linkbucks redirect defies every solution even buying a new PC

Summary:

Last month, while filing a tax return on line, I clicked on a government web site, and instead of the expected official page coming up, it came up with a commercial page called linkbucks.com. This seemed odd, and after a bit of research, I worked out that I had a virus. I searched many web sites (often having to click to copy the link, then paste, then remove the linkbucks prefix) and tried many suggestions, to no avail.

Of course (and rather shockingly when one thinks about it), none of the anti-virus programs pick it up. Firewalls don't block it, and anti-malware type programs don't see it. So far nothing has worked.

Finally I came across a reference to fixdirectvirus.org, went to their site, and found the video sufficiently convincing to fork over $30. I expected a software program, but what I got was a well-organised set of instructions, the sort of thing a specialist would do. I followed the instructions, but the virus did not go away. They did refund my money, which was nice of them.

I then spent a lot of time trying to actually do surgery: find the root cause. No luck. So finally, I threw in the towel, and after unsuccessfully trying to format a spare hard drive in my office, I spent $600 on a new barebones PC and reinstalled everything from scratch. Imagine my frustration when linkbucks popped up again.

So I did it again, this time being more careful, but it showed up.

This last time, I put in a new hard drive, removed everything else, and only installed the basics. The list of installed programs is short:

• Intel (3 programs)
• Microsoft (8 programs)
• NVIDA (5 programs)
• Realtek (3 programs)
• Smart Recovery (1 program, came on the drivers disc with the PC)
• Unlocker 1.9.1-x64 (1 program, downloaded from the author's site)
• VLC media player 1.1.9 loaded from a USB drive off the old data drive.

I now have one C: drive installed with 47 GB used.

And having run all the steps set out by majorgeeks.com's web page "Vista and Win 7 Malware Removal/Cleaning Procedure", the reports all come back clean, even while the linkbucks redirect tests positive every time I hit a hyperlink.

Below I provide the steps I have taken, pasting in the logs, but noting that every one came up clean. It really is becoming a worry. For now, it is only infecting the windows desktop, but some reports from Apple users say it is hitting them as well. I'm a windows guy, but have a Macbook Air for field video work, and at this point, I am having to use it for email and web work.

The behaviour of the redirect is interesting. It began in Chrome, then worked its way over to Firefox and eventually IE-9; moving to IE-10 did not block it. Several times a reset to an earlier time would knock it down for a few hours. It only shows itself as a prefix (if that is the right word) url before the hyperlinked url. In majorgeeks.com, it does not happen when I click to go to a download page, but when I then click to actually download, I have to use the copy-paste-delete-prefix in order to actually download the anti-malware code.

I don't know enough to know how to reverse engineer - to actually find where the code comes from that inserts itself into the browser. Most of the solutions proposed are shotgun blasts, only so far, the redirect has not been hit.

I am running a single PC on a broadband network where the other two computers are Macs. Having replaced almost all the hardware, and all the software, I am even wondering if it could be lodged in the display, the printer or the attached UPS!

Anyway, I'm at a total loss, and if I can't solve it, I may have to go back to snail mail and reading newspapers.

I really don't want to reinstall windows for a 4th time (each time I have to call to get the activation number), but that may be the only way to isolate what's happening.

Here's the story:

1 May - Purchased the fixdirectvirus.org package to delete the linkbucks virus.

First computer: 64 bit, windows 7 pro 64 with
Displays: HP LP2475w as primary, standard display as secondary
Nvidea video card
Hard drives: C: programs/windows, E: 2TB internal data, F: external backup of E

• Primary symptom: In Google Chrome first (and others later), go into a web site and then click on a hyperlink in that web site. Instead of going to the next link, it goes to http://679186cd.linkbucks.com, and the only way to get out (other than waiting 8 seconds or clicking some selection) is to delete the tab which after the first few times, when I realised it was malware, I did.
• Secondary symptom: Going to web pages sometimes does not fully download the site. Have to hit refresh to get the proper page.
• Secondary symptom: Going to a bank page would not pass through the security, but on an Apple Laptop it did.

(NC means I checked before and after and a click still brought up linkbucks)

First attempt using the fixdirectvirus.org instructions:

1) Switched modems from our copper wire broadband to our wireless service (completely separate systems) no change (NC)
2) Installed all Windows Updates
3) Ran msert.exe NC
4) Ran SuperAntiSpyware: Found 27 adware NC
5) Ran "ComboFix" using the specified method: NC
6) Reset Internet Explorer 9, NC so I downloaded IE 10. It soon became infected
7) Ran TDSS Kill NC
8) Ran Hitman Pro3 NC
9) Ran Microsoft Malicious Software Removal tool NC
10) Ran Malwarebytes NZ
11) Ran the ipconfig /flushdns command, NC
12) Ran it again - Function failed during execution
13) Disabled DNS Client
14) Checked hosts - no added text
15) Reset Router NC, swapped router with another service NC
16) Cleared the cache on Google Chrome - Linkbucks vanished for a while. It then returned.

In the history, the link copies like this:
https://www.google.co.nz/search?q=u...hrome.0.57j58.3944j0&sourceid=chrome&ie=UTF-8

2 May 2013 - not wanting to waste more time trying to find a needle with a sledge hammer, I bought a new "update box" on sale at a nearby PC store, meaning a new box with a new motherboard installed, new power supply, new memory, new hard drive, but no keyboard, no mouse, no display and no operating system. Removed the e: drive from old PC (data only, no O/S or programs) and installed it in the new box. Loaded windows and my primary software, and within a couple of days, linkbucks had returned.

So I tried again, this time more carefully:

1) New computer, new install of windows 7 pro, up to date, running Avast with all security settings on. Wiped C: hard drive.
2) Start in safe mode
3) Ran Microsoft Safety Scanner 1.0.3001.0 "no viruses, spyware and other potentially unwanted software were detected"
4) Ran SuperAntiSpyware 2:26 hours: Found 199 tracking cookies, no other threats. Deleted all cookies
5) Ran "ComboFix" method: virus still there
6) deleted IE 10, downloaded new, no change
7) Ran TDSS Kill no effect
8) Ran Hitman Pro3 "ieframe.dll in C:\Windows\SysWOW64\ is suspicious, quarantine" Deleted tracking cookies as well. 13,439kb downloaded clean, won't allow replacement
9) Ran Microsoft Malicious Software Removal tool April 2013 "No malicious items were detected"
10) Ran Malwarebytes 5:46 hours "no malicious software was detected" Also ran Malwarebytes Anti Rootkit Beta v1.05.0.1001. "No malware found"
11) Ran the ipconfig /flushdns command, virus still there
12) Disabled DNS Client - still have redirect
13) Checked hosts - no added text
14) Reset Router NC, swapped router with another service NC
15) deleted Google Chrome, downloaded new. no change.

