I'm infected with services.exe patched.b.gen trojan

Solved
By Adikov
Sep 20, 2012
Topic Status:
Not open for further replies.
  1. I got the virus a couple of days ago, it hasn't done anything yet, I think ESET NOD is blocking it. I've completed all the steps so far and here are the logs:
    could it be possible that the mbam have removed the trojan, because no notifications have been popping up ever since I've ran the scan? I appreciate all the help

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.09.20.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    AdiKOV :: PC [administrator]

    20-09-12 11:05:56 AM
    mbam-log-2012-09-20 (11-05-56).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 209906
    Time elapsed: 2 minute(s), 52 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Firewall 2.9 (Trojan.Agent.Gen) -> Data: C:\Users\AdiKOV\AppData\Roaming\WMPRWISE.EXE -> Quarantined and deleted successfully.

    Registry Data Items Detected: 1
    HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

    Folders Detected: 2
    C:\Users\AdiKOV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\RelevantKnowledge (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.

    Files Detected: 4
    C:\Users\AdiKOV\Downloads\SoftonicDownloader_for_windows-live-messenger.exe (PUP.OfferBundler.ST) -> No action taken.
    C:\Users\AdiKOV\AppData\Roaming\desktop.ini (Rootkit.0access) -> Quarantined and deleted successfully.
    C:\Users\AdiKOV\AppData\Roaming\ntuser.dat (Misused.Legit) -> Quarantined and deleted successfully.
    C:\Users\AdiKOV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.

    (end)

    GMER found no modifications

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
    Run by AdiKOV at 11:33:08 on 2012-09-20
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8098.6303 [GMT 2:00]
    .
    AV: ESET Smart Security 5.0 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET Smart Security 5.0 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\ATKFUSService.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe
    C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
    C:\Windows\SysWOW64\ASDR.exe
    C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    C:\Windows\system32\IProsetMonitor.exe
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\SysWOW64\PnkBstrB.exe
    C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Lucidlogix Technologies\VIRTU\VirtuControlPanel.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
    C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
    C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe
    C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
    C:\Program Files\Lucidlogix Technologies\VIRTU\EKAG20NT.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    \\.\globalroot\systemroot\Installer\{9ea53549-e752-8a22-255f-c3d4b4f78f7f}\U
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=17162&mntrId=6015469100000000000014dae934d89a
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [Facebook Update] "C:\Users\AdiKOV\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
    mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe" /r
    mRun: [UpdReg] C:\Windows\UpdReg.EXE
    mRun: [ASUSGamerOSD] C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe
    mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe" /r
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    StartupFolder: C:\Users\AdiKOV\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    uPolicies-explorer: HideSCAHealth = 1 (0x1)
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 77.77.192.10 77.78.192.10
    TCP: Interfaces\{A135C781-7F12-48BC-B6C3-8900755A6B32} : DhcpNameServer = 77.77.192.10 77.78.192.10
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    AppInit_DLLs: C:\PROGRA~1\LUCIDL~1\VIRTU\x86\APPINI~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll
    BHO-X64: Babylon toolbar helper - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll
    mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun-x64: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
    mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe" /r
    mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
    mRun-x64: [ASUSGamerOSD] C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe
    mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe" /r
    mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun-x64: [(Default)]
    mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    AppInit_DLLs-X64: C:\PROGRA~1\LUCIDL~1\VIRTU\x86\APPINI~1.DLL
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\AdiKOV\AppData\Roaming\Mozilla\Firefox\Profiles\3onr2dnj.default\
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Users\AdiKOV\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\Users\AdiKOV\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.softonic_i.newTab - false
    FF - user.js: extensions.softonic_i.tlbrSrchUrl - hxxp://search.softonic.com/MON00005/tb_v1?SearchSource=1&cc=&q=
    FF - user.js: extensions.softonic_i.id - 6015469100000000000014dae934d89a
    FF - user.js: extensions.softonic_i.instlDay - 15380
    FF - user.js: extensions.softonic_i.vrsn - 1.5.11.5
    FF - user.js: extensions.softonic_i.vrsni - 1.5.11.5
    FF - user.js: extensions.softonic_i.vrsnTs - 1.5.11.518:03:51
    FF - user.js: extensions.softonic_i.prtnrId - softonic
    FF - user.js: extensions.softonic_i.prdct - softonic
    FF - user.js: extensions.softonic_i.aflt - SD
    FF - user.js: extensions.softonic_i.smplGrp - eng7
    FF - user.js: extensions.softonic_i.tlbrId - en11DECdefault
    FF - user.js: extensions.softonic_i.instlRef - MON00005
    FF - user.js: extensions.softonic_i.dfltLng -
    FF - user.js: extensions.softonic_i.excTlbr - false
    FF - user.js: general.useragent.extra.brc -
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AiChargerPlus;ASUS Charger Plus Driver;C:\Windows\system32\DRIVERS\AiChargerPlus.sys --> C:\Windows\system32\DRIVERS\AiChargerPlus.sys [?]
    R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R1 EIO64;EIO Driver;C:\Windows\system32\DRIVERS\EIO64.sys --> C:\Windows\system32\DRIVERS\EIO64.sys [?]
    R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-6-13 922240]
    R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-2 915584]
    R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-11-16 586880]
    R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-8-9 974944]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-8-29 2369960]
    R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
    R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
    R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\system32\DRIVERS\ICCWDT.sys --> C:\Windows\system32\DRIVERS\ICCWDT.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 VirtuWDDM;VirtuWDDM;C:\Windows\system32\DRIVERS\VirtuWDDM.sys --> C:\Windows\system32\DRIVERS\VirtuWDDM.sys [?]
    R4 IOMap;IOMap;\??\C:\Windows\system32\drivers\IOMap64.sys --> C:\Windows\system32\drivers\IOMap64.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]
    S3 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-2-14 276248]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-11-16 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-11-16 79360]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 114144]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-09-20 09:14:36 -------- d-----w- C:\Users\AdiKOV\AppData\Local\{5D6BA544-1638-4838-83B3-A0F39DDAB98B}
    2012-09-20 09:04:36 -------- d-----w- C:\Users\AdiKOV\AppData\Roaming\Malwarebytes
    2012-09-20 09:04:30 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-09-20 09:04:29 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-09-20 09:04:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-20 08:45:30 -------- d-----w- C:\Users\AdiKOV\AppData\Local\{AF23A576-5073-425C-9FA0-4E71538FC3F6}
    2012-09-19 16:15:26 -------- d-----w- C:\Users\AdiKOV\AppData\Local\{61CB8AC1-E875-4824-9F47-5D06CD945EE4}
    2012-09-18 12:00:24 -------- d-----w- C:\Users\AdiKOV\AppData\Local\{11A8AECE-640A-4D16-B92D-7BFC7957C303}
    2012-09-17 12:39:41 -------- d-----w- C:\Users\AdiKOV\AppData\Local\{61F0EA45-FB20-4525-AA69-2D43546532DB}
    2012-09-16 16:49:39 -------- d-----w- C:\Users\AdiKOV\AppData\Local\{B8A2BC4C-3238-45CE-9AA0-5508FFB0B523}
    2012-09-15 19:42:59 -------- d-----w- C:\Users\AdiKOV\AppData\Local\{6F6D8904-B823-42AC-848C-3341187AF064}
    2012-09-14 09:22:15 -------- d-----w- C:\Users\AdiKOV\AppData\Local\{6A4DD516-1666-444E-9D15-B6FD3CCAC45A}
    2012-09-13 20:26:49 -------- d-----w- C:\Users\AdiKOV\AppData\Local\{1B42D10A-D79B-4136-A13B-1AFB0BD76A29}
    2012-09-13 08:26:02 -------- d-----w- C:\Users\AdiKOV\AppData\Local\{6F081A6B-A2E2-4590-841A-CA933783ECAC}
    2012-09-12 20:25:15 -------- d-----w- C:\Users\AdiKOV\AppData\Local\{AD80B44F-7320-4DB7-A927-E515B78477FA}
    2012-09-12 08:24:28 -------- d-----w- C:\Users\AdiKOV\AppData\Local\{55ACE721-065C-4F29-841E-42804AE2A556}
    2012-09-11 08:23:52 -------- d-----w- C:\Users\AdiKOV\AppData\Local\{654B44E9-0E56-4484-8250-CBEABDE95B5E}
    2012-09-10 07:03:14 -------- d-----w- C:\Users\AdiKOV\AppData\Local\{814E4CB1-A237-42B4-ACD0-4E058F648B07}
    2012-09-09 19:15:37 -------- d-----w- C:\ProgramData\Media Center Programs
    2012-09-09 11:03:57 -------- d-----w- C:\Users\AdiKOV\AppData\Local\{8A2F84BC-3628-4242-9458-843776B0D17F}
    2012-09-08 09:27:29 -------- d-----w- C:\Users\AdiKOV\AppData\Local\{226F3767-929C-4019-A4AD-FD1118EBB105}
    2012-09-07 09:26:08 -------- d-----w- C:\Users\AdiKOV\AppData\Local\{A13EAD96-F5F9-484E-986F-53C97529AE86}
    2012-09-06 09:25:21 -------- d-----w- C:\Users\AdiKOV\AppData\Local\{61FBB69D-B8E0-4EE4-B57F-D3627864BBB1}
    2012-09-05 07:50:33 -------- d-----w- C:\Users\AdiKOV\AppData\Local\{983BC207-7BDE-447B-8711-47D1EC1579F1}
    2012-09-04 07:31:44 -------- d-----w- C:\Users\AdiKOV\AppData\Local\{CCA6E909-404A-4333-80DD-F365610731FB}
    2012-09-03 10:10:52 -------- d-----w- C:\Users\AdiKOV\AppData\Local\{6BC2D5B5-B997-4F81-80B7-B68C7B8A207C}
    2012-09-03 04:47:10 -------- d-----w- C:\Users\AdiKOV\AppData\Local\{324A5282-BF26-4566-ACAF-0D89796164B4}
    2012-09-01 11:36:17 -------- d-----w- C:\Users\AdiKOV\AppData\Local\Facebook
    2012-09-01 09:16:33 -------- d-----w- C:\Users\AdiKOV\AppData\Local\{EB0C8A03-0E6B-4CC7-9453-4ABEE8DB688A}
    2012-09-01 09:16:01 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
    2012-08-31 09:52:54 -------- d-----w- C:\Users\AdiKOV\AppData\Local\{1B2763F9-2932-4B03-8A58-AD4F69831711}
    2012-08-30 10:02:14 -------- d-----w- C:\Users\AdiKOV\AppData\Local\{987F607E-91CC-4F75-8F4C-0C3E24E4EF4D}
    2012-08-29 14:32:15 -------- d-----w- C:\Users\AdiKOV\AppData\Local\{47A2ED2E-65B3-4D38-AEB4-BB1F04614EC2}
    2012-08-28 13:47:05 -------- d-----w- C:\Users\AdiKOV\AppData\Local\Apple Computer
    2012-08-27 11:43:03 -------- d-----w- C:\Windows\SysWow64\no
    2012-08-27 09:05:34 -------- d-----w- C:\Users\AdiKOV\AppData\Local\{294B850A-8D31-42A1-88D7-EEC41636DC64}
    2012-08-26 09:40:39 -------- d-----w- C:\Users\AdiKOV\AppData\Local\{251C8EC6-CE30-4AD0-A094-2325D8FD5600}
    2012-08-25 09:49:55 -------- d-----w- C:\Users\AdiKOV\AppData\Local\{BB7D8186-4B00-4B56-8EF2-24196C73D97F}
    2012-08-24 10:38:33 -------- d-----w- C:\Users\AdiKOV\AppData\Local\{E91D2AFF-039C-4727-BA20-9D3349D218A5}
    2012-08-23 09:34:16 -------- d-----w- C:\Users\AdiKOV\AppData\Local\{E09B150A-50E1-47F5-8835-50A73AE90FDB}
    2012-08-22 20:13:23 -------- d-----w- C:\Users\AdiKOV\AppData\Local\{80244205-15FA-4D2A-BD68-C5D2CE55F543}
    2012-08-22 08:03:11 -------- d-----w- C:\Users\AdiKOV\AppData\Local\{D5053ADC-FBE6-4001-A6D7-085216C458C4}
    .
    ==================== Find3M ====================
    .
    2012-08-25 09:51:23 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-25 09:51:23 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    .
    ============= FINISH: 11:33:27.23 ===============
    .
  2. Adikov

