TechSpot

[A] Sirefef variant please help

Inactive
By negdcom
Sep 19, 2012
  1. Hello all Per the instructions here are my logs. Windows 7 PC 64bit

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org
    Database version: v2012.09.20.02
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Josh :: JOSH-PC [administrator]
    9/19/2012 11:43:29 PM
    mbam-log-2012-09-19 (23-43-29).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 239807
    Time elapsed: 35 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 3
    C:\Windows\Installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\U\80000000.@ (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    (end)
     
  2. negdcom

    negdcom TS Rookie Topic Starter Posts: 17

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
    Run by Josh at 23:53:01 on 2012-09-19
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8154.6335 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    E:\Programs\steam\Steam.exe
    E:\Programs\TiVoServer.exe
    E:\Programs\TiVoTransfer.exe
    E:\Programs\TiVoNotify.exe
    C:\Windows\System32\StikyNot.exe
    C:\Users\Josh\AppData\Local\Apps\2.0\66KV6HPL.M5G\RKCRYQCN.GO7\curs..tion_9e9e83ddf3ed3ead_0005.0001_32b1384f20fde9ac\CurseClient.exe
    C:\Windows\system32\SearchIndexer.exe
    E:\Programs\MagicDisc\MagicDisc.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
    C:\program files (x86)\internet explorer\iexplore.exe
    C:\program files (x86)\internet explorer\iexplore.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\consent.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/?fr=fp-ygamesbar&type=yahoo_oberon_ygames_ytb
    mDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-ygamesbar&type=yahoo_oberon_ygames_ytb
    mStart Page = hxxp://www.yahoo.com/?fr=fp-ygamesbar&type=yahoo_oberon_ygames_ytb
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    BHO: TBSB07898 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
    TB: Coupons.com CouponBar: {8660e5b3-6c41-44de-8503-98d99bbecd41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    uRun: [AdobeBridge]
    uRun: [Steam] "E:\Programs\steam\Steam.exe" -silent
    uRun: [TivoServer] E:\Programs\TiVoServer.exe /service /registry /auto:TivoServer
    uRun: [TivoTransfer] E:\Programs\TiVoTransfer.exe
    uRun: [TivoNotify] E:\Programs\TiVoNotify.exe /service /registry /auto:TivoNotify
    uRun: [TranscodingService] E:\Programs\Plus\\TranscodingService.exe
    uRun: [Google Update] "C:\Users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    StartupFolder: C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
    StartupFolder: C:\Users\Josh\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - E:\Programs\MagicDisc\MagicDisc.exe
    uPolicies-explorer: HideSCAHealth = 1 (0x1)
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    LSP: mswsock.dll
    TCP: DhcpNameServer = 208.59.247.45 208.59.247.46
    TCP: Interfaces\{0809D70A-7C13-4BC3-AAC9-8055F6B86E5D} : DhcpNameServer = 208.59.247.45 208.59.247.46
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO-X64: 0x1 - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    BHO-X64: TBSB07898 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
    BHO-X64: TBSB07898 - No File
    TB-X64: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3k975bs9.default\
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
    FF - plugin: C:\Users\Josh\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Josh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Josh\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - plugin: E:\Programs\VLC\npvlc.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-7-16 1258856]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-6-11 382312]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-17 136176]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-17 250056]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-17 136176]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-20 114144]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 TivoBeacon2;TiVo Beacon Service;E:\Programs\TiVoBeacon.exe [2010-8-24 1104656]
    .
    =============== Created Last 30 ================
    .
    2012-09-20 03:45:31 328704 ----a-w- C:\Windows\System32\services.exe.4CDA5267D3D73056
    2012-09-20 03:41:22 328704 ----a-w- C:\Windows\System32\services.exe.8EEB077EB22E9072
    2012-09-20 03:38:41 328704 ----a-w- C:\Windows\System32\services.exe.A6D6C5163A06BE3D
    2012-09-20 03:36:04 328704 ----a-w- C:\Windows\System32\services.exe.898782B8D2797198
    2012-09-20 03:33:28 328704 ----a-w- C:\Windows\System32\services.exe.AED1D8513DB96E15
    2012-09-20 03:30:51 328704 ----a-w- C:\Windows\System32\services.exe.51BBD7E4C3E03003
    2012-09-20 03:28:21 328704 ----a-w- C:\Windows\System32\services.exe.5ACF7B799A8644D0
    2012-09-20 03:25:48 328704 ----a-w- C:\Windows\System32\services.exe.5ED602166F37B32B
    2012-09-20 03:25:44 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1C642C39-8980-48B5-9DD8-8407B4F32C4A}\offreg.dll
    2012-09-20 03:21:58 328704 ----a-w- C:\Windows\System32\services.exe.C46F0F853C975B3D
    2012-09-20 03:18:14 328704 ----a-w- C:\Windows\System32\services.exe.86D2522B8F4AECF2
    2012-09-20 03:15:00 328704 ----a-w- C:\Windows\System32\services.exe.DFE44FEB37CBA4EF
    2012-09-20 02:40:32 328704 ----a-w- C:\Windows\System32\services.exe.5A69C4598E34BEE8
    2012-09-20 02:37:49 328704 ----a-w- C:\Windows\System32\services.exe.150F2C2F8A603280
    2012-09-20 02:34:26 328704 ----a-w- C:\Windows\System32\services.exe.F2D398AE30B1CE74
    2012-09-20 02:31:45 328704 ----a-w- C:\Windows\System32\services.exe.C0A99E4817514E8C
    2012-09-20 02:31:06 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8289DE21-66C9-4DAB-9600-5DF6F89BE9C2}\gapaengine.dll
    2012-09-20 02:30:54 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1C642C39-8980-48B5-9DD8-8407B4F32C4A}\mpengine.dll
    2012-09-20 02:30:35 -------- d-----w- C:\Users\Josh\AppData\Roaming\Malwarebytes
    2012-09-20 02:30:28 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-09-20 02:30:27 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-09-20 02:30:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-20 02:26:53 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2012-09-20 02:26:52 -------- d-----w- C:\Program Files\Microsoft Security Client
    2012-09-19 02:58:44 -------- d-----w- C:\Program Files (x86)\Oberon Media SIDR
    2012-09-19 02:34:43 -------- d-----w- C:\Program Files (x86)\File Secure Pro
    2012-09-19 00:47:39 -------- d-----w- C:\Users\Josh\AppData\Roaming\Oberon 3 Days Zoo Mystery
    2012-09-18 14:32:02 -------- d-----w- C:\Users\Josh\AppData\Roaming\Friday's games
    2012-09-18 07:16:49 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    2012-09-13 11:54:44 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
    2012-09-12 11:34:06 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
    2012-09-12 11:34:06 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
    2012-09-12 11:34:05 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
    2012-09-12 11:34:05 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    2012-09-12 11:34:05 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-09-12 11:34:05 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-09-12 11:34:05 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-09-06 13:55:33 474 ----a-w- C:\Program Files (x86)\090620129553365.bat
    2012-08-31 03:30:22 -------- d-----w- C:\Users\Josh\AppData\Roaming\Oberon
    2012-08-31 03:30:22 -------- d-----w- C:\ProgramData\Oberon
    2012-08-29 05:17:03 -------- d-----w- C:\Users\Josh\AppData\Local\{C72EA587-F198-11E1-8270-B8AC6F996F26}
    2012-08-26 14:08:24 -------- d-----w- C:\Program Files (x86)\MagicISO
    2012-08-26 13:55:25 -------- d-----w- C:\ProgramData\CCP
    2012-08-25 15:42:51 -------- d-----w- C:\Users\Josh\AppData\Local\CCP
    2012-08-25 02:43:54 -------- d-----w- C:\Users\Josh\jagexcache
    .
    ==================== Find3M ====================
    .
    2012-09-13 12:18:10 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-13 12:18:10 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-08-03 16:36:30 60304 ----a-w- C:\Users\Josh\g2mdlhlpx.exe
    2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-07-16 18:53:04 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2012-07-16 18:53:04 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2012-07-06 02:06:30 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-07-06 02:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
    2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
    2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
    2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 23:53:12.19 ===============
     
  3. negdcom

    negdcom TS Rookie Topic Starter Posts: 17

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/16/2012 1:06:14 PM
    System Uptime: 9/19/2012 11:46:46 PM (0 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | Z77X-UD3H
    Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz | Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz | 3801/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 60 GiB total, 8.955 GiB free.
    D: is CDROM (CDFS)
    E: is FIXED (NTFS) - 466 GiB total, 273.846 GiB free.
    F: is FIXED (NTFS) - 932 GiB total, 692.718 GiB free.
    G: is FIXED (NTFS) - 1863 GiB total, 252.923 GiB free.
    H: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: SM Bus Controller
    Device ID: PCI\VEN_8086&DEV_1E22&SUBSYS_50011458&REV_04\3&11583659&0&FB
    Manufacturer:
    Name: SM Bus Controller
    PNP Device ID: PCI\VEN_8086&DEV_1E22&SUBSYS_50011458&REV_04\3&11583659&0&FB
    Service:
    .
    Class GUID:
    Description: Universal Serial Bus (USB) Controller
    Device ID: PCI\VEN_1106&DEV_3432&SUBSYS_50071458&REV_03\4&1828E751&0&00E4
    Manufacturer:
    Name: Universal Serial Bus (USB) Controller
    PNP Device ID: PCI\VEN_1106&DEV_3432&SUBSYS_50071458&REV_03\4&1828E751&0&00E4
    Service:
    .
    Class GUID:
    Description: Universal Serial Bus (USB) Controller
    Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_50071458&REV_04\3&11583659&0&A0
    Manufacturer:
    Name: Universal Serial Bus (USB) Controller
    PNP Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_50071458&REV_04\3&11583659&0&A0
    Service:
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    µTorrent
    3 Days Zoo Mystery
    Adobe AIR
    Adobe Download Assistant
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Photoshop CS6
    Adobe Reader X (10.1.4)
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    Big Kahuna Reef 3
    Bigasoft MKV Converter 3.6.18.4499
    Canon MF Toolbox 4.9.1.1.mf09
    Coupon Printer for Windows
    CouponBar
    Curse Client
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    EVE Online (remove only)
    File Secure Pro Viewer
    FLV to AVI MPEG WMV 3GP MP4 iPod Converter
    Google Chrome
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToMeeting 5.2.0.952
    Happy Chef
    HMA! Pro VPN 2.6.9
    Java Auto Updater
    Java(TM) 7 Update 5
    JavaFX 2.1.1
    Jewel Legends - Tree of Life
    Jewel Quest Mysteries The Seventh Gate
    Jungle Quest
    Magic ISO Maker v5.5 (build 0281)
    MagicDisc 2.7.106
    Malwarebytes Anti-Malware version 1.65.0.1400
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft_VC80_CRT_x86
    Microsoft_VC90_CRT_x86
    Mozilla Firefox 15.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Network Print Monitor for Windows 2000/XP/2003/Vista
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    Paradise Quest
    PDF Settings CS6
    SABnzbd 0.7.1
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Stamps.com
    Steam
    The Elder Scrolls V: Skyrim
    TiVo Desktop 2.8.3
    TubeDigger 2.2.2
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553092)
    Ventrilo Client
    ViewSonic Windows 7 Signed Files
    VLC media player 2.0.2
    World of Warcraft
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/19/2012 2:34:31 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    9/19/2012 11:52:35 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    9/19/2012 11:52:35 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    9/19/2012 11:46:55 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    9/19/2012 11:46:52 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    9/19/2012 11:46:52 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    9/19/2012 11:46:48 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort6.
    9/19/2012 11:45:31 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x800706ba'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    9/19/2012 11:23:39 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    9/19/2012 11:23:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    9/19/2012 11:23:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    9/19/2012 11:23:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    9/19/2012 11:23:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    9/19/2012 11:23:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6
    9/19/2012 11:23:25 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    9/19/2012 10:31:34 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AN&threatid=2147657992 Name: Trojan:Win32/Sirefef.AN ID: 2147657992 Severity: Severe Category: Trojan Path: file:_C:\Windows\Installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\U\80000032.@ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070070 Error description: There is not enough space on the disk. Signature Version: AV: 1.137.6.0, AS: 1.137.6.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8800.0, NIS: 2.0.8001.0
    9/19/2012 10:27:54 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/19/2012 10:27:02 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/18/2012 3:11:31 AM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    9/18/2012 1:45:57 AM, Error: Schannel [36887] - The following fatal alert was received: 47.
    9/13/2012 7:26:12 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    9/13/2012 7:26:12 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
     
  4. negdcom

    negdcom TS Rookie Topic Starter Posts: 17

    No GMER logs recorded, it was empty. If I leave Microsoft Security essentials running it automatically reboots pc after 60 seconds. I have to turn it off for me to be even able to post this. Thanks in advance for your help
     
  5. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===========================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ========================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =====================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  6. negdcom

    negdcom TS Rookie Topic Starter Posts: 17

    00:25:45.0308 2512 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24

    00:25:45.0530 2512 ============================================================

    00:25:45.0530 2512 Current date / time: 2012/09/20 00:25:45.0530

    00:25:45.0530 2512 SystemInfo:

    00:25:45.0530 2512

    00:25:45.0530 2512 OS Version: 6.1.7601 ServicePack: 1.0

    00:25:45.0530 2512 Product type: Workstation

    00:25:45.0530 2512 ComputerName: JOSH-PC

    00:25:45.0530 2512 UserName: Josh

    00:25:45.0530 2512 Windows directory: C:\Windows

    00:25:45.0530 2512 System windows directory: C:\Windows

    00:25:45.0530 2512 Running under WOW64

    00:25:45.0530 2512 Processor architecture: Intel x64

    00:25:45.0530 2512 Number of processors: 4

    00:25:45.0530 2512 Page size: 0x1000

    00:25:45.0530 2512 Boot type: Normal boot

    00:25:45.0530 2512 ============================================================

    00:25:45.0718 2512 Drive \Device\Harddisk0\DR0 - Size: 0xEE8156000 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

    00:25:45.0736 2512 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

    00:25:45.0736 2512 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

    00:25:45.0737 2512 Drive \Device\Harddisk3\DR3 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

    00:25:45.0739 2512 ============================================================

    00:25:45.0739 2512 \Device\Harddisk0\DR0:

    00:25:45.0739 2512 MBR partitions:

    00:25:45.0739 2512 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

    00:25:45.0739 2512 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x770D800

    00:25:45.0739 2512 \Device\Harddisk1\DR1:

    00:25:45.0739 2512 MBR partitions:

    00:25:45.0739 2512 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800

    00:25:45.0739 2512 \Device\Harddisk2\DR2:

    00:25:45.0740 2512 MBR partitions:

    00:25:45.0740 2512 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74701AC1

    00:25:45.0740 2512 \Device\Harddisk3\DR3:

    00:25:45.0740 2512 MBR partitions:

    00:25:45.0740 2512 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E035C1

    00:25:45.0740 2512 ============================================================

    00:25:45.0741 2512 C: <-> \Device\Harddisk0\DR0\Partition2

    00:25:45.0762 2512 E: <-> \Device\Harddisk1\DR1\Partition1

    00:25:45.0763 2512 F: <-> \Device\Harddisk2\DR2\Partition1

    00:25:45.0764 2512 G: <-> \Device\Harddisk3\DR3\Partition1

    00:25:45.0764 2512 ============================================================

    00:25:45.0764 2512 Initialize success

    00:25:45.0764 2512 ============================================================

    00:25:47.0922 1472 ============================================================

    00:25:47.0922 1472 Scan started

    00:25:47.0922 1472 Mode: Manual;

    00:25:47.0922 1472 ============================================================

    00:25:48.0029 1472 ================ Scan system memory ========================

    00:25:48.0029 1472 System memory - ok

    00:25:48.0030 1472 ================ Scan services =============================

    00:25:48.0057 1472 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

    00:25:48.0058 1472 1394ohci - ok

    00:25:48.0064 1472 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

    00:25:48.0065 1472 ACPI - ok

    00:25:48.0067 1472 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

    00:25:48.0067 1472 AcpiPmi - ok

    00:25:48.0071 1472 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    00:25:48.0072 1472 AdobeARMservice - ok

    00:25:48.0089 1472 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    00:25:48.0089 1472 AdobeFlashPlayerUpdateSvc - ok

    00:25:48.0095 1472 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

    00:25:48.0097 1472 adp94xx - ok

    00:25:48.0101 1472 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

    00:25:48.0102 1472 adpahci - ok

    00:25:48.0106 1472 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

    00:25:48.0106 1472 adpu320 - ok

    00:25:48.0109 1472 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

    00:25:48.0110 1472 AeLookupSvc - ok

    00:25:48.0115 1472 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

    00:25:48.0117 1472 AFD - ok

    00:25:48.0119 1472 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

    00:25:48.0119 1472 agp440 - ok

    00:25:48.0121 1472 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

    00:25:48.0122 1472 ALG - ok

    00:25:48.0124 1472 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

    00:25:48.0125 1472 aliide - ok

    00:25:48.0126 1472 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

    00:25:48.0127 1472 amdide - ok

    00:25:48.0129 1472 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

    00:25:48.0129 1472 AmdK8 - ok

    00:25:48.0131 1472 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

    00:25:48.0132 1472 AmdPPM - ok

    00:25:48.0134 1472 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

    00:25:48.0135 1472 amdsata - ok

    00:25:48.0138 1472 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

    00:25:48.0139 1472 amdsbs - ok

    00:25:48.0141 1472 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

    00:25:48.0141 1472 amdxata - ok

    00:25:48.0144 1472 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

    00:25:48.0144 1472 AppID - ok

    00:25:48.0146 1472 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

    00:25:48.0146 1472 AppIDSvc - ok

    00:25:48.0149 1472 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

    00:25:48.0149 1472 Appinfo - ok

    00:25:48.0151 1472 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

    00:25:48.0152 1472 arc - ok

    00:25:48.0155 1472 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

    00:25:48.0155 1472 arcsas - ok

    00:25:48.0157 1472 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

    00:25:48.0157 1472 AsyncMac - ok

    00:25:48.0159 1472 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

    00:25:48.0159 1472 atapi - ok

    00:25:48.0165 1472 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

    00:25:48.0167 1472 AudioEndpointBuilder - ok

    00:25:48.0172 1472 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

    00:25:48.0175 1472 AudioSrv - ok

    00:25:48.0177 1472 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

    00:25:48.0178 1472 AxInstSV - ok

    00:25:48.0183 1472 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

    00:25:48.0184 1472 b06bdrv - ok

    00:25:48.0189 1472 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

    00:25:48.0190 1472 b57nd60a - ok

    00:25:48.0195 1472 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

    00:25:48.0195 1472 BDESVC - ok

    00:25:48.0197 1472 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

    00:25:48.0197 1472 Beep - ok

    00:25:48.0199 1472 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

    00:25:48.0199 1472 blbdrive - ok

    00:25:48.0205 1472 [ A065F048E9E23E6C026A7BB548D126A7 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe

    00:25:48.0206 1472 Bonjour Service - ok

    00:25:48.0209 1472 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

    00:25:48.0209 1472 bowser - ok

    00:25:48.0212 1472 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

    00:25:48.0212 1472 BrFiltLo - ok

    00:25:48.0214 1472 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

    00:25:48.0214 1472 BrFiltUp - ok

    00:25:48.0217 1472 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

    00:25:48.0218 1472 Browser - ok

    00:25:48.0222 1472 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

    00:25:48.0223 1472 Brserid - ok

    00:25:48.0225 1472 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

    00:25:48.0225 1472 BrSerWdm - ok

    00:25:48.0227 1472 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

    00:25:48.0227 1472 BrUsbMdm - ok

    00:25:48.0229 1472 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

    00:25:48.0230 1472 BrUsbSer - ok

    00:25:48.0232 1472 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

    00:25:48.0233 1472 BTHMODEM - ok

    00:25:48.0236 1472 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

    00:25:48.0236 1472 bthserv - ok

    00:25:48.0238 1472 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

    00:25:48.0239 1472 cdfs - ok

    00:25:48.0242 1472 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

    00:25:48.0242 1472 cdrom - ok

    00:25:48.0245 1472 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

    00:25:48.0245 1472 CertPropSvc - ok

    00:25:48.0247 1472 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

    00:25:48.0247 1472 circlass - ok

    00:25:48.0252 1472 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

    00:25:48.0253 1472 CLFS - ok

    00:25:48.0259 1472 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

    00:25:48.0260 1472 clr_optimization_v2.0.50727_32 - ok

    00:25:48.0265 1472 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

    00:25:48.0266 1472 clr_optimization_v2.0.50727_64 - ok

    00:25:48.0272 1472 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    00:25:48.0272 1472 clr_optimization_v4.0.30319_32 - ok

    00:25:48.0278 1472 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

    00:25:48.0278 1472 clr_optimization_v4.0.30319_64 - ok

    00:25:48.0281 1472 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

    00:25:48.0281 1472 CmBatt - ok

    00:25:48.0283 1472 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

    00:25:48.0283 1472 cmdide - ok

    00:25:48.0287 1472 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

    00:25:48.0289 1472 CNG - ok

    00:25:48.0291 1472 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

    00:25:48.0291 1472 Compbatt - ok

    00:25:48.0293 1472 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

    00:25:48.0293 1472 CompositeBus - ok

    00:25:48.0296 1472 COMSysApp - ok

    00:25:48.0298 1472 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

    00:25:48.0298 1472 crcdisk - ok

    00:25:48.0303 1472 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll

    00:25:48.0304 1472 CryptSvc - ok

    00:25:48.0309 1472 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

    00:25:48.0312 1472 DcomLaunch - ok

    00:25:48.0315 1472 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

    00:25:48.0317 1472 defragsvc - ok

    00:25:48.0319 1472 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

    00:25:48.0320 1472 DfsC - ok

    00:25:48.0324 1472 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

    00:25:48.0325 1472 Dhcp - ok

    00:25:48.0328 1472 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

    00:25:48.0328 1472 discache - ok

    00:25:48.0330 1472 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

    00:25:48.0330 1472 Disk - ok

    00:25:48.0333 1472 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

    00:25:48.0334 1472 Dnscache - ok

    00:25:48.0338 1472 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

    00:25:48.0339 1472 dot3svc - ok

    00:25:48.0342 1472 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

    00:25:48.0343 1472 DPS - ok

    00:25:48.0344 1472 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

    00:25:48.0345 1472 drmkaud - ok

    00:25:48.0352 1472 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

    00:25:48.0355 1472 DXGKrnl - ok

    00:25:48.0358 1472 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

    00:25:48.0359 1472 EapHost - ok

    00:25:48.0383 1472 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

    00:25:48.0393 1472 ebdrv - ok

    00:25:48.0396 1472 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

    00:25:48.0397 1472 EFS - ok

    00:25:48.0404 1472 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

    00:25:48.0406 1472 ehRecvr - ok

    00:25:48.0409 1472 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
     
  7. negdcom

    negdcom TS Rookie Topic Starter Posts: 17

    00:25:48.0409 1472 ehSched - ok
    00:25:48.0415 1472 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    00:25:48.0416 1472 elxstor - ok
    00:25:48.0418 1472 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    00:25:48.0419 1472 ErrDev - ok
    00:25:48.0425 1472 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    00:25:48.0427 1472 EventSystem - ok
    00:25:48.0430 1472 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    00:25:48.0431 1472 exfat - ok
    00:25:48.0434 1472 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    00:25:48.0435 1472 fastfat - ok
    00:25:48.0441 1472 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    00:25:48.0444 1472 Fax - ok
    00:25:48.0446 1472 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    00:25:48.0446 1472 fdc - ok
    00:25:48.0448 1472 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    00:25:48.0449 1472 fdPHost - ok
    00:25:48.0451 1472 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    00:25:48.0451 1472 FDResPub - ok
    00:25:48.0454 1472 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    00:25:48.0454 1472 FileInfo - ok
    00:25:48.0456 1472 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    00:25:48.0456 1472 Filetrace - ok
    00:25:48.0458 1472 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    00:25:48.0459 1472 flpydisk - ok
    00:25:48.0462 1472 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    00:25:48.0463 1472 FltMgr - ok
    00:25:48.0473 1472 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    00:25:48.0477 1472 FontCache - ok
    00:25:48.0480 1472 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    00:25:48.0481 1472 FontCache3.0.0.0 - ok
    00:25:48.0483 1472 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    00:25:48.0484 1472 FsDepends - ok
    00:25:48.0486 1472 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    00:25:48.0486 1472 Fs_Rec - ok
    00:25:48.0489 1472 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    00:25:48.0490 1472 fvevol - ok
    00:25:48.0492 1472 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    00:25:48.0492 1472 gagp30kx - ok
    00:25:48.0494 1472 gdrv - ok
    00:25:48.0501 1472 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    00:25:48.0504 1472 gpsvc - ok
    00:25:48.0507 1472 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    00:25:48.0508 1472 gupdate - ok
    00:25:48.0510 1472 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    00:25:48.0510 1472 gupdatem - ok
    00:25:48.0514 1472 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    00:25:48.0515 1472 gusvc - ok
    00:25:48.0517 1472 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    00:25:48.0517 1472 hcw85cir - ok
    00:25:48.0522 1472 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    00:25:48.0523 1472 HdAudAddService - ok
    00:25:48.0525 1472 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    00:25:48.0526 1472 HDAudBus - ok
    00:25:48.0528 1472 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    00:25:48.0528 1472 HidBatt - ok
    00:25:48.0531 1472 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    00:25:48.0531 1472 HidBth - ok
    00:25:48.0533 1472 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    00:25:48.0534 1472 HidIr - ok
    00:25:48.0536 1472 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    00:25:48.0536 1472 hidserv - ok
    00:25:48.0538 1472 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    00:25:48.0538 1472 HidUsb - ok
    00:25:48.0541 1472 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    00:25:48.0541 1472 hkmsvc - ok
    00:25:48.0545 1472 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    00:25:48.0546 1472 HomeGroupListener - ok
    00:25:48.0549 1472 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    00:25:48.0550 1472 HomeGroupProvider - ok
    00:25:48.0553 1472 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    00:25:48.0553 1472 HpSAMD - ok
    00:25:48.0559 1472 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    00:25:48.0561 1472 HTTP - ok
    00:25:48.0563 1472 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    00:25:48.0564 1472 hwpolicy - ok
    00:25:48.0566 1472 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    00:25:48.0567 1472 i8042prt - ok
    00:25:48.0572 1472 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    00:25:48.0573 1472 iaStorV - ok
    00:25:48.0580 1472 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    00:25:48.0583 1472 idsvc - ok
    00:25:48.0585 1472 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    00:25:48.0585 1472 iirsp - ok
    00:25:48.0592 1472 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    00:25:48.0595 1472 IKEEXT - ok
    00:25:48.0598 1472 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    00:25:48.0598 1472 intelide - ok
    00:25:48.0600 1472 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    00:25:48.0601 1472 intelppm - ok
    00:25:48.0603 1472 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    00:25:48.0604 1472 IPBusEnum - ok
    00:25:48.0606 1472 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    00:25:48.0607 1472 IpFilterDriver - ok
    00:25:48.0609 1472 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    00:25:48.0609 1472 IPMIDRV - ok
    00:25:48.0612 1472 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    00:25:48.0612 1472 IPNAT - ok
    00:25:48.0614 1472 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    00:25:48.0614 1472 IRENUM - ok
    00:25:48.0616 1472 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    00:25:48.0616 1472 isapnp - ok
    00:25:48.0620 1472 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    00:25:48.0621 1472 iScsiPrt - ok
    00:25:48.0623 1472 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    00:25:48.0624 1472 kbdclass - ok
    00:25:48.0625 1472 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    00:25:48.0626 1472 kbdhid - ok
    00:25:48.0628 1472 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    00:25:48.0628 1472 KeyIso - ok
    00:25:48.0630 1472 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    00:25:48.0631 1472 KSecDD - ok
    00:25:48.0634 1472 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    00:25:48.0634 1472 KSecPkg - ok
    00:25:48.0636 1472 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    00:25:48.0636 1472 ksthunk - ok
    00:25:48.0640 1472 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    00:25:48.0642 1472 KtmRm - ok
    00:25:48.0646 1472 [ B8040D3B97B16B89701E31A17353856C ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
    00:25:48.0646 1472 L1C - ok
    00:25:48.0650 1472 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    00:25:48.0651 1472 LanmanServer - ok
    00:25:48.0654 1472 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    00:25:48.0655 1472 LanmanWorkstation - ok
    00:25:48.0658 1472 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    00:25:48.0658 1472 lltdio - ok
    00:25:48.0662 1472 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    00:25:48.0663 1472 lltdsvc - ok
    00:25:48.0665 1472 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    00:25:48.0666 1472 lmhosts - ok
    00:25:48.0670 1472 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    00:25:48.0670 1472 LSI_FC - ok
    00:25:48.0673 1472 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    00:25:48.0673 1472 LSI_SAS - ok
    00:25:48.0675 1472 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    00:25:48.0676 1472 LSI_SAS2 - ok
    00:25:48.0678 1472 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    00:25:48.0679 1472 LSI_SCSI - ok
    00:25:48.0681 1472 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    00:25:48.0681 1472 luafv - ok
    00:25:48.0686 1472 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
    00:25:48.0687 1472 mcdbus - ok
    00:25:48.0689 1472 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    00:25:48.0690 1472 Mcx2Svc - ok
    00:25:48.0692 1472 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    00:25:48.0692 1472 megasas - ok
    00:25:48.0695 1472 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    00:25:48.0696 1472 MegaSR - ok
    00:25:48.0699 1472 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    00:25:48.0700 1472 MEIx64 - ok
    00:25:48.0704 1472 Microsoft SharePoint Workspace Audit Service - ok
    00:25:48.0706 1472 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    00:25:48.0707 1472 MMCSS - ok
    00:25:48.0709 1472 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    00:25:48.0709 1472 Modem - ok
    00:25:48.0711 1472 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    00:25:48.0711 1472 monitor - ok
    00:25:48.0713 1472 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    00:25:48.0714 1472 mouclass - ok
    00:25:48.0716 1472 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    00:25:48.0716 1472 mouhid - ok
    00:25:48.0718 1472 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    00:25:48.0719 1472 mountmgr - ok
    00:25:48.0721 1472 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    00:25:48.0722 1472 MozillaMaintenance - ok
    00:25:48.0725 1472 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    00:25:48.0725 1472 MpFilter - ok
    00:25:48.0729 1472 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    00:25:48.0729 1472 mpio - ok
    00:25:48.0732 1472 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    00:25:48.0732 1472 mpsdrv - ok
    00:25:48.0735 1472 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    00:25:48.0736 1472 MRxDAV - ok
    00:25:48.0739 1472 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    00:25:48.0740 1472 mrxsmb - ok
    00:25:48.0743 1472 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    00:25:48.0744 1472 mrxsmb10 - ok
    00:25:48.0747 1472 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    00:25:48.0748 1472 mrxsmb20 - ok
    00:25:48.0750 1472 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    00:25:48.0750 1472 msahci - ok
    00:25:48.0753 1472 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    00:25:48.0753 1472 msdsm - ok
    00:25:48.0756 1472 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    00:25:48.0757 1472 MSDTC - ok
    00:25:48.0761 1472 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    00:25:48.0761 1472 Msfs - ok
    00:25:48.0763 1472 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    00:25:48.0763 1472 mshidkmdf - ok
    00:25:48.0765 1472 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    00:25:48.0765 1472 msisadrv - ok
    00:25:48.0775 1472 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    00:25:48.0776 1472 MSiSCSI - ok
    00:25:48.0779 1472 msiserver - ok
    00:25:48.0781 1472 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    00:25:48.0781 1472 MSKSSRV - ok
    00:25:48.0783 1472 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
    00:25:48.0784 1472 MsMpSvc - ok
    00:25:48.0785 1472 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    00:25:48.0785 1472 MSPCLOCK - ok
    00:25:48.0787 1472 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    00:25:48.0787 1472 MSPQM - ok
    00:25:48.0792 1472 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    00:25:48.0793 1472 MsRPC - ok
    00:25:48.0796 1472 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    00:25:48.0796 1472 mssmbios - ok
    00:25:48.0798 1472 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    00:25:48.0798 1472 MSTEE - ok
    00:25:48.0800 1472 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    00:25:48.0800 1472 MTConfig - ok
    00:25:48.0802 1472 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    00:25:48.0802 1472 Mup - ok
    00:25:48.0807 1472 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    00:25:48.0809 1472 napagent - ok
    00:25:48.0814 1472 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    00:25:48.0815 1472 NativeWifiP - ok
    00:25:48.0823 1472 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    00:25:48.0826 1472 NDIS - ok
    00:25:48.0829 1472 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    00:25:48.0829 1472 NdisCap - ok
    00:25:48.0831 1472 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    00:25:48.0831 1472 NdisTapi - ok
    00:25:48.0833 1472 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    00:25:48.0834 1472 Ndisuio - ok
    00:25:48.0837 1472 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    00:25:48.0837 1472 NdisWan - ok
    00:25:48.0840 1472 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    00:25:48.0840 1472 NDProxy - ok
    00:25:48.0842 1472 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    00:25:48.0842 1472 NetBIOS - ok
    00:25:48.0846 1472 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    00:25:48.0847 1472 NetBT - ok
    00:25:48.0849 1472 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    00:25:48.0850 1472 Netlogon - ok
    00:25:48.0853 1472 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    00:25:48.0855 1472 Netman - ok
    00:25:48.0859 1472 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    00:25:48.0861 1472 netprofm - ok
    00:25:48.0864 1472 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    00:25:48.0864 1472 NetTcpPortSharing - ok
    00:25:48.0867 1472 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    00:25:48.0868 1472 nfrd960 - ok
    00:25:48.0870 1472 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    00:25:48.0871 1472 NisDrv - ok
    00:25:48.0874 1472 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
    00:25:48.0876 1472 NisSrv - ok
    00:25:48.0879 1472 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    00:25:48.0881 1472 NlaSvc - ok
    00:25:48.0883 1472 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    00:25:48.0883 1472 Npfs - ok
    00:25:48.0885 1472 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    00:25:48.0886 1472 nsi - ok
    00:25:48.0888 1472 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    00:25:48.0888 1472 nsiproxy - ok
    00:25:48.0902 1472 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    00:25:48.0907 1472 Ntfs - ok
    00:25:48.0910 1472 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    00:25:48.0910 1472 Null - ok
    00:25:48.0913 1472 [ 5F1FF880ADACF7E0FF7C27BA188B05DA ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
    00:25:48.0914 1472 NVHDA - ok
    00:25:48.0986 1472 [ 8917336C07FA25D37D460FE49195A7EA ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    00:25:49.0028 1472 nvlddmkm - ok
    00:25:49.0033 1472 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    00:25:49.0034 1472 nvraid - ok
    00:25:49.0037 1472 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    00:25:49.0037 1472 nvstor - ok
    00:25:49.0045 1472 [ 37D1F21763FF1B40AE8715AA793B1A33 ] nvsvc C:\Windows\system32\nvvsvc.exe
    00:25:49.0048 1472 nvsvc - ok
    00:25:49.0058 1472 [ 16775FC73AC10DA31CF61382B1927FA4 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    00:25:49.0063 1472 nvUpdatusService - ok
    00:25:49.0066 1472 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    00:25:49.0066 1472 nv_agp - ok
    00:25:49.0070 1472 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    00:25:49.0070 1472 ohci1394 - ok
    00:25:49.0072 1472 [ D8A0164A79D4BFD6083945C5431E41E7 ] OpenVPNService C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe
    00:25:49.0073 1472 OpenVPNService - ok
    00:25:49.0076 1472 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    00:25:49.0077 1472 ose - ok
    00:25:49.0111 1472 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    00:25:49.0127 1472 osppsvc - ok
    00:25:49.0133 1472 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    00:25:49.0134 1472 p2pimsvc - ok
    00:25:49.0139 1472 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    00:25:49.0141 1472 p2psvc - ok
    00:25:49.0144 1472 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    00:25:49.0144 1472 Parport - ok
    00:25:49.0147 1472 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    00:25:49.0147 1472 partmgr - ok
    00:25:49.0150 1472 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    00:25:49.0151 1472 PcaSvc - ok
    00:25:49.0155 1472 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    00:25:49.0155 1472 pci - ok
    00:25:49.0157 1472 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    00:25:49.0157 1472 pciide - ok
    00:25:49.0161 1472 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    00:25:49.0162 1472 pcmcia - ok
    00:25:49.0164 1472 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    00:25:49.0164 1472 pcw - ok
    00:25:49.0170 1472 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    00:25:49.0172 1472 PEAUTH - ok
    00:25:49.0187 1472 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    00:25:49.0188 1472 PerfHost - ok
    00:25:49.0201 1472 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    00:25:49.0206 1472 pla - ok
    00:25:49.0211 1472 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    00:25:49.0213 1472 PlugPlay - ok
    00:25:49.0215 1472 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    00:25:49.0216 1472 PNRPAutoReg - ok
    00:25:49.0219 1472 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    00:25:49.0221 1472 PNRPsvc - ok
    00:25:49.0226 1472 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    00:25:49.0228 1472 PolicyAgent - ok
    00:25:49.0232 1472 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    00:25:49.0233 1472 Power - ok
    00:25:49.0236 1472 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    00:25:49.0237 1472 PptpMiniport - ok
    00:25:49.0239 1472 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    00:25:49.0239 1472 Processor - ok
    00:25:49.0243 1472 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    00:25:49.0244 1472 ProfSvc - ok
    00:25:49.0246 1472 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    00:25:49.0247 1472 ProtectedStorage - ok
    00:25:49.0250 1472 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    00:25:49.0250 1472 Psched - ok
    00:25:49.0261 1472 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    00:25:49.0266 1472 ql2300 - ok
    00:25:49.0270 1472 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    00:25:49.0270 1472 ql40xx - ok
    00:25:49.0274 1472 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    00:25:49.0276 1472 QWAVE - ok
    00:25:49.0278 1472 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    00:25:49.0279 1472 QWAVEdrv - ok
    00:25:49.0280 1472 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    00:25:49.0281 1472 RasAcd - ok
    00:25:49.0283 1472 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    00:25:49.0283 1472 RasAgileVpn - ok
     
