11:49:55.0881 3368 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
11:49:55.0897 3368 sffdisk - ok
11:49:55.0944 3368 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
11:49:55.0959 3368 sffp_mmc - ok
11:49:56.0038 3368 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
11:49:56.0053 3368 sffp_sd - ok
11:49:56.0131 3368 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
11:49:56.0131 3368 sfloppy - ok
11:49:56.0303 3368 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
11:49:56.0319 3368 SharedAccess - ok
11:49:56.0444 3368 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
11:49:56.0459 3368 ShellHWDetection - ok
11:49:56.0647 3368 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
11:49:56.0663 3368 sisagp - ok
11:49:56.0788 3368 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:49:56.0788 3368 SiSRaid2 - ok
11:49:56.0834 3368 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
11:49:56.0834 3368 SiSRaid4 - ok
11:49:56.0913 3368 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
11:49:56.0928 3368 Smb - ok
11:49:57.0116 3368 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
11:49:57.0116 3368 SNMPTRAP - ok
11:49:57.0178 3368 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
11:49:57.0194 3368 spldr - ok
11:49:57.0350 3368 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
11:49:57.0366 3368 Spooler - ok
11:49:57.0819 3368 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
11:49:57.0975 3368 sppsvc - ok
11:49:58.0241 3368 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
11:49:58.0272 3368 sppuinotify - ok
11:49:58.0381 3368 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
11:49:58.0397 3368 srv - ok
11:49:58.0459 3368 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
11:49:58.0475 3368 srv2 - ok
11:49:58.0678 3368 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
11:49:58.0694 3368 srvnet - ok
11:49:58.0788 3368 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
11:49:58.0803 3368 SSDPSRV - ok
11:49:58.0834 3368 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
11:49:58.0834 3368 SstpSvc - ok
11:49:59.0053 3368 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
11:49:59.0084 3368 stexstor - ok
11:49:59.0616 3368 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
11:49:59.0647 3368 StiSvc - ok
11:49:59.0991 3368 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
11:50:00.0006 3368 storflt - ok
11:50:00.0069 3368 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
11:50:00.0069 3368 storvsc - ok
11:50:00.0100 3368 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
11:50:00.0100 3368 swenum - ok
11:50:00.0256 3368 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
11:50:00.0272 3368 swprv - ok
11:50:00.0459 3368 Synth3dVsc - ok
11:50:00.0819 3368 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
11:50:00.0850 3368 SysMain - ok
11:50:01.0053 3368 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
11:50:01.0084 3368 TabletInputService - ok
11:50:01.0225 3368 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
11:50:01.0256 3368 TapiSrv - ok
11:50:01.0366 3368 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
11:50:01.0366 3368 TBS - ok
11:50:01.0616 3368 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
11:50:01.0663 3368 Tcpip - ok
11:50:02.0116 3368 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
11:50:02.0147 3368 TCPIP6 - ok
11:50:02.0444 3368 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
11:50:02.0475 3368 tcpipreg - ok
11:50:02.0569 3368 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
11:50:02.0569 3368 TDPIPE - ok
11:50:02.0647 3368 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
11:50:02.0663 3368 TDTCP - ok
11:50:02.0975 3368 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
11:50:02.0975 3368 tdx - ok
11:50:03.0022 3368 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
11:50:03.0053 3368 TermDD - ok
11:50:03.0147 3368 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
11:50:03.0178 3368 TermService - ok
11:50:03.0319 3368 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
11:50:03.0334 3368 Themes - ok
11:50:03.0459 3368 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
11:50:03.0459 3368 THREADORDER - ok
11:50:03.0553 3368 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
11:50:03.0569 3368 TrkWks - ok
11:50:03.0647 3368 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
11:50:03.0819 3368 TrustedInstaller - ok
11:50:04.0131 3368 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:50:04.0147 3368 tssecsrv - ok
11:50:04.0225 3368 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
11:50:04.0241 3368 TsUsbFlt - ok
11:50:04.0256 3368 tsusbhub - ok
11:50:04.0569 3368 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
11:50:04.0584 3368 tunnel - ok
11:50:04.0663 3368 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
11:50:04.0678 3368 uagp35 - ok
11:50:04.0756 3368 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
11:50:04.0772 3368 udfs - ok
11:50:05.0022 3368 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
11:50:05.0053 3368 UI0Detect - ok
11:50:05.0131 3368 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
11:50:05.0131 3368 uliagpkx - ok
11:50:05.0209 3368 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
11:50:05.0225 3368 umbus - ok
11:50:05.0413 3368 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
11:50:05.0428 3368 UmPass - ok
11:50:05.0553 3368 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
11:50:05.0569 3368 UmRdpService - ok
11:50:05.0725 3368 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
11:50:05.0725 3368 upnphost - ok
11:50:05.0928 3368 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
11:50:05.0944 3368 usbaudio - ok
11:50:06.0022 3368 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys
11:50:06.0038 3368 usbccgp - ok
11:50:06.0147 3368 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
11:50:06.0163 3368 usbcir - ok
11:50:06.0225 3368 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
11:50:06.0241 3368 usbehci - ok
11:50:06.0647 3368 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
11:50:06.0678 3368 usbhub - ok
11:50:06.0788 3368 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
11:50:06.0803 3368 usbohci - ok
11:50:07.0022 3368 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
11:50:07.0038 3368 usbprint - ok
11:50:07.0084 3368 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:50:07.0084 3368 USBSTOR - ok
11:50:07.0194 3368 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
11:50:07.0209 3368 usbuhci - ok