6 May 2013

1) Disconnected the C: drive and the E: drive
2) On an Apple, formatted an older 750GB drive and then installed in it the new box as the new clean C: drive. The only disc running
1) 3) Loaded Windows 7 Pro 64 from the DVD
2) Installed all updates
3) Downloaded and installed Microsoft Security Essentials instead of Avast.
4) Installed IE 10 - not Chrome or any other 3rd party browser, must MS
5) Began to feel confident, so began loading software I need
6) Installed Word 2003 from CD and SP3 from a backup (Note that I would plug the external backup drive into the Apple, then copy the file I needed onto a USB drive rather than plug the external drive into the windows PC.
7) Installed Unlocker from download (I find this a very helpful program)
8) Installed VLC (video program) from backup
9) Downloaded NVidea updates to make the graphics card work as well as 85 subsequent windows updates
10) Installed Word 2007 compatibility pack from backup
11) plugged in a 1 tb USB3 Seagate external hard drive that was used a long time ago for backups, deleted the old backup files and made an image copy of the C: drive. I figured that the system was still clean and it would be prudent to have a copy in case the virus came back
12) I then signed on to Internet Explorer 10 and it took me to its default news screen (MSN). I read a few articles, and when clicking one, the Linkbucks virus came back.
13) I restored to the most recent previous point, but no change.
14) I restored to May 7, 2013 2:34 pm (about two hours prior to the virus showing up) just before adding the Word 2007 compatibility pack, and the Linkbucks virus seems to have gone into remission, or its not there.
15) By 7:37 pm, going back to the same MSN web page, and clicking on another news item, the linkbucks virus has returned.

The vendor for fixdirectvirus.org recommended I go to the majorgeeks.com forum. I did and at

7 May 2013, 8:00 pm following the instructions at http://forums.majorgeeks.com/showthread.php?t=139681

----------------
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Director [Admin rights]
Mode : Scan -- Date : 05/07/2013 20:18:24
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3750528AS ATA Device +++++
--- User ---
[MBR] 81d29fba10ac83c9c283271bcadedd2b
[BSP] fcbcf36033c0eded57dd7e1db26b2a3b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 715303 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_05072013_02d2018.txt >>
RKreport[1]_S_05072013_02d2018.txt

---------------------------

Run Malwarebytes Anti-Malware according to instructions

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.07.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Director :: DESKTOP [administrator]

Protection: Enabled

7/05/2013 8:25:20 p.m.
mbam-log-2013-05-07 (20-25-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227950
Time elapsed: 2 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Note that when the scan was complete, no "Show results" option appeared, but the notepad report appeared automatically.