  8. negdcom

    negdcom TS Rookie Topic Starter Posts: 17

    00:25:49.0285 1472 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    00:25:49.0286 1472 RasAuto - ok
    00:25:49.0289 1472 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    00:25:49.0289 1472 Rasl2tp - ok
    00:25:49.0293 1472 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    00:25:49.0295 1472 RasMan - ok
    00:25:49.0297 1472 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    00:25:49.0298 1472 RasPppoe - ok
    00:25:49.0300 1472 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    00:25:49.0301 1472 RasSstp - ok
    00:25:49.0304 1472 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    00:25:49.0306 1472 rdbss - ok
    00:25:49.0307 1472 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    00:25:49.0308 1472 rdpbus - ok
    00:25:49.0309 1472 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    00:25:49.0310 1472 RDPCDD - ok
    00:25:49.0313 1472 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    00:25:49.0313 1472 RDPENCDD - ok
    00:25:49.0316 1472 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    00:25:49.0316 1472 RDPREFMP - ok
    00:25:49.0319 1472 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    00:25:49.0320 1472 RDPWD - ok
    00:25:49.0323 1472 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    00:25:49.0324 1472 rdyboost - ok
    00:25:49.0326 1472 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    00:25:49.0327 1472 RemoteAccess - ok
    00:25:49.0330 1472 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    00:25:49.0331 1472 RemoteRegistry - ok
    00:25:49.0333 1472 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    00:25:49.0334 1472 RpcEptMapper - ok
    00:25:49.0336 1472 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    00:25:49.0336 1472 RpcLocator - ok
    00:25:49.0341 1472 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    00:25:49.0343 1472 RpcSs - ok
    00:25:49.0345 1472 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    00:25:49.0346 1472 rspndr - ok
    00:25:49.0348 1472 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    00:25:49.0348 1472 SamSs - ok
    00:25:49.0351 1472 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    00:25:49.0351 1472 sbp2port - ok
    00:25:49.0354 1472 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    00:25:49.0356 1472 SCardSvr - ok
    00:25:49.0358 1472 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    00:25:49.0358 1472 scfilter - ok
    00:25:49.0365 1472 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    00:25:49.0369 1472 Schedule - ok
    00:25:49.0372 1472 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    00:25:49.0372 1472 SCPolicySvc - ok
    00:25:49.0376 1472 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    00:25:49.0378 1472 SDRSVC - ok
    00:25:49.0380 1472 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    00:25:49.0380 1472 secdrv - ok
    00:25:49.0382 1472 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    00:25:49.0383 1472 seclogon - ok
    00:25:49.0385 1472 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    00:25:49.0386 1472 SENS - ok
    00:25:49.0388 1472 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    00:25:49.0388 1472 SensrSvc - ok
    00:25:49.0390 1472 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    00:25:49.0390 1472 Serenum - ok
    00:25:49.0393 1472 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    00:25:49.0393 1472 Serial - ok
    00:25:49.0395 1472 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    00:25:49.0395 1472 sermouse - ok
    00:25:49.0400 1472 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    00:25:49.0401 1472 SessionEnv - ok
    00:25:49.0403 1472 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    00:25:49.0403 1472 sffdisk - ok
    00:25:49.0405 1472 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    00:25:49.0405 1472 sffp_mmc - ok
    00:25:49.0407 1472 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    00:25:49.0407 1472 sffp_sd - ok
    00:25:49.0409 1472 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    00:25:49.0409 1472 sfloppy - ok
    00:25:49.0414 1472 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    00:25:49.0416 1472 ShellHWDetection - ok
    00:25:49.0418 1472 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    00:25:49.0418 1472 SiSRaid2 - ok
    00:25:49.0421 1472 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    00:25:49.0421 1472 SiSRaid4 - ok
    00:25:49.0423 1472 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    00:25:49.0424 1472 Smb - ok
    00:25:49.0427 1472 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    00:25:49.0428 1472 SNMPTRAP - ok
    00:25:49.0430 1472 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    00:25:49.0430 1472 spldr - ok
    00:25:49.0435 1472 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    00:25:49.0437 1472 Spooler - ok
    00:25:49.0458 1472 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    00:25:49.0470 1472 sppsvc - ok
    00:25:49.0473 1472 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    00:25:49.0474 1472 sppuinotify - ok
    00:25:49.0479 1472 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    00:25:49.0480 1472 srv - ok
    00:25:49.0485 1472 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    00:25:49.0486 1472 srv2 - ok
    00:25:49.0490 1472 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    00:25:49.0490 1472 srvnet - ok
    00:25:49.0493 1472 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    00:25:49.0495 1472 SSDPSRV - ok
    00:25:49.0497 1472 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    00:25:49.0498 1472 SstpSvc - ok
    00:25:49.0499 1472 Steam Client Service - ok
    00:25:49.0505 1472 [ FAF7BF30B496E839A87C024E309B2A3F ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    00:25:49.0506 1472 Stereo Service - ok
    00:25:49.0508 1472 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    00:25:49.0508 1472 stexstor - ok
    00:25:49.0514 1472 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    00:25:49.0517 1472 stisvc - ok
    00:25:49.0519 1472 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    00:25:49.0519 1472 swenum - ok
    00:25:49.0525 1472 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    00:25:49.0527 1472 SwitchBoard - ok
    00:25:49.0532 1472 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    00:25:49.0534 1472 swprv - ok
    00:25:49.0547 1472 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    00:25:49.0554 1472 SysMain - ok
    00:25:49.0556 1472 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    00:25:49.0558 1472 TabletInputService - ok
    00:25:49.0560 1472 [ 3B73C849B41FB20D77B0E553214061A5 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
    00:25:49.0560 1472 tap0901 - ok
    00:25:49.0564 1472 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    00:25:49.0565 1472 TapiSrv - ok
    00:25:49.0568 1472 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    00:25:49.0569 1472 TBS - ok
    00:25:49.0583 1472 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    00:25:49.0590 1472 Tcpip - ok
    00:25:49.0604 1472 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    00:25:49.0610 1472 TCPIP6 - ok
    00:25:49.0613 1472 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    00:25:49.0613 1472 tcpipreg - ok
    00:25:49.0616 1472 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    00:25:49.0616 1472 TDPIPE - ok
    00:25:49.0618 1472 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    00:25:49.0618 1472 TDTCP - ok
    00:25:49.0621 1472 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    00:25:49.0621 1472 tdx - ok
    00:25:49.0624 1472 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    00:25:49.0624 1472 TermDD - ok
    00:25:49.0630 1472 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    00:25:49.0633 1472 TermService - ok
    00:25:49.0635 1472 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    00:25:49.0636 1472 Themes - ok
    00:25:49.0638 1472 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    00:25:49.0639 1472 THREADORDER - ok
    00:25:49.0666 1472 TivoBeacon2 - ok
    00:25:49.0670 1472 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    00:25:49.0673 1472 TrkWks - ok
    00:25:49.0678 1472 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    00:25:49.0679 1472 TrustedInstaller - ok
    00:25:49.0685 1472 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    00:25:49.0685 1472 tssecsrv - ok
    00:25:49.0690 1472 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    00:25:49.0691 1472 TsUsbFlt - ok
    00:25:49.0697 1472 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    00:25:49.0698 1472 tunnel - ok
    00:25:49.0702 1472 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    00:25:49.0703 1472 uagp35 - ok
    00:25:49.0709 1472 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    00:25:49.0711 1472 udfs - ok
    00:25:49.0719 1472 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    00:25:49.0721 1472 UI0Detect - ok
    00:25:49.0725 1472 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    00:25:49.0725 1472 uliagpkx - ok
    00:25:49.0728 1472 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    00:25:49.0729 1472 umbus - ok
    00:25:49.0731 1472 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    00:25:49.0731 1472 UmPass - ok
    00:25:49.0735 1472 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    00:25:49.0737 1472 upnphost - ok
    00:25:49.0740 1472 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    00:25:49.0740 1472 usbccgp - ok
    00:25:49.0743 1472 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    00:25:49.0743 1472 usbcir - ok
    00:25:49.0745 1472 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    00:25:49.0746 1472 usbehci - ok
    00:25:49.0749 1472 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    00:25:49.0751 1472 usbhub - ok
    00:25:49.0753 1472 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    00:25:49.0753 1472 usbohci - ok
    00:25:49.0755 1472 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    00:25:49.0755 1472 usbprint - ok
    00:25:49.0758 1472 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
    00:25:49.0758 1472 USBSTOR - ok
    00:25:49.0760 1472 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    00:25:49.0760 1472 usbuhci - ok
    00:25:49.0763 1472 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    00:25:49.0764 1472 UxSms - ok
    00:25:49.0766 1472 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    00:25:49.0767 1472 VaultSvc - ok
    00:25:49.0769 1472 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    00:25:49.0769 1472 vdrvroot - ok
    00:25:49.0774 1472 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    00:25:49.0776 1472 vds - ok
    00:25:49.0778 1472 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    00:25:49.0779 1472 vga - ok
    00:25:49.0780 1472 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    00:25:49.0781 1472 VgaSave - ok
    00:25:49.0784 1472 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    00:25:49.0785 1472 vhdmp - ok
    00:25:49.0787 1472 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    00:25:49.0787 1472 viaide - ok
    00:25:49.0790 1472 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    00:25:49.0790 1472 volmgr - ok
    00:25:49.0794 1472 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    00:25:49.0795 1472 volmgrx - ok
    00:25:49.0799 1472 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    00:25:49.0800 1472 volsnap - ok
    00:25:49.0803 1472 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    00:25:49.0804 1472 vsmraid - ok
    00:25:49.0815 1472 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    00:25:49.0820 1472 VSS - ok
    00:25:49.0822 1472 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    00:25:49.0823 1472 vwifibus - ok
    00:25:49.0828 1472 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    00:25:49.0830 1472 W32Time - ok
    00:25:49.0833 1472 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    00:25:49.0833 1472 WacomPen - ok
    00:25:49.0836 1472 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    00:25:49.0836 1472 WANARP - ok
    00:25:49.0838 1472 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    00:25:49.0838 1472 Wanarpv6 - ok
    00:25:49.0848 1472 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    00:25:49.0852 1472 WatAdminSvc - ok
    00:25:49.0862 1472 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    00:25:49.0867 1472 wbengine - ok
    00:25:49.0872 1472 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    00:25:49.0873 1472 WbioSrvc - ok
    00:25:49.0877 1472 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    00:25:49.0879 1472 wcncsvc - ok
    00:25:49.0881 1472 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    00:25:49.0882 1472 WcsPlugInService - ok
    00:25:49.0884 1472 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    00:25:49.0884 1472 Wd - ok
    00:25:49.0890 1472 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    00:25:49.0892 1472 Wdf01000 - ok
    00:25:49.0894 1472 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    00:25:49.0895 1472 WdiServiceHost - ok
    00:25:49.0897 1472 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    00:25:49.0898 1472 WdiSystemHost - ok
    00:25:49.0901 1472 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    00:25:49.0903 1472 WebClient - ok
    00:25:49.0906 1472 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    00:25:49.0908 1472 Wecsvc - ok
    00:25:49.0910 1472 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    00:25:49.0911 1472 wercplsupport - ok
    00:25:49.0914 1472 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    00:25:49.0915 1472 WerSvc - ok
    00:25:49.0917 1472 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    00:25:49.0917 1472 WfpLwf - ok
    00:25:49.0919 1472 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    00:25:49.0920 1472 WIMMount - ok
    00:25:49.0922 1472 WinHttpAutoProxySvc - ok
    00:25:49.0929 1472 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    00:25:49.0930 1472 Winmgmt - ok
    00:25:49.0943 1472 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    00:25:49.0950 1472 WinRM - ok
    00:25:49.0959 1472 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    00:25:49.0963 1472 Wlansvc - ok
    00:25:49.0965 1472 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    00:25:49.0965 1472 WmiAcpi - ok
    00:25:49.0969 1472 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    00:25:49.0970 1472 wmiApSrv - ok
    00:25:49.0971 1472 WMPNetworkSvc - ok
    00:25:49.0974 1472 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    00:25:49.0975 1472 WPCSvc - ok
    00:25:49.0977 1472 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    00:25:49.0978 1472 WPDBusEnum - ok
    00:25:49.0980 1472 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    00:25:49.0980 1472 ws2ifsl - ok
    00:25:49.0982 1472 WSearch - ok
    00:25:49.0986 1472 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    00:25:49.0986 1472 WudfPf - ok
    00:25:49.0988 1472 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    00:25:49.0990 1472 wudfsvc - ok
    00:25:49.0993 1472 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    00:25:49.0995 1472 WwanSvc - ok
    00:25:50.0002 1472 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    00:25:50.0004 1472 YahooAUService - ok
    00:25:50.0007 1472 ================ Scan global ===============================
    00:25:50.0009 1472 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    00:25:50.0012 1472 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    00:25:50.0016 1472 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    00:25:50.0019 1472 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    00:25:50.0023 1472 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
    00:25:50.0025 1472 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
    00:25:50.0025 1472 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
    00:25:50.0025 1472 ================ Scan MBR ==================================
    00:25:50.0027 1472 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    00:25:50.0087 1472 \Device\Harddisk0\DR0 - ok
    00:25:50.0089 1472 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
    00:25:50.0091 1472 \Device\Harddisk1\DR1 - ok
    00:25:50.0092 1472 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
    00:25:50.0095 1472 \Device\Harddisk2\DR2 - ok
    00:25:50.0097 1472 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3
    00:25:50.0099 1472 \Device\Harddisk3\DR3 - ok
    00:25:50.0099 1472 ================ Scan VBR ==================================
    00:25:50.0100 1472 [ DFE69C27BEBE97DC5D3C7F593A2FCBC2 ] \Device\Harddisk0\DR0\Partition1
    00:25:50.0101 1472 \Device\Harddisk0\DR0\Partition1 - ok
    00:25:50.0103 1472 [ D8B263DB5A321ED1C2D89AF7B947ED20 ] \Device\Harddisk0\DR0\Partition2
    00:25:50.0104 1472 \Device\Harddisk0\DR0\Partition2 - ok
    00:25:50.0106 1472 [ 3DBB43452688697AF0EA65D6B9C2DE45 ] \Device\Harddisk1\DR1\Partition1
    00:25:50.0106 1472 \Device\Harddisk1\DR1\Partition1 - ok
    00:25:50.0108 1472 [ 79A01381DC690A607446D431CBDB54A8 ] \Device\Harddisk2\DR2\Partition1
    00:25:50.0110 1472 \Device\Harddisk2\DR2\Partition1 - ok
    00:25:50.0111 1472 [ 7F3403343E2D9EB4369C880E2E02FE43 ] \Device\Harddisk3\DR3\Partition1
    00:25:50.0112 1472 \Device\Harddisk3\DR3\Partition1 - ok
    00:25:50.0113 1472 ============================================================
    00:25:50.0113 1472 Scan finished
    00:25:50.0113 1472 ============================================================
    00:25:50.0118 2992 Detected object count: 1
    00:25:50.0118 2992 Actual detected object count: 1
    00:25:54.0028 2992 C:\Windows\system32\services.exe - copied to quarantine
    00:25:54.0065 2992 C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine
    00:25:54.0065 2992 C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine
    00:25:54.0067 2992 C:\Windows\installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\@ - copied to quarantine
    00:25:54.0068 2992 C:\Windows\installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\L\00000004.@ - copied to quarantine
    00:25:54.0069 2992 C:\Windows\installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\L\201d3dde - copied to quarantine
    00:25:54.0070 2992 C:\Windows\installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\U\00000004.@ - copied to quarantine
    00:25:54.0071 2992 C:\Windows\installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\U\00000008.@ - copied to quarantine
    00:25:54.0071 2992 C:\Windows\installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\U\000000cb.@ - copied to quarantine
    00:25:54.0072 2992 C:\Windows\installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\U\80000000.@ - copied to quarantine
    00:25:54.0073 2992 C:\Windows\installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\U\80000032.@ - copied to quarantine
    00:25:54.0074 2992 C:\Windows\installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\U\80000064.@ - copied to quarantine
    00:25:54.0803 2992 Backup copy not found, trying to cure infected file..
    00:25:54.0803 2992 C:\Windows\system32\services.exe - Cure failed (FFFFFFFF)
    00:25:54.0803 2992 C:\Windows\system32\services.exe - processing error
    00:25:54.0803 2992 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Cure
    00:26:49.0158 5964 ============================================================
    00:26:49.0158 5964 Scan started
    00:26:49.0158 5964 Mode: Manual;
    00:26:49.0158 5964 ============================================================
    00:26:49.0787 5964 ================ Scan system memory ========================
    00:26:49.0787 5964 System memory - ok
    00:26:49.0788 5964 ================ Scan services =============================
    00:26:49.0823 5964 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    00:26:49.0825 5964 1394ohci - ok
    00:26:49.0832 5964 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    00:26:49.0834 5964 ACPI - ok
    00:26:49.0838 5964 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    00:26:49.0838 5964 AcpiPmi - ok
    00:26:49.0844 5964 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    00:26:49.0845 5964 AdobeARMservice - ok
    00:26:49.0863 5964 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    00:26:49.0864 5964 AdobeFlashPlayerUpdateSvc - ok
    00:26:49.0872 5964 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    00:26:49.0874 5964 adp94xx - ok
    00:26:49.0880 5964 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    00:26:49.0881 5964 adpahci - ok
    00:26:49.0886 5964 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    00:26:49.0887 5964 adpu320 - ok
    00:26:49.0891 5964 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    00:26:49.0891 5964 AeLookupSvc - ok
    00:26:49.0898 5964 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    00:26:49.0901 5964 AFD - ok
    00:26:49.0905 5964 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    00:26:49.0905 5964 agp440 - ok
    00:26:49.0909 5964 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    00:26:49.0909 5964 ALG - ok
    00:26:49.0911 5964 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    00:26:49.0911 5964 aliide - ok
    00:26:49.0913 5964 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    00:26:49.0913 5964 amdide - ok
    00:26:49.0916 5964 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    00:26:49.0916 5964 AmdK8 - ok
    00:26:49.0918 5964 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    00:26:49.0919 5964 AmdPPM - ok
    00:26:49.0921 5964 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    00:26:49.0922 5964 amdsata - ok
    00:26:49.0925 5964 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    00:26:49.0926 5964 amdsbs - ok
    00:26:49.0928 5964 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    00:26:49.0928 5964 amdxata - ok
    00:26:49.0931 5964 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    00:26:49.0931 5964 AppID - ok
    00:26:49.0933 5964 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    00:26:49.0933 5964 AppIDSvc - ok
    00:26:49.0936 5964 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    00:26:49.0936 5964 Appinfo - ok
    00:26:49.0939 5964 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    00:26:49.0939 5964 arc - ok
    00:26:49.0942 5964 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    00:26:49.0942 5964 arcsas - ok
    00:26:49.0944 5964 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    00:26:49.0944 5964 AsyncMac - ok
    00:26:49.0946 5964 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
     
  9. negdcom

    negdcom TS Rookie Topic Starter Posts: 17

    00:26:49.0947 5964 atapi - ok
    00:26:49.0953 5964 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    00:26:49.0955 5964 AudioEndpointBuilder - ok
    00:26:49.0960 5964 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    00:26:49.0962 5964 AudioSrv - ok
    00:26:49.0965 5964 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    00:26:49.0966 5964 AxInstSV - ok
    00:26:49.0971 5964 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    00:26:49.0973 5964 b06bdrv - ok
    00:26:49.0977 5964 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    00:26:49.0978 5964 b57nd60a - ok
    00:26:49.0981 5964 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    00:26:49.0982 5964 BDESVC - ok
    00:26:49.0984 5964 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    00:26:49.0984 5964 Beep - ok
    00:26:49.0986 5964 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    00:26:49.0986 5964 blbdrive - ok
    00:26:49.0992 5964 [ A065F048E9E23E6C026A7BB548D126A7 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    00:26:49.0993 5964 Bonjour Service - ok
    00:26:49.0995 5964 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    00:26:49.0996 5964 bowser - ok
    00:26:49.0998 5964 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    00:26:49.0998 5964 BrFiltLo - ok
    00:26:50.0000 5964 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    00:26:50.0001 5964 BrFiltUp - ok
    00:26:50.0003 5964 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    00:26:50.0004 5964 Browser - ok
    00:26:50.0008 5964 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    00:26:50.0009 5964 Brserid - ok
    00:26:50.0011 5964 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    00:26:50.0011 5964 BrSerWdm - ok
    00:26:50.0013 5964 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    00:26:50.0014 5964 BrUsbMdm - ok
    00:26:50.0016 5964 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    00:26:50.0016 5964 BrUsbSer - ok
    00:26:50.0018 5964 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    00:26:50.0019 5964 BTHMODEM - ok
    00:26:50.0022 5964 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    00:26:50.0022 5964 bthserv - ok
    00:26:50.0025 5964 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    00:26:50.0025 5964 cdfs - ok
    00:26:50.0028 5964 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    00:26:50.0029 5964 cdrom - ok
    00:26:50.0031 5964 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    00:26:50.0032 5964 CertPropSvc - ok
    00:26:50.0034 5964 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    00:26:50.0034 5964 circlass - ok
    00:26:50.0038 5964 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    00:26:50.0040 5964 CLFS - ok
    00:26:50.0046 5964 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    00:26:50.0046 5964 clr_optimization_v2.0.50727_32 - ok
    00:26:50.0052 5964 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    00:26:50.0052 5964 clr_optimization_v2.0.50727_64 - ok
    00:26:50.0059 5964 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    00:26:50.0060 5964 clr_optimization_v4.0.30319_32 - ok
    00:26:50.0065 5964 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    00:26:50.0066 5964 clr_optimization_v4.0.30319_64 - ok
    00:26:50.0068 5964 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    00:26:50.0069 5964 CmBatt - ok
    00:26:50.0070 5964 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    00:26:50.0071 5964 cmdide - ok
    00:26:50.0075 5964 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    00:26:50.0077 5964 CNG - ok
    00:26:50.0079 5964 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    00:26:50.0079 5964 Compbatt - ok
    00:26:50.0081 5964 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    00:26:50.0082 5964 CompositeBus - ok
    00:26:50.0084 5964 COMSysApp - ok
    00:26:50.0086 5964 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    00:26:50.0086 5964 crcdisk - ok
    00:26:50.0091 5964 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    00:26:50.0092 5964 CryptSvc - ok
    00:26:50.0098 5964 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    00:26:50.0100 5964 DcomLaunch - ok
    00:26:50.0104 5964 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    00:26:50.0105 5964 defragsvc - ok
    00:26:50.0108 5964 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    00:26:50.0109 5964 DfsC - ok
    00:26:50.0113 5964 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    00:26:50.0114 5964 Dhcp - ok
    00:26:50.0116 5964 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    00:26:50.0116 5964 discache - ok
    00:26:50.0119 5964 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    00:26:50.0119 5964 Disk - ok
    00:26:50.0123 5964 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    00:26:50.0124 5964 Dnscache - ok
    00:26:50.0127 5964 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    00:26:50.0128 5964 dot3svc - ok
    00:26:50.0131 5964 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    00:26:50.0132 5964 DPS - ok
    00:26:50.0134 5964 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    00:26:50.0134 5964 drmkaud - ok
    00:26:50.0142 5964 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    00:26:50.0145 5964 DXGKrnl - ok
    00:26:50.0150 5964 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    00:26:50.0151 5964 EapHost - ok
    00:26:50.0174 5964 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    00:26:50.0184 5964 ebdrv - ok
    00:26:50.0187 5964 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    00:26:50.0188 5964 EFS - ok
    00:26:50.0195 5964 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    00:26:50.0197 5964 ehRecvr - ok
    00:26:50.0200 5964 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    00:26:50.0200 5964 ehSched - ok
    00:26:50.0206 5964 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    00:26:50.0208 5964 elxstor - ok
    00:26:50.0210 5964 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    00:26:50.0210 5964 ErrDev - ok
    00:26:50.0216 5964 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    00:26:50.0218 5964 EventSystem - ok
    00:26:50.0222 5964 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    00:26:50.0222 5964 exfat - ok
    00:26:50.0226 5964 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    00:26:50.0226 5964 fastfat - ok
    00:26:50.0233 5964 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    00:26:50.0236 5964 Fax - ok
    00:26:50.0238 5964 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    00:26:50.0239 5964 fdc - ok
    00:26:50.0241 5964 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    00:26:50.0241 5964 fdPHost - ok
    00:26:50.0243 5964 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    00:26:50.0244 5964 FDResPub - ok
    00:26:50.0247 5964 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    00:26:50.0247 5964 FileInfo - ok
    00:26:50.0249 5964 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    00:26:50.0249 5964 Filetrace - ok
    00:26:50.0251 5964 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    00:26:50.0252 5964 flpydisk - ok
    00:26:50.0255 5964 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    00:26:50.0256 5964 FltMgr - ok
    00:26:50.0266 5964 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    00:26:50.0270 5964 FontCache - ok
    00:26:50.0273 5964 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    00:26:50.0274 5964 FontCache3.0.0.0 - ok
    00:26:50.0276 5964 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    00:26:50.0276 5964 FsDepends - ok
    00:26:50.0278 5964 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    00:26:50.0278 5964 Fs_Rec - ok
    00:26:50.0282 5964 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    00:26:50.0283 5964 fvevol - ok
    00:26:50.0285 5964 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    00:26:50.0286 5964 gagp30kx - ok
    00:26:50.0287 5964 gdrv - ok
    00:26:50.0294 5964 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    00:26:50.0297 5964 gpsvc - ok
    00:26:50.0301 5964 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    00:26:50.0301 5964 gupdate - ok
    00:26:50.0303 5964 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    00:26:50.0304 5964 gupdatem - ok
    00:26:50.0308 5964 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    00:26:50.0309 5964 gusvc - ok
    00:26:50.0311 5964 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    00:26:50.0311 5964 hcw85cir - ok
    00:26:50.0315 5964 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    00:26:50.0316 5964 HdAudAddService - ok
    00:26:50.0320 5964 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    00:26:50.0320 5964 HDAudBus - ok
    00:26:50.0322 5964 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    00:26:50.0322 5964 HidBatt - ok
    00:26:50.0325 5964 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    00:26:50.0325 5964 HidBth - ok
    00:26:50.0327 5964 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    00:26:50.0328 5964 HidIr - ok
    00:26:50.0330 5964 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    00:26:50.0330 5964 hidserv - ok
    00:26:50.0332 5964 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    00:26:50.0333 5964 HidUsb - ok
    00:26:50.0335 5964 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    00:26:50.0336 5964 hkmsvc - ok
    00:26:50.0339 5964 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    00:26:50.0340 5964 HomeGroupListener - ok
    00:26:50.0343 5964 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    00:26:50.0344 5964 HomeGroupProvider - ok
    00:26:50.0347 5964 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    00:26:50.0347 5964 HpSAMD - ok
    00:26:50.0353 5964 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    00:26:50.0355 5964 HTTP - ok
    00:26:50.0358 5964 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    00:26:50.0358 5964 hwpolicy - ok
    00:26:50.0361 5964 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    00:26:50.0361 5964 i8042prt - ok
    00:26:50.0366 5964 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    00:26:50.0367 5964 iaStorV - ok
    00:26:50.0374 5964 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    00:26:50.0377 5964 idsvc - ok
    00:26:50.0379 5964 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    00:26:50.0380 5964 iirsp - ok
    00:26:50.0386 5964 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    00:26:50.0389 5964 IKEEXT - ok
    00:26:50.0392 5964 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    00:26:50.0392 5964 intelide - ok
    00:26:50.0394 5964 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    00:26:50.0395 5964 intelppm - ok
    00:26:50.0397 5964 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    00:26:50.0398 5964 IPBusEnum - ok
    00:26:50.0400 5964 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    00:26:50.0400 5964 IpFilterDriver - ok
    00:26:50.0403 5964 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    00:26:50.0403 5964 IPMIDRV - ok
    00:26:50.0405 5964 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    00:26:50.0406 5964 IPNAT - ok
    00:26:50.0408 5964 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    00:26:50.0408 5964 IRENUM - ok
    00:26:50.0410 5964 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    00:26:50.0410 5964 isapnp - ok
    00:26:50.0414 5964 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    00:26:50.0415 5964 iScsiPrt - ok
    00:26:50.0417 5964 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    00:26:50.0417 5964 kbdclass - ok
    00:26:50.0419 5964 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    00:26:50.0420 5964 kbdhid - ok
    00:26:50.0421 5964 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    00:26:50.0422 5964 KeyIso - ok
    00:26:50.0424 5964 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    00:26:50.0425 5964 KSecDD - ok
    00:26:50.0427 5964 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    00:26:50.0428 5964 KSecPkg - ok
    00:26:50.0430 5964 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    00:26:50.0430 5964 ksthunk - ok
    00:26:50.0434 5964 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    00:26:50.0436 5964 KtmRm - ok
    00:26:50.0440 5964 [ B8040D3B97B16B89701E31A17353856C ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
    00:26:50.0440 5964 L1C - ok
    00:26:50.0443 5964 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    00:26:50.0445 5964 LanmanServer - ok
    00:26:50.0447 5964 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    00:26:50.0448 5964 LanmanWorkstation - ok
    00:26:50.0452 5964 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    00:26:50.0452 5964 lltdio - ok
    00:26:50.0455 5964 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    00:26:50.0457 5964 lltdsvc - ok
    00:26:50.0459 5964 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    00:26:50.0459 5964 lmhosts - ok
    00:26:50.0463 5964 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    00:26:50.0463 5964 LSI_FC - ok
    00:26:50.0466 5964 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    00:26:50.0466 5964 LSI_SAS - ok
    00:26:50.0469 5964 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    00:26:50.0469 5964 LSI_SAS2 - ok
    00:26:50.0471 5964 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    00:26:50.0472 5964 LSI_SCSI - ok
    00:26:50.0474 5964 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    00:26:50.0474 5964 luafv - ok
    00:26:50.0479 5964 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
    00:26:50.0480 5964 mcdbus - ok
    00:26:50.0482 5964 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    00:26:50.0483 5964 Mcx2Svc - ok
    00:26:50.0485 5964 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    00:26:50.0485 5964 megasas - ok
    00:26:50.0489 5964 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    00:26:50.0490 5964 MegaSR - ok
    00:26:50.0493 5964 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    00:26:50.0493 5964 MEIx64 - ok
    00:26:50.0498 5964 Microsoft SharePoint Workspace Audit Service - ok
    00:26:50.0500 5964 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    00:26:50.0501 5964 MMCSS - ok
    00:26:50.0503 5964 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    00:26:50.0503 5964 Modem - ok
    00:26:50.0505 5964 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    00:26:50.0505 5964 monitor - ok
    00:26:50.0508 5964 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    00:26:50.0508 5964 mouclass - ok
    00:26:50.0510 5964 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    00:26:50.0510 5964 mouhid - ok
    00:26:50.0513 5964 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    00:26:50.0513 5964 mountmgr - ok
    00:26:50.0516 5964 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    00:26:50.0516 5964 MozillaMaintenance - ok
    00:26:50.0519 5964 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    00:26:50.0520 5964 MpFilter - ok
    00:26:50.0523 5964 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    00:26:50.0524 5964 mpio - ok
    00:26:50.0526 5964 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    00:26:50.0527 5964 mpsdrv - ok
    00:26:50.0530 5964 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    00:26:50.0531 5964 MRxDAV - ok
    00:26:50.0533 5964 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    00:26:50.0534 5964 mrxsmb - ok
    00:26:50.0538 5964 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    00:26:50.0539 5964 mrxsmb10 - ok
    00:26:50.0542 5964 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    00:26:50.0542 5964 mrxsmb20 - ok
    00:26:50.0544 5964 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    00:26:50.0545 5964 msahci - ok
    00:26:50.0547 5964 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    00:26:50.0548 5964 msdsm - ok
    00:26:50.0550 5964 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    00:26:50.0551 5964 MSDTC - ok
    00:26:50.0555 5964 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    00:26:50.0555 5964 Msfs - ok
    00:26:50.0557 5964 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    00:26:50.0557 5964 mshidkmdf - ok
    00:26:50.0560 5964 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    00:26:50.0560 5964 msisadrv - ok
    00:26:50.0563 5964 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    00:26:50.0564 5964 MSiSCSI - ok
    00:26:50.0566 5964 msiserver - ok
    00:26:50.0568 5964 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    00:26:50.0568 5964 MSKSSRV - ok
    00:26:50.0571 5964 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
    00:26:50.0571 5964 MsMpSvc - ok
    00:26:50.0573 5964 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    00:26:50.0573 5964 MSPCLOCK - ok
    00:26:50.0575 5964 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    00:26:50.0575 5964 MSPQM - ok
    00:26:50.0580 5964 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    00:26:50.0581 5964 MsRPC - ok
    00:26:50.0584 5964 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    00:26:50.0584 5964 mssmbios - ok
    00:26:50.0586 5964 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    00:26:50.0587 5964 MSTEE - ok
    00:26:50.0589 5964 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    00:26:50.0589 5964 MTConfig - ok
    00:26:50.0591 5964 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    00:26:50.0591 5964 Mup - ok
    00:26:50.0596 5964 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    00:26:50.0598 5964 napagent - ok
    00:26:50.0603 5964 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    00:26:50.0604 5964 NativeWifiP - ok
    00:26:50.0612 5964 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    00:26:50.0615 5964 NDIS - ok
    00:26:50.0617 5964 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    00:26:50.0618 5964 NdisCap - ok
    00:26:50.0620 5964 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    00:26:50.0620 5964 NdisTapi - ok
    00:26:50.0622 5964 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    00:26:50.0622 5964 Ndisuio - ok
    00:26:50.0625 5964 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    00:26:50.0626 5964 NdisWan - ok
    00:26:50.0628 5964 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    00:26:50.0629 5964 NDProxy - ok
    00:26:50.0631 5964 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    00:26:50.0631 5964 NetBIOS - ok
    00:26:50.0635 5964 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    00:26:50.0636 5964 NetBT - ok
    00:26:50.0638 5964 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    00:26:50.0638 5964 Netlogon - ok
    00:26:50.0642 5964 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    00:26:50.0644 5964 Netman - ok
    00:26:50.0648 5964 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    00:26:50.0650 5964 netprofm - ok
    00:26:50.0653 5964 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    00:26:50.0653 5964 NetTcpPortSharing - ok
    00:26:50.0657 5964 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    00:26:50.0657 5964 nfrd960 - ok
    00:26:50.0660 5964 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    00:26:50.0660 5964 NisDrv - ok
    00:26:50.0664 5964 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
    00:26:50.0665 5964 NisSrv - ok
    00:26:50.0669 5964 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    00:26:50.0671 5964 NlaSvc - ok
    00:26:50.0673 5964 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    00:26:50.0673 5964 Npfs - ok
    00:26:50.0675 5964 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    00:26:50.0675 5964 nsi - ok
    00:26:50.0677 5964 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    00:26:50.0677 5964 nsiproxy - ok
    00:26:50.0693 5964 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    00:26:50.0698 5964 Ntfs - ok
    00:26:50.0700 5964 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    00:26:50.0701 5964 Null - ok
    00:26:50.0704 5964 [ 5F1FF880ADACF7E0FF7C27BA188B05DA ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
    00:26:50.0704 5964 NVHDA - ok
    00:26:50.0792 5964 [ 8917336C07FA25D37D460FE49195A7EA ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    00:26:50.0833 5964 nvlddmkm - ok
    00:26:50.0838 5964 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    00:26:50.0839 5964 nvraid - ok
    00:26:50.0842 5964 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    00:26:50.0843 5964 nvstor - ok
    00:26:50.0850 5964 [ 37D1F21763FF1B40AE8715AA793B1A33 ] nvsvc C:\Windows\system32\nvvsvc.exe
    00:26:50.0853 5964 nvsvc - ok
    00:26:50.0865 5964 [ 16775FC73AC10DA31CF61382B1927FA4 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    00:26:50.0869 5964 nvUpdatusService - ok
    00:26:50.0872 5964 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    00:26:50.0872 5964 nv_agp - ok
    00:26:50.0875 5964 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    00:26:50.0875 5964 ohci1394 - ok
    00:26:50.0878 5964 [ D8A0164A79D4BFD6083945C5431E41E7 ] OpenVPNService C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe
    00:26:50.0878 5964 OpenVPNService - ok
    00:26:50.0881 5964 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    00:26:50.0882 5964 ose - ok
    00:26:50.0916 5964 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    00:26:50.0931 5964 osppsvc - ok
    00:26:50.0937 5964 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    00:26:50.0939 5964 p2pimsvc - ok
    00:26:50.0944 5964 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    00:26:50.0946 5964 p2psvc - ok
    00:26:50.0948 5964 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    00:26:50.0949 5964 Parport - ok
    00:26:50.0951 5964 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    00:26:50.0952 5964 partmgr - ok
    00:26:50.0955 5964 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    00:26:50.0956 5964 PcaSvc - ok
    00:26:50.0959 5964 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    00:26:50.0960 5964 pci - ok
    00:26:50.0962 5964 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    00:26:50.0962 5964 pciide - ok
    00:26:50.0965 5964 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    00:26:50.0966 5964 pcmcia - ok
    00:26:50.0969 5964 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    00:26:50.0969 5964 pcw - ok
    00:26:50.0974 5964 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    00:26:50.0976 5964 PEAUTH - ok
    00:26:50.0991 5964 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    00:26:50.0992 5964 PerfHost - ok
    00:26:51.0005 5964 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    00:26:51.0010 5964 pla - ok
    00:26:51.0015 5964 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    00:26:51.0017 5964 PlugPlay - ok
    00:26:51.0020 5964 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    00:26:51.0020 5964 PNRPAutoReg - ok
    00:26:51.0024 5964 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    00:26:51.0026 5964 PNRPsvc - ok
    00:26:51.0031 5964 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    00:26:51.0033 5964 PolicyAgent - ok
    00:26:51.0037 5964 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    00:26:51.0039 5964 Power - ok
    00:26:51.0041 5964 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    00:26:51.0041 5964 PptpMiniport - ok
    00:26:51.0043 5964 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    00:26:51.0044 5964 Processor - ok
    00:26:51.0047 5964 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    00:26:51.0048 5964 ProfSvc - ok
    00:26:51.0051 5964 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    00:26:51.0051 5964 ProtectedStorage - ok
    00:26:51.0054 5964 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    00:26:51.0054 5964 Psched - ok
    00:26:51.0066 5964 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    00:26:51.0071 5964 ql2300 - ok
    00:26:51.0074 5964 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    00:26:51.0075 5964 ql40xx - ok
    00:26:51.0079 5964 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    00:26:51.0080 5964 QWAVE - ok
    00:26:51.0082 5964 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    00:26:51.0083 5964 QWAVEdrv - ok
    00:26:51.0085 5964 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    00:26:51.0085 5964 RasAcd - ok
    00:26:51.0087 5964 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    00:26:51.0087 5964 RasAgileVpn - ok
    00:26:51.0091 5964 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    00:26:51.0092 5964 RasAuto - ok
    00:26:51.0094 5964 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    00:26:51.0095 5964 Rasl2tp - ok
    00:26:51.0099 5964 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    00:26:51.0100 5964 RasMan - ok
    00:26:51.0103 5964 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    00:26:51.0103 5964 RasPppoe - ok
    00:26:51.0106 5964 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    00:26:51.0106 5964 RasSstp - ok
    00:26:51.0110 5964 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    00:26:51.0111 5964 rdbss - ok
    00:26:51.0113 5964 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    00:26:51.0113 5964 rdpbus - ok
    00:26:51.0115 5964 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    00:26:51.0115 5964 RDPCDD - ok
    00:26:51.0118 5964 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    00:26:51.0118 5964 RDPENCDD - ok
    00:26:51.0121 5964 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    00:26:51.0121 5964 RDPREFMP - ok
    00:26:51.0124 5964 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
     
  10. negdcom

    negdcom TS Rookie Topic Starter Posts: 17

    00:26:51.0125 5964 RDPWD - ok
    00:26:51.0128 5964 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    00:26:51.0129 5964 rdyboost - ok
    00:26:51.0131 5964 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    00:26:51.0132 5964 RemoteAccess - ok
    00:26:51.0135 5964 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    00:26:51.0136 5964 RemoteRegistry - ok
    00:26:51.0138 5964 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    00:26:51.0139 5964 RpcEptMapper - ok
    00:26:51.0141 5964 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    00:26:51.0142 5964 RpcLocator - ok
    00:26:51.0146 5964 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    00:26:51.0149 5964 RpcSs - ok
    00:26:51.0151 5964 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    00:26:51.0152 5964 rspndr - ok
    00:26:51.0154 5964 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    00:26:51.0154 5964 SamSs - ok
    00:26:51.0157 5964 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    00:26:51.0157 5964 sbp2port - ok
    00:26:51.0160 5964 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    00:26:51.0162 5964 SCardSvr - ok
    00:26:51.0164 5964 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    00:26:51.0164 5964 scfilter - ok
    00:26:51.0172 5964 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    00:26:51.0176 5964 Schedule - ok
    00:26:51.0178 5964 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    00:26:51.0179 5964 SCPolicySvc - ok
    00:26:51.0182 5964 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    00:26:51.0184 5964 SDRSVC - ok
    00:26:51.0186 5964 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    00:26:51.0186 5964 secdrv - ok
    00:26:51.0188 5964 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    00:26:51.0189 5964 seclogon - ok
    00:26:51.0191 5964 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    00:26:51.0192 5964 SENS - ok
    00:26:51.0194 5964 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    00:26:51.0195 5964 SensrSvc - ok
    00:26:51.0197 5964 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    00:26:51.0197 5964 Serenum - ok
    00:26:51.0199 5964 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    00:26:51.0200 5964 Serial - ok
    00:26:51.0201 5964 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    00:26:51.0202 5964 sermouse - ok
    00:26:51.0207 5964 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    00:26:51.0208 5964 SessionEnv - ok
    00:26:51.0210 5964 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    00:26:51.0210 5964 sffdisk - ok
    00:26:51.0212 5964 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    00:26:51.0212 5964 sffp_mmc - ok
    00:26:51.0214 5964 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    00:26:51.0214 5964 sffp_sd - ok
    00:26:51.0216 5964 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    00:26:51.0216 5964 sfloppy - ok
    00:26:51.0222 5964 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    00:26:51.0224 5964 ShellHWDetection - ok
    00:26:51.0226 5964 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    00:26:51.0226 5964 SiSRaid2 - ok
    00:26:51.0228 5964 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    00:26:51.0229 5964 SiSRaid4 - ok
    00:26:51.0231 5964 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    00:26:51.0232 5964 Smb - ok
    00:26:51.0235 5964 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    00:26:51.0236 5964 SNMPTRAP - ok
    00:26:51.0238 5964 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    00:26:51.0238 5964 spldr - ok
    00:26:51.0243 5964 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    00:26:51.0245 5964 Spooler - ok
    00:26:51.0266 5964 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    00:26:51.0278 5964 sppsvc - ok
    00:26:51.0281 5964 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    00:26:51.0282 5964 sppuinotify - ok
    00:26:51.0287 5964 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    00:26:51.0289 5964 srv - ok
    00:26:51.0294 5964 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    00:26:51.0295 5964 srv2 - ok
    00:26:51.0299 5964 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    00:26:51.0300 5964 srvnet - ok
    00:26:51.0303 5964 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    00:26:51.0304 5964 SSDPSRV - ok
    00:26:51.0306 5964 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    00:26:51.0307 5964 SstpSvc - ok
    00:26:51.0309 5964 Steam Client Service - ok
    00:26:51.0314 5964 [ FAF7BF30B496E839A87C024E309B2A3F ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    00:26:51.0315 5964 Stereo Service - ok
    00:26:51.0317 5964 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    00:26:51.0318 5964 stexstor - ok
    00:26:51.0323 5964 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    00:26:51.0326 5964 stisvc - ok
    00:26:51.0328 5964 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    00:26:51.0328 5964 swenum - ok
    00:26:51.0333 5964 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    00:26:51.0335 5964 SwitchBoard - ok
    00:26:51.0340 5964 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    00:26:51.0342 5964 swprv - ok
    00:26:51.0355 5964 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    00:26:51.0361 5964 SysMain - ok
    00:26:51.0364 5964 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    00:26:51.0365 5964 TabletInputService - ok
    00:26:51.0367 5964 [ 3B73C849B41FB20D77B0E553214061A5 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
    00:26:51.0367 5964 tap0901 - ok
    00:26:51.0371 5964 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    00:26:51.0372 5964 TapiSrv - ok
    00:26:51.0375 5964 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    00:26:51.0376 5964 TBS - ok
    00:26:51.0389 5964 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    00:26:51.0395 5964 Tcpip - ok
    00:26:51.0410 5964 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    00:26:51.0416 5964 TCPIP6 - ok
    00:26:51.0420 5964 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    00:26:51.0420 5964 tcpipreg - ok
    00:26:51.0423 5964 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    00:26:51.0423 5964 TDPIPE - ok
    00:26:51.0425 5964 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    00:26:51.0425 5964 TDTCP - ok
    00:26:51.0428 5964 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    00:26:51.0428 5964 tdx - ok
    00:26:51.0431 5964 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    00:26:51.0431 5964 TermDD - ok
    00:26:51.0437 5964 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    00:26:51.0440 5964 TermService - ok
    00:26:51.0442 5964 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    00:26:51.0443 5964 Themes - ok
    00:26:51.0445 5964 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    00:26:51.0446 5964 THREADORDER - ok
    00:26:51.0464 5964 TivoBeacon2 - ok
    00:26:51.0467 5964 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    00:26:51.0469 5964 TrkWks - ok
    00:26:51.0471 5964 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    00:26:51.0472 5964 TrustedInstaller - ok
    00:26:51.0475 5964 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    00:26:51.0475 5964 tssecsrv - ok
    00:26:51.0477 5964 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    00:26:51.0478 5964 TsUsbFlt - ok
    00:26:51.0482 5964 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    00:26:51.0482 5964 tunnel - ok
    00:26:51.0484 5964 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    00:26:51.0485 5964 uagp35 - ok
    00:26:51.0488 5964 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    00:26:51.0490 5964 udfs - ok
    00:26:51.0494 5964 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    00:26:51.0495 5964 UI0Detect - ok
    00:26:51.0497 5964 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    00:26:51.0497 5964 uliagpkx - ok
    00:26:51.0500 5964 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    00:26:51.0500 5964 umbus - ok
    00:26:51.0502 5964 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    00:26:51.0502 5964 UmPass - ok
    00:26:51.0507 5964 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    00:26:51.0509 5964 upnphost - ok
    00:26:51.0511 5964 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    00:26:51.0512 5964 usbccgp - ok
    00:26:51.0515 5964 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    00:26:51.0515 5964 usbcir - ok
    00:26:51.0517 5964 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    00:26:51.0518 5964 usbehci - ok
    00:26:51.0521 5964 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    00:26:51.0523 5964 usbhub - ok
    00:26:51.0525 5964 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    00:26:51.0525 5964 usbohci - ok
    00:26:51.0527 5964 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    00:26:51.0527 5964 usbprint - ok
    00:26:51.0530 5964 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
    00:26:51.0530 5964 USBSTOR - ok
    00:26:51.0532 5964 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    00:26:51.0532 5964 usbuhci - ok
    00:26:51.0535 5964 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    00:26:51.0536 5964 UxSms - ok
    00:26:51.0539 5964 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    00:26:51.0539 5964 VaultSvc - ok
    00:26:51.0541 5964 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    00:26:51.0541 5964 vdrvroot - ok
    00:26:51.0546 5964 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    00:26:51.0548 5964 vds - ok
    00:26:51.0551 5964 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    00:26:51.0551 5964 vga - ok
    00:26:51.0553 5964 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    00:26:51.0553 5964 VgaSave - ok
    00:26:51.0556 5964 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    00:26:51.0557 5964 vhdmp - ok
    00:26:51.0559 5964 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    00:26:51.0559 5964 viaide - ok
    00:26:51.0562 5964 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    00:26:51.0563 5964 volmgr - ok
    00:26:51.0567 5964 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    00:26:51.0568 5964 volmgrx - ok
    00:26:51.0572 5964 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    00:26:51.0573 5964 volsnap - ok
    00:26:51.0576 5964 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    00:26:51.0577 5964 vsmraid - ok
    00:26:51.0587 5964 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    00:26:51.0593 5964 VSS - ok
    00:26:51.0595 5964 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    00:26:51.0596 5964 vwifibus - ok
    00:26:51.0600 5964 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    00:26:51.0602 5964 W32Time - ok
    00:26:51.0605 5964 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    00:26:51.0606 5964 WacomPen - ok
    00:26:51.0608 5964 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    00:26:51.0608 5964 WANARP - ok
    00:26:51.0610 5964 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    00:26:51.0611 5964 Wanarpv6 - ok
    00:26:51.0620 5964 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    00:26:51.0625 5964 WatAdminSvc - ok
    00:26:51.0635 5964 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    00:26:51.0641 5964 wbengine - ok
    00:26:51.0644 5964 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    00:26:51.0646 5964 WbioSrvc - ok
    00:26:51.0650 5964 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    00:26:51.0652 5964 wcncsvc - ok
    00:26:51.0654 5964 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    00:26:51.0655 5964 WcsPlugInService - ok
    00:26:51.0657 5964 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    00:26:51.0658 5964 Wd - ok
    00:26:51.0663 5964 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    00:26:51.0666 5964 Wdf01000 - ok
    00:26:51.0668 5964 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    00:26:51.0669 5964 WdiServiceHost - ok
    00:26:51.0671 5964 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    00:26:51.0672 5964 WdiSystemHost - ok
    00:26:51.0676 5964 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    00:26:51.0677 5964 WebClient - ok
    00:26:51.0681 5964 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    00:26:51.0682 5964 Wecsvc - ok
    00:26:51.0685 5964 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    00:26:51.0686 5964 wercplsupport - ok
    00:26:51.0688 5964 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    00:26:51.0689 5964 WerSvc - ok
    00:26:51.0691 5964 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    00:26:51.0691 5964 WfpLwf - ok
    00:26:51.0694 5964 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    00:26:51.0694 5964 WIMMount - ok
    00:26:51.0696 5964 WinHttpAutoProxySvc - ok
    00:26:51.0703 5964 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    00:26:51.0704 5964 Winmgmt - ok
    00:26:51.0717 5964 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    00:26:51.0724 5964 WinRM - ok
    00:26:51.0733 5964 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    00:26:51.0737 5964 Wlansvc - ok
    00:26:51.0739 5964 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    00:26:51.0739 5964 WmiAcpi - ok
    00:26:51.0743 5964 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    00:26:51.0744 5964 wmiApSrv - ok
    00:26:51.0745 5964 WMPNetworkSvc - ok
    00:26:51.0748 5964 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    00:26:51.0749 5964 WPCSvc - ok
    00:26:51.0751 5964 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    00:26:51.0752 5964 WPDBusEnum - ok
    00:26:51.0754 5964 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    00:26:51.0754 5964 ws2ifsl - ok
    00:26:51.0756 5964 WSearch - ok
    00:26:51.0760 5964 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    00:26:51.0760 5964 WudfPf - ok
    00:26:51.0762 5964 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    00:26:51.0764 5964 wudfsvc - ok
    00:26:51.0767 5964 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    00:26:51.0769 5964 WwanSvc - ok
    00:26:51.0776 5964 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    00:26:51.0778 5964 YahooAUService - ok
    00:26:51.0782 5964 ================ Scan global ===============================
    00:26:51.0783 5964 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    00:26:51.0786 5964 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    00:26:51.0791 5964 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    00:26:51.0794 5964 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    00:26:51.0797 5964 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
    00:26:51.0799 5964 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
    00:26:51.0799 5964 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
    00:26:51.0800 5964 ================ Scan MBR ==================================
    00:26:51.0801 5964 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    00:26:51.0859 5964 \Device\Harddisk0\DR0 - ok
    00:26:51.0868 5964 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
    00:26:51.0870 5964 \Device\Harddisk1\DR1 - ok
    00:26:51.0872 5964 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
    00:26:51.0875 5964 \Device\Harddisk2\DR2 - ok
    00:26:51.0931 5964 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3
    00:26:51.0934 5964 \Device\Harddisk3\DR3 - ok
    00:26:51.0935 5964 ================ Scan VBR ==================================
    00:26:51.0937 5964 [ DFE69C27BEBE97DC5D3C7F593A2FCBC2 ] \Device\Harddisk0\DR0\Partition1
    00:26:51.0939 5964 \Device\Harddisk0\DR0\Partition1 - ok
    00:26:51.0942 5964 [ D8B263DB5A321ED1C2D89AF7B947ED20 ] \Device\Harddisk0\DR0\Partition2
    00:26:51.0943 5964 \Device\Harddisk0\DR0\Partition2 - ok
    00:26:51.0947 5964 [ 3DBB43452688697AF0EA65D6B9C2DE45 ] \Device\Harddisk1\DR1\Partition1
    00:26:51.0948 5964 \Device\Harddisk1\DR1\Partition1 - ok
    00:26:51.0950 5964 [ 79A01381DC690A607446D431CBDB54A8 ] \Device\Harddisk2\DR2\Partition1
    00:26:51.0952 5964 \Device\Harddisk2\DR2\Partition1 - ok
    00:26:51.0954 5964 [ 7F3403343E2D9EB4369C880E2E02FE43 ] \Device\Harddisk3\DR3\Partition1
    00:26:51.0956 5964 \Device\Harddisk3\DR3\Partition1 - ok
    00:26:51.0956 5964 ============================================================
    00:26:51.0956 5964 Scan finished
    00:26:51.0956 5964 ============================================================
    00:26:51.0963 2760 Detected object count: 1
    00:26:51.0963 2760 Actual detected object count: 1
    00:26:54.0736 2760 C:\Windows\system32\services.exe - copied to quarantine
    00:26:54.0771 2760 C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine
    00:26:54.0771 2760 C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine
    00:26:54.0773 2760 C:\Windows\installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\@ - copied to quarantine
    00:26:54.0775 2760 C:\Windows\installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\L\00000004.@ - copied to quarantine
    00:26:54.0776 2760 C:\Windows\installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\L\201d3dde - copied to quarantine
    00:26:54.0776 2760 C:\Windows\installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\U\00000004.@ - copied to quarantine
    00:26:54.0777 2760 C:\Windows\installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\U\00000008.@ - copied to quarantine
    00:26:54.0777 2760 C:\Windows\installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\U\000000cb.@ - copied to quarantine
    00:26:54.0777 2760 C:\Windows\installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\U\80000000.@ - copied to quarantine
    00:26:54.0778 2760 C:\Windows\installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\U\80000032.@ - copied to quarantine
    00:26:54.0778 2760 C:\Windows\installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\U\80000064.@ - copied to quarantine
    00:26:55.0487 2760 Backup copy not found, trying to cure infected file..
    00:26:55.0487 2760 C:\Windows\system32\services.exe - Cure failed (FFFFFFFF)
    00:26:55.0487 2760 C:\Windows\system32\services.exe - processing error
    00:26:55.0487 2760 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Cure
     
  11. negdcom

    negdcom TS Rookie Topic Starter Posts: 17

    RogueKiller V8.0.4 [09/19/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Josh [Admin rights]
    Mode : Remove -- Date : 09/20/2012 00:37:32
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] @ : C:\Windows\Installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\@ --> REMOVED AT REBOOT
    [Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\U\00000004.@ --> REMOVED
    [Del.Parent][FILE] 00000008.@ : C:\Windows\Installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\U\00000008.@ --> REMOVED
    [Del.Parent][FILE] 000000cb.@ : C:\Windows\Installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\U\000000cb.@ --> REMOVED
    [Del.Parent][FILE] 80000000.@ : C:\Windows\Installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\U\80000000.@ --> REMOVED
    [Del.Parent][FILE] 80000032.@ : C:\Windows\Installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\U\80000032.@ --> REMOVED
    [Del.Parent][FILE] 80000064.@ : C:\Windows\Installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\U\80000064.@ --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\U --> REMOVED
    [Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\L\00000004.@ --> REMOVED
    [Del.Parent][FILE] 201d3dde : C:\Windows\Installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\L\201d3dde --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\L --> REMOVED
    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> REMOVED AT REBOOT
    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> REMOVED AT REBOOT
    [Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> REPLACED AT REBOOT (C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe)
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ Infection : ZeroAccess ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: M4-CT064M4SSD2 ATA Device +++++
    --- User ---
    [MBR] 63ce62db0955e1bf58010d7403a5d98f
    [BSP] 89c83c90f33d26c1dc8f1cc4e19b73ea : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 60955 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: WDC WD5000AAKX-00ERMA0 ATA Device +++++
    --- User ---
    [MBR] c5d8281cf5827797da03d2af29ab553a
    [BSP] 465509872d424eca03fc01a491dc4c74 : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive2: ST31000340AS ATA Device +++++
    --- User ---
    [MBR] 3665e732a7e2bf519ab054b959db4128
    [BSP] f0b78c53b3081da88572610732e27b98 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953859 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive3: WDC WD20EARS-00S8B1 ATA Device +++++
    --- User ---
    [MBR] d5eab76e936916789a12fea7dc3747c5
    [BSP] ae0b496ff6c582bfed23098b3c32d0d2 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1907718 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
     
     
  12. negdcom

    negdcom TS Rookie Topic Starter Posts: 17

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-20 00:39:55
    -----------------------------
    00:39:55.294 OS Version: Windows x64 6.1.7601 Service Pack 1
    00:39:55.294 Number of processors: 4 586 0x3A09
    00:39:55.295 ComputerName: JOSH-PC UserName: Josh
    00:39:55.447 Initialize success
    00:40:51.390 AVAST engine defs: 12091901
    00:40:57.978 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
    00:40:57.980 Disk 0 Vendor: M4-CT064M4SSD2 0309 Size: 61057MB BusType: 11
    00:40:57.983 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-3
    00:40:57.985 Disk 1 Vendor: WDC_WD5000AAKX-00ERMA0 15.01H15 Size: 476940MB BusType: 11
    00:40:57.988 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP4T0L0-4
    00:40:57.991 Disk 2 Vendor: ST31000340AS SD1A Size: 953869MB BusType: 11
    00:40:57.995 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP6T0L0-6
    00:40:57.998 Disk 3 Vendor: WDC_WD20EARS-00S8B1 80.00A80 Size: 1907729MB BusType: 11
    00:40:58.003 Disk 0 MBR read successfully
    00:40:58.006 Disk 0 MBR scan
    00:40:58.009 Disk 0 Windows 7 default MBR code
    00:40:58.011 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    00:40:58.014 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 60955 MB offset 206848
    00:40:58.020 Disk 0 scanning C:\Windows\system32\drivers
    00:40:59.873 Service scanning
    00:41:05.312 Modules scanning
    00:41:05.319 Disk 0 trace - called modules:
    00:41:05.326 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    00:41:05.330 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006f64060]
    00:41:05.334 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8006d3b680]
    00:41:05.472 AVAST engine scan C:\Windows
    00:41:05.777 AVAST engine scan C:\Windows\system32
    00:41:24.382 File: C:\Windows\system32\services.exe **INFECTED** Win32:Sirefef-ZT [Trj]
    00:41:31.626 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
    00:41:32.001 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
    00:41:47.209 AVAST engine scan C:\Windows\system32\drivers
    00:41:49.114 AVAST engine scan C:\Users\Josh
    00:42:14.043 Disk 0 MBR has been saved successfully to "C:\Users\Josh\Desktop\MBR.dat"
    00:42:14.047 The log file has been saved successfully to "C:\Users\Josh\Desktop\aswMBR.txt"

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-20 00:39:55
    -----------------------------
    00:39:55.294 OS Version: Windows x64 6.1.7601 Service Pack 1
    00:39:55.294 Number of processors: 4 586 0x3A09
    00:39:55.295 ComputerName: JOSH-PC UserName: Josh
    00:39:55.447 Initialize success
    00:40:51.390 AVAST engine defs: 12091901
    00:40:57.978 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
    00:40:57.980 Disk 0 Vendor: M4-CT064M4SSD2 0309 Size: 61057MB BusType: 11
    00:40:57.983 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-3
    00:40:57.985 Disk 1 Vendor: WDC_WD5000AAKX-00ERMA0 15.01H15 Size: 476940MB BusType: 11
    00:40:57.988 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP4T0L0-4
    00:40:57.991 Disk 2 Vendor: ST31000340AS SD1A Size: 953869MB BusType: 11
    00:40:57.995 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP6T0L0-6
    00:40:57.998 Disk 3 Vendor: WDC_WD20EARS-00S8B1 80.00A80 Size: 1907729MB BusType: 11
    00:40:58.003 Disk 0 MBR read successfully
    00:40:58.006 Disk 0 MBR scan
    00:40:58.009 Disk 0 Windows 7 default MBR code
    00:40:58.011 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    00:40:58.014 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 60955 MB offset 206848
    00:40:58.020 Disk 0 scanning C:\Windows\system32\drivers
    00:40:59.873 Service scanning
    00:41:05.312 Modules scanning
    00:41:05.319 Disk 0 trace - called modules:
    00:41:05.326 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    00:41:05.330 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006f64060]
    00:41:05.334 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8006d3b680]
    00:41:05.472 AVAST engine scan C:\Windows
    00:41:05.777 AVAST engine scan C:\Windows\system32
    00:41:24.382 File: C:\Windows\system32\services.exe **INFECTED** Win32:Sirefef-ZT [Trj]
    00:41:31.626 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
    00:41:32.001 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
    00:41:47.209 AVAST engine scan C:\Windows\system32\drivers
    00:41:49.114 AVAST engine scan C:\Users\Josh
    00:42:14.043 Disk 0 MBR has been saved successfully to "C:\Users\Josh\Desktop\MBR.dat"
    00:42:14.047 The log file has been saved successfully to "C:\Users\Josh\Desktop\aswMBR.txt"
    00:42:19.883 File: C:\Users\Josh\AppData\Local\Temp\dfojcluw1znr6ogy.exe **INFECTED** Win32:Downloader-QPN [Trj]
    00:42:24.477 File: C:\Users\Josh\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\4146a7a6-54aa7fc3 **INFECTED** Win32:Downloader-QPN [Trj]
    00:42:29.534 AVAST engine scan C:\ProgramData
    00:42:34.944 Scan finished successfully
    00:42:42.657 Disk 0 MBR has been saved successfully to "C:\Users\Josh\Desktop\MBR.dat"
    00:42:42.660 The log file has been saved successfully to "C:\Users\Josh\Desktop\aswMBR.txt"
     
  13. negdcom

    negdcom TS Rookie Topic Starter Posts: 17

    RogueKiller V8.0.4 [09/19/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Josh [Admin rights]
    Mode : Remove -- Date : 09/20/2012 00:37:32
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] @ : C:\Windows\Installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\@ --> REMOVED AT REBOOT
    [Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\U\00000004.@ --> REMOVED
    [Del.Parent][FILE] 00000008.@ : C:\Windows\Installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\U\00000008.@ --> REMOVED
    [Del.Parent][FILE] 000000cb.@ : C:\Windows\Installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\U\000000cb.@ --> REMOVED
    [Del.Parent][FILE] 80000000.@ : C:\Windows\Installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\U\80000000.@ --> REMOVED
    [Del.Parent][FILE] 80000032.@ : C:\Windows\Installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\U\80000032.@ --> REMOVED
    [Del.Parent][FILE] 80000064.@ : C:\Windows\Installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\U\80000064.@ --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\U --> REMOVED
    [Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\L\00000004.@ --> REMOVED
    [Del.Parent][FILE] 201d3dde : C:\Windows\Installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\L\201d3dde --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\L --> REMOVED
    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> REMOVED AT REBOOT
    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> REMOVED AT REBOOT
    [Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> REPLACED AT REBOOT (C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe)
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ Infection : ZeroAccess ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: M4-CT064M4SSD2 ATA Device +++++
    --- User ---
    [MBR] 63ce62db0955e1bf58010d7403a5d98f
    [BSP] 89c83c90f33d26c1dc8f1cc4e19b73ea : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 60955 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: WDC WD5000AAKX-00ERMA0 ATA Device +++++
    --- User ---
    [MBR] c5d8281cf5827797da03d2af29ab553a
    [BSP] 465509872d424eca03fc01a491dc4c74 : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive2: ST31000340AS ATA Device +++++
    --- User ---
    [MBR] 3665e732a7e2bf519ab054b959db4128
    [BSP] f0b78c53b3081da88572610732e27b98 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953859 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive3: WDC WD20EARS-00S8B1 ATA Device +++++
    --- User ---
    [MBR] d5eab76e936916789a12fea7dc3747c5
    [BSP] ae0b496ff6c582bfed23098b3c32d0d2 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1907718 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
     
  14. negdcom

    negdcom TS Rookie Topic Starter Posts: 17

    00:45:37.0078 5108 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24

    00:45:37.0300 5108 ============================================================

    00:45:37.0300 5108 Current date / time: 2012/09/20 00:45:37.0300

    00:45:37.0300 5108 SystemInfo:

    00:45:37.0300 5108

    00:45:37.0300 5108 OS Version: 6.1.7601 ServicePack: 1.0

    00:45:37.0300 5108 Product type: Workstation

    00:45:37.0300 5108 ComputerName: JOSH-PC

    00:45:37.0300 5108 UserName: Josh

    00:45:37.0300 5108 Windows directory: C:\Windows

    00:45:37.0300 5108 System windows directory: C:\Windows

    00:45:37.0300 5108 Running under WOW64

    00:45:37.0300 5108 Processor architecture: Intel x64

    00:45:37.0300 5108 Number of processors: 4

    00:45:37.0300 5108 Page size: 0x1000

    00:45:37.0300 5108 Boot type: Normal boot

    00:45:37.0300 5108 ============================================================

    00:45:37.0486 5108 Drive \Device\Harddisk0\DR0 - Size: 0xEE8156000 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

    00:45:37.0487 5108 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

    00:45:37.0487 5108 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

    00:45:37.0488 5108 Drive \Device\Harddisk3\DR3 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

    00:45:37.0491 5108 ============================================================

    00:45:37.0491 5108 \Device\Harddisk0\DR0:

    00:45:37.0491 5108 MBR partitions:

    00:45:37.0491 5108 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

    00:45:37.0491 5108 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x770D800

    00:45:37.0491 5108 \Device\Harddisk1\DR1:

    00:45:37.0491 5108 MBR partitions:

    00:45:37.0491 5108 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800

    00:45:37.0491 5108 \Device\Harddisk2\DR2:

    00:45:37.0491 5108 MBR partitions:

    00:45:37.0491 5108 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74701AC1

    00:45:37.0491 5108 \Device\Harddisk3\DR3:

    00:45:37.0491 5108 MBR partitions:

    00:45:37.0491 5108 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E035C1

    00:45:37.0491 5108 ============================================================

    00:45:37.0492 5108 C: <-> \Device\Harddisk0\DR0\Partition2

    00:45:37.0518 5108 E: <-> \Device\Harddisk1\DR1\Partition1

    00:45:37.0519 5108 F: <-> \Device\Harddisk2\DR2\Partition1

    00:45:37.0520 5108 G: <-> \Device\Harddisk3\DR3\Partition1

    00:45:37.0520 5108 ============================================================

    00:45:37.0520 5108 Initialize success

    00:45:37.0520 5108 ============================================================

    00:45:38.0760 4864 ============================================================

    00:45:38.0760 4864 Scan started

    00:45:38.0760 4864 Mode: Manual;

    00:45:38.0760 4864 ============================================================

    00:45:39.0050 4864 ================ Scan system memory ========================

    00:45:39.0050 4864 System memory - ok

    00:45:39.0051 4864 ================ Scan services =============================

    00:45:39.0084 4864 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

    00:45:39.0086 4864 1394ohci - ok

    00:45:39.0090 4864 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

    00:45:39.0092 4864 ACPI - ok

    00:45:39.0094 4864 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

    00:45:39.0094 4864 AcpiPmi - ok

    00:45:39.0098 4864 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    00:45:39.0099 4864 AdobeARMservice - ok

    00:45:39.0116 4864 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    00:45:39.0117 4864 AdobeFlashPlayerUpdateSvc - ok

    00:45:39.0123 4864 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

    00:45:39.0125 4864 adp94xx - ok

    00:45:39.0129 4864 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

    00:45:39.0131 4864 adpahci - ok

    00:45:39.0134 4864 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

    00:45:39.0135 4864 adpu320 - ok

    00:45:39.0138 4864 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

    00:45:39.0139 4864 AeLookupSvc - ok

    00:45:39.0144 4864 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

    00:45:39.0146 4864 AFD - ok

    00:45:39.0148 4864 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

    00:45:39.0149 4864 agp440 - ok

    00:45:39.0151 4864 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

    00:45:39.0152 4864 ALG - ok

    00:45:39.0153 4864 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

    00:45:39.0154 4864 aliide - ok

    00:45:39.0155 4864 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

    00:45:39.0156 4864 amdide - ok

    00:45:39.0158 4864 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

    00:45:39.0159 4864 AmdK8 - ok

    00:45:39.0161 4864 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

    00:45:39.0162 4864 AmdPPM - ok

    00:45:39.0164 4864 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

    00:45:39.0165 4864 amdsata - ok

    00:45:39.0168 4864 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

    00:45:39.0169 4864 amdsbs - ok

    00:45:39.0171 4864 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

    00:45:39.0171 4864 amdxata - ok

    00:45:39.0174 4864 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

    00:45:39.0174 4864 AppID - ok

    00:45:39.0176 4864 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

    00:45:39.0176 4864 AppIDSvc - ok

    00:45:39.0179 4864 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

    00:45:39.0179 4864 Appinfo - ok

    00:45:39.0182 4864 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

    00:45:39.0182 4864 arc - ok

    00:45:39.0184 4864 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

    00:45:39.0185 4864 arcsas - ok

    00:45:39.0186 4864 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

    00:45:39.0187 4864 AsyncMac - ok

    00:45:39.0188 4864 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

    00:45:39.0189 4864 atapi - ok

    00:45:39.0194 4864 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

    00:45:39.0197 4864 AudioEndpointBuilder - ok

    00:45:39.0202 4864 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

    00:45:39.0205 4864 AudioSrv - ok

    00:45:39.0207 4864 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

    00:45:39.0208 4864 AxInstSV - ok

    00:45:39.0213 4864 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

    00:45:39.0214 4864 b06bdrv - ok

    00:45:39.0219 4864 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

    00:45:39.0220 4864 b57nd60a - ok

    00:45:39.0223 4864 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

    00:45:39.0224 4864 BDESVC - ok

    00:45:39.0226 4864 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

    00:45:39.0226 4864 Beep - ok

    00:45:39.0228 4864 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

    00:45:39.0228 4864 blbdrive - ok

    00:45:39.0233 4864 [ A065F048E9E23E6C026A7BB548D126A7 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe

    00:45:39.0235 4864 Bonjour Service - ok

    00:45:39.0237 4864 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

    00:45:39.0238 4864 bowser - ok

    00:45:39.0240 4864 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

    00:45:39.0240 4864 BrFiltLo - ok

    00:45:39.0241 4864 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

    00:45:39.0242 4864 BrFiltUp - ok

    00:45:39.0244 4864 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

    00:45:39.0245 4864 Browser - ok

    00:45:39.0248 4864 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

    00:45:39.0249 4864 Brserid - ok

    00:45:39.0252 4864 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

    00:45:39.0252 4864 BrSerWdm - ok

    00:45:39.0254 4864 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

    00:45:39.0254 4864 BrUsbMdm - ok

    00:45:39.0256 4864 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

    00:45:39.0256 4864 BrUsbSer - ok

    00:45:39.0258 4864 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

    00:45:39.0259 4864 BTHMODEM - ok

    00:45:39.0262 4864 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

    00:45:39.0263 4864 bthserv - ok

    00:45:39.0265 4864 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

    00:45:39.0265 4864 cdfs - ok

    00:45:39.0268 4864 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

    00:45:39.0269 4864 cdrom - ok

    00:45:39.0271 4864 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

    00:45:39.0272 4864 CertPropSvc - ok

    00:45:39.0274 4864 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

    00:45:39.0274 4864 circlass - ok

    00:45:39.0278 4864 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

    00:45:39.0280 4864 CLFS - ok

    00:45:39.0286 4864 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

    00:45:39.0286 4864 clr_optimization_v2.0.50727_32 - ok

    00:45:39.0291 4864 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

    00:45:39.0292 4864 clr_optimization_v2.0.50727_64 - ok

    00:45:39.0298 4864 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    00:45:39.0299 4864 clr_optimization_v4.0.30319_32 - ok

    00:45:39.0304 4864 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

    00:45:39.0305 4864 clr_optimization_v4.0.30319_64 - ok

    00:45:39.0307 4864 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

    00:45:39.0307 4864 CmBatt - ok

    00:45:39.0308 4864 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

    00:45:39.0309 4864 cmdide - ok

    00:45:39.0313 4864 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

    00:45:39.0315 4864 CNG - ok

    00:45:39.0317 4864 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

    00:45:39.0318 4864 Compbatt - ok

    00:45:39.0320 4864 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

    00:45:39.0320 4864 CompositeBus - ok

    00:45:39.0322 4864 COMSysApp - ok

    00:45:39.0324 4864 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

    00:45:39.0324 4864 crcdisk - ok

    00:45:39.0329 4864 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll

    00:45:39.0330 4864 CryptSvc - ok

    00:45:39.0335 4864 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

    00:45:39.0338 4864 DcomLaunch - ok

    00:45:39.0341 4864 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

    00:45:39.0343 4864 defragsvc - ok

    00:45:39.0345 4864 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

    00:45:39.0345 4864 DfsC - ok

    00:45:39.0349 4864 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

    00:45:39.0351 4864 Dhcp - ok

    00:45:39.0353 4864 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

    00:45:39.0353 4864 discache - ok

    00:45:39.0356 4864 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

    00:45:39.0356 4864 Disk - ok

    00:45:39.0359 4864 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

    00:45:39.0360 4864 Dnscache - ok

    00:45:39.0364 4864 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

    00:45:39.0365 4864 dot3svc - ok

    00:45:39.0368 4864 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

    00:45:39.0368 4864 DPS - ok

    00:45:39.0370 4864 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

    00:45:39.0370 4864 drmkaud - ok

    00:45:39.0378 4864 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

    00:45:39.0382 4864 DXGKrnl - ok

    00:45:39.0385 4864 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

    00:45:39.0386 4864 EapHost - ok

    00:45:39.0409 4864 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

    00:45:39.0420 4864 ebdrv - ok

    00:45:39.0423 4864 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

    00:45:39.0424 4864 EFS - ok

    00:45:39.0430 4864 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

    00:45:39.0433 4864 ehRecvr - ok

    00:45:39.0435 4864 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

    00:45:39.0436 4864 ehSched - ok

    00:45:39.0441 4864 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

    00:45:39.0443 4864 elxstor - ok

    00:45:39.0445 4864 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

    00:45:39.0445 4864 ErrDev - ok

    00:45:39.0451 4864 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

    00:45:39.0452 4864 EventSystem - ok

    00:45:39.0455 4864 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

    00:45:39.0456 4864 exfat - ok

    00:45:39.0459 4864 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

    00:45:39.0460 4864 fastfat - ok

    00:45:39.0466 4864 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

    00:45:39.0468 4864 Fax - ok

    00:45:39.0471 4864 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

    00:45:39.0471 4864 fdc - ok

    00:45:39.0473 4864 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

    00:45:39.0473 4864 fdPHost - ok

    00:45:39.0475 4864 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

    00:45:39.0476 4864 FDResPub - ok

    00:45:39.0479 4864 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

    00:45:39.0479 4864 FileInfo - ok

    00:45:39.0481 4864 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

    00:45:39.0481 4864 Filetrace - ok

    00:45:39.0483 4864 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

    00:45:39.0483 4864 flpydisk - ok

    00:45:39.0487 4864 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

    00:45:39.0488 4864 FltMgr - ok

    00:45:39.0497 4864 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

    00:45:39.0501 4864 FontCache - ok

    00:45:39.0504 4864 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

    00:45:39.0505 4864 FontCache3.0.0.0 - ok

    00:45:39.0507 4864 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

    00:45:39.0507 4864 FsDepends - ok

    00:45:39.0509 4864 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

    00:45:39.0510 4864 Fs_Rec - ok

    00:45:39.0513 4864 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

    00:45:39.0513 4864 fvevol - ok

    00:45:39.0516 4864 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

    00:45:39.0516 4864 gagp30kx - ok

    00:45:39.0517 4864 gdrv - ok

    00:45:39.0524 4864 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

    00:45:39.0527 4864 gpsvc - ok

    00:45:39.0530 4864 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    00:45:39.0531 4864 gupdate - ok

    00:45:39.0533 4864 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    00:45:39.0534 4864 gupdatem - ok

    00:45:39.0538 4864 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

    00:45:39.0538 4864 gusvc - ok

    00:45:39.0541 4864 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

    00:45:39.0541 4864 hcw85cir - ok
     
  15. negdcom

    negdcom TS Rookie Topic Starter Posts: 17

    00:45:39.0545 4864 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    00:45:39.0546 4864 HdAudAddService - ok
    00:45:39.0549 4864 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    00:45:39.0550 4864 HDAudBus - ok
    00:45:39.0552 4864 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    00:45:39.0552 4864 HidBatt - ok
    00:45:39.0555 4864 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    00:45:39.0555 4864 HidBth - ok
    00:45:39.0557 4864 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    00:45:39.0557 4864 HidIr - ok
    00:45:39.0559 4864 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    00:45:39.0560 4864 hidserv - ok
    00:45:39.0562 4864 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    00:45:39.0562 4864 HidUsb - ok
    00:45:39.0564 4864 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    00:45:39.0565 4864 hkmsvc - ok
    00:45:39.0569 4864 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    00:45:39.0570 4864 HomeGroupListener - ok
    00:45:39.0573 4864 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    00:45:39.0574 4864 HomeGroupProvider - ok
    00:45:39.0577 4864 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    00:45:39.0577 4864 HpSAMD - ok
    00:45:39.0583 4864 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    00:45:39.0585 4864 HTTP - ok
    00:45:39.0587 4864 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    00:45:39.0587 4864 hwpolicy - ok
    00:45:39.0590 4864 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    00:45:39.0590 4864 i8042prt - ok
    00:45:39.0595 4864 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    00:45:39.0596 4864 iaStorV - ok
    00:45:39.0603 4864 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    00:45:39.0606 4864 idsvc - ok
    00:45:39.0608 4864 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    00:45:39.0608 4864 iirsp - ok
    00:45:39.0615 4864 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    00:45:39.0618 4864 IKEEXT - ok
    00:45:39.0621 4864 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    00:45:39.0621 4864 intelide - ok
    00:45:39.0623 4864 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    00:45:39.0624 4864 intelppm - ok
    00:45:39.0626 4864 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    00:45:39.0627 4864 IPBusEnum - ok
    00:45:39.0629 4864 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    00:45:39.0629 4864 IpFilterDriver - ok
    00:45:39.0632 4864 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    00:45:39.0632 4864 IPMIDRV - ok
    00:45:39.0634 4864 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    00:45:39.0635 4864 IPNAT - ok
    00:45:39.0637 4864 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    00:45:39.0637 4864 IRENUM - ok
    00:45:39.0639 4864 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    00:45:39.0639 4864 isapnp - ok
    00:45:39.0643 4864 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    00:45:39.0644 4864 iScsiPrt - ok
    00:45:39.0646 4864 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    00:45:39.0646 4864 kbdclass - ok
    00:45:39.0648 4864 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    00:45:39.0648 4864 kbdhid - ok
    00:45:39.0650 4864 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    00:45:39.0650 4864 KeyIso - ok
    00:45:39.0653 4864 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    00:45:39.0653 4864 KSecDD - ok
    00:45:39.0656 4864 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    00:45:39.0656 4864 KSecPkg - ok
    00:45:39.0658 4864 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    00:45:39.0659 4864 ksthunk - ok
    00:45:39.0663 4864 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    00:45:39.0664 4864 KtmRm - ok
    00:45:39.0668 4864 [ B8040D3B97B16B89701E31A17353856C ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
    00:45:39.0668 4864 L1C - ok
    00:45:39.0671 4864 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    00:45:39.0673 4864 LanmanServer - ok
    00:45:39.0675 4864 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    00:45:39.0676 4864 LanmanWorkstation - ok
    00:45:39.0679 4864 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    00:45:39.0680 4864 lltdio - ok
    00:45:39.0683 4864 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    00:45:39.0685 4864 lltdsvc - ok
    00:45:39.0686 4864 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    00:45:39.0687 4864 lmhosts - ok
    00:45:39.0690 4864 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    00:45:39.0691 4864 LSI_FC - ok
    00:45:39.0693 4864 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    00:45:39.0694 4864 LSI_SAS - ok
    00:45:39.0696 4864 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    00:45:39.0696 4864 LSI_SAS2 - ok
    00:45:39.0698 4864 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    00:45:39.0699 4864 LSI_SCSI - ok
    00:45:39.0701 4864 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    00:45:39.0702 4864 luafv - ok
    00:45:39.0706 4864 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
    00:45:39.0707 4864 mcdbus - ok
    00:45:39.0709 4864 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    00:45:39.0710 4864 Mcx2Svc - ok
    00:45:39.0712 4864 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    00:45:39.0712 4864 megasas - ok
    00:45:39.0715 4864 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    00:45:39.0716 4864 MegaSR - ok
    00:45:39.0719 4864 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    00:45:39.0719 4864 MEIx64 - ok
    00:45:39.0723 4864 Microsoft SharePoint Workspace Audit Service - ok
    00:45:39.0725 4864 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    00:45:39.0726 4864 MMCSS - ok
    00:45:39.0728 4864 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    00:45:39.0728 4864 Modem - ok
    00:45:39.0730 4864 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    00:45:39.0730 4864 monitor - ok
    00:45:39.0732 4864 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    00:45:39.0733 4864 mouclass - ok
    00:45:39.0735 4864 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    00:45:39.0735 4864 mouhid - ok
    00:45:39.0737 4864 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    00:45:39.0738 4864 mountmgr - ok
    00:45:39.0740 4864 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    00:45:39.0740 4864 MozillaMaintenance - ok
    00:45:39.0743 4864 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    00:45:39.0744 4864 MpFilter - ok
    00:45:39.0747 4864 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    00:45:39.0748 4864 mpio - ok
    00:45:39.0750 4864 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    00:45:39.0750 4864 mpsdrv - ok
    00:45:39.0754 4864 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    00:45:39.0755 4864 MRxDAV - ok
    00:45:39.0757 4864 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    00:45:39.0758 4864 mrxsmb - ok
    00:45:39.0762 4864 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    00:45:39.0762 4864 mrxsmb10 - ok
    00:45:39.0765 4864 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    00:45:39.0765 4864 mrxsmb20 - ok
    00:45:39.0768 4864 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    00:45:39.0768 4864 msahci - ok
    00:45:39.0770 4864 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    00:45:39.0771 4864 msdsm - ok
    00:45:39.0773 4864 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    00:45:39.0774 4864 MSDTC - ok
    00:45:39.0778 4864 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    00:45:39.0778 4864 Msfs - ok
    00:45:39.0780 4864 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    00:45:39.0780 4864 mshidkmdf - ok
    00:45:39.0782 4864 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    00:45:39.0782 4864 msisadrv - ok
    00:45:39.0785 4864 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    00:45:39.0786 4864 MSiSCSI - ok
    00:45:39.0787 4864 msiserver - ok
    00:45:39.0789 4864 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    00:45:39.0789 4864 MSKSSRV - ok
    00:45:39.0792 4864 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
    00:45:39.0792 4864 MsMpSvc - ok
    00:45:39.0794 4864 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    00:45:39.0794 4864 MSPCLOCK - ok
    00:45:39.0796 4864 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    00:45:39.0796 4864 MSPQM - ok
    00:45:39.0800 4864 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    00:45:39.0801 4864 MsRPC - ok
    00:45:39.0804 4864 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    00:45:39.0804 4864 mssmbios - ok
    00:45:39.0806 4864 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    00:45:39.0806 4864 MSTEE - ok
    00:45:39.0808 4864 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    00:45:39.0808 4864 MTConfig - ok
    00:45:39.0810 4864 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    00:45:39.0811 4864 Mup - ok
    00:45:39.0815 4864 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    00:45:39.0817 4864 napagent - ok
    00:45:39.0822 4864 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    00:45:39.0823 4864 NativeWifiP - ok
    00:45:39.0831 4864 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    00:45:39.0834 4864 NDIS - ok
    00:45:39.0836 4864 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    00:45:39.0836 4864 NdisCap - ok
    00:45:39.0838 4864 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    00:45:39.0838 4864 NdisTapi - ok
    00:45:39.0840 4864 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    00:45:39.0841 4864 Ndisuio - ok
    00:45:39.0844 4864 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    00:45:39.0844 4864 NdisWan - ok
    00:45:39.0847 4864 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    00:45:39.0847 4864 NDProxy - ok
    00:45:39.0849 4864 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    00:45:39.0850 4864 NetBIOS - ok
    00:45:39.0853 4864 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    00:45:39.0854 4864 NetBT - ok
    00:45:39.0855 4864 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    00:45:39.0856 4864 Netlogon - ok
    00:45:39.0860 4864 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    00:45:39.0861 4864 Netman - ok
    00:45:39.0866 4864 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    00:45:39.0868 4864 netprofm - ok
    00:45:39.0870 4864 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    00:45:39.0871 4864 NetTcpPortSharing - ok
    00:45:39.0874 4864 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    00:45:39.0874 4864 nfrd960 - ok
    00:45:39.0877 4864 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    00:45:39.0877 4864 NisDrv - ok
    00:45:39.0880 4864 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
    00:45:39.0882 4864 NisSrv - ok
    00:45:39.0886 4864 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    00:45:39.0888 4864 NlaSvc - ok
    00:45:39.0890 4864 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    00:45:39.0890 4864 Npfs - ok
    00:45:39.0892 4864 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    00:45:39.0892 4864 nsi - ok
    00:45:39.0894 4864 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    00:45:39.0895 4864 nsiproxy - ok
    00:45:39.0909 4864 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    00:45:39.0914 4864 Ntfs - ok
    00:45:39.0917 4864 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    00:45:39.0917 4864 Null - ok
    00:45:39.0920 4864 [ 5F1FF880ADACF7E0FF7C27BA188B05DA ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
    00:45:39.0921 4864 NVHDA - ok
    00:45:39.0994 4864 [ 8917336C07FA25D37D460FE49195A7EA ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    00:45:40.0037 4864 nvlddmkm - ok
    00:45:40.0042 4864 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    00:45:40.0042 4864 nvraid - ok
    00:45:40.0045 4864 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    00:45:40.0046 4864 nvstor - ok
    00:45:40.0053 4864 [ 37D1F21763FF1B40AE8715AA793B1A33 ] nvsvc C:\Windows\system32\nvvsvc.exe
    00:45:40.0056 4864 nvsvc - ok
    00:45:40.0067 4864 [ 16775FC73AC10DA31CF61382B1927FA4 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    00:45:40.0071 4864 nvUpdatusService - ok
    00:45:40.0074 4864 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    00:45:40.0074 4864 nv_agp - ok
    00:45:40.0077 4864 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    00:45:40.0078 4864 ohci1394 - ok
    00:45:40.0080 4864 [ D8A0164A79D4BFD6083945C5431E41E7 ] OpenVPNService C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe
    00:45:40.0080 4864 OpenVPNService - ok
    00:45:40.0083 4864 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    00:45:40.0084 4864 ose - ok
     
  16. negdcom

    negdcom TS Rookie Topic Starter Posts: 17

    00:45:40.0118 4864 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    00:45:40.0134 4864 osppsvc - ok
    00:45:40.0140 4864 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    00:45:40.0141 4864 p2pimsvc - ok
    00:45:40.0146 4864 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    00:45:40.0148 4864 p2psvc - ok
    00:45:40.0150 4864 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    00:45:40.0151 4864 Parport - ok
    00:45:40.0153 4864 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    00:45:40.0153 4864 partmgr - ok
    00:45:40.0156 4864 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    00:45:40.0157 4864 PcaSvc - ok
    00:45:40.0160 4864 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    00:45:40.0161 4864 pci - ok
    00:45:40.0163 4864 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    00:45:40.0163 4864 pciide - ok
    00:45:40.0167 4864 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    00:45:40.0168 4864 pcmcia - ok
    00:45:40.0170 4864 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    00:45:40.0170 4864 pcw - ok
    00:45:40.0175 4864 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    00:45:40.0178 4864 PEAUTH - ok
    00:45:40.0192 4864 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    00:45:40.0193 4864 PerfHost - ok
    00:45:40.0206 4864 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    00:45:40.0211 4864 pla - ok
    00:45:40.0216 4864 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    00:45:40.0218 4864 PlugPlay - ok
    00:45:40.0220 4864 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    00:45:40.0221 4864 PNRPAutoReg - ok
    00:45:40.0225 4864 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    00:45:40.0226 4864 PNRPsvc - ok
    00:45:40.0231 4864 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    00:45:40.0233 4864 PolicyAgent - ok
    00:45:40.0237 4864 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    00:45:40.0238 4864 Power - ok
    00:45:40.0241 4864 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    00:45:40.0241 4864 PptpMiniport - ok
    00:45:40.0243 4864 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    00:45:40.0244 4864 Processor - ok
    00:45:40.0247 4864 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    00:45:40.0248 4864 ProfSvc - ok
    00:45:40.0250 4864 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    00:45:40.0251 4864 ProtectedStorage - ok
    00:45:40.0254 4864 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    00:45:40.0255 4864 Psched - ok
    00:45:40.0265 4864 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    00:45:40.0270 4864 ql2300 - ok
    00:45:40.0273 4864 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    00:45:40.0274 4864 ql40xx - ok
    00:45:40.0278 4864 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    00:45:40.0279 4864 QWAVE - ok
    00:45:40.0281 4864 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    00:45:40.0282 4864 QWAVEdrv - ok
    00:45:40.0283 4864 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    00:45:40.0284 4864 RasAcd - ok
    00:45:40.0286 4864 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    00:45:40.0286 4864 RasAgileVpn - ok
    00:45:40.0288 4864 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    00:45:40.0289 4864 RasAuto - ok
    00:45:40.0292 4864 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    00:45:40.0292 4864 Rasl2tp - ok
    00:45:40.0296 4864 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    00:45:40.0298 4864 RasMan - ok
    00:45:40.0300 4864 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    00:45:40.0301 4864 RasPppoe - ok
    00:45:40.0303 4864 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    00:45:40.0303 4864 RasSstp - ok
    00:45:40.0307 4864 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    00:45:40.0308 4864 rdbss - ok
    00:45:40.0310 4864 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    00:45:40.0310 4864 rdpbus - ok
    00:45:40.0312 4864 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    00:45:40.0312 4864 RDPCDD - ok
    00:45:40.0314 4864 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    00:45:40.0315 4864 RDPENCDD - ok
    00:45:40.0317 4864 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    00:45:40.0318 4864 RDPREFMP - ok
    00:45:40.0321 4864 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    00:45:40.0321 4864 RDPWD - ok
    00:45:40.0325 4864 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    00:45:40.0325 4864 rdyboost - ok
    00:45:40.0328 4864 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    00:45:40.0329 4864 RemoteAccess - ok
    00:45:40.0331 4864 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    00:45:40.0333 4864 RemoteRegistry - ok
    00:45:40.0335 4864 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    00:45:40.0336 4864 RpcEptMapper - ok
    00:45:40.0338 4864 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    00:45:40.0338 4864 RpcLocator - ok
    00:45:40.0343 4864 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    00:45:40.0345 4864 RpcSs - ok
    00:45:40.0347 4864 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    00:45:40.0348 4864 rspndr - ok
    00:45:40.0349 4864 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    00:45:40.0350 4864 SamSs - ok
    00:45:40.0352 4864 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    00:45:40.0353 4864 sbp2port - ok
    00:45:40.0356 4864 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    00:45:40.0357 4864 SCardSvr - ok
    00:45:40.0359 4864 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    00:45:40.0359 4864 scfilter - ok
    00:45:40.0367 4864 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    00:45:40.0371 4864 Schedule - ok
    00:45:40.0373 4864 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    00:45:40.0374 4864 SCPolicySvc - ok
    00:45:40.0377 4864 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    00:45:40.0378 4864 SDRSVC - ok
    00:45:40.0380 4864 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    00:45:40.0381 4864 secdrv - ok
    00:45:40.0383 4864 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    00:45:40.0383 4864 seclogon - ok
    00:45:40.0386 4864 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    00:45:40.0387 4864 SENS - ok
    00:45:40.0389 4864 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    00:45:40.0389 4864 SensrSvc - ok
    00:45:40.0391 4864 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    00:45:40.0391 4864 Serenum - ok
    00:45:40.0393 4864 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    00:45:40.0394 4864 Serial - ok
    00:45:40.0396 4864 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    00:45:40.0396 4864 sermouse - ok
    00:45:40.0401 4864 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    00:45:40.0402 4864 SessionEnv - ok
    00:45:40.0404 4864 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    00:45:40.0404 4864 sffdisk - ok
    00:45:40.0406 4864 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    00:45:40.0406 4864 sffp_mmc - ok
    00:45:40.0408 4864 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    00:45:40.0408 4864 sffp_sd - ok
    00:45:40.0410 4864 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    00:45:40.0410 4864 sfloppy - ok
    00:45:40.0415 4864 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    00:45:40.0417 4864 ShellHWDetection - ok
    00:45:40.0419 4864 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    00:45:40.0419 4864 SiSRaid2 - ok
    00:45:40.0421 4864 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    00:45:40.0421 4864 SiSRaid4 - ok
    00:45:40.0424 4864 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    00:45:40.0424 4864 Smb - ok
    00:45:40.0428 4864 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    00:45:40.0428 4864 SNMPTRAP - ok
    00:45:40.0430 4864 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    00:45:40.0430 4864 spldr - ok
    00:45:40.0435 4864 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    00:45:40.0438 4864 Spooler - ok
    00:45:40.0459 4864 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    00:45:40.0471 4864 sppsvc - ok
    00:45:40.0473 4864 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    00:45:40.0474 4864 sppuinotify - ok
    00:45:40.0479 4864 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    00:45:40.0481 4864 srv - ok
    00:45:40.0486 4864 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    00:45:40.0487 4864 srv2 - ok
    00:45:40.0490 4864 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    00:45:40.0491 4864 srvnet - ok
    00:45:40.0494 4864 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    00:45:40.0495 4864 SSDPSRV - ok
    00:45:40.0498 4864 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    00:45:40.0499 4864 SstpSvc - ok
    00:45:40.0500 4864 Steam Client Service - ok
    00:45:40.0505 4864 [ FAF7BF30B496E839A87C024E309B2A3F ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    00:45:40.0507 4864 Stereo Service - ok
    00:45:40.0509 4864 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    00:45:40.0509 4864 stexstor - ok
    00:45:40.0514 4864 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    00:45:40.0517 4864 stisvc - ok
    00:45:40.0519 4864 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    00:45:40.0519 4864 swenum - ok
    00:45:40.0525 4864 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    00:45:40.0527 4864 SwitchBoard - ok
    00:45:40.0532 4864 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    00:45:40.0534 4864 swprv - ok
    00:45:40.0547 4864 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    00:45:40.0553 4864 SysMain - ok
    00:45:40.0556 4864 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    00:45:40.0557 4864 TabletInputService - ok
    00:45:40.0559 4864 [ 3B73C849B41FB20D77B0E553214061A5 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
    00:45:40.0560 4864 tap0901 - ok
    00:45:40.0563 4864 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    00:45:40.0565 4864 TapiSrv - ok
    00:45:40.0567 4864 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    00:45:40.0568 4864 TBS - ok
    00:45:40.0582 4864 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    00:45:40.0588 4864 Tcpip - ok
    00:45:40.0602 4864 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    00:45:40.0608 4864 TCPIP6 - ok
    00:45:40.0612 4864 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    00:45:40.0613 4864 tcpipreg - ok
    00:45:40.0615 4864 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    00:45:40.0615 4864 TDPIPE - ok
    00:45:40.0617 4864 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    00:45:40.0618 4864 TDTCP - ok
    00:45:40.0620 4864 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    00:45:40.0620 4864 tdx - ok
    00:45:40.0623 4864 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    00:45:40.0623 4864 TermDD - ok
    00:45:40.0629 4864 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    00:45:40.0631 4864 TermService - ok
    00:45:40.0634 4864 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    00:45:40.0635 4864 Themes - ok
    00:45:40.0637 4864 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    00:45:40.0637 4864 THREADORDER - ok
    00:45:40.0654 4864 TivoBeacon2 - ok
    00:45:40.0657 4864 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    00:45:40.0658 4864 TrkWks - ok
    00:45:40.0661 4864 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    00:45:40.0662 4864 TrustedInstaller - ok
    00:45:40.0665 4864 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    00:45:40.0665 4864 tssecsrv - ok
    00:45:40.0667 4864 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
     
  17. negdcom

    negdcom TS Rookie Topic Starter Posts: 17

    00:45:40.0667 4864 TsUsbFlt - ok
    00:45:40.0671 4864 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    00:45:40.0672 4864 tunnel - ok
    00:45:40.0674 4864 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    00:45:40.0674 4864 uagp35 - ok
    00:45:40.0678 4864 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    00:45:40.0679 4864 udfs - ok
    00:45:40.0683 4864 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    00:45:40.0684 4864 UI0Detect - ok
    00:45:40.0686 4864 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    00:45:40.0686 4864 uliagpkx - ok
    00:45:40.0689 4864 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    00:45:40.0690 4864 umbus - ok
    00:45:40.0691 4864 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    00:45:40.0691 4864 UmPass - ok
    00:45:40.0696 4864 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    00:45:40.0698 4864 upnphost - ok
    00:45:40.0701 4864 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    00:45:40.0701 4864 usbccgp - ok
    00:45:40.0703 4864 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    00:45:40.0704 4864 usbcir - ok
    00:45:40.0706 4864 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    00:45:40.0706 4864 usbehci - ok
    00:45:40.0710 4864 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    00:45:40.0711 4864 usbhub - ok
    00:45:40.0714 4864 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    00:45:40.0714 4864 usbohci - ok
    00:45:40.0716 4864 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    00:45:40.0716 4864 usbprint - ok
    00:45:40.0718 4864 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
    00:45:40.0719 4864 USBSTOR - ok
    00:45:40.0721 4864 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    00:45:40.0721 4864 usbuhci - ok
    00:45:40.0723 4864 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    00:45:40.0724 4864 UxSms - ok
    00:45:40.0726 4864 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    00:45:40.0727 4864 VaultSvc - ok
    00:45:40.0729 4864 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    00:45:40.0729 4864 vdrvroot - ok
    00:45:40.0734 4864 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    00:45:40.0736 4864 vds - ok
    00:45:40.0738 4864 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    00:45:40.0739 4864 vga - ok
    00:45:40.0740 4864 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    00:45:40.0741 4864 VgaSave - ok
    00:45:40.0744 4864 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    00:45:40.0745 4864 vhdmp - ok
    00:45:40.0747 4864 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    00:45:40.0747 4864 viaide - ok
    00:45:40.0750 4864 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    00:45:40.0750 4864 volmgr - ok
    00:45:40.0754 4864 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    00:45:40.0755 4864 volmgrx - ok
    00:45:40.0759 4864 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    00:45:40.0760 4864 volsnap - ok
    00:45:40.0763 4864 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    00:45:40.0763 4864 vsmraid - ok
    00:45:40.0788 4864 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    00:45:40.0794 4864 VSS - ok
    00:45:40.0796 4864 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    00:45:40.0796 4864 vwifibus - ok
    00:45:40.0802 4864 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    00:45:40.0804 4864 W32Time - ok
    00:45:40.0807 4864 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    00:45:40.0807 4864 WacomPen - ok
    00:45:40.0809 4864 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    00:45:40.0810 4864 WANARP - ok
    00:45:40.0811 4864 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    00:45:40.0812 4864 Wanarpv6 - ok
    00:45:40.0821 4864 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    00:45:40.0826 4864 WatAdminSvc - ok
    00:45:40.0836 4864 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    00:45:40.0841 4864 wbengine - ok
    00:45:40.0845 4864 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    00:45:40.0847 4864 WbioSrvc - ok
    00:45:40.0851 4864 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    00:45:40.0853 4864 wcncsvc - ok
    00:45:40.0855 4864 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    00:45:40.0856 4864 WcsPlugInService - ok
    00:45:40.0857 4864 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    00:45:40.0858 4864 Wd - ok
    00:45:40.0863 4864 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    00:45:40.0866 4864 Wdf01000 - ok
    00:45:40.0868 4864 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    00:45:40.0869 4864 WdiServiceHost - ok
    00:45:40.0871 4864 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    00:45:40.0872 4864 WdiSystemHost - ok
    00:45:40.0875 4864 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    00:45:40.0877 4864 WebClient - ok
    00:45:40.0880 4864 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    00:45:40.0882 4864 Wecsvc - ok
    00:45:40.0884 4864 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    00:45:40.0886 4864 wercplsupport - ok
    00:45:40.0888 4864 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    00:45:40.0889 4864 WerSvc - ok
    00:45:40.0891 4864 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    00:45:40.0891 4864 WfpLwf - ok
    00:45:40.0894 4864 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    00:45:40.0894 4864 WIMMount - ok
    00:45:40.0896 4864 WinHttpAutoProxySvc - ok
    00:45:40.0903 4864 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    00:45:40.0903 4864 Winmgmt - ok
    00:45:40.0916 4864 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    00:45:40.0924 4864 WinRM - ok
    00:45:40.0932 4864 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    00:45:40.0936 4864 Wlansvc - ok
    00:45:40.0938 4864 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    00:45:40.0938 4864 WmiAcpi - ok
    00:45:40.0942 4864 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    00:45:40.0943 4864 wmiApSrv - ok
    00:45:40.0945 4864 WMPNetworkSvc - ok
    00:45:40.0947 4864 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    00:45:40.0948 4864 WPCSvc - ok
    00:45:40.0950 4864 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    00:45:40.0952 4864 WPDBusEnum - ok
    00:45:40.0954 4864 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    00:45:40.0954 4864 ws2ifsl - ok
    00:45:40.0956 4864 WSearch - ok
    00:45:40.0960 4864 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    00:45:40.0961 4864 WudfPf - ok
    00:45:40.0963 4864 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    00:45:40.0964 4864 wudfsvc - ok
    00:45:40.0967 4864 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    00:45:40.0969 4864 WwanSvc - ok
    00:45:40.0976 4864 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    00:45:40.0978 4864 YahooAUService - ok
    00:45:40.0983 4864 ================ Scan global ===============================
    00:45:40.0985 4864 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    00:45:40.0988 4864 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    00:45:40.0991 4864 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    00:45:40.0994 4864 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    00:45:40.0998 4864 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
    00:45:41.0000 4864 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
    00:45:41.0000 4864 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
    00:45:41.0001 4864 ================ Scan MBR ==================================
    00:45:41.0002 4864 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    00:45:41.0050 4864 \Device\Harddisk0\DR0 - ok
    00:45:41.0050 4864 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
    00:45:41.0052 4864 \Device\Harddisk1\DR1 - ok
    00:45:41.0053 4864 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
    00:45:41.0055 4864 \Device\Harddisk2\DR2 - ok
    00:45:41.0061 4864 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3
    00:45:41.0063 4864 \Device\Harddisk3\DR3 - ok
    00:45:41.0063 4864 ================ Scan VBR ==================================
    00:45:41.0065 4864 [ DFE69C27BEBE97DC5D3C7F593A2FCBC2 ] \Device\Harddisk0\DR0\Partition1
    00:45:41.0066 4864 \Device\Harddisk0\DR0\Partition1 - ok
    00:45:41.0067 4864 [ D8B263DB5A321ED1C2D89AF7B947ED20 ] \Device\Harddisk0\DR0\Partition2
    00:45:41.0068 4864 \Device\Harddisk0\DR0\Partition2 - ok
    00:45:41.0069 4864 [ 3DBB43452688697AF0EA65D6B9C2DE45 ] \Device\Harddisk1\DR1\Partition1
    00:45:41.0070 4864 \Device\Harddisk1\DR1\Partition1 - ok
    00:45:41.0071 4864 [ 79A01381DC690A607446D431CBDB54A8 ] \Device\Harddisk2\DR2\Partition1
    00:45:41.0073 4864 \Device\Harddisk2\DR2\Partition1 - ok
    00:45:41.0074 4864 [ 7F3403343E2D9EB4369C880E2E02FE43 ] \Device\Harddisk3\DR3\Partition1
    00:45:41.0075 4864 \Device\Harddisk3\DR3\Partition1 - ok
    00:45:41.0075 4864 ============================================================
    00:45:41.0075 4864 Scan finished
    00:45:41.0075 4864 ============================================================
    00:45:41.0079 5820 Detected object count: 1
    00:45:41.0079 5820 Actual detected object count: 1
    00:45:43.0005 5820 C:\Windows\system32\services.exe - copied to quarantine
    00:45:43.0041 5820 C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine
    00:45:43.0041 5820 C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine
    00:45:43.0043 5820 C:\Windows\installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\@ - copied to quarantine
    00:45:44.0077 5820 Backup copy not found, trying to cure infected file..
    00:45:44.0077 5820 C:\Windows\system32\services.exe - Cure failed (FFFFFFFF)
    00:45:44.0077 5820 C:\Windows\system32\services.exe - processing error
    00:45:44.0078 5820 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Cure
     
  18. negdcom

    negdcom TS Rookie Topic Starter Posts: 17

    Thanks again for replying, if anything else is needed please let me know
     
  19. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
     
  20. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.