11:50:07.0288 3368 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
11:50:07.0288 3368 UxSms - ok
11:50:07.0569 3368 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:50:07.0569 3368 VaultSvc - ok
11:50:07.0819 3368 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
11:50:07.0834 3368 vdrvroot - ok
11:50:08.0178 3368 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
11:50:08.0209 3368 vds - ok
11:50:08.0647 3368 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
11:50:08.0694 3368 vga - ok
11:50:08.0741 3368 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
11:50:08.0741 3368 VgaSave - ok
11:50:09.0116 3368 VGPU - ok
11:50:09.0522 3368 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
11:50:09.0538 3368 vhdmp - ok
11:50:09.0741 3368 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
11:50:09.0756 3368 viaagp - ok
11:50:10.0053 3368 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
11:50:10.0069 3368 ViaC7 - ok
11:50:10.0225 3368 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
11:50:10.0225 3368 viaide - ok
11:50:10.0459 3368 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
11:50:10.0475 3368 vmbus - ok
11:50:10.0506 3368 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
11:50:10.0506 3368 VMBusHID - ok
11:50:10.0584 3368 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
11:50:10.0694 3368 volmgr - ok
11:50:10.0944 3368 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
11:50:10.0991 3368 volmgrx - ok
11:50:11.0241 3368 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
11:50:11.0319 3368 volsnap - ok
11:50:12.0038 3368 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
11:50:12.0147 3368 vsmraid - ok
11:50:12.0678 3368 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
11:50:12.0756 3368 VSS - ok
11:50:12.0850 3368 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
11:50:12.0866 3368 vwifibus - ok
11:50:12.0975 3368 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
11:50:12.0975 3368 vwififlt - ok
11:50:13.0069 3368 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
11:50:13.0084 3368 W32Time - ok
11:50:13.0131 3368 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
11:50:13.0147 3368 WacomPen - ok
11:50:13.0225 3368 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
11:50:13.0225 3368 WANARP - ok
11:50:13.0256 3368 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
11:50:13.0256 3368 Wanarpv6 - ok
11:50:13.0366 3368 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
11:50:14.0459 3368 WatAdminSvc - ok
11:50:14.0881 3368 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
11:50:14.0928 3368 wbengine - ok
11:50:15.0178 3368 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
11:50:15.0209 3368 WbioSrvc - ok
11:50:15.0303 3368 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
11:50:15.0334 3368 wcncsvc - ok
11:50:15.0491 3368 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
11:50:15.0506 3368 WcsPlugInService - ok
11:50:15.0600 3368 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
11:50:15.0616 3368 Wd - ok
11:50:15.0678 3368 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
11:50:15.0725 3368 Wdf01000 - ok
11:50:15.0819 3368 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
11:50:15.0819 3368 WdiServiceHost - ok
11:50:15.0834 3368 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
11:50:15.0850 3368 WdiSystemHost - ok
11:50:16.0069 3368 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
11:50:16.0084 3368 WebClient - ok
11:50:16.0178 3368 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
11:50:16.0209 3368 Wecsvc - ok
11:50:16.0334 3368 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
11:50:16.0334 3368 wercplsupport - ok
11:50:16.0506 3368 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
11:50:16.0522 3368 WerSvc - ok
11:50:16.0663 3368 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
11:50:16.0678 3368 WfpLwf - ok
11:50:16.0725 3368 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
11:50:16.0725 3368 WIMMount - ok
11:50:16.0897 3368 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
11:50:16.0975 3368 WinDefend - ok
11:50:17.0006 3368 WinHttpAutoProxySvc - ok
11:50:17.0319 3368 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
11:50:17.0397 3368 Winmgmt - ok
11:50:17.0741 3368 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
11:50:17.0803 3368 WinRM - ok
11:50:17.0991 3368 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
11:50:17.0991 3368 WinUsb - ok
11:50:18.0303 3368 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
11:50:18.0319 3368 Wlansvc - ok
11:50:18.0741 3368 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:50:18.0788 3368 wlidsvc - ok
11:50:18.0991 3368 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
11:50:18.0991 3368 WmiAcpi - ok
11:50:19.0178 3368 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
11:50:19.0288 3368 wmiApSrv - ok
11:50:19.0569 3368 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
11:50:19.0600 3368 WMPNetworkSvc - ok
11:50:19.0819 3368 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
11:50:19.0834 3368 WPCSvc - ok
11:50:19.0913 3368 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
11:50:19.0928 3368 WPDBusEnum - ok
11:50:20.0006 3368 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
11:50:20.0038 3368 ws2ifsl - ok
11:50:20.0084 3368 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
11:50:20.0084 3368 wscsvc - ok
11:50:20.0116 3368 WSearch - ok
11:50:20.0413 3368 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
11:50:20.0491 3368 wuauserv - ok
11:50:20.0709 3368 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
11:50:20.0725 3368 WudfPf - ok
11:50:20.0819 3368 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:50:20.0819 3368 WUDFRd - ok
11:50:20.0944 3368 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
11:50:20.0975 3368 wudfsvc - ok
11:50:21.0209 3368 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
11:50:21.0225 3368 WwanSvc - ok
11:50:21.0334 3368 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:50:21.0366 3368 \Device\Harddisk0\DR0 - ok
11:50:21.0381 3368 Boot (0x1200) (08fb2bb9634249134006a3b7b5338338) \Device\Harddisk0\DR0\Partition0
11:50:21.0397 3368 \Device\Harddisk0\DR0\Partition0 - ok
11:50:21.0397 3368 ============================================================
11:50:21.0397 3368 Scan finished
11:50:21.0397 3368 ============================================================
11:50:21.0428 3188 Detected object count: 0
11:50:21.0428 3188 Actual detected object count: 0
Jimin
Active Member
 