-------------------------------

Ran TTSSKiller
418 Objects
No threats found

Linkbucks still there

20:44:36.0624 2756 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:44:37.0966 2756 ============================================================
20:44:37.0966 2756 Current date / time: 2013/05/07 20:44:37.0966
20:44:37.0966 2756 SystemInfo:
20:44:37.0966 2756
20:44:37.0966 2756 OS Version: 6.1.7601 ServicePack: 1.0
20:44:37.0966 2756 Product type: Workstation
20:44:37.0966 2756 ComputerName: DESKTOP
20:44:37.0966 2756 UserName: Director
20:44:37.0966 2756 Windows directory: C:\Windows
20:44:37.0966 2756 System windows directory: C:\Windows
20:44:37.0966 2756 Running under WOW64
20:44:37.0966 2756 Processor architecture: Intel x64
20:44:37.0966 2756 Number of processors: 4
20:44:37.0966 2756 Page size: 0x1000
20:44:37.0966 2756 Boot type: Normal boot
20:44:37.0966 2756 ============================================================
20:44:38.0871 2756 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:44:38.0886 2756 ============================================================
20:44:38.0886 2756 \Device\Harddisk0\DR0:
20:44:38.0886 2756 MBR partitions:
20:44:38.0886 2756 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:44:38.0886 2756 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x57513800
20:44:38.0886 2756 ============================================================
20:44:38.0902 2756 C: <-> \Device\Harddisk0\DR0\Partition2
20:44:38.0902 2756 ============================================================
20:44:38.0902 2756 Initialize success
20:44:38.0902 2756 ============================================================
20:44:43.0847 2396 ============================================================
20:44:43.0847 2396 Scan started
20:44:43.0847 2396 Mode: Manual;
20:44:43.0847 2396 ============================================================
20:44:44.0237 2396 ================ Scan system memory ========================
20:44:44.0237 2396 System memory - ok
20:44:44.0237 2396 ================ Scan services =============================
20:44:44.0315 2396 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:44:44.0315 2396 1394ohci - ok
20:44:44.0346 2396 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:44:44.0346 2396 ACPI - ok
20:44:44.0377 2396 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:44:44.0377 2396 AcpiPmi - ok
20:44:44.0409 2396 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:44:44.0409 2396 adp94xx - ok
20:44:44.0424 2396 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:44:44.0424 2396 adpahci - ok
20:44:44.0440 2396 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:44:44.0440 2396 adpu320 - ok
20:44:44.0455 2396 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:44:44.0455 2396 AeLookupSvc - ok
20:44:44.0502 2396 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:44:44.0502 2396 AFD - ok
20:44:44.0533 2396 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:44:44.0533 2396 agp440 - ok
20:44:44.0533 2396 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:44:44.0533 2396 ALG - ok
20:44:44.0549 2396 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:44:44.0549 2396 aliide - ok
20:44:44.0565 2396 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:44:44.0565 2396 amdide - ok
20:44:44.0580 2396 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:44:44.0580 2396 AmdK8 - ok
20:44:44.0580 2396 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:44:44.0580 2396 AmdPPM - ok
20:44:44.0596 2396 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:44:44.0596 2396 amdsata - ok
20:44:44.0627 2396 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:44:44.0627 2396 amdsbs - ok
20:44:44.0627 2396 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:44:44.0627 2396 amdxata - ok
20:44:44.0674 2396 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:44:44.0674 2396 AppID - ok
20:44:44.0689 2396 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:44:44.0689 2396 AppIDSvc - ok
20:44:44.0705 2396 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:44:44.0705 2396 Appinfo - ok
20:44:44.0721 2396 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
20:44:44.0721 2396 AppMgmt - ok
20:44:44.0736 2396 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:44:44.0736 2396 arc - ok
20:44:44.0736 2396 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:44:44.0736 2396 arcsas - ok
20:44:44.0814 2396 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:44:44.0814 2396 aspnet_state - ok
20:44:44.0845 2396 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:44:44.0845 2396 AsyncMac - ok
20:44:44.0861 2396 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:44:44.0861 2396 atapi - ok
20:44:44.0908 2396 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:44:44.0908 2396 AudioEndpointBuilder - ok
20:44:44.0923 2396 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:44:44.0923 2396 AudioSrv - ok
20:44:44.0955 2396 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:44:44.0955 2396 AxInstSV - ok
20:44:44.0970 2396 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:44:44.0970 2396 b06bdrv - ok
20:44:45.0001 2396 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:44:45.0001 2396 b57nd60a - ok
20:44:45.0017 2396 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:44:45.0033 2396 BDESVC - ok
20:44:45.0033 2396 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:44:45.0033 2396 Beep - ok
20:44:45.0064 2396 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:44:45.0079 2396 BFE - ok
20:44:45.0111 2396 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
20:44:45.0126 2396 BITS - ok
20:44:45.0142 2396 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:44:45.0142 2396 blbdrive - ok
20:44:45.0173 2396 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:44:45.0173 2396 bowser - ok
20:44:45.0189 2396 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:44:45.0189 2396 BrFiltLo - ok
20:44:45.0189 2396 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:44:45.0204 2396 BrFiltUp - ok
20:44:45.0204 2396 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:44:45.0204 2396 Browser - ok
20:44:45.0235 2396 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:44:45.0235 2396 Brserid - ok
20:44:45.0235 2396 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:44:45.0235 2396 BrSerWdm - ok
20:44:45.0235 2396 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:44:45.0235 2396 BrUsbMdm - ok
20:44:45.0235 2396 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:44:45.0235 2396 BrUsbSer - ok
20:44:45.0251 2396 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:44:45.0251 2396 BTHMODEM - ok
20:44:45.0282 2396 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:44:45.0282 2396 bthserv - ok
20:44:45.0282 2396 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:44:45.0282 2396 cdfs - ok
20:44:45.0313 2396 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
20:44:45.0313 2396 cdrom - ok
20:44:45.0376 2396 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:44:45.0376 2396 CertPropSvc - ok
20:44:45.0376 2396 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:44:45.0376 2396 circlass - ok
20:44:45.0407 2396 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:44:45.0407 2396 CLFS - ok
20:44:45.0454 2396 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:44:45.0454 2396 clr_optimization_v2.0.50727_32 - ok
20:44:45.0469 2396 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:44:45.0469 2396 clr_optimization_v2.0.50727_64 - ok
20:44:45.0532 2396 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:44:45.0532 2396 clr_optimization_v4.0.30319_32 - ok
20:44:45.0532 2396 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:44:45.0532 2396 clr_optimization_v4.0.30319_64 - ok
20:44:45.0547 2396 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:44:45.0547 2396 CmBatt - ok
20:44:45.0563 2396 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:44:45.0563 2396 cmdide - ok
20:44:45.0610 2396 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
20:44:45.0610 2396 CNG - ok
20:44:45.0625 2396 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:44:45.0625 2396 Compbatt - ok
20:44:45.0625 2396 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:44:45.0625 2396 CompositeBus - ok
20:44:45.0625 2396 COMSysApp - ok
20:44:45.0657 2396 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:44:45.0657 2396 crcdisk - ok
20:44:45.0719 2396 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:44:45.0719 2396 CryptSvc - ok
20:44:45.0766 2396 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
20:44:45.0766 2396 CSC - ok
20:44:45.0797 2396 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
20:44:45.0813 2396 CscService - ok
20:44:45.0844 2396 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:44:45.0844 2396 DcomLaunch - ok
20:44:45.0875 2396 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:44:45.0891 2396 defragsvc - ok
20:44:45.0906 2396 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:44:45.0906 2396 DfsC - ok
20:44:45.0922 2396 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:44:45.0922 2396 Dhcp - ok