    Adikov Newcomer, in training Topic Starter

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 16-11-11 5:33:21 PM
    System Uptime: 20-09-12 11:11:25 AM (0 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | Maximus IV GENE-Z
    Processor: Intel(R) Core(TM) i5-2300 CPU @ 2.80GHz | LGA1155 | 2801/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 474 GiB total, 342.009 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 232 GiB total, 68.279 GiB free.
    F: is FIXED (NTFS) - 457 GiB total, 69.528 GiB free.
    G: is CDROM (CDFS)
    H: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP190: 19-09-12 8:55:44 PM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    4Media Video Converter Ultimate 6
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Media Player
    Adobe Photoshop CS5
    Adobe Reader X (10.1.4)
    AI Suite II
    AMP WinOFF 5.0.1
    Any Video Converter 3.3.4
    Asmedia ASM104x USB 3.0 Host Controller Driver
    ASUS Gamer OSD
    ASUS Smart Doctor
    ASUS VGA Driver
    Babylon toolbar on IE
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    CCC Help English
    Coupon Printer for Windows
    D3DX10
    DAEMON Tools Lite
    Driver Sweeper version 3.2.0
    Facebook Video Calling 1.2.0.159
    FoxTab FLV Player
    Guitar Pro 5.2
    Guitar Pro 6
    HP Deskjet 1050 J410 series Help
    HP Photo Creations
    HP Update
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel® Watchdog Timer Driver (Intel® WDT)
    Java Auto Updater
    Java(TM) 6 Update 31
    JMicron JMB36X Driver
    LogMeIn Hamachi
    Malwarebytes Anti-Malware version 1.65.0.1400
    Mass Effect
    Messenger Companion
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server System CLR Types
    Microsoft Visual C# 2010 Express - ENU
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    MKV Player 2.0.1
    Mozilla Firefox 15.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML4 Parser
    Nero 8 Micro 8.3.2.1
    Nero Express 10
    NVIDIA PhysX
    PCSX2 - Playstation 2 Emulator
    PDF Settings CS5
    Pro Evolution Soccer 2013
    Pro Evolution Soccer 2013 DEMO
    PunkBuster Services
    QuickTime
    Realtek High Definition Audio Driver
    Rockstar Games Social Club
    Search Toolbar
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Security Update for Microsoft Visual C# 2010 Express - ENU (KB2251489)
    Skype™ 5.8
    SMoKE Patch GOLD 4.1
    SMoKE Patch GOLD 4.4
    Sound Blaster X-Fi MB 2
    System.Data.SQLite v1.0.79.0
    The Amazing Spider-Man
    Ubisoft Game Launcher
    Unity Web Player
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Utility
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    VLC media player 1.1.11
    Voice Activated Commands
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Media Player Firefox Plugin
    Windows Movie Maker 2.6
    WinRAR archiver
    XviD MPEG-4 Video Codec
    .
    ==== Event Viewer Messages From Past Week ========
    .
    20-09-12 11:14:34 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    20-09-12 11:14:34 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    20-09-12 11:14:10 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wlidsvc service.
    20-09-12 11:11:42 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    20-09-12 11:11:41 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    20-09-12 11:11:41 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    19-09-12 12:42:38 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    19-09-12 11:29:07 PM, Error: Service Control Manager [7038] - The RpcSs service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    19-09-12 11:29:07 PM, Error: Service Control Manager [7001] - The Windows Live ID Sign-in Assistant service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The service did not start due to a logon failure.
    19-09-12 11:29:07 PM, Error: Service Control Manager [7000] - The Remote Procedure Call (RPC) service failed to start due to the following error: The service did not start due to a logon failure.
    19-09-12 11:28:58 PM, Error: Service Control Manager [7034] - The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly. It has done this 1 time(s).
    19-09-12 11:28:58 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SSDP Discovery service to connect.
    19-09-12 11:28:58 PM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    19-09-12 11:28:58 PM, Error: Service Control Manager [7000] - The SSDP Discovery service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    19-09-12 11:28:57 PM, Error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).
    19-09-12 11:28:57 PM, Error: Service Control Manager [7034] - The PnkBstrB service terminated unexpectedly. It has done this 1 time(s).
    19-09-12 11:28:57 PM, Error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
    19-09-12 11:28:57 PM, Error: Service Control Manager [7034] - The Intel(R) PROSet Monitoring Service service terminated unexpectedly. It has done this 1 time(s).
    19-09-12 11:28:57 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    19-09-12 11:28:57 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    19-09-12 11:28:57 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    19-09-12 11:28:57 PM, Error: Service Control Manager [7031] - The Windows Font Cache Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    19-09-12 11:28:57 PM, Error: Service Control Manager [7031] - The UPnP Device Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    19-09-12 11:28:57 PM, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    19-09-12 11:28:57 PM, Error: Service Control Manager [7024] - The Remote Procedure Call (RPC) service terminated with service-specific error The type universal unique identifier (UUID) has already been registered..
    19-09-12 11:28:57 PM, Error: Service Control Manager [7001] - The COM+ Event System service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The service has returned a service-specific error code.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7034] - The Function Discovery Provider Host service terminated unexpectedly. It has done this 1 time(s).
    19-09-12 11:28:56 PM, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 1 time(s).
    19-09-12 11:28:56 PM, Error: Service Control Manager [7034] - The Creative Audio Service service terminated unexpectedly. It has done this 1 time(s).
    19-09-12 11:28:56 PM, Error: Service Control Manager [7034] - The ATK Fast User Switch Service service terminated unexpectedly. It has done this 1 time(s).
    19-09-12 11:28:56 PM, Error: Service Control Manager [7034] - The ASUS System Control Service service terminated unexpectedly. It has done this 1 time(s).
    19-09-12 11:28:56 PM, Error: Service Control Manager [7034] - The ASUS HM Com Service service terminated unexpectedly. It has done this 1 time(s).
    19-09-12 11:28:56 PM, Error: Service Control Manager [7034] - The ASUS Com Service service terminated unexpectedly. It has done this 1 time(s).
    19-09-12 11:28:56 PM, Error: Service Control Manager [7034] - The ASDR service terminated unexpectedly. It has done this 1 time(s).
    19-09-12 11:28:56 PM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
    19-09-12 11:28:56 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
    19-09-12 11:28:56 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Remote Procedure Call (RPC) service, but this action failed with the following error: A system shutdown has already been scheduled.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error: A system shutdown has already been scheduled.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error: A system shutdown has already been scheduled.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7031] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7031] - The RPC Endpoint Mapper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7031] - The Power service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7031] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7031] - The Network Store Interface Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7031] - The Network List Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7031] - The Diagnostic Policy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7031] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7024] - The Remote Procedure Call (RPC) service terminated with service-specific error Access is denied..
    19-09-12 11:28:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TCP/IP NetBIOS Helper service to connect.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Network Store Interface Service service to connect.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The operation completed successfully.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The service has returned a service-specific error code.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7000] - The TCP/IP NetBIOS Helper service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    19-09-12 11:28:56 PM, Error: Service Control Manager [7000] - The Network Store Interface Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    17-09-12 2:39:12 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom1.
    .
    ==== End Of File ===========================undefined
  3. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Download Farbar Recovery Scan Tool and save it to a flash drive.

    Please make sure to download the 64-bit version.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64 and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there (if necessary)
    • Press Scan button. It will do its scan and save a log on your flash drive.
    • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
      [​IMG]
      When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
    • Type exit in the Command Prompt window and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
  4. Adikov

    Adikov Newcomer, in training Topic Starter

    Sorry for the wait, I wasn't home for the last couple of days, I've done the scan and the notifications about the virus have returned.
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2012
    Ran by SYSTEM at 21-09-2012 17:56:00
    Running from H:\
    Windows 7 Ultimate (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11842152 2011-05-02] (Realtek Semiconductor)
    HKLM\...\Run: [THXCfg64] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)
    HKLM\...\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry [17920 2009-02-26] (Creative Technology Ltd.)
    HKLM\...\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [1873256 2011-08-10] (Microsoft Corporation)
    HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated)
    HKLM\...\Run: [VIRTU] C:\Program Files\Lucidlogix Technologies\VIRTU\VirtuControlPanel.Exe /hide [2595104 2011-12-12] ()
    HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [4030008 2011-08-09] (ESET)
    HKLM-x32\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-18] ()
    HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [465536 2010-11-08] (ASUSTek Computer Inc.)
    HKLM-x32\...\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe" /r [1349632 2010-06-11] (Creative Technology Ltd)
    HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-10] (Creative Technology Ltd.)
    HKLM-x32\...\Run: [ASUSGamerOSD] C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe [380928 2009-07-30] (ASUSTeK Computer Inc.)
    HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe" /r [241789 2010-02-18] (Creative Technology Ltd)
    HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [x]
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [413696 2008-05-27] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1996200 2012-08-29] (LogMeIn Inc.)
    HKU\AdiKOV\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
    HKU\AdiKOV\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3478336 2012-01-24] (DT Soft Ltd)
    HKU\AdiKOV\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17148552 2012-02-28] (Skype Technologies S.A.)
    HKU\AdiKOV\...\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent [x]
    HKU\AdiKOV\...\Run: [Facebook Update] "C:\Users\AdiKOV\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-09-01] (Facebook Inc.)
    Tcpip\Parameters: [DhcpNameServer] 77.77.192.10 77.78.192.10
    AppInit_DLLs: C:\PROGRA~1\LUCIDL~1\VIRTU\APPINI~1.DLL
    Startup: C:\Users\AdiKOV\Start Menu\Programs\Startup\MagicDisc.lnk
    ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

    ==================== Services (Whitelisted) ===================

    2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [922240 2011-06-13] ()
    2 ASDR; C:\Windows\SysWOW64\ASDR.exe [61440 2010-09-14] ()
    2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-01] ()
    2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
    2 ATKFUSService; C:\Windows\system32\ATKFUSService.exe [63488 2009-12-01] (ASUSTeK COMPUTER INC.)
    2 ekrn; "C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" [974944 2011-08-09] (ESET)
    2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2369960 2012-08-29] (LogMeIn Inc.)
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-11-30] ()
    2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [107832 2012-02-11] ()

    ==================== Drivers (Whitelisted) =====================

    0 AiChargerPlus; C:\Windows\System32\Drivers\AiChargerPlus.sys [14464 2010-11-08] (ASUSTek Computer Inc.)
    1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13440 2010-08-23] ()
    1 AsUpIO; C:\Windows\SysWow64\Drivers\AsUpIO.sys [14464 2010-08-02] ()
    3 asusgsb; C:\Windows\System32\Drivers\asusgsb.sys [17792 2009-02-17] (ASUSTeK Computer Inc.)
    3 atkdisplf; C:\Windows\System32\Drivers\atkdisplowfilter.sys [39424 2009-02-17] (ASUSTeK Computer Inc.)
    2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [314016 2012-03-13] ()
    1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-01-29] (DT Soft Ltd)
    2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [202576 2011-08-09] (ESET)
    1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [146432 2011-08-04] (ESET)
    1 EIO64; C:\Windows\System32\Drivers\EIO64.sys [16384 2011-11-16] (ASUSTeK Computer Inc.)
    2 epfw; C:\Windows\System32\Drivers\epfw.sys [187632 2011-08-04] (ESET)
    1 EpfwLWF; C:\Windows\System32\Drivers\EpfwLWF.sys [38288 2011-08-04] (ESET)
    0 epfwwfp; C:\Windows\System32\Drivers\epfwwfp.sys [62496 2011-08-04] (ESET)
    3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
    4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [23680 2010-09-14] (ASUSTeK Computer Inc.)
    2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43680 2012-03-13] ()
    3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [x]
    3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
    3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
    3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-09-21 17:55 - 2012-09-21 17:56 - 00000000 ____D C:\FRST
    2012-09-21 07:47 - 2012-09-21 07:47 - 01454509 ____A (Farbar) C:\Users\AdiKOV\Downloads\FRST64.exe
    2012-09-20 23:07 - 2012-09-20 23:07 - 00000000 ____D C:\Users\AdiKOV\AppData\Local\{C737B5CD-641A-4933-9068-9B5972CA6011}
    2012-09-20 01:14 - 2012-09-20 01:14 - 00000000 ____D C:\Users\AdiKOV\AppData\Local\{5D6BA544-1638-4838-83B3-A0F39DDAB98B}
    2012-09-20 01:10 - 2012-09-20 01:10 - 00302592 ____A C:\Users\AdiKOV\Downloads\44kogju1.exe
    2012-09-20 01:04 - 2012-09-20 01:04 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-20 01:04 - 2012-09-20 01:04 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-09-20 01:04 - 2012-09-20 01:04 - 00000000 ____D C:\Users\AdiKOV\AppData\Roaming\Malwarebytes
    2012-09-20 01:04 - 2012-09-20 01:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-20 01:04 - 2012-09-07 07:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-20 01:03 - 2012-09-20 01:04 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\AdiKOV\Downloads\mbam-setup-1.65.0.1400.exe
    2012-09-20 00:45 - 2012-09-20 00:45 - 00000000 ____D C:\Users\AdiKOV\AppData\Local\{AF23A576-5073-425C-9FA0-4E71538FC3F6}
    2012-09-19 08:15 - 2012-09-19 08:15 - 00000000 ____D C:\Users\AdiKOV\AppData\Local\{61CB8AC1-E875-4824-9F47-5D06CD945EE4}
    2012-09-18 13:50 - 2012-09-18 13:50 - 00000664 ____A C:\Users\AdiKOV\Desktop\Pro Evolution Soccer 2013 - Shortcut.lnk
    2012-09-18 04:00 - 2012-09-18 04:00 - 00000000 ____D C:\Users\AdiKOV\AppData\Local\{11A8AECE-640A-4D16-B92D-7BFC7957C303}
    2012-09-17 04:39 - 2012-09-17 04:39 - 00000000 ____D C:\Users\AdiKOV\AppData\Local\{61F0EA45-FB20-4525-AA69-2D43546532DB}
    2012-09-16 08:49 - 2012-09-16 08:49 - 00000000 ____D C:\Users\AdiKOV\AppData\Local\{B8A2BC4C-3238-45CE-9AA0-5508FFB0B523}
    2012-09-15 11:42 - 2012-09-15 11:42 - 00000000 ____D C:\Users\AdiKOV\AppData\Local\{6F6D8904-B823-42AC-848C-3341187AF064}
    2012-09-14 01:22 - 2012-09-14 13:22 - 00000000 ____D C:\Users\AdiKOV\AppData\Local\{6A4DD516-1666-444E-9D15-B6FD3CCAC45A}
    2012-09-13 12:26 - 2012-09-13 12:27 - 00000000 ____D C:\Users\AdiKOV\AppData\Local\{1B42D10A-D79B-4136-A13B-1AFB0BD76A29}
    2012-09-13 00:26 - 2012-09-13 00:26 - 00000000 ____D C:\Users\AdiKOV\AppData\Local\{6F081A6B-A2E2-4590-841A-CA933783ECAC}
    2012-09-12 12:25 - 2012-09-12 12:25 - 00000000 ____D C:\Users\AdiKOV\AppData\Local\{AD80B44F-7320-4DB7-A927-E515B78477FA}
    2012-09-12 00:24 - 2012-09-12 00:25 - 00000000 ____D C:\Users\AdiKOV\AppData\Local\{55ACE721-065C-4F29-841E-42804AE2A556}
    2012-09-11 00:23 - 2012-09-11 12:24 - 00000000 ____D C:\Users\AdiKOV\AppData\Local\{654B44E9-0E56-4484-8250-CBEABDE95B5E}
    2012-09-09 23:03 - 2012-09-10 11:03 - 00000000 ____D C:\Users\AdiKOV\AppData\Local\{814E4CB1-A237-42B4-ACD0-4E058F648B07}
    2012-09-09 11:16 - 2012-09-09 11:16 - 00000000 ____D C:\Users\AdiKOV\Documents\BioWare
    2012-09-09 11:15 - 2012-09-10 14:44 - 00000856 ____A C:\Users\Public\Desktop\Mass Effect.lnk
    2012-09-09 06:04 - 2012-09-09 06:04 - 01780464 ____A C:\Users\AdiKOV\Downloads\com.emulator.fpse-72-0.10.57-278.rar
    2012-09-09 05:54 - 2012-09-09 06:01 - 207407451 ____A C:\Users\AdiKOV\Downloads\Final Fantasy Tactics.rar
    2012-09-09 05:47 - 2012-09-09 05:47 - 00013660 ____A C:\Users\AdiKOV\Downloads\gba_bios.zip
    2012-09-09 05:42 - 2012-09-09 05:42 - 00462209 ____A C:\Users\AdiKOV\Downloads\com.androidemu.gba-65-2.4.7-1640.rar
    2012-09-09 03:03 - 2012-09-09 03:03 - 00000000 ____D C:\Users\AdiKOV\AppData\Local\{8A2F84BC-3628-4242-9458-843776B0D17F}
    2012-09-08 12:57 - 2012-09-09 03:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-09-08 01:27 - 2012-09-08 13:28 - 00000000 ____D C:\Users\AdiKOV\AppData\Local\{226F3767-929C-4019-A4AD-FD1118EBB105}
    2012-09-07 01:26 - 2012-09-07 13:27 - 00000000 ____D C:\Users\AdiKOV\AppData\Local\{A13EAD96-F5F9-484E-986F-53C97529AE86}
    2012-09-06 01:25 - 2012-09-06 13:25 - 00000000 ____D C:\Users\AdiKOV\AppData\Local\{61FBB69D-B8E0-4EE4-B57F-D3627864BBB1}
    2012-09-04 23:50 - 2012-09-04 23:50 - 00000000 ____D C:\Users\AdiKOV\AppData\Local\{983BC207-7BDE-447B-8711-47D1EC1579F1}
    2012-09-03 23:31 - 2012-09-03 23:31 - 00000000 ____D C:\Users\AdiKOV\AppData\Local\{CCA6E909-404A-4333-80DD-F365610731FB}
    2012-09-03 02:10 - 2012-09-03 02:10 - 00000000 ____D C:\Users\AdiKOV\AppData\Local\{6BC2D5B5-B997-4F81-80B7-B68C7B8A207C}
    2012-09-02 20:47 - 2012-09-02 20:47 - 00000000 ____D C:\Users\AdiKOV\AppData\Local\{324A5282-BF26-4566-ACAF-0D89796164B4}
    2012-09-01 03:36 - 2012-09-21 06:41 - 00000932 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4075504160-3250536865-1205073842-1000UA.job
    2012-09-01 03:36 - 2012-09-21 05:03 - 00000910 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4075504160-3250536865-1205073842-1000Core.job
    2012-09-01 03:36 - 2012-09-01 03:37 - 00000000 ____D C:\Users\AdiKOV\AppData\Local\Facebook
    2012-09-01 03:36 - 2012-09-01 03:36 - 00501248 ____A (Facebook Inc.) C:\Users\AdiKOV\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe
    2012-09-01 01:16 - 2012-09-01 01:16 - 00000000 ____D C:\Users\AdiKOV\AppData\Local\{EB0C8A03-0E6B-4CC7-9453-4ABEE8DB688A}
    2012-09-01 01:16 - 2012-09-01 01:16 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
    2012-08-31 04:55 - 2007-06-15 15:48 - 00085950 ____N C:\Users\AdiKOV\Downloads\Goal.2-Living.The.Dream[2007]DvDrip[Eng]-aXXo.srt
    2012-08-31 04:34 - 2012-08-31 04:34 - 00032632 ____A C:\Users\AdiKOV\Downloads\goal-ii-living-the-dream_english-92923.zip
    2012-08-31 01:52 - 2012-08-31 01:52 - 00000000 ____D C:\Users\AdiKOV\AppData\Local\{1B2763F9-2932-4B03-8A58-AD4F69831711}
    2012-08-30 13:21 - 2012-08-30 13:21 - 00000000 ____D C:\Users\AdiKOV\Downloads\HISTOLOGIJA, TEMOVI ZA PRVU PARCIJALU !
    2012-08-30 13:21 - 2012-08-30 13:21 - 00000000 ____D C:\Users\AdiKOV\Downloads\HISTOLOGIJA, TEMOVI ZA DRUGU PARCIJALU !
    2012-08-30 13:21 - 2012-08-30 13:21 - 00000000 ____D C:\Users\AdiKOV\Downloads\HISTOLOGIJA, PREPARATI ZA DRUGU PARCIJALU !
    2012-08-30 07:13 - 2012-08-30 07:13 - 12998357 ____A C:\Users\AdiKOV\Downloads\HISTOLOGIJA, PREPARATI ZA DRUGU PARCIJALU !.zip
    2012-08-30 07:10 - 2012-08-30 07:10 - 00814433 ____A C:\Users\AdiKOV\Downloads\HISTOLOGIJA, TEMOVI ZA DRUGU PARCIJALU !.zip
    2012-08-30 07:09 - 2012-08-30 07:10 - 13678258 ____A C:\Users\AdiKOV\Downloads\HISTOLOGIJA, TEMOVI ZA PRVU PARCIJALU !.zip
    2012-08-30 02:02 - 2012-08-30 02:02 - 00000000 ____D C:\Users\AdiKOV\AppData\Local\{987F607E-91CC-4F75-8F4C-0C3E24E4EF4D}
    2012-08-29 06:32 - 2012-08-29 06:32 - 00000000 ____D C:\Users\AdiKOV\AppData\Local\{47A2ED2E-65B3-4D38-AEB4-BB1F04614EC2}
    2012-08-28 12:46 - 2012-08-28 12:46 - 00020689 ____A C:\Users\AdiKOV\Downloads\the-eye_english-148224.zip
    2012-08-28 05:52 - 2012-08-28 05:52 - 05587009 ____A C:\Users\AdiKOV\Downloads\hdpes20121_hbxh6ft5(2).apk
    2012-08-28 05:51 - 2012-08-28 05:52 - 09104836 ____A C:\Users\AdiKOV\Downloads\gta3hd_5l4hn31y.apk
    2012-08-28 05:47 - 2012-08-28 05:47 - 00000000 ____D C:\Users\AdiKOV\AppData\Local\Apple Computer
    2012-08-27 04:23 - 2011-09-15 04:12 - 00000000 ____D C:\Users\AdiKOV\Downloads\321321321en-ptch
    2012-08-27 04:21 - 2012-08-27 04:21 - 03947759 ____A C:\Users\AdiKOV\Downloads\321321321en-ptch.rar
    2012-08-27 03:57 - 2012-08-21 06:59 - 00118784 ____A (Valve Corporation) C:\Users\AdiKOV\Downloads\steam_api.dll
    2012-08-27 03:57 - 2012-08-21 06:44 - 00358400 ____A (SKIDROW) C:\Users\AdiKOV\Downloads\Steamclient.dll
    2012-08-27 03:57 - 2012-08-21 06:44 - 00025088 ____A C:\Users\AdiKOV\Downloads\skidrow.dll
    2012-08-27 03:57 - 2012-08-21 06:44 - 00000232 ____A C:\Users\AdiKOV\Downloads\SKIDROW.ini
    2012-08-27 03:57 - 2012-04-10 07:39 - 00000117 ____A C:\Users\AdiKOV\Downloads\SKIDROW.url
    2012-08-27 03:57 - 2012-04-10 07:38 - 00000117 ____A C:\Users\AdiKOV\Downloads\SKIDROW CRACK.url
    2012-08-27 03:43 - 2012-08-27 03:43 - 00000000 ____D C:\Windows\SysWOW64\no
    2012-08-27 01:05 - 2012-08-27 01:05 - 00000000 ____D C:\Users\AdiKOV\AppData\Local\{294B850A-8D31-42A1-88D7-EEC41636DC64}
    2012-08-26 14:41 - 2012-08-26 14:42 - 28300493 ____A C:\Users\AdiKOV\Downloads\1334914500_DH_Reloaded.apk
    2012-08-26 01:40 - 2012-08-26 01:40 - 00000000 ____D C:\Users\AdiKOV\AppData\Local\{251C8EC6-CE30-4AD0-A094-2325D8FD5600}
    2012-08-25 14:15 - 2012-08-25 14:15 - 00026657 ____A C:\Users\AdiKOV\Downloads\drag-me-to-hell_english-259538.zip
    2012-08-25 01:49 - 2012-08-25 01:49 - 00000000 ____D C:\Users\AdiKOV\AppData\Local\{BB7D8186-4B00-4B56-8EF2-24196C73D97F}
    2012-08-24 02:38 - 2012-08-24 02:38 - 00000000 ____D C:\Users\AdiKOV\AppData\Local\{E91D2AFF-039C-4727-BA20-9D3349D218A5}
    2012-08-23 01:34 - 2012-08-23 13:34 - 00000000 ____D C:\Users\AdiKOV\AppData\Local\{E09B150A-50E1-47F5-8835-50A73AE90FDB}
    2012-08-22 12:13 - 2012-08-22 12:13 - 00000000 ____D C:\Users\AdiKOV\AppData\Local\{80244205-15FA-4D2A-BD68-C5D2CE55F543}
    2012-08-22 02:09 - 2012-08-22 02:09 - 05587009 ____A C:\Users\AdiKOV\Downloads\hdpes20121_hbxh6ft5(1).apk
    2012-08-22 02:08 - 2012-08-22 02:08 - 05587009 ____A C:\Users\AdiKOV\Downloads\hdpes20121_hbxh6ft5.apk
    2012-08-22 02:06 - 2012-08-22 02:07 - 09284894 ____A C:\Users\AdiKOV\Downloads\gtaiii_ox3di9l2.apk
    2012-08-22 00:03 - 2012-08-22 00:03 - 00000000 ____D C:\Users\AdiKOV\AppData\Local\{D5053ADC-FBE6-4001-A6D7-085216C458C4}

    ==================== 3 Months Modified Files ==================

    2012-09-21 07:48 - 2009-07-13 21:13 - 00783220 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-09-21 07:47 - 2012-09-21 07:47 - 01454509 ____A (Farbar) C:\Users\AdiKOV\Downloads\FRST64.exe
    2012-09-21 06:41 - 2012-09-01 03:36 - 00000932 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4075504160-3250536865-1205073842-1000UA.job
    2012-09-21 05:03 - 2012-09-01 03:36 - 00000910 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4075504160-3250536865-1205073842-1000Core.job
    2012-09-20 23:13 - 2009-07-13 20:45 - 00018416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-09-20 23:13 - 2009-07-13 20:45 - 00018416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-09-20 23:07 - 2011-12-23 01:22 - 00000472 ____A C:\lucid.log
    2012-09-20 23:06 - 2011-11-16 08:33 - 01184534 ____A C:\Windows\WindowsUpdate.log
    2012-09-20 23:06 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-09-20 23:06 - 2009-07-13 20:51 - 00141472 ____A C:\Windows\setupact.log
    2012-09-20 01:11 - 2011-11-17 00:14 - 00030134 ____A C:\Windows\PFRO.log
    2012-09-20 01:10 - 2012-09-20 01:10 - 00302592 ____A C:\Users\AdiKOV\Downloads\44kogju1.exe
    2012-09-20 01:04 - 2012-09-20 01:04 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-20 01:04 - 2012-09-20 01:03 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\AdiKOV\Downloads\mbam-setup-1.65.0.1400.exe
    2012-09-19 13:28 - 2009-07-13 21:08 - 00032652 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-09-18 13:50 - 2012-09-18 13:50 - 00000664 ____A C:\Users\AdiKOV\Desktop\Pro Evolution Soccer 2013 - Shortcut.lnk
    2012-09-10 14:44 - 2012-09-09 11:15 - 00000856 ____A C:\Users\Public\Desktop\Mass Effect.lnk
    2012-09-09 06:04 - 2012-09-09 06:04 - 01780464 ____A C:\Users\AdiKOV\Downloads\com.emulator.fpse-72-0.10.57-278.rar
    2012-09-09 06:01 - 2012-09-09 05:54 - 207407451 ____A C:\Users\AdiKOV\Downloads\Final Fantasy Tactics.rar
    2012-09-09 05:47 - 2012-09-09 05:47 - 00013660 ____A C:\Users\AdiKOV\Downloads\gba_bios.zip
    2012-09-09 05:42 - 2012-09-09 05:42 - 00462209 ____A C:\Users\AdiKOV\Downloads\com.androidemu.gba-65-2.4.7-1640.rar
    2012-09-07 07:04 - 2012-09-20 01:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-01 03:36 - 2012-09-01 03:36 - 00501248 ____A (Facebook Inc.) C:\Users\AdiKOV\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe
    2012-08-31 04:34 - 2012-08-31 04:34 - 00032632 ____A C:\Users\AdiKOV\Downloads\goal-ii-living-the-dream_english-92923.zip
    2012-08-30 07:13 - 2012-08-30 07:13 - 12998357 ____A C:\Users\AdiKOV\Downloads\HISTOLOGIJA, PREPARATI ZA DRUGU PARCIJALU !.zip
    2012-08-30 07:10 - 2012-08-30 07:10 - 00814433 ____A C:\Users\AdiKOV\Downloads\HISTOLOGIJA, TEMOVI ZA DRUGU PARCIJALU !.zip
    2012-08-30 07:10 - 2012-08-30 07:09 - 13678258 ____A C:\Users\AdiKOV\Downloads\HISTOLOGIJA, TEMOVI ZA PRVU PARCIJALU !.zip
    2012-08-28 12:46 - 2012-08-28 12:46 - 00020689 ____A C:\Users\AdiKOV\Downloads\the-eye_english-148224.zip
    2012-08-28 05:52 - 2012-08-28 05:52 - 05587009 ____A C:\Users\AdiKOV\Downloads\hdpes20121_hbxh6ft5(2).apk
    2012-08-28 05:52 - 2012-08-28 05:51 - 09104836 ____A C:\Users\AdiKOV\Downloads\gta3hd_5l4hn31y.apk
    2012-08-28 05:45 - 2012-08-05 09:47 - 00000069 ____A C:\Windows\NeroDigital.ini
    2012-08-27 04:21 - 2012-08-27 04:21 - 03947759 ____A C:\Users\AdiKOV\Downloads\321321321en-ptch.rar
    2012-08-26 14:42 - 2012-08-26 14:41 - 28300493 ____A C:\Users\AdiKOV\Downloads\1334914500_DH_Reloaded.apk
    2012-08-25 14:15 - 2012-08-25 14:15 - 00026657 ____A C:\Users\AdiKOV\Downloads\drag-me-to-hell_english-259538.zip
    2012-08-25 01:51 - 2012-07-08 13:25 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-08-25 01:51 - 2012-07-08 13:25 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-08-22 02:09 - 2012-08-22 02:09 - 05587009 ____A C:\Users\AdiKOV\Downloads\hdpes20121_hbxh6ft5(1).apk
    2012-08-22 02:08 - 2012-08-22 02:08 - 05587009 ____A C:\Users\AdiKOV\Downloads\hdpes20121_hbxh6ft5.apk
    2012-08-22 02:07 - 2012-08-22 02:06 - 09284894 ____A C:\Users\AdiKOV\Downloads\gtaiii_ox3di9l2.apk
    2012-08-21 06:59 - 2012-08-27 03:57 - 00118784 ____A (Valve Corporation) C:\Users\AdiKOV\Downloads\steam_api.dll
    2012-08-21 06:44 - 2012-08-27 03:57 - 00358400 ____A (SKIDROW) C:\Users\AdiKOV\Downloads\Steamclient.dll
    2012-08-21 06:44 - 2012-08-27 03:57 - 00025088 ____A C:\Users\AdiKOV\Downloads\skidrow.dll
    2012-08-21 06:44 - 2012-08-27 03:57 - 00000232 ____A C:\Users\AdiKOV\Downloads\SKIDROW.ini
    2012-08-15 02:52 - 2012-08-15 02:52 - 01352435 ____A C:\Users\AdiKOV\Downloads\setup_magicdisc.exe
    2012-08-15 02:51 - 2012-08-15 02:51 - 03067400 ____A C:\Users\AdiKOV\Downloads\Setup_MagicISO.exe
    2012-08-13 14:06 - 2012-08-13 14:06 - 00001877 ____A C:\Users\AdiKOV\Desktop\pes2013-unlock.exe - Shortcut.lnk
    2012-08-13 10:31 - 2012-08-13 09:55 - 1056820903 ____A C:\Users\AdiKOV\Downloads\sr-p12ULh.rar
    2012-08-08 06:25 - 2012-08-08 06:22 - 32910335 ____A C:\Users\AdiKOV\Downloads\com.pnixgames.gunzombieHellGate-11.apk
    2012-08-08 06:20 - 2012-08-08 06:19 - 38288677 ____A C:\Users\AdiKOV\Downloads\b170.apk
    2012-08-04 09:36 - 2012-08-04 09:36 - 00022945 ____A C:\Users\AdiKOV\Downloads\2052862.zip
    2012-08-04 09:36 - 2012-08-04 09:36 - 00001682 ____A C:\Users\AdiKOV\Downloads\2023930.zip
    2012-08-03 13:22 - 2012-08-03 13:22 - 00032019 ____A C:\Users\AdiKOV\Downloads\pandorum.(2009).eng.1cd.(3601185).zip
    2012-08-02 13:50 - 2011-11-16 10:35 - 00591325 ____A C:\Windows\DirectX.log
    2012-07-26 03:05 - 2012-07-26 02:41 - 1075184663 ____A C:\Users\AdiKOV\Downloads\PES2013_DEMO.zip
    2012-07-26 02:38 - 2012-07-26 02:32 - 00000071 ____A C:\Users\AdiKOV\Downloads\PES2013_DemoTweak_Unlocker_1.0.rar
    2012-07-16 11:21 - 2012-07-16 11:21 - 00035797 ____A C:\Users\AdiKOV\Downloads\sherlock.holmes.a.game.of.shadows.(2011).eng.1cd.(4520477).zip
    2012-07-16 08:11 - 2012-07-16 08:06 - 52353819 ____A C:\Users\AdiKOV\Downloads\JazzJackrabbit2.rar
    2012-07-16 08:08 - 2012-07-16 08:08 - 02497952 ____A (GameFabrique ) C:\Users\AdiKOV\Downloads\earthworm_jim.exe
    2012-07-15 12:49 - 2012-07-15 12:49 - 00037836 ____A C:\Users\AdiKOV\Downloads\146526-The.Avengers.2012.TS.XviD.AC3ADTRG,FULL.rar
    2012-07-13 01:10 - 2012-07-13 01:10 - 00019363 ____A C:\Users\AdiKOV\Downloads\112592-despicable.me.dvdrip.xvidimbt.rar
    2012-07-12 01:26 - 2012-06-15 01:23 - 00796400 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-07-11 10:37 - 2012-07-11 10:37 - 00000710 ____A C:\Windows\SysWOW64\asiloader.log
    2012-07-11 10:15 - 2009-07-13 20:45 - 04982920 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-11 10:13 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
    2012-07-11 09:36 - 2012-07-11 09:36 - 00504621 ____A C:\Users\AdiKOV\Downloads\mscomctl.zip
    2012-07-11 07:56 - 2012-07-11 07:55 - 27813053 ____A C:\Users\AdiKOV\Downloads\STVC_1.526.4.273_FULL.zip
    2012-07-08 07:40 - 2012-07-08 07:40 - 00000046 ____H C:\Users\Public\Documents\msdrls.dat
    2012-07-02 23:36 - 2012-07-02 23:36 - 00033661 ____A C:\Users\AdiKOV\Downloads\the.dictator.(2012).scc.1cd.(4570314).zip
    2012-07-02 11:35 - 2012-07-02 11:35 - 00021316 ____A C:\Users\AdiKOV\Downloads\izvod.html
    2012-06-30 14:16 - 2012-06-30 14:16 - 00015590 ____A C:\Users\AdiKOV\Downloads\116767.rar


    ZeroAccess:
    C:\Windows\Installer\{9ea53549-e752-8a22-255f-c3d4b4f78f7f}
    C:\Windows\Installer\{9ea53549-e752-8a22-255f-c3d4b4f78f7f}\@
    C:\Windows\Installer\{9ea53549-e752-8a22-255f-c3d4b4f78f7f}\L
    C:\Windows\Installer\{9ea53549-e752-8a22-255f-c3d4b4f78f7f}\U
    C:\Windows\Installer\{9ea53549-e752-8a22-255f-c3d4b4f78f7f}\U\00000001.@
    C:\Windows\Installer\{9ea53549-e752-8a22-255f-c3d4b4f78f7f}\U\800000cb.@

    ZeroAccess:
    C:\Users\AdiKOV\AppData\Local\{9ea53549-e752-8a22-255f-c3d4b4f78f7f}
    C:\Users\AdiKOV\AppData\Local\{9ea53549-e752-8a22-255f-c3d4b4f78f7f}\@
    C:\Users\AdiKOV\AppData\Local\{9ea53549-e752-8a22-255f-c3d4b4f78f7f}\L
    C:\Users\AdiKOV\AppData\Local\{9ea53549-e752-8a22-255f-c3d4b4f78f7f}\U

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-09-19 10:55:52

    ==================== Memory info ===========================

    Percentage of memory in use: 9%
    Total physical RAM: 8081.87 MB
    Available physical RAM: 7307.76 MB
    Total Pagefile: 8080.02 MB
    Available Pagefile: 7303.16 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions =============================

    1 Drive c: () (Fixed) (Total:474.3 GB) (Free:341.14 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: () (Fixed) (Total:232.19 GB) (Free:68.28 GB) NTFS
    3 Drive e: (New Volume) (Fixed) (Total:457.21 GB) (Free:69.53 GB) NTFS
    5 Drive g: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
    6 Drive h: () (Removable) (Total:7.62 GB) (Free:7.62 GB) FAT32
    7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 1024 KB
    Disk 1 Online 232 GB 704 MB
    Disk 2 Online 7832 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 474 GB 1024 KB
    Partition 2 Primary 457 GB 474 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 474 GB Healthy

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E New Volume NTFS Partition 457 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 0 Extended 232 GB 8032 KB
    Partition 1 Logical 232 GB 8064 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 D NTFS Partition 232 GB Healthy

    =========================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7820 MB 29 KB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H FAT32 Removable 7820 MB Healthy

    =========================================================

    Last Boot: 2012-09-17 09:27

    ==================== End Of Log =============================

    Farbar Recovery Scan Tool (x64) Version: 20-09-2012
    Ran by SYSTEM at 2012-09-21 17:57:25
    Running from H:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    FRST Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.
  6. Adikov

    Adikov Newcomer, in training Topic Starter

    I've done it and NOD says it's clean :)
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-09-2012
    Ran by SYSTEM at 2012-09-23 20:54:43 Run:1
    Running from H:\

    ==============================================

    C:\Windows\Installer\{9ea53549-e752-8a22-255f-c3d4b4f78f7f} moved successfully.
    C:\Users\AdiKOV\AppData\Local\{9ea53549-e752-8a22-255f-c3d4b4f78f7f} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====

    I believe it's clean now, thank you so much
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Great to hear, that Sirefef is gone. However, other malware may be lurking, and I would love to help get it cleared. If you want to continue, please do the following:

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  8. Adikov

    Adikov Newcomer, in training Topic Starter

    I had no problems running it, except it kept saying my antivirus protection is enabled even though I disabled it(checked the instructions, did just like they say), here's the log:

    ComboFix 12-09-23.03 - AdiKOV 24-09-12 9:48.1.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8098.6377 [GMT 2:00]
    Running from: c:\users\AdiKOV\Desktop\ComboFix.exe
    AV: ESET Smart Security 5.0 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    SP: ESET Smart Security 5.0 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Search Toolbar
    c:\program files (x86)\Search Toolbar\icon.ico
    c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
    c:\windows\7Loader.TAG
    c:\windows\SysWow64\tmpE790.tmp
    c:\windows\SysWow64\tmpE82D.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-24 to 2012-09-24 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-22 01:55 . 2012-09-22 01:56 -------- d-----w- C:\FRST
    2012-09-20 09:04 . 2012-09-20 09:04 -------- d-----w- c:\users\AdiKOV\AppData\Roaming\Malwarebytes
    2012-09-20 09:04 . 2012-09-20 09:04 -------- d-----w- c:\programdata\Malwarebytes
    2012-09-20 09:04 . 2012-09-20 09:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-09-20 09:04 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-09 19:15 . 2012-09-09 19:15 -------- d-----w- c:\programdata\Media Center Programs
    2012-09-01 11:36 . 2012-09-01 11:37 -------- d-----w- c:\users\AdiKOV\AppData\Local\Facebook
    2012-09-01 09:16 . 2012-09-01 09:16 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
    2012-08-28 13:47 . 2012-08-28 13:47 -------- d-----w- c:\users\AdiKOV\AppData\Local\Apple Computer
    2012-08-27 11:43 . 2012-08-27 11:43 -------- d-----w- c:\windows\SysWow64\no
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-25 09:51 . 2012-07-08 21:25 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-25 09:51 . 2012-07-08 21:25 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-07 22:14 . 2012-08-07 22:14 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-06-29 10:04 . 2012-07-25 15:20 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ACE0C8C6-0495-4B3A-9795-39961247AE74}\mpengine.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "Facebook Update"="c:\users\AdiKOV\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-01 138096]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
    "ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536]
    "THX Audio Control Panel"="c:\program files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe" [2010-06-11 1349632]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "ASUSGamerOSD"="c:\program files (x86)\ASUS\GamerOSD\GamerOSD.exe" [2009-07-30 380928]
    "VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe" [2010-02-18 241789]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2008-05-27 413696]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
    "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-08-29 1996200]
    .
    c:\users\AdiKOV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-8-15 576000]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
    R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-14 276248]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-11-16 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-11-16 79360]
    R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-08 114144]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-17 1255736]
    S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys [2010-11-08 14464]
    S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
    S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-29 283200]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
    S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [2011-11-16 16384]
    S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 204288]
    S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-06-13 922240]
    S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 915584]
    S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
    S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-08-09 974944]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 2369960]
    S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-01-17 164520]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-11-10 10567680]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-11-10 325632]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-02-24 126952]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 389608]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
    S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2011-02-08 328368]
    S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 26136]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
    S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
    S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys [2011-12-12 66336]
    S4 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [2010-09-14 23680]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10001aac-4ac0-11e1-8ef5-14dae934d89a}]
    \shell\AutoRun\command - G:\autorun.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4075504160-3250536865-1205073842-1000Core.job
    - c:\users\AdiKOV\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-01 11:36]
    .
    2012-09-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4075504160-3250536865-1205073842-1000UA.job
    - c:\users\AdiKOV\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-01 11:36]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-03 11842152]
    "THXCfg64"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
    "RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "VIRTU"="c:\program files\Lucidlogix Technologies\VIRTU\VirtuControlPanel.Exe" [2011-12-12 2595104]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-08-09 4030008]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-14 170264]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-14 398616]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-14 440600]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    "AppInit_DLLs"=c:\progra~1\LUCIDL~1\VIRTU\appinit_dll.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=17162&mntrId=6015469100000000000014dae934d89a
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\AdiKOV\AppData\Roaming\Mozilla\Firefox\Profiles\3onr2dnj.default\
    FF - user.js: extensions.softonic_i.newTab - false
    FF - user.js: extensions.softonic_i.tlbrSrchUrl - hxxp://search.softonic.com/MON00005/tb_v1?SearchSource=1&cc=&q=
    FF - user.js: extensions.softonic_i.id - 6015469100000000000014dae934d89a
    FF - user.js: extensions.softonic_i.instlDay - 15380
    FF - user.js: extensions.softonic_i.vrsn - 1.5.11.5
    FF - user.js: extensions.softonic_i.vrsni - 1.5.11.5
    FF - user.js: extensions.softonic_i.vrsnTs - 1.5.11.518:03
    FF - user.js: extensions.softonic_i.prtnrId - softonic
    FF - user.js: extensions.softonic_i.prdct - softonic
    FF - user.js: extensions.softonic_i.aflt - SD
    FF - user.js: extensions.softonic_i.smplGrp - eng7
    FF - user.js: extensions.softonic_i.tlbrId - en11DECdefault
    FF - user.js: extensions.softonic_i.instlRef - MON00005
    FF - user.js: extensions.softonic_i.dfltLng -
    FF - user.js: extensions.softonic_i.excTlbr - false
    FF - user.js: general.useragent.extra.brc -
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-RGSC - c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
    Wow6432Node-HKLM-Run-StartCCC - c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
    AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
    AddRemove-FoxTab FLV Player - c:\program files (x86)\FoxTabFLVPlayer\Uninstall\Uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-4075504160-3250536865-1205073842-1000\Software\SecuROM\License information*]
    "datasecu"=hex:c4,c1,e1,0a,ed,3f,5e,9f,87,78,30,43,f0,a3,b8,73,1c,96,8b,aa,d1,
    46,21,7e,2f,59,3f,88,37,55,f1,ac,d6,0d,78,21,51,67,5f,00,ef,2f,31,25,b7,50,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
    c:\program files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
    c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
    c:\windows\SysWOW64\ASDR.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\windows\SysWOW64\PnkBstrB.exe
    c:\program files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
    c:\program files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
    c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe
    c:\program files\Lucidlogix Technologies\VIRTU\EKAG20NT.EXE
    c:\program files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
    c:\program files (x86)\DAEMON Tools Lite\DTShellHlp.exe
    .
    **************************************************************************
    .
    Completion time: 2012-09-24 09:59:25 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-09-24 07:59
    .
    Pre-Run: 365,639,225,344 bytes free
    Post-Run: 366,594,600,960 bytes free
    .
    - - End Of File - - AEF9B8D292D90F9A01484D07F9A70A28
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    That happens, it's okay.

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
    Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    avast! aswMBR

    Please download aswMBR from here
    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Click the Scan button to start the scan as illustrated below
    [​IMG]

    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
  10. Adikov

    Adikov Newcomer, in training Topic Starter

    Here are the logs, tdss didn't detect any malicious objects

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-24 11:22:27
    -----------------------------
    11:22:27.119 OS Version: Windows x64 6.1.7601 Service Pack 1
    11:22:27.119 Number of processors: 4 586 0x2A07
    11:22:27.119 ComputerName: PC UserName:
    11:22:28.179 Initialize success
    11:22:33.719 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    11:22:33.719 Disk 0 Vendor: WDC_WD10EALX-009BA0 15.01H15 Size: 953869MB BusType: 11
    11:22:33.719 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
    11:22:33.719 Disk 1 Vendor: SAMSUNG_HD252HJ 1AC01113 Size: 238475MB BusType: 11
    11:22:33.735 Disk 0 MBR read successfully
    11:22:33.735 Disk 0 MBR scan
    11:22:33.750 Disk 0 Windows 7 default MBR code
    11:22:33.750 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 485688 MB offset 2048
    11:22:33.766 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 468178 MB offset 994691072
    11:22:33.797 Disk 0 scanning C:\Windows\system32\drivers
    11:22:39.054 Service scanning
    11:22:49.210 Modules scanning
    11:22:49.210 Disk 0 trace - called modules:
    11:22:49.241 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    11:22:49.241 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007dfc790]
    11:22:49.241 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8007b1be40]
    11:22:49.257 5 ACPI.sys[fffff88000f247a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007b18060]
    11:22:49.257 Scan finished successfully
    11:22:56.916 Disk 0 MBR has been saved successfully to "C:\Users\AdiKOV\Desktop\MBR.dat"
    11:22:57.337 The log file has been saved successfully to "C:\Users\AdiKOV\Desktop\aswMBR.txt"
  11. Adikov

    Adikov Newcomer, in training Topic Starter

    11:19:50.0998 1700 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    11:19:51.0169 1700 ============================================================
    11:19:51.0169 1700 Current date / time: 2012/09/24 11:19:51.0169
    11:19:51.0169 1700 SystemInfo:
    11:19:51.0169 1700
    11:19:51.0169 1700 OS Version: 6.1.7601 ServicePack: 1.0
    11:19:51.0169 1700 Product type: Workstation
    11:19:51.0169 1700 ComputerName: PC
    11:19:51.0169 1700 UserName: AdiKOV
    11:19:51.0169 1700 Windows directory: C:\Windows
    11:19:51.0169 1700 System windows directory: C:\Windows
    11:19:51.0169 1700 Running under WOW64
    11:19:51.0169 1700 Processor architecture: Intel x64
    11:19:51.0169 1700 Number of processors: 4
    11:19:51.0169 1700 Page size: 0x1000
    11:19:51.0169 1700 Boot type: Normal boot
    11:19:51.0169 1700 ============================================================
    11:19:51.0949 1700 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    11:19:51.0949 1700 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    11:19:51.0965 1700 Drive \Device\Harddisk2\DR2 - Size: 0x1E98D1A00 (7.65 Gb), SectorSize: 0x200, Cylinders: 0x3E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    11:19:51.0965 1700 ============================================================
    11:19:51.0965 1700 \Device\Harddisk0\DR0:
    11:19:51.0965 1700 MBR partitions:
    11:19:51.0965 1700 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3B49C000
    11:19:51.0965 1700 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3B49C800, BlocksNum 0x39269000
    11:19:51.0965 1700 \Device\Harddisk1\DR1:
    11:19:51.0965 1700 MBR partitions:
    11:19:51.0965 1700 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x1D063568
    11:19:51.0965 1700 \Device\Harddisk2\DR2:
    11:19:51.0965 1700 MBR partitions:
    11:19:51.0965 1700 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x3A, BlocksNum 0xF4656B
    11:19:51.0965 1700 ============================================================
    11:19:51.0980 1700 C: <-> \Device\Harddisk0\DR0\Partition1
    11:19:51.0996 1700 E: <-> \Device\Harddisk1\DR1\Partition1
    11:19:52.0027 1700 F: <-> \Device\Harddisk0\DR0\Partition2
    11:19:52.0027 1700 ============================================================
    11:19:52.0027 1700 Initialize success
    11:19:52.0027 1700 ============================================================
    11:19:55.0178 4784 ============================================================
    11:19:55.0178 4784 Scan started
    11:19:55.0178 4784 Mode: Manual;
    11:19:55.0178 4784 ============================================================
    11:19:55.0834 4784 ================ Scan system memory ========================
    11:19:55.0834 4784 System memory - ok
    11:19:55.0834 4784 ================ Scan services =============================
    11:19:55.0943 4784 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    11:19:55.0990 4784 1394ohci - ok
    11:19:56.0021 4784 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    11:19:56.0021 4784 ACPI - ok
    11:19:56.0052 4784 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    11:19:56.0068 4784 AcpiPmi - ok
    11:19:56.0177 4784 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    11:19:56.0177 4784 AdobeARMservice - ok
    11:19:56.0192 4784 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    11:19:56.0239 4784 adp94xx - ok
    11:19:56.0255 4784 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    11:19:56.0302 4784 adpahci - ok
    11:19:56.0317 4784 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    11:19:56.0317 4784 adpu320 - ok
    11:19:56.0333 4784 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    11:19:56.0333 4784 AeLookupSvc - ok
    11:19:56.0380 4784 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    11:19:56.0380 4784 AFD - ok
    11:19:56.0411 4784 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    11:19:56.0426 4784 agp440 - ok
    11:19:56.0442 4784 [ 8B6625D53C18774F0102F690E285B5E8 ] AiChargerPlus C:\Windows\system32\DRIVERS\AiChargerPlus.sys
    11:19:56.0458 4784 AiChargerPlus - ok
    11:19:56.0473 4784 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    11:19:56.0473 4784 ALG - ok
    11:19:56.0489 4784 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    11:19:56.0504 4784 aliide - ok
    11:19:56.0520 4784 [ 5EC60409BD50953BD4F892B18840039E ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    11:19:56.0536 4784 AMD External Events Utility - ok
    11:19:56.0551 4784 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    11:19:56.0567 4784 amdide - ok
    11:19:56.0567 4784 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    11:19:56.0582 4784 AmdK8 - ok
    11:19:56.0738 4784 [ 322E5C178990F116F00E3D923F4E6B1C ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    11:19:56.0894 4784 amdkmdag - ok
    11:19:56.0910 4784 [ 961A81A84FDD700E361E8294528A37BA ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
    11:19:56.0926 4784 amdkmdap - ok
    11:19:56.0941 4784 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    11:19:56.0957 4784 AmdPPM - ok
    11:19:56.0972 4784 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    11:19:56.0988 4784 amdsata - ok
    11:19:57.0004 4784 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    11:19:57.0019 4784 amdsbs - ok
    11:19:57.0035 4784 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    11:19:57.0035 4784 amdxata - ok
    11:19:57.0066 4784 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    11:19:57.0097 4784 AppID - ok
    11:19:57.0113 4784 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    11:19:57.0113 4784 AppIDSvc - ok
    11:19:57.0144 4784 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    11:19:57.0144 4784 Appinfo - ok
    11:19:57.0191 4784 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
    11:19:57.0191 4784 AppMgmt - ok
    11:19:57.0206 4784 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    11:19:57.0222 4784 arc - ok
    11:19:57.0222 4784 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    11:19:57.0238 4784 arcsas - ok
    11:19:57.0284 4784 [ 6E3F4538B33BC19259E99BE1826286A3 ] asComSvc C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
    11:19:57.0284 4784 asComSvc - ok
    11:19:57.0347 4784 [ 4B720CC508B4FB999A7BF0E6D84F73E1 ] ASDR C:\Windows\SysWOW64\ASDR.exe
    11:19:57.0347 4784 ASDR - ok
    11:19:57.0378 4784 [ A63173897EA1A73A75D0E65036DE5B15 ] asHmComSvc C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
    11:19:57.0378 4784 asHmComSvc - ok
    11:19:57.0394 4784 [ FEF9DD9EA587F8886ADE43C1BEFBDAFE ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
    11:19:57.0409 4784 AsIO - ok
    11:19:57.0425 4784 [ 954950D11ADA98AC1B7EE3C770E4622C ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
    11:19:57.0425 4784 asmthub3 - ok
    11:19:57.0440 4784 [ 01DBB05DB1DB95803E3C9F2B49AFE79C ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
    11:19:57.0440 4784 asmtxhci - ok
    11:19:57.0518 4784 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    11:19:57.0518 4784 aspnet_state - ok
    11:19:57.0550 4784 [ 5C31DFB196CB3A488A041881634D86D2 ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
    11:19:57.0550 4784 AsSysCtrlService - ok
    11:19:57.0565 4784 [ 1392B92179B07B672720763D9B1028A5 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
    11:19:57.0581 4784 AsUpIO - ok
    11:19:57.0596 4784 [ A4398A8914C32F18EC2AB562CBA3CAAF ] asusgsb C:\Windows\system32\drivers\asusgsb.sys
    11:19:57.0612 4784 asusgsb - ok
    11:19:57.0659 4784 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    11:19:57.0674 4784 AsyncMac - ok
    11:19:57.0690 4784 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    11:19:57.0690 4784 atapi - ok
    11:19:57.0737 4784 [ 230CF51113CD4B830B3BFD09B0D4C066 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
    11:19:57.0737 4784 AtiHDAudioService - ok
    11:19:57.0768 4784 [ FB4187C282CB467E5E606913A1FA79A3 ] atkdisplf C:\Windows\system32\Drivers\atkdisplowfilter.sys
    11:19:57.0784 4784 atkdisplf - ok
    11:19:57.0799 4784 [ 86D873FD396FA6708A99A1BDF104D120 ] ATKFUSService C:\Windows\system32\ATKFUSService.exe
    11:19:57.0799 4784 ATKFUSService - ok
    11:19:57.0846 4784 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
    11:19:57.0846 4784 atksgt - ok
    11:19:57.0893 4784 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    11:19:57.0893 4784 AudioEndpointBuilder - ok
    11:19:57.0908 4784 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    11:19:57.0908 4784 AudioSrv - ok
    11:19:57.0924 4784 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    11:19:57.0940 4784 AxInstSV - ok
    11:19:57.0955 4784 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    11:19:57.0971 4784 b06bdrv - ok
    11:19:58.0002 4784 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    11:19:58.0018 4784 b57nd60a - ok
    11:19:58.0049 4784 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    11:19:58.0049 4784 BDESVC - ok
    11:19:58.0064 4784 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    11:19:58.0064 4784 Beep - ok
    11:19:58.0096 4784 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    11:19:58.0111 4784 BFE - ok
    11:19:58.0158 4784 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
    11:19:58.0158 4784 BITS - ok
    11:19:58.0174 4784 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    11:19:58.0189 4784 blbdrive - ok
    11:19:58.0205 4784 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    11:19:58.0220 4784 bowser - ok
    11:19:58.0236 4784 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    11:19:58.0252 4784 BrFiltLo - ok
    11:19:58.0267 4784 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    11:19:58.0267 4784 BrFiltUp - ok
    11:19:58.0283 4784 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
    11:19:58.0298 4784 BridgeMP - ok
    11:19:58.0330 4784 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
    11:19:58.0330 4784 Browser - ok
    11:19:58.0345 4784 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    11:19:58.0376 4784 Brserid - ok
    11:19:58.0392 4784 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    11:19:58.0408 4784 BrSerWdm - ok
    11:19:58.0408 4784 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    11:19:58.0423 4784 BrUsbMdm - ok
    11:19:58.0439 4784 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    11:19:58.0439 4784 BrUsbSer - ok
    11:19:58.0439 4784 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    11:19:58.0454 4784 BTHMODEM - ok
    11:19:58.0486 4784 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    11:19:58.0486 4784 bthserv - ok
    11:19:58.0501 4784 catchme - ok
    11:19:58.0517 4784 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    11:19:58.0517 4784 cdfs - ok
    11:19:58.0548 4784 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    11:19:58.0564 4784 cdrom - ok
    11:19:58.0595 4784 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    11:19:58.0595 4784 CertPropSvc - ok
    11:19:58.0610 4784 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    11:19:58.0610 4784 circlass - ok
    11:19:58.0642 4784 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    11:19:58.0642 4784 CLFS - ok
    11:19:58.0688 4784 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    11:19:58.0704 4784 clr_optimization_v2.0.50727_32 - ok
    11:19:58.0720 4784 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    11:19:58.0720 4784 clr_optimization_v2.0.50727_64 - ok
    11:19:58.0782 4784 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    11:19:58.0782 4784 clr_optimization_v4.0.30319_32 - ok
    11:19:58.0798 4784 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    11:19:58.0798 4784 clr_optimization_v4.0.30319_64 - ok
    11:19:58.0798 4784 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    11:19:58.0813 4784 CmBatt - ok
    11:19:58.0844 4784 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    11:19:58.0860 4784 cmdide - ok
    11:19:58.0891 4784 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    11:19:58.0922 4784 CNG - ok
    11:19:58.0938 4784 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    11:19:58.0938 4784 Compbatt - ok
    11:19:58.0969 4784 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    11:19:58.0985 4784 CompositeBus - ok
    11:19:58.0985 4784 COMSysApp - ok
    11:19:59.0032 4784 [ DF3E8C2C443D3618260DFF5705CE2DF5 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
    11:19:59.0032 4784 cphs - ok
    11:19:59.0063 4784 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    11:19:59.0468 4784 crcdisk - ok
    11:19:59.0500 4784 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
    11:19:59.0500 4784 Creative ALchemy AL6 Licensing Service - ok
    11:19:59.0531 4784 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    11:19:59.0531 4784 Creative Audio Engine Licensing Service - ok
    11:19:59.0562 4784 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    11:19:59.0562 4784 CryptSvc - ok
    11:19:59.0609 4784 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
    11:19:59.0609 4784 CSC - ok
    11:19:59.0640 4784 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
    11:19:59.0656 4784 CscService - ok
    11:19:59.0671 4784 [ 7DAA33AAEE034AE62EF631A3F13A027B ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    11:19:59.0687 4784 CTAudSvcService - ok
    11:19:59.0718 4784 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    11:19:59.0718 4784 DcomLaunch - ok
    11:19:59.0749 4784 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    11:19:59.0749 4784 defragsvc - ok
    11:19:59.0780 4784 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    11:19:59.0796 4784 DfsC - ok
    11:19:59.0827 4784 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    11:19:59.0843 4784 Dhcp - ok
    11:19:59.0843 4784 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    11:19:59.0843 4784 discache - ok
    11:19:59.0874 4784 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    11:19:59.0890 4784 Disk - ok
    11:19:59.0905 4784 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    11:19:59.0905 4784 Dnscache - ok
    11:19:59.0936 4784 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    11:19:59.0936 4784 dot3svc - ok
    11:19:59.0968 4784 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    11:19:59.0968 4784 DPS - ok
    11:19:59.0999 4784 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    11:20:00.0014 4784 drmkaud - ok
    11:20:00.0030 4784 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    11:20:00.0030 4784 dtsoftbus01 - ok
    11:20:00.0061 4784 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    11:20:00.0077 4784 DXGKrnl - ok
    11:20:00.0092 4784 [ 471612D324D8682B98B267BD091D2219 ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
    11:20:00.0108 4784 e1cexpress - ok
    11:20:00.0170 4784 [ 13533557D01B88C83110D5CF749F14D7 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
    11:20:00.0170 4784 eamonm - ok
    11:20:00.0186 4784 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    11:20:00.0186 4784 EapHost - ok
    11:20:00.0248 4784 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    11:20:00.0311 4784 ebdrv - ok
    11:20:00.0342 4784 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    11:20:00.0342 4784 EFS - ok
    11:20:00.0373 4784 [ E097728129E7B79BF1089D7AEF42332B ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
    11:20:00.0389 4784 ehdrv - ok
    11:20:00.0420 4784 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    11:20:00.0436 4784 ehRecvr - ok
    11:20:00.0451 4784 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    11:20:00.0451 4784 ehSched - ok
    11:20:00.0482 4784 [ 343ADA10D948DB29251F2D9C809AF204 ] EIO64 C:\Windows\system32\DRIVERS\EIO64.sys
    11:20:00.0482 4784 EIO64 - ok
    11:20:00.0545 4784 [ F0EEBAC2F362AA866188A1C0EF819CB9 ] ekrn C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    11:20:00.0560 4784 ekrn - ok
    11:20:00.0592 4784 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    11:20:00.0592 4784 elxstor - ok
    11:20:00.0623 4784 [ 198C6FBC30BBD9632EA051203DCCF204 ] epfw C:\Windows\system32\DRIVERS\epfw.sys
    11:20:00.0623 4784 epfw - ok
    11:20:00.0654 4784 [ 56DE463F517710A8AA44EEF82C35B3C9 ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys
    11:20:00.0685 4784 EpfwLWF - ok
    11:20:00.0701 4784 [ 710B0442BB2F99278D7B8E02A8849C11 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys
    11:20:00.0716 4784 epfwwfp - ok
    11:20:00.0748 4784 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    11:20:00.0763 4784 ErrDev - ok
    11:20:00.0794 4784 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    11:20:00.0794 4784 EventSystem - ok
    11:20:00.0810 4784 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    11:20:00.0857 4784 exfat - ok
    11:20:00.0857 4784 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    11:20:00.0888 4784 fastfat - ok
    11:20:00.0935 4784 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    11:20:00.0935 4784 Fax - ok
    11:20:00.0950 4784 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    11:20:00.0982 4784 fdc - ok
    11:20:00.0997 4784 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    11:20:00.0997 4784 fdPHost - ok
    11:20:00.0997 4784 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    11:20:00.0997 4784 FDResPub - ok
    11:20:01.0013 4784 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    11:20:01.0028 4784 FileInfo - ok
    11:20:01.0028 4784 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    11:20:01.0044 4784 Filetrace - ok
    11:20:01.0075 4784 [ 8669BE94F63944E4F899C3950B520241 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    11:20:01.0075 4784 FLEXnet Licensing Service - ok
    11:20:01.0091 4784 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    11:20:01.0091 4784 flpydisk - ok
    11:20:01.0122 4784 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    11:20:01.0184 4784 FltMgr - ok
    11:20:01.0216 4784 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    11:20:01.0231 4784 FontCache - ok
    11:20:01.0278 4784 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    11:20:01.0278 4784 FontCache3.0.0.0 - ok
    11:20:01.0294 4784 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    11:20:01.0309 4784 FsDepends - ok
    11:20:01.0340 4784 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    11:20:01.0356 4784 Fs_Rec - ok
    11:20:01.0372 4784 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    11:20:01.0387 4784 fvevol - ok
    11:20:01.0387 4784 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    11:20:01.0434 4784 gagp30kx - ok
    11:20:01.0481 4784 GGSAFERDriver - ok
    11:20:01.0528 4784 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    11:20:01.0528 4784 gpsvc - ok
    11:20:01.0574 4784 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
    11:20:01.0606 4784 hamachi - ok
    11:20:01.0684 4784 [ F10C3F2E002100BF8B797DCF283FEA7D ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    11:20:01.0684 4784 Hamachi2Svc - ok
    11:20:01.0699 4784 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    11:20:01.0699 4784 hcw85cir - ok
    11:20:01.0730 4784 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    11:20:01.0730 4784 HdAudAddService - ok
    11:20:01.0762 4784 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    11:20:01.0762 4784 HDAudBus - ok
    11:20:01.0777 4784 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    11:20:01.0793 4784 HidBatt - ok
    11:20:01.0808 4784 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    11:20:01.0824 4784 HidBth - ok
    11:20:01.0824 4784 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    11:20:01.0840 4784 HidIr - ok
    11:20:01.0840 4784 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
    11:20:01.0840 4784 hidserv - ok
    11:20:01.0871 4784 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    11:20:01.0871 4784 HidUsb - ok
    11:20:01.0902 4784 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    11:20:01.0902 4784 hkmsvc - ok
    11:20:01.0933 4784 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    11:20:01.0933 4784 HomeGroupListener - ok
    11:20:01.0964 4784 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    11:20:01.0964 4784 HomeGroupProvider - ok
    11:20:01.0996 4784 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    11:20:01.0996 4784 HpSAMD - ok
    11:20:02.0011 4784 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    11:20:02.0027 4784 HTTP - ok
    11:20:02.0058 4784 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    11:20:02.0058 4784 hwpolicy - ok
    11:20:02.0089 4784 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    11:20:02.0105 4784 i8042prt - ok
    11:20:02.0136 4784 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    11:20:02.0167 4784 iaStorV - ok
    11:20:02.0198 4784 [ C1010ADD3DDAE1196ED21057AF7B2AAE ] ICCWDT C:\Windows\system32\DRIVERS\ICCWDT.sys
    11:20:02.0214 4784 ICCWDT - ok
    11:20:02.0230 4784 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    11:20:02.0245 4784 IDriverT - ok
    11:20:02.0276 4784 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    11:20:02.0276 4784 idsvc - ok
    11:20:02.0495 4784 [ 276EE9CDAB16C50E1DF0E4CEFA882F5F ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    11:20:02.0713 4784 igfx - ok
    11:20:02.0729 4784 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    11:20:02.0729 4784 iirsp - ok
    11:20:02.0776 4784 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    11:20:02.0776 4784 IKEEXT - ok
    11:20:02.0854 4784 [ 26407A11D7E222AFB7CE32700ABBD9D1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    11:20:02.0869 4784 IntcAzAudAddService - ok
    11:20:02.0885 4784 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
    11:20:02.0885 4784 IntcDAud - ok
    11:20:02.0916 4784 [ 7A3F838F2D7C8FD8E8CFF480384A798C ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
    11:20:02.0916 4784 Intel(R) PROSet Monitoring Service - ok
    11:20:02.0932 4784 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    11:20:02.0932 4784 intelide - ok
    11:20:02.0947 4784 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    11:20:02.0947 4784 intelppm - ok
    11:20:02.0978 4784 [ A01C412699B6F21645B2885C2BAE4454 ] IOMap C:\Windows\system32\drivers\IOMap64.sys
    11:20:02.0994 4784 IOMap - ok
    11:20:03.0010 4784 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    11:20:03.0010 4784 IPBusEnum - ok
    11:20:03.0041 4784 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    11:20:03.0041 4784 IpFilterDriver - ok
    11:20:03.0056 4784 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    11:20:03.0056 4784 IPMIDRV - ok
    11:20:03.0088 4784 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    11:20:03.0103 4784 IPNAT - ok
    11:20:03.0103 4784 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    11:20:03.0119 4784 IRENUM - ok
    11:20:03.0134 4784 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    11:20:03.0166 4784 isapnp - ok
    11:20:03.0197 4784 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    11:20:03.0197 4784 iScsiPrt - ok
    11:20:03.0228 4784 [ A577F5DB30F70ECA9708C07C2EACBD9D ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
    11:20:03.0228 4784 JRAID - ok
    11:20:03.0244 4784 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
    11:20:03.0244 4784 kbdclass - ok
    11:20:03.0275 4784 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    11:20:03.0275 4784 kbdhid - ok
    11:20:03.0275 4784 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    11:20:03.0275 4784 KeyIso - ok
    11:20:03.0306 4784 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    11:20:03.0306 4784 KSecDD - ok
    11:20:03.0322 4784 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    11:20:03.0337 4784 KSecPkg - ok
    11:20:03.0337 4784 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    11:20:03.0353 4784 ksthunk - ok
    11:20:03.0384 4784 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    11:20:03.0384 4784 KtmRm - ok
    11:20:03.0415 4784 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
    11:20:03.0415 4784 LanmanServer - ok
    11:20:03.0446 4784 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    11:20:03.0446 4784 LanmanWorkstation - ok
    11:20:03.0493 4784 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
    11:20:03.0524 4784 lirsgt - ok
    11:20:03.0556 4784 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    11:20:03.0556 4784 lltdio - ok
    11:20:03.0587 4784 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    11:20:03.0587 4784 lltdsvc - ok
    11:20:03.0602 4784 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    11:20:03.0602 4784 lmhosts - ok
    11:20:03.0618 4784 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    11:20:03.0649 4784 LSI_FC - ok
    11:20:03.0649 4784 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    11:20:03.0665 4784 LSI_SAS - ok
    11:20:03.0696 4784 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    11:20:03.0696 4784 LSI_SAS2 - ok
    11:20:03.0696 4784 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    11:20:03.0712 4784 LSI_SCSI - ok
    11:20:03.0727 4784 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    11:20:03.0727 4784 luafv - ok
    11:20:03.0758 4784 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
    11:20:03.0774 4784 mcdbus - ok
    11:20:03.0805 4784 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    11:20:03.0805 4784 Mcx2Svc - ok
    11:20:03.0821 4784 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    11:20:03.0836 4784 megasas - ok
    11:20:03.0852 4784 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    11:20:03.0852 4784 MegaSR - ok
    11:20:03.0883 4784 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    11:20:03.0883 4784 MEIx64 - ok
    11:20:03.0930 4784 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
    11:20:03.0930 4784 Microsoft Office Groove Audit Service - ok
    11:20:03.0930 4784 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    11:20:03.0946 4784 MMCSS - ok
    11:20:03.0946 4784 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    11:20:03.0946 4784 Modem - ok
    11:20:03.0977 4784 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    11:20:03.0977 4784 monitor - ok
    11:20:04.0008 4784 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
    11:20:04.0008 4784 mouclass - ok
    11:20:04.0024 4784 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    11:20:04.0024 4784 mouhid - ok
    11:20:04.0055 4784 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    11:20:04.0055 4784 mountmgr - ok
    11:20:04.0117 4784 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    11:20:04.0117 4784 MozillaMaintenance - ok
    11:20:04.0133 4784 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    11:20:04.0148 4784 mpio - ok
    11:20:04.0148 4784 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    11:20:04.0164 4784 mpsdrv - ok
    11:20:04.0258 4784 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    11:20:04.0258 4784 MpsSvc - ok
    11:20:04.0289 4784 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    11:20:04.0289 4784 MRxDAV - ok
    11:20:04.0320 4784 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    11:20:04.0320 4784 mrxsmb - ok
    11:20:04.0336 4784 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    11:20:04.0367 4784 mrxsmb10 - ok
    11:20:04.0382 4784 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    11:20:04.0398 4784 mrxsmb20 - ok
    11:20:04.0414 4784 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    11:20:04.0414 4784 msahci - ok
    11:20:04.0445 4784 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    11:20:04.0460 4784 msdsm - ok
    11:20:04.0476 4784 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    11:20:04.0492 4784 MSDTC - ok
    11:20:04.0538 4784 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    11:20:04.0554 4784 Msfs - ok
    11:20:04.0663 4784 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    11:20:04.0694 4784 mshidkmdf - ok
    11:20:04.0694 4784 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    11:20:04.0710 4784 msisadrv - ok
    11:20:04.0741 4784 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    11:20:04.0741 4784 MSiSCSI - ok
    11:20:04.0741 4784 msiserver - ok
    11:20:04.0772 4784 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    11:20:04.0772 4784 MSKSSRV - ok
    11:20:04.0788 4784 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    11:20:04.0788 4784 MSPCLOCK - ok
    11:20:04.0788 4784 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    11:20:04.0804 4784 MSPQM - ok
    11:20:04.0835 4784 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    11:20:04.0835 4784 MsRPC - ok
    11:20:04.0850 4784 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    11:20:04.0866 4784 mssmbios - ok
    11:20:04.0866 4784 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    11:20:04.0866 4784 MSTEE - ok
    11:20:04.0866 4784 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    11:20:04.0866 4784 MTConfig - ok
    11:20:04.0882 4784 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    11:20:04.0897 4784 Mup - ok
    11:20:04.0928 4784 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    11:20:04.0928 4784 napagent - ok
    11:20:04.0960 4784 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    11:20:04.0991 4784 NativeWifiP - ok
    11:20:05.0022 4784 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
    11:20:05.0022 4784 NDIS - ok
    11:20:05.0038 4784 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    11:20:05.0053 4784 NdisCap - ok
    11:20:05.0069 4784 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    11:20:05.0069 4784 NdisTapi - ok
    11:20:05.0084 4784 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    11:20:05.0084 4784 Ndisuio - ok
    11:20:05.0116 4784 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    11:20:05.0116 4784 NdisWan - ok
    11:20:05.0147 4784 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    11:20:05.0162 4784 NDProxy - ok
    11:20:05.0178 4784 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    11:20:05.0194 4784 NetBIOS - ok
    11:20:05.0209 4784 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    11:20:05.0209 4784 NetBT - ok
    11:20:05.0225 4784 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    11:20:05.0225 4784 Netlogon - ok
    11:20:05.0256 4784 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    11:20:05.0256 4784 Netman - ok
    11:20:05.0318 4784 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    11:20:05.0334 4784 NetMsmqActivator - ok
    11:20:05.0334 4784 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    11:20:05.0334 4784 NetPipeActivator - ok
    11:20:05.0350 4784 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    11:20:05.0350 4784 netprofm - ok
    11:20:05.0350 4784 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    11:20:05.0350 4784 NetTcpActivator - ok
    11:20:05.0365 4784 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    11:20:05.0365 4784 NetTcpPortSharing - ok
    11:20:05.0365 4784 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    11:20:05.0396 4784 nfrd960 - ok
    11:20:05.0412 4784 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    11:20:05.0428 4784 NlaSvc - ok
    11:20:05.0428 4784 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    11:20:05.0459 4784 Npfs - ok
    11:20:05.0459 4784 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    11:20:05.0459 4784 nsi - ok
    11:20:05.0474 4784 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    11:20:05.0474 4784 nsiproxy - ok
    11:20:05.0521 4784 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    11:20:05.0552 4784 Ntfs - ok
    11:20:05.0552 4784 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    11:20:05.0568 4784 Null - ok
    11:20:05.0599 4784 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    11:20:05.0615 4784 nvraid - ok
    11:20:05.0615 4784 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    11:20:05.0646 4784 nvstor - ok
    11:20:05.0677 4784 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    11:20:05.0693 4784 nv_agp - ok
    11:20:05.0755 4784 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    11:20:05.0755 4784 odserv - ok
    11:20:05.0786 4784 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    11:20:05.0802 4784 ohci1394 - ok
    11:20:05.0849 4784 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    11:20:05.0849 4784 ose - ok
    11:20:05.0864 4784 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    11:20:05.0864 4784 p2pimsvc - ok
    11:20:05.0896 4784 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    11:20:05.0896 4784 p2psvc - ok
    11:20:05.0911 4784 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    11:20:05.0927 4784 Parport - ok
    11:20:05.0958 4784 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    11:20:05.0958 4784 partmgr - ok
    11:20:05.0974 4784 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    11:20:05.0974 4784 PcaSvc - ok
    11:20:05.0989 4784 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    11:20:06.0005 4784 pci - ok
    11:20:06.0020 4784 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    11:20:06.0020 4784 pciide - ok
    11:20:06.0020 4784 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    11:20:06.0036 4784 pcmcia - ok
    11:20:06.0052 4784 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    11:20:06.0052 4784 pcw - ok
    11:20:06.0083 4784 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    11:20:06.0083 4784 PEAUTH - ok
    11:20:06.0130 4784 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    11:20:06.0130 4784 PeerDistSvc - ok
    11:20:06.0208 4784 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    11:20:06.0208 4784 PerfHost - ok
    11:20:06.0254 4784 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    11:20:06.0270 4784 pla - ok
     
  12. Adikov

    Adikov Newcomer, in training Topic Starter

    11:20:06.0301 4784 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    11:20:06.0317 4784 PlugPlay - ok
    11:20:06.0332 4784 PnkBstrA - ok
    11:20:06.0348 4784 PnkBstrB - ok
    11:20:06.0364 4784 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    11:20:06.0364 4784 PNRPAutoReg - ok
    11:20:06.0379 4784 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    11:20:06.0379 4784 PNRPsvc - ok
    11:20:06.0426 4784 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
    11:20:06.0442 4784 Point64 - ok
    11:20:06.0457 4784 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    11:20:06.0473 4784 PolicyAgent - ok
    11:20:06.0488 4784 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    11:20:06.0488 4784 Power - ok
    11:20:06.0520 4784 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    11:20:06.0566 4784 PptpMiniport - ok
    11:20:06.0566 4784 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    11:20:06.0582 4784 Processor - ok
    11:20:06.0598 4784 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    11:20:06.0598 4784 ProfSvc - ok
    11:20:06.0613 4784 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    11:20:06.0613 4784 ProtectedStorage - ok
    11:20:06.0644 4784 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    11:20:06.0644 4784 Psched - ok
    11:20:06.0691 4784 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    11:20:06.0722 4784 ql2300 - ok
    11:20:06.0722 4784 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    11:20:06.0722 4784 ql40xx - ok
    11:20:06.0754 4784 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    11:20:06.0754 4784 QWAVE - ok
    11:20:06.0769 4784 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    11:20:06.0769 4784 QWAVEdrv - ok
    11:20:06.0785 4784 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    11:20:06.0785 4784 RasAcd - ok
    11:20:06.0816 4784 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    11:20:06.0816 4784 RasAgileVpn - ok
    11:20:06.0832 4784 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    11:20:06.0832 4784 RasAuto - ok
    11:20:06.0847 4784 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    11:20:06.0863 4784 Rasl2tp - ok
    11:20:06.0894 4784 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    11:20:06.0894 4784 RasMan - ok
    11:20:06.0910 4784 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    11:20:06.0910 4784 RasPppoe - ok
    11:20:06.0925 4784 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    11:20:06.0925 4784 RasSstp - ok
    11:20:06.0956 4784 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    11:20:06.0972 4784 rdbss - ok
    11:20:06.0972 4784 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    11:20:07.0003 4784 rdpbus - ok
    11:20:07.0019 4784 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    11:20:07.0019 4784 RDPCDD - ok
    11:20:07.0050 4784 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    11:20:07.0066 4784 RDPDR - ok
    11:20:07.0081 4784 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    11:20:07.0081 4784 RDPENCDD - ok
    11:20:07.0097 4784 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    11:20:07.0097 4784 RDPREFMP - ok
    11:20:07.0159 4784 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
    11:20:07.0175 4784 RdpVideoMiniport - ok
    11:20:07.0190 4784 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    11:20:07.0190 4784 RDPWD - ok
    11:20:07.0222 4784 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    11:20:07.0222 4784 rdyboost - ok
    11:20:07.0253 4784 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    11:20:07.0268 4784 RemoteAccess - ok
    11:20:07.0300 4784 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    11:20:07.0300 4784 RemoteRegistry - ok
    11:20:07.0315 4784 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    11:20:07.0315 4784 RpcEptMapper - ok
    11:20:07.0331 4784 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    11:20:07.0331 4784 RpcLocator - ok
    11:20:07.0362 4784 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    11:20:07.0362 4784 RpcSs - ok
    11:20:07.0378 4784 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    11:20:07.0393 4784 rspndr - ok
    11:20:07.0409 4784 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
    11:20:07.0409 4784 s3cap - ok
    11:20:07.0424 4784 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    11:20:07.0424 4784 SamSs - ok
    11:20:07.0456 4784 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    11:20:07.0471 4784 sbp2port - ok
    11:20:07.0487 4784 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    11:20:07.0487 4784 SCardSvr - ok
    11:20:07.0518 4784 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    11:20:07.0534 4784 scfilter - ok
    11:20:07.0565 4784 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    11:20:07.0580 4784 Schedule - ok
    11:20:07.0596 4784 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    11:20:07.0596 4784 SCPolicySvc - ok
    11:20:07.0627 4784 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    11:20:07.0627 4784 SDRSVC - ok
    11:20:07.0643 4784 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    11:20:07.0658 4784 secdrv - ok
    11:20:07.0674 4784 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    11:20:07.0690 4784 seclogon - ok
    11:20:07.0705 4784 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
    11:20:07.0721 4784 SENS - ok
    11:20:07.0736 4784 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    11:20:07.0736 4784 SensrSvc - ok
    11:20:07.0752 4784 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    11:20:07.0768 4784 Serenum - ok
    11:20:07.0783 4784 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    11:20:07.0830 4784 Serial - ok
    11:20:07.0846 4784 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    11:20:07.0861 4784 sermouse - ok
    11:20:07.0877 4784 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    11:20:07.0877 4784 SessionEnv - ok
    11:20:07.0892 4784 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    11:20:07.0908 4784 sffdisk - ok
    11:20:07.0924 4784 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    11:20:07.0939 4784 sffp_mmc - ok
    11:20:07.0955 4784 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    11:20:07.0955 4784 sffp_sd - ok
    11:20:07.0970 4784 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    11:20:07.0970 4784 sfloppy - ok
    11:20:08.0017 4784 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    11:20:08.0017 4784 SharedAccess - ok
    11:20:08.0048 4784 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    11:20:08.0423 4784 ShellHWDetection - ok
    11:20:08.0423 4784 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    11:20:08.0454 4784 SiSRaid2 - ok
    11:20:08.0470 4784 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    11:20:08.0470 4784 SiSRaid4 - ok
    11:20:08.0516 4784 [ DB0405D9AAD62F0762E0876AC142B7E1 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    11:20:08.0516 4784 SkypeUpdate - ok
    11:20:08.0532 4784 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    11:20:08.0532 4784 Smb - ok
    11:20:08.0563 4784 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    11:20:08.0563 4784 SNMPTRAP - ok
    11:20:08.0579 4784 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    11:20:08.0594 4784 spldr - ok
    11:20:08.0626 4784 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
    11:20:08.0641 4784 Spooler - ok
    11:20:08.0704 4784 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    11:20:08.0766 4784 sppsvc - ok
    11:20:08.0766 4784 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    11:20:08.0782 4784 sppuinotify - ok
    11:20:08.0797 4784 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    11:20:08.0860 4784 srv - ok
    11:20:08.0875 4784 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    11:20:08.0891 4784 srv2 - ok
    11:20:08.0906 4784 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    11:20:08.0922 4784 srvnet - ok
    11:20:08.0938 4784 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    11:20:08.0938 4784 SSDPSRV - ok
    11:20:08.0953 4784 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    11:20:08.0953 4784 SstpSvc - ok
    11:20:08.0969 4784 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    11:20:08.0969 4784 stexstor - ok
    11:20:09.0000 4784 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    11:20:09.0000 4784 stisvc - ok
    11:20:09.0031 4784 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
    11:20:09.0031 4784 storflt - ok
    11:20:09.0047 4784 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
    11:20:09.0062 4784 storvsc - ok
    11:20:09.0094 4784 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    11:20:09.0094 4784 swenum - ok
    11:20:09.0156 4784 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    11:20:09.0156 4784 SwitchBoard - ok
    11:20:09.0172 4784 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    11:20:09.0187 4784 swprv - ok
    11:20:09.0187 4784 Synth3dVsc - ok
    11:20:09.0234 4784 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    11:20:09.0265 4784 SysMain - ok
    11:20:09.0296 4784 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    11:20:09.0296 4784 TabletInputService - ok
    11:20:09.0312 4784 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    11:20:09.0328 4784 TapiSrv - ok
    11:20:09.0343 4784 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    11:20:09.0343 4784 TBS - ok
    11:20:09.0406 4784 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    11:20:09.0421 4784 Tcpip - ok
    11:20:09.0484 4784 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    11:20:09.0499 4784 TCPIP6 - ok
    11:20:09.0515 4784 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    11:20:09.0515 4784 tcpipreg - ok
    11:20:09.0546 4784 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    11:20:09.0562 4784 TDPIPE - ok
    11:20:09.0577 4784 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    11:20:09.0593 4784 TDTCP - ok
    11:20:09.0624 4784 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    11:20:09.0640 4784 tdx - ok
    11:20:09.0655 4784 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    11:20:09.0671 4784 TermDD - ok
    11:20:09.0733 4784 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    11:20:09.0733 4784 TermService - ok
    11:20:09.0749 4784 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    11:20:09.0764 4784 Themes - ok
    11:20:09.0780 4784 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    11:20:09.0780 4784 THREADORDER - ok
    11:20:09.0796 4784 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    11:20:09.0796 4784 TrkWks - ok
    11:20:09.0842 4784 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    11:20:09.0842 4784 TrustedInstaller - ok
    11:20:09.0858 4784 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    11:20:09.0858 4784 tssecsrv - ok
    11:20:09.0905 4784 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    11:20:09.0936 4784 TsUsbFlt - ok
    11:20:09.0936 4784 tsusbhub - ok
    11:20:09.0967 4784 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    11:20:09.0983 4784 tunnel - ok
    11:20:09.0983 4784 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    11:20:09.0998 4784 uagp35 - ok
    11:20:10.0014 4784 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    11:20:10.0030 4784 udfs - ok
    11:20:10.0045 4784 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    11:20:10.0045 4784 UI0Detect - ok
    11:20:10.0076 4784 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    11:20:10.0092 4784 uliagpkx - ok
    11:20:10.0123 4784 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    11:20:10.0139 4784 umbus - ok
    11:20:10.0154 4784 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    11:20:10.0170 4784 UmPass - ok
    11:20:10.0186 4784 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
    11:20:10.0201 4784 UmRdpService - ok
    11:20:10.0217 4784 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    11:20:10.0217 4784 upnphost - ok
    11:20:10.0248 4784 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    11:20:10.0264 4784 usbccgp - ok
    11:20:10.0295 4784 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    11:20:10.0295 4784 usbcir - ok
    11:20:10.0326 4784 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
    11:20:10.0342 4784 usbehci - ok
    11:20:10.0342 4784 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    11:20:10.0357 4784 usbhub - ok
    11:20:10.0373 4784 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    11:20:10.0388 4784 usbohci - ok
    11:20:10.0404 4784 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    11:20:10.0404 4784 usbprint - ok
    11:20:10.0435 4784 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    11:20:10.0435 4784 usbscan - ok
    11:20:10.0451 4784 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    11:20:10.0466 4784 USBSTOR - ok
    11:20:10.0466 4784 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    11:20:10.0482 4784 usbuhci - ok
    11:20:10.0482 4784 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    11:20:10.0482 4784 UxSms - ok
    11:20:10.0498 4784 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    11:20:10.0498 4784 VaultSvc - ok
    11:20:10.0513 4784 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    11:20:10.0529 4784 vdrvroot - ok
    11:20:10.0544 4784 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    11:20:10.0560 4784 vds - ok
    11:20:10.0560 4784 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    11:20:10.0560 4784 vga - ok
    11:20:10.0576 4784 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    11:20:10.0591 4784 VgaSave - ok
    11:20:10.0591 4784 VGPU - ok
    11:20:10.0607 4784 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    11:20:10.0607 4784 vhdmp - ok
    11:20:10.0622 4784 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    11:20:10.0622 4784 viaide - ok
    11:20:10.0654 4784 [ 36ED684CAFEF28C378569EB64489AD2A ] VirtuWDDM C:\Windows\system32\DRIVERS\VirtuWDDM.sys
    11:20:10.0654 4784 VirtuWDDM - ok