Posts: 7
Joined: April 20th, 2012, 11:45 am

Re: Mother's laptop was taken over remotely...

Unread postby deltalima » April 21st, 2012, 11:06 am

Hi Jimin,

Please download aswMBR and save it to your Desktop.
  • Right click aswMBR.exe & choose "Run as Administrator" to run it.
  • Click Yes to the prompt to download Avast! virus definitions.
    (Please be patient whilst the virus definitions download)
  • With the AVscan set to Quick Scan, click the Scan button.
    (Please be patient whilst your computer is scanned.)
  • After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK > Exit.
  • Note: Do not attempt to fix anything at this stage!
  • Two files will be created, aswMBR.txt & a file named MBR.dat.
  • MBR.dat is a backup of the MBR(master boot record), do not delete it..
  • I strongly suggest you keep a copy of this backup stored on an external device.
  • Copy & Paste the contents of aswMBR.txt into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Mother's laptop was taken over remotely...

Unread postby Jimin » April 21st, 2012, 12:57 pm

Hi

I can do that, but it will mean connecting the laptop to my router. Is this likely to cause problems, do you think? I've been using my desktop to transfer downloaded files to the laptop, via my mobile phone as mass storage.

Mind you, I'm a bit concerned about that too, is that likely to cause problems d'you think? I mean, by something nasty attaching itself to transferred files?

I feel like I'm in the middle of a minefield...
Jimin
Active Member
 
Posts: 7
Joined: April 20th, 2012, 11:45 am

Re: Mother's laptop was taken over remotely...

Unread postby deltalima » April 21st, 2012, 1:04 pm

Hi Jimin,

I can do that, but it will mean connecting the laptop to my router. Is this likely to cause problems, do you think? I've been using my desktop to transfer downloaded files to the laptop, via my mobile phone as mass storage.