20:44:45.0922 2396 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:44:45.0922 2396 discache - ok
20:44:45.0937 2396 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:44:45.0937 2396 Disk - ok
20:44:45.0969 2396 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:44:45.0969 2396 Dnscache - ok
20:44:46.0000 2396 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:44:46.0000 2396 dot3svc - ok
20:44:46.0031 2396 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:44:46.0031 2396 DPS - ok
20:44:46.0078 2396 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:44:46.0078 2396 drmkaud - ok
20:44:46.0109 2396 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:44:46.0125 2396 DXGKrnl - ok
20:44:46.0140 2396 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:44:46.0140 2396 EapHost - ok
20:44:46.0203 2396 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:44:46.0218 2396 ebdrv - ok
20:44:46.0249 2396 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:44:46.0249 2396 EFS - ok
20:44:46.0265 2396 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:44:46.0265 2396 elxstor - ok
20:44:46.0281 2396 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:44:46.0281 2396 ErrDev - ok
20:44:46.0296 2396 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:44:46.0312 2396 EventSystem - ok
20:44:46.0327 2396 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:44:46.0327 2396 exfat - ok
20:44:46.0327 2396 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:44:46.0327 2396 fastfat - ok
20:44:46.0374 2396 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:44:46.0390 2396 Fax - ok
20:44:46.0390 2396 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:44:46.0390 2396 fdc - ok
20:44:46.0405 2396 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:44:46.0405 2396 fdPHost - ok
20:44:46.0405 2396 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:44:46.0405 2396 FDResPub - ok
20:44:46.0421 2396 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:44:46.0421 2396 FileInfo - ok
20:44:46.0421 2396 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:44:46.0421 2396 Filetrace - ok
20:44:46.0437 2396 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:44:46.0437 2396 flpydisk - ok
20:44:46.0452 2396 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:44:46.0452 2396 FltMgr - ok
20:44:46.0499 2396 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
20:44:46.0515 2396 FontCache - ok
20:44:46.0546 2396 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:44:46.0546 2396 FontCache3.0.0.0 - ok
20:44:46.0561 2396 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:44:46.0577 2396 FsDepends - ok
20:44:46.0608 2396 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:44:46.0608 2396 Fs_Rec - ok
20:44:46.0639 2396 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:44:46.0639 2396 fvevol - ok
20:44:46.0655 2396 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:44:46.0655 2396 gagp30kx - ok
20:44:46.0702 2396 [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv C:\Windows\gdrv.sys
20:44:46.0702 2396 gdrv - ok
20:44:46.0749 2396 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:44:46.0749 2396 gpsvc - ok
20:44:46.0764 2396 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:44:46.0764 2396 hcw85cir - ok
20:44:46.0795 2396 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:44:46.0795 2396 HdAudAddService - ok
20:44:46.0827 2396 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:44:46.0827 2396 HDAudBus - ok
20:44:46.0842 2396 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:44:46.0842 2396 HidBatt - ok
20:44:46.0842 2396 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:44:46.0842 2396 HidBth - ok
20:44:46.0858 2396 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:44:46.0858 2396 HidIr - ok
20:44:46.0873 2396 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
20:44:46.0873 2396 hidserv - ok
20:44:46.0889 2396 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
20:44:46.0889 2396 HidUsb - ok
20:44:46.0920 2396 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:44:46.0920 2396 hkmsvc - ok
20:44:46.0951 2396 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:44:46.0951 2396 HomeGroupListener - ok
20:44:46.0983 2396 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:44:46.0983 2396 HomeGroupProvider - ok
20:44:46.0998 2396 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:44:46.0998 2396 HpSAMD - ok
20:44:47.0029 2396 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:44:47.0029 2396 HTTP - ok
20:44:47.0061 2396 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:44:47.0061 2396 hwpolicy - ok
20:44:47.0076 2396 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:44:47.0076 2396 i8042prt - ok
20:44:47.0092 2396 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:44:47.0092 2396 iaStorV - ok
20:44:47.0139 2396 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:44:47.0139 2396 idsvc - ok
20:44:47.0154 2396 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:44:47.0154 2396 iirsp - ok
20:44:47.0185 2396 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:44:47.0185 2396 IKEEXT - ok
20:44:47.0279 2396 [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:44:47.0295 2396 IntcAzAudAddService - ok
20:44:47.0451 2396 [ B353F1834FCD36D77BE3F74992C147D4 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
20:44:47.0466 2396 Intel(R) Capability Licensing Service Interface - ok
20:44:47.0513 2396 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:44:47.0513 2396 intelide - ok
20:44:47.0560 2396 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:44:47.0560 2396 intelppm - ok
20:44:47.0607 2396 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:44:47.0607 2396 IPBusEnum - ok
20:44:47.0622 2396 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:44:47.0622 2396 IpFilterDriver - ok
20:44:47.0653 2396 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:44:47.0669 2396 iphlpsvc - ok
20:44:47.0685 2396 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:44:47.0685 2396 IPMIDRV - ok
20:44:47.0700 2396 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:44:47.0700 2396 IPNAT - ok
20:44:47.0700 2396 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:44:47.0700 2396 IRENUM - ok
20:44:47.0716 2396 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:44:47.0716 2396 isapnp - ok
20:44:47.0747 2396 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:44:47.0747 2396 iScsiPrt - ok
20:44:47.0794 2396 [ D596D915CF091DA1F8CE4BD38BB5D509 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
20:44:47.0794 2396 iusb3hcs - ok
20:44:47.0809 2396 [ 023896E23B61543A15A230EED996D911 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
20:44:47.0825 2396 iusb3hub - ok
20:44:47.0841 2396 [ 7FAEC13F1ADD619F4B5B2D2CBF841E8E ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
20:44:47.0856 2396 iusb3xhc - ok
20:44:47.0965 2396 [ 4F0F3FDE7F571531B356B8BAB55DDF05 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
20:44:47.0965 2396 jhi_service - ok
20:44:47.0981 2396 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
20:44:47.0981 2396 kbdclass - ok
20:44:47.0997 2396 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:44:47.0997 2396 kbdhid - ok
20:44:48.0012 2396 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:44:48.0012 2396 KeyIso - ok
20:44:48.0043 2396 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:44:48.0043 2396 KSecDD - ok
20:44:48.0059 2396 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:44:48.0059 2396 KSecPkg - ok
20:44:48.0075 2396 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:44:48.0075 2396 ksthunk - ok
20:44:48.0106 2396 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:44:48.0106 2396 KtmRm - ok
20:44:48.0137 2396 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:44:48.0153 2396 LanmanServer - ok
20:44:48.0168 2396 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:44:48.0184 2396 LanmanWorkstation - ok
20:44:48.0215 2396 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:44:48.0215 2396 lltdio - ok
20:44:48.0262 2396 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:44:48.0262 2396 lltdsvc - ok
20:44:48.0277 2396 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:44:48.0277 2396 lmhosts - ok
20:44:48.0324 2396 [ 32BB92C41C73D0213B417AAEF83E3D30 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:44:48.0324 2396 LMS - ok
20:44:48.0340 2396 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:44:48.0340 2396 LSI_FC - ok
20:44:48.0355 2396 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:44:48.0355 2396 LSI_SAS - ok
20:44:48.0355 2396 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:44:48.0355 2396 LSI_SAS2 - ok
20:44:48.0355 2396 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:44:48.0355 2396 LSI_SCSI - ok
20:44:48.0371 2396 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:44:48.0371 2396 luafv - ok
20:44:48.0387 2396 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:44:48.0387 2396 MBAMProtector - ok
20:44:48.0433 2396 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:44:48.0433 2396 MBAMScheduler - ok
20:44:48.0465 2396 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:44:48.0480 2396 MBAMService - ok
20:44:48.0480 2396 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:44:48.0480 2396 megasas - ok
20:44:48.0496 2396 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:44:48.0496 2396 MegaSR - ok
20:44:48.0527 2396 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
20:44:48.0527 2396 MEIx64 - ok
20:44:48.0543 2396 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:44:48.0543 2396 MMCSS - ok
20:44:48.0574 2396 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:44:48.0574 2396 Modem - ok
20:44:48.0589 2396 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:44:48.0589 2396 monitor - ok
20:44:48.0621 2396 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
20:44:48.0621 2396 mouclass - ok
20:44:48.0621 2396 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:44:48.0621 2396 mouhid - ok
20:44:48.0652 2396 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:44:48.0667 2396 mountmgr - ok
20:44:48.0699 2396 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
20:44:48.0714 2396 MpFilter - ok
20:44:48.0730 2396 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:44:48.0730 2396 mpio - ok
20:44:48.0730 2396 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:44:48.0730 2396 mpsdrv - ok
20:44:48.0761 2396 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:44:48.0761 2396 MpsSvc - ok
20:44:48.0777 2396 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:44:48.0777 2396 MRxDAV - ok
20:44:48.0808 2396 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:44:48.0808 2396 mrxsmb - ok
20:44:48.0855 2396 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:44:48.0855 2396 mrxsmb10 - ok
20:44:48.0886 2396 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:44:48.0886 2396 mrxsmb20 - ok
20:44:48.0886 2396 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:44:48.0886 2396 msahci - ok
20:44:48.0917 2396 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:44:48.0917 2396 msdsm - ok
20:44:48.0933 2396 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:44:48.0933 2396 MSDTC - ok
20:44:48.0948 2396 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:44:48.0948 2396 Msfs - ok
20:44:48.0964 2396 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:44:48.0964 2396 mshidkmdf - ok
20:44:48.0979 2396 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:44:48.0979 2396 msisadrv - ok
20:44:49.0026 2396 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:44:49.0026 2396 MSiSCSI - ok
20:44:49.0026 2396 msiserver - ok
20:44:49.0042 2396 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:44:49.0042 2396 MSKSSRV - ok
20:44:49.0073 2396 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
20:44:49.0073 2396 MsMpSvc - ok
20:44:49.0073 2396 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:44:49.0073 2396 MSPCLOCK - ok
20:44:49.0073 2396 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:44:49.0073 2396 MSPQM - ok
20:44:49.0104 2396 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:44:49.0104 2396 MsRPC - ok
20:44:49.0120 2396 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:44:49.0120 2396 mssmbios - ok
20:44:49.0120 2396 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:44:49.0120 2396 MSTEE - ok
20:44:49.0135 2396 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:44:49.0135 2396 MTConfig - ok
20:44:49.0135 2396 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:44:49.0135 2396 Mup - ok
20:44:49.0167 2396 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:44:49.0167 2396 napagent - ok
20:44:49.0198 2396 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:44:49.0198 2396 NativeWifiP - ok
20:44:49.0229 2396 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:44:49.0245 2396 NDIS - ok
20:44:49.0245 2396 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:44:49.0245 2396 NdisCap - ok
20:44:49.0276 2396 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:44:49.0276 2396 NdisTapi - ok
20:44:49.0291 2396 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:44:49.0291 2396 Ndisuio - ok
20:44:49.0307 2396 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:44:49.0323 2396 NdisWan - ok
20:44:49.0338 2396 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:44:49.0338 2396 NDProxy - ok
20:44:49.0354 2396 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:44:49.0354 2396 NetBIOS - ok
20:44:49.0369 2396 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:44:49.0385 2396 NetBT - ok
20:44:49.0385 2396 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:44:49.0385 2396 Netlogon - ok
20:44:49.0432 2396 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:44:49.0432 2396 Netman - ok
20:44:49.0463 2396 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:44:49.0463 2396 NetMsmqActivator - ok
20:44:49.0463 2396 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:44:49.0463 2396 NetPipeActivator - ok
20:44:49.0479 2396 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:44:49.0479 2396 netprofm - ok
20:44:49.0479 2396 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:44:49.0479 2396 NetTcpActivator - ok
20:44:49.0494 2396 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:44:49.0494 2396 NetTcpPortSharing - ok
20:44:49.0510 2396 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:44:49.0510 2396 nfrd960 - ok
20:44:49.0541 2396 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:44:49.0541 2396 NisDrv - ok
20:44:49.0557 2396 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
20:44:49.0572 2396 NisSrv - ok
20:44:49.0588 2396 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:44:49.0603 2396 NlaSvc - ok
20:44:49.0603 2396 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:44:49.0603 2396 Npfs - ok
20:44:49.0635 2396 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:44:49.0635 2396 nsi - ok
20:44:49.0635 2396 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:44:49.0635 2396 nsiproxy - ok
20:44:49.0681 2396 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:44:49.0697 2396 Ntfs - ok
20:44:49.0728 2396 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:44:49.0728 2396 Null - ok
20:44:49.0775 2396 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
20:44:49.0775 2396 NVHDA - ok
20:44:49.0993 2396 [ AAF5559039E99D0CC22E25255F3DC06E ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:44:50.0040 2396 nvlddmkm - ok
20:44:50.0056 2396 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:44:50.0056 2396 nvraid - ok
20:44:50.0071 2396 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:44:50.0071 2396 nvstor - ok
20:44:50.0103 2396 [ C20F9E2DEEC656C67F7986DD3A50EC62 ] nvsvc C:\Windows\system32\nvvsvc.exe
20:44:50.0103 2396 nvsvc - ok
20:44:50.0134 2396 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:44:50.0134 2396 nv_agp - ok
20:44:50.0149 2396 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:44:50.0149 2396 ohci1394 - ok
20:44:50.0181 2396 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:44:50.0181 2396 ose - ok
20:44:50.0212 2396 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:44:50.0212 2396 p2pimsvc - ok
20:44:50.0227 2396 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:44:50.0227 2396 p2psvc - ok
20:44:50.0259 2396 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:44:50.0259 2396 Parport - ok
20:44:50.0274 2396 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:44:50.0274 2396 partmgr - ok
20:44:50.0290 2396 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:44:50.0290 2396 PcaSvc - ok
20:44:50.0305 2396 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:44:50.0305 2396 pci - ok
20:44:50.0321 2396 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:44:50.0321 2396 pciide - ok
20:44:50.0352 2396 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:44:50.0352 2396 pcmcia - ok
20:44:50.0368 2396 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:44:50.0368 2396 pcw - ok
20:44:50.0383 2396 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:44:50.0383 2396 PEAUTH - ok
20:44:50.0430 2396 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
20:44:50.0446 2396 PeerDistSvc - ok
20:44:50.0493 2396 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:44:50.0493 2396 PerfHost - ok
20:44:50.0524 2396 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:44:50.0524 2396 pla - ok
20:44:50.0555 2396 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:44:50.0571 2396 PlugPlay - ok
20:44:50.0586 2396 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:44:50.0586 2396 PNRPAutoReg - ok
20:44:50.0586 2396 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:44:50.0586 2396 PNRPsvc - ok
20:44:50.0617 2396 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:44:50.0633 2396 PolicyAgent - ok
20:44:50.0649 2396 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:44:50.0649 2396 Power - ok
20:44:50.0680 2396 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:44:50.0680 2396 PptpMiniport - ok
20:44:50.0680 2396 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:44:50.0680 2396 Processor - ok
20:44:50.0711 2396 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:44:50.0727 2396 ProfSvc - ok
20:44:50.0727 2396 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:44:50.0742 2396 ProtectedStorage - ok
20:44:50.0773 2396 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:44:50.0773 2396 Psched - ok
20:44:50.0820 2396 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:44:50.0836 2396 ql2300 - ok
20:44:50.0836 2396 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:44:50.0836 2396 ql40xx - ok
20:44:50.0867 2396 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:44:50.0867 2396 QWAVE - ok
20:44:50.0867 2396 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:44:50.0867 2396 QWAVEdrv - ok
20:44:50.0867 2396 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:44:50.0867 2396 RasAcd - ok
20:44:50.0898 2396 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:44:50.0898 2396 RasAgileVpn - ok
20:44:50.0914 2396 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:44:50.0914 2396 RasAuto - ok
20:44:50.0945 2396 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:44:50.0945 2396 Rasl2tp - ok
20:44:50.0961 2396 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:44:50.0961 2396 RasMan - ok
20:44:50.0961 2396 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:44:50.0961 2396 RasPppoe - ok
20:44:50.0976 2396 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:44:50.0976 2396 RasSstp - ok
20:44:50.0992 2396 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:44:50.0992 2396 rdbss - ok
20:44:51.0007 2396 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:44:51.0007 2396 rdpbus - ok
20:44:51.0039 2396 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:44:51.0039 2396 RDPCDD - ok
20:44:51.0054 2396 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:44:51.0054 2396 RDPDR - ok
20:44:51.0054 2396 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:44:51.0054 2396 RDPENCDD - ok
20:44:51.0070 2396 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:44:51.0070 2396 RDPREFMP - ok
20:44:51.0085 2396 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:44:51.0085 2396 RdpVideoMiniport - ok
20:44:51.0117 2396 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:44:51.0117 2396 RDPWD - ok
20:44:51.0148 2396 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:44:51.0148 2396 rdyboost - ok
20:44:51.0163 2396 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:44:51.0163 2396 RemoteAccess - ok
20:44:51.0195 2396 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:44:51.0195 2396 RemoteRegistry - ok
20:44:51.0210 2396 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:44:51.0210 2396 RpcEptMapper - ok
20:44:51.0226 2396 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:44:51.0226 2396 RpcLocator - ok
20:44:51.0257 2396 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:44:51.0273 2396 RpcSs - ok
20:44:51.0288 2396 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:44:51.0288 2396 rspndr - ok
20:44:51.0335 2396 [ 7F4F11527AF5A7E4526CB6A146B3E40C ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
20:44:51.0335 2396 RTL8167 - ok
20:44:51.0382 2396 [ 2B38C905492F36FE42B59DA52D6B4EB7 ] RtNdPt60 C:\Windows\system32\DRIVERS\RtNdPt60.sys
20:44:51.0382 2396 RtNdPt60 - ok
20:44:51.0413 2396 [ 66B7587714BC9BD850D0A49041B90CA0 ] RTTEAMPT C:\Windows\system32\DRIVERS\RtTeam620.sys
20:44:51.0413 2396 RTTEAMPT - ok
20:44:51.0429 2396 [ C74798D1A2743C102154BD7871D92833 ] RTVLANPT C:\Windows\system32\DRIVERS\RtVlan620.sys
20:44:51.0429 2396 RTVLANPT - ok
20:44:51.0444 2396 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
20:44:51.0444 2396 s3cap - ok
20:44:51.0460 2396 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:44:51.0460 2396 SamSs - ok
20:44:51.0475 2396 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:44:51.0491 2396 sbp2port - ok
20:44:51.0507 2396 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:44:51.0507 2396 SCardSvr - ok
20:44:51.0522 2396 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:44:51.0522 2396 scfilter - ok
20:44:51.0553 2396 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:44:51.0569 2396 Schedule - ok
20:44:51.0600 2396 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:44:51.0600 2396 SCPolicySvc - ok
20:44:51.0616 2396 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:44:51.0631 2396 SDRSVC - ok
20:44:51.0647 2396 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:44:51.0647 2396 secdrv - ok
20:44:51.0663 2396 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:44:51.0663 2396 seclogon - ok
20:44:51.0678 2396 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
20:44:51.0678 2396 SENS - ok
20:44:51.0678 2396 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:44:51.0694 2396 SensrSvc - ok
20:44:51.0694 2396 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:44:51.0694 2396 Serenum - ok
20:44:51.0709 2396 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:44:51.0709 2396 Serial - ok
20:44:51.0725 2396 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:44:51.0725 2396 sermouse - ok
20:44:51.0756 2396 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:44:51.0756 2396 SessionEnv - ok
20:44:51.0772 2396 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:44:51.0772 2396 sffdisk - ok
20:44:51.0803 2396 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:44:51.0803 2396 sffp_mmc - ok
20:44:51.0803 2396 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:44:51.0803 2396 sffp_sd - ok
20:44:51.0819 2396 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:44:51.0834 2396 sfloppy - ok
20:44:51.0850 2396 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:44:51.0865 2396 SharedAccess - ok
20:44:51.0881 2396 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:44:51.0881 2396 ShellHWDetection - ok
20:44:51.0881 2396 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:44:51.0881 2396 SiSRaid2 - ok
20:44:51.0897 2396 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:44:51.0897 2396 SiSRaid4 - ok
20:44:51.0928 2396 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:44:51.0928 2396 Smb - ok
20:44:51.0943 2396 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:44:51.0943 2396 SNMPTRAP - ok
20:44:51.0943 2396 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:44:51.0943 2396 spldr - ok
20:44:51.0975 2396 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
20:44:51.0975 2396 Spooler - ok
20:44:52.0053 2396 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:44:52.0068 2396 sppsvc - ok
20:44:52.0084 2396 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:44:52.0099 2396 sppuinotify - ok
20:44:52.0131 2396 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:44:52.0131 2396 srv - ok
20:44:52.0162 2396 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:44:52.0162 2396 srv2 - ok
20:44:52.0193 2396 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:44:52.0193 2396 srvnet - ok
20:44:52.0209 2396 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:44:52.0224 2396 SSDPSRV - ok
20:44:52.0224 2396 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:44:52.0224 2396 SstpSvc - ok
20:44:52.0287 2396 [ B126A9953508B9F52B289E45591615C8 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:44:52.0287 2396 Stereo Service - ok
20:44:52.0302 2396 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:44:52.0302 2396 stexstor - ok
20:44:52.0333 2396 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:44:52.0333 2396 stisvc - ok
20:44:52.0365 2396 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
20:44:52.0365 2396 storflt - ok
20:44:52.0380 2396 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
20:44:52.0380 2396 StorSvc - ok
20:44:52.0396 2396 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
20:44:52.0396 2396 storvsc - ok
20:44:52.0396 2396 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
20:44:52.0396 2396 swenum - ok
20:44:52.0427 2396 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:44:52.0427 2396 swprv - ok
20:44:52.0489 2396 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:44:52.0489 2396 SysMain - ok
20:44:52.0521 2396 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:44:52.0521 2396 TabletInputService - ok
20:44:52.0552 2396 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:44:52.0552 2396 TapiSrv - ok
20:44:52.0567 2396 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:44:52.0583 2396 TBS - ok
20:44:52.0677 2396 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:44:52.0677 2396 Tcpip - ok
20:44:52.0723 2396 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:44:52.0739 2396 TCPIP6 - ok
20:44:52.0755 2396 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:44:52.0755 2396 tcpipreg - ok
20:44:52.0770 2396 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:44:52.0770 2396 TDPIPE - ok
20:44:52.0801 2396 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:44:52.0801 2396 TDTCP - ok
20:44:52.0833 2396 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:44:52.0833 2396 tdx - ok
20:44:52.0848 2396 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:44:52.0848 2396 TermDD - ok
20:44:52.0879 2396 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:44:52.0879 2396 TermService - ok
20:44:52.0895 2396 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:44:52.0895 2396 Themes - ok
20:44:52.0895 2396 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:44:52.0895 2396 THREADORDER - ok
20:44:52.0911 2396 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:44:52.0911 2396 TrkWks - ok
20:44:52.0957 2396 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:44:52.0957 2396 TrustedInstaller - ok
20:44:52.0973 2396 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:44:52.0973 2396 tssecsrv - ok
20:44:53.0004 2396 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:44:53.0004 2396 TsUsbFlt - ok
20:44:53.0035 2396 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:44:53.0035 2396 tunnel - ok
20:44:53.0035 2396 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:44:53.0051 2396 uagp35 - ok
20:44:53.0051 2396 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:44:53.0067 2396 udfs - ok
20:44:53.0082 2396 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:44:53.0082 2396 UI0Detect - ok
20:44:53.0098 2396 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:44:53.0098 2396 uliagpkx - ok
20:44:53.0113 2396 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
20:44:53.0113 2396 umbus - ok
20:44:53.0145 2396 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:44:53.0145 2396 UmPass - ok
20:44:53.0176 2396 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
20:44:53.0176 2396 UmRdpService - ok
20:44:53.0223 2396 [ 9DC07E73A4ABB9ACF692113B36A5009F ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
20:44:53.0223 2396 UnlockerDriver5 - ok
20:44:53.0285 2396 [ B89514A95A9D435EB974EA22153BB9FF ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:44:53.0285 2396 UNS - ok
20:44:53.0301 2396 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:44:53.0301 2396 upnphost - ok
20:44:53.0332 2396 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
20:44:53.0332 2396 usbccgp - ok
20:44:53.0410 2396 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:44:53.0410 2396 usbcir - ok
20:44:53.0425 2396 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\drivers\usbehci.sys
20:44:53.0425 2396 usbehci - ok
20:44:53.0441 2396 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\drivers\usbhub.sys
20:44:53.0441 2396 usbhub - ok
20:44:53.0457 2396 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:44:53.0457 2396 usbohci - ok
20:44:53.0457 2396 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:44:53.0457 2396 usbprint - ok
20:44:53.0472 2396 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:44:53.0472 2396 USBSTOR - ok
20:44:53.0488 2396 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:44:53.0488 2396 usbuhci - ok
20:44:53.0488 2396 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:44:53.0488 2396 UxSms - ok
20:44:53.0519 2396 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:44:53.0519 2396 VaultSvc - ok
20:44:53.0535 2396 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:44:53.0535 2396 vdrvroot - ok
20:44:53.0550 2396 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:44:53.0566 2396 vds - ok
20:44:53.0566 2396 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:44:53.0566 2396 vga - ok
20:44:53.0581 2396 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:44:53.0581 2396 VgaSave - ok
20:44:53.0597 2396 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:44:53.0597 2396 vhdmp - ok
20:44:53.0613 2396 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:44:53.0613 2396 viaide - ok
20:44:53.0628 2396 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
20:44:53.0628 2396 vmbus - ok
20:44:53.0644 2396 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
20:44:53.0644 2396 VMBusHID - ok
20:44:53.0659 2396 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:44:53.0659 2396 volmgr - ok
20:44:53.0675 2396 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:44:53.0675 2396 volmgrx - ok
20:44:53.0706 2396 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:44:53.0706 2396 volsnap - ok
20:44:53.0722 2396 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:44:53.0722 2396 vsmraid - ok
20:44:53.0753 2396 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:44:53.0769 2396 VSS - ok
20:44:53.0784 2396 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:44:53.0784 2396 vwifibus - ok
20:44:53.0815 2396 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:44:53.0815 2396 W32Time - ok
20:44:53.0815 2396 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:44:53.0815 2396 WacomPen - ok
20:44:53.0847 2396 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:44:53.0847 2396 WANARP - ok
20:44:53.0862 2396 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:44:53.0862 2396 Wanarpv6 - ok
20:44:53.0909 2396 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:44:53.0909 2396 WatAdminSvc - ok
20:44:53.0971 2396 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:44:53.0971 2396 wbengine - ok
20:44:54.0003 2396 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:44:54.0003 2396 WbioSrvc - ok
20:44:54.0049 2396 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:44:54.0049 2396 wcncsvc - ok
20:44:54.0065 2396 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:44:54.0065 2396 WcsPlugInService - ok
20:44:54.0065 2396 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:44:54.0065 2396 Wd - ok
20:44:54.0096 2396 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
20:44:54.0096 2396 WDC_SAM - ok
20:44:54.0143 2396 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:44:54.0143 2396 Wdf01000 - ok
20:44:54.0174 2396 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:44:54.0174 2396 WdiServiceHost - ok
20:44:54.0174 2396 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:44:54.0174 2396 WdiSystemHost - ok
20:44:54.0190 2396 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:44:54.0205 2396 WebClient - ok
20:44:54.0221 2396 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:44:54.0221 2396 Wecsvc - ok
20:44:54.0237 2396 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:44:54.0237 2396 wercplsupport - ok
20:44:54.0268 2396 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:44:54.0268 2396 WerSvc - ok
20:44:54.0283 2396 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:44:54.0283 2396 WfpLwf - ok
20:44:54.0299 2396 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:44:54.0299 2396 WIMMount - ok
20:44:54.0315 2396 WinDefend - ok
20:44:54.0315 2396 WinHttpAutoProxySvc - ok
20:44:54.0361 2396 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:44:54.0361 2396 Winmgmt - ok
20:44:54.0408 2396 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:44:54.0424 2396 WinRM - ok
20:44:54.0439 2396 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:44:54.0455 2396 Wlansvc - ok
20:44:54.0471 2396 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:44:54.0471 2396 WmiAcpi - ok
20:44:54.0486 2396 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:44:54.0486 2396 wmiApSrv - ok
20:44:54.0502 2396 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:44:54.0502 2396 WPCSvc - ok
20:44:54.0533 2396 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:44:54.0533 2396 WPDBusEnum - ok
20:44:54.0533 2396 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:44:54.0533 2396 ws2ifsl - ok
20:44:54.0549 2396 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
20:44:54.0549 2396 wscsvc - ok
20:44:54.0564 2396 WSearch - ok
20:44:54.0611 2396 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:44:54.0611 2396 wuauserv - ok
20:44:54.0642 2396 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:44:54.0642 2396 WudfPf - ok
20:44:54.0658 2396 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:44:54.0658 2396 WUDFRd - ok
20:44:54.0673 2396 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:44:54.0673 2396 wudfsvc - ok
20:44:54.0720 2396 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:44:54.0720 2396 WwanSvc - ok
20:44:54.0736 2396 ================ Scan global ===============================
20:44:54.0751 2396 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:44:54.0783 2396 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:44:54.0783 2396 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:44:54.0798 2396 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:44:54.0798 2396 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:44:54.0814 2396 [Global] - ok
20:44:54.0814 2396 ================ Scan MBR ==================================
20:44:54.0814 2396 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:44:54.0954 2396 \Device\Harddisk0\DR0 - ok
20:44:54.0954 2396 ================ Scan VBR ==================================
20:44:54.0954 2396 [ 3792ABB061A2FD17AF74E3B1D87ADEE3 ] \Device\Harddisk0\DR0\Partition1
20:44:54.0970 2396 \Device\Harddisk0\DR0\Partition1 - ok
20:44:54.0970 2396 [ CE5C65D885B5D8BD29F530BAC17009A3 ] \Device\Harddisk0\DR0\Partition2
20:44:54.0970 2396 \Device\Harddisk0\DR0\Partition2 - ok
20:44:54.0970 2396 ============================================================
20:44:54.0970 2396 Scan finished
20:44:54.0970 2396 ============================================================
20:44:54.0985 3008 Detected object count: 0
20:44:54.0985 3008 Actual detected object count: 0