Mind you, I'm a bit concerned about that too, is that likely to cause problems d'you think? I mean, by something nasty attaching itself to transferred files?


To be safe you could disconnect the desktop from the router, connect the laptop to the router, run the scan and then disconnect the laptop.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Mother's laptop was taken over remotely...

Unread postby Jimin » April 21st, 2012, 4:29 pm

Good idea. I'll do that tomorrow afternoon.

Thanks again for all your help.

Jim
Jimin
Active Member
 
Posts: 7
Joined: April 20th, 2012, 11:45 am

Re: Mother's laptop was taken over remotely...

Unread postby deltalima » April 21st, 2012, 4:30 pm

OK, Please post log when ready.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Mother's laptop was taken over remotely...

Unread postby Jimin » April 23rd, 2012, 8:38 am

Hi again

Here we are then


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-23 12:23:03
-----------------------------
12:23:03.107 OS Version: Windows 6.1.7601 Service Pack 1
12:23:03.107 Number of processors: 1 586 0xE08
12:23:03.107 ComputerName: IAINO-PC UserName: Iaino
12:23:04.076 Initialize success
12:24:03.716 AVAST engine defs: 12042300
12:24:17.669 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:24:17.669 Disk 0 Vendor: FUJITSU_MHV2040BH 00000025 Size: 38154MB BusType: 3
12:24:17.685 Disk 0 MBR read successfully
12:24:17.701 Disk 0 MBR scan
12:24:17.701 Disk 0 Windows 7 default MBR code
12:24:17.716 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38146 MB offset 63
12:24:17.716 Disk 0 scanning sectors +78124095
12:24:17.794 Disk 0 scanning C:\Windows\system32\drivers
12:24:32.669 Service scanning
12:25:08.044 Modules scanning
12:25:15.704 Disk 0 trace - called modules:
12:25:15.844 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll viaide.sys PCIIDEX.SYS atapi.sys tcpip.sys NETIO.SYS ndis.sys athr.sys
12:25:15.860 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x849a3030]
12:25:16.375 3 CLASSPNP.SYS[88e8559e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x83c3c908]
12:25:17.000 AVAST engine scan C:\Windows
12:25:18.969 AVAST engine scan C:\Windows\system32
12:29:13.498 AVAST engine scan C:\Windows\system32\drivers
12:29:47.218 AVAST engine scan C:\Users\Iaino
12:31:09.866 AVAST engine scan C:\ProgramData
12:32:42.958 Scan finished successfully
12:33:32.679 Disk 0 MBR has been saved successfully to "C:\Users\Iaino\Desktop\MBR.dat"
12:33:32.679 The log file has been saved successfully to "C:\Users\Iaino\Desktop\aswMBR.txt"
Jimin
Active Member
 
Posts: 7
Joined: April 20th, 2012, 11:45 am

Re: Mother's laptop was taken over remotely...

Unread postby deltalima » April 23rd, 2012, 8:44 am

Hi Jimin,

ComboFix
Image
Please download ComboFix.exe... © Copyrighted to sUBs. Save it to your desktop. <<--- IMPORTANT!! .
Alternate download site: here
If you previously downloaded ComboFix, please delete that version and download it again. This tool is frequently updated.

The first thing you need to do is print out How-To-Use-ComboFix. Read these instructions thoroughly.
You will not have Internet access when you execute ComboFix.
Please disable any Antivirus or Firewall you have active, as shown in this topic. Close all open application windows.

  1. Double click the ComboFix.exe icon on your desktop to begin execution. If you receive the "Open File - Security Warning"... press Run.
  2. Press Yes to the Disclaimer prompt.
    ComboFix screen appears... preparing to run. ComboFix will now begin creating a System Restore Point and then backup your registry.
  3. For XP users: If not already installed... Press "Yes" to any "Recovery Console" prompts.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash!
    When finished... Notepad will open ... ComboFix will produce a log file called "ComboFix.txt".
  4. Please copy/paste the contents of ComboFix.txt... in your next reply.
Do NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read Combofix's Disclaimer.

** Enable your Antivirus and Firewall, before connecting to the Internet again! **
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Mother's laptop was taken over remotely...

Unread postby Jimin » April 23rd, 2012, 10:44 am

Alright... ComboFix log follows, over...