----------------------------

Ran Hitman Pro 3.7.3 Build 194 (64 bit)

No threats found

Code:

HitmanPro 3.7.3.194
www.hitmanpro.com

   Computer name . . . . : DESKTOP
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Desktop\Director
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-05-07 20:38:38
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 21s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 0

   Objects scanned . . . : 1,194,295
   Files scanned . . . . : 12,658
   Remnants scanned  . . : 372,725 files / 808,912 keys

---------------------------

 

Hi Tim, Sorry about that, I pasted the log I was keeping using notebook (nb.exe). Will attach in the future.

It gets deeper. Since writing my first forum query, I installed a new hard disc drive and redid the whole process documenting each step (below).

Then, to keep my broadband service from blowing its monthly cap, I swapped my two services (telecom ADSL and wireless to modem) and surprise, the Apple Macbook Air using Firefox in Private Browsing mode brought up the same http : // 679186cd (dot) linkbucks (dot) com when I clicked on http://forums.majorgeeks.com/forumdisplay.php

Since I shut the system down, used the paperclip to reset the telecom modem, cut power to the UPS and every other device, it suggests the virus is somewhere between my ADSL modem and Telecom. Is this possible? If so, it would rather serious.

Documentation Log of reinstall to trap redirect virus:

1) This is the sixth attempt to get rid of the Linkbucks virus on Windows 7 PC
2) The first few attempts followed the usual instructions including downloading and running all the search and destroy programs, checking registries, etc.
3) Then I bought a new upgrade box, reinstalled Windows 7 and other applications
4) When it came back, I did it again, but with fewer applications.
5) This most recent time I did it meticulously to isolate the variables and stay as much with Microsoft (no Google Chrome or Avast Anti-Virus for example). I documented them using my uninfected Apple laptop.
6) In the new PC, remove all disks except 1TB reformatted and 16GB USB drive loaded with install programs so I don’t have to download gigabytes of software. Note this hard drive was the same used in the 4th attempt, but when I plugged it back in (unplugging attempt 5 hard drive) it came back with 0x8000ffff error and no matter what I tried, it would not reboot (which means my Adobe licenses will be over max). So I used Seagate software to wipe and repartition and then reinstall Windows.
7) Install Windows 7 Pro 64 from its original DVD
8) Install SP1 from USB drive
9) Install Gigabyte drivers that came on the new PC DVD including:

a. Intel Management Engine Software (Intel HECI device driver
b. INF Update Utility (INF files to properly configure PC-E /USB etc
c. Note (probably irrelevant) reboot it says press any key to run Xpress Recovery 2 (must be on DVD)
d. Install Realtek Audio Driver
e. Install Realtek Lan Driver for gigabit
f. Install Intel USB 3.0 Driver - reboot​

10) Install Internet Explorer 10
11) Note a Microsoft web site look like it partially loaded (could be symptom of redirect)
12) Searches seem slow on IE10 but no Linkbucks yet
13) Download and Install Microsoft Security Essentials
14) Went to cnet to get Malbytes – screen did not fully load (could be early symptom)
15) Downloaded Mbam-setup-1.75.0.1300.exe
16) Accepted 30-day trial of full
17) Perform a full scan of C: and E: flashdrive
18) While running, had Microsoft Security Essentials run a full scan (the quick scan had previously come back as OK)
19) MSE: 284,230 items scanned, no threats detected
20) Install .NET framework 4 from Gigabyte disc
21) Download and manually Install IE10 update (so I can reinstall if this fails instead of eating up 69MB of broadband cap every re-install)
22) Download and Install Nvidia GEforce 220 driver
23) Download 108 updates using Windows Update
24) Install MS Office 2003
25) Activated windows and office 2003
26) Test with Microsoft IE 10 – MSN news – keep selecting news stories and…
27) LINKBUCKS VIRUS SHOWS UP. Immediately terminated IE10. The same account has been showing up since the beginning... http : //679186cd.linkbucks (dot) com then the URL I hyperlinked to - MSN news that I had originally selected with a click (again, using sites that stay within Microsoft for safety purposes).
28) Switched from Iconz to Telecom and swapped Apple from Iconz to Telecom. Note that I did this figuring that I was in for a bunch more downloads and wanted to balance my cap demands (we don't get unlimited broadband... one is 20gb a month, the other 40gb which works unless I start doing these mega downloads of updates.
29) Going to majorgeeks.com to check on forum, APPLE SHOWS LINKBUCKS. Hmm, let's think about what this means... in one step, I just eliminated all variables except the broadband ethernet cable and everything beyond it. Unless it is on the 2tb portable hard drive that has the read-only backup of the desktop, but that has been hooked up since I started, and only when I swapped the ISP.
30) Swapped desktop to Iconz
31) Deleted all history, cache, etc. from IE 10
32) Rebooted
33) Back to MSN to check links on desktop
34) Went to Majorgeeks.com… a bit slow but no indication of Linkbucks (not that this is surprising… it is erratic.
35) While doing these tests, I now am on the phone to Telecom provider of broadband. Is it possible that the provider is infected? I have reset the modem several times, but this infection of Apple does suggest its coming from the broadband.

Question: How can I diagnose a redirect that may be coming from the broadband service?

Question: Once it comes down, how do I determine if it has lodged in my local systems (desktop/Windows 7 pro 64 or laptop Macbook/Lion?