ComboFix 12-04-22.02 - Iaino 23/04/2012 14:24:03.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.1982.1349 [GMT 0:00]
Running from: c:\users\Iaino\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-23 to 2012-04-23 )))))))))))))))))))))))))))))))
.
.
2012-04-23 14:30 . 2012-04-23 14:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-23 14:20 . 2012-04-23 14:20 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7F5DB201-6D67-4C9C-9138-F4EE8C05AE85}\MpKslf4b36d22.sys
2012-04-23 14:19 . 2012-04-23 14:19 -------- d-----w- c:\programdata\IObit
2012-04-23 12:31 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7F5DB201-6D67-4C9C-9138-F4EE8C05AE85}\mpengine.dll
2012-04-09 14:55 . 2012-04-12 18:33 -------- d-----w- c:\program files\Microsoft Security Client
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 02:15 . 2011-08-28 11:01 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-22 12:58 . 2012-02-22 12:58 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-22 12:58 . 2012-02-22 12:58 161792 ----a-w- c:\windows\system32\msls31.dll
2012-02-22 12:58 . 2012-02-22 12:58 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-22 12:58 . 2012-02-22 12:58 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-22 12:58 . 2012-02-22 12:58 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-22 12:58 . 2012-02-22 12:58 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-22 12:58 . 2012-02-22 12:58 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-02-22 12:58 . 2012-02-22 12:58 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-22 12:58 . 2012-02-22 12:58 367104 ----a-w- c:\windows\system32\html.iec
2012-02-22 12:58 . 2012-02-22 12:58 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-02-22 12:58 . 2012-02-22 12:58 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-22 12:58 . 2012-02-22 12:58 152064 ----a-w- c:\windows\system32\wextract.exe
2012-02-22 12:58 . 2012-02-22 12:58 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-02-22 12:58 . 2012-02-22 12:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-22 12:58 . 2012-02-22 12:58 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-02-22 12:58 . 2012-02-22 12:58 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-02-22 12:58 . 2012-02-22 12:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-22 12:58 . 2012-02-22 12:58 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-02-22 12:58 . 2012-02-22 12:58 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-22 12:58 . 2012-02-22 12:58 11776 ----a-w- c:\windows\system32\mshta.exe
2012-02-22 12:58 . 2012-02-22 12:58 101888 ----a-w- c:\windows\system32\admparse.dll
2012-02-17 05:34 . 2012-03-19 10:54 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 05:34 . 2012-03-19 10:54 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-19 10:54 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-19 10:54 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:38 . 2012-03-19 10:55 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-03 03:54 . 2012-03-19 10:55 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2011-01-12 01:59 237072 ----a-w- c:\windows\system32\MpSigStub.exe
2012-01-25 05:32 . 2012-03-19 10:54 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:32 . 2012-03-19 10:54 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27 . 2012-03-19 10:54 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2011-10-21 2663232]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Iaino\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-16 1343400]
S1 MpKslf4b36d22;MpKslf4b36d22;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7F5DB201-6D67-4C9C-9138-F4EE8C05AE85}\MpKslf4b36d22.sys [2012-04-23 29904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLF4B36D22
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4213210985-1708927970-471891091-1001Core.job
- c:\users\Iaino\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-12 01:32]
.
2012-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4213210985-1708927970-471891091-1001UA.job
- c:\users\Iaino\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-12 01:32]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.0.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4213210985-1708927970-471891091-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-23 14:34:15
ComboFix-quarantined-files.txt 2012-04-23 14:34
.
Pre-Run: 15,530,491,904 bytes free
Post-Run: 15,557,206,016 bytes free
.
- - End Of File - - 2D7C81203ABC183A800FE4666E7FA2A6
Jimin
Active Member
 
Posts: 7
Joined: April 20th, 2012, 11:45 am

Re: Mother's laptop was taken over remotely...

Unread postby deltalima » April 23rd, 2012, 4:05 pm

Hi Jimin,

So she found that when connected to the internet, everything ran super slow. I tried booting in safe mode and running anti malware software. It wouldn't load such programs from disc. So I used Emsisoft anti malware from a USB stick. That found no problems.


I am seeing no signs of a malware infection in the logs so far. Please confirm that none of the other tools that you have run have found any issues.

Please also confirm that the computer is still running slowly.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 268 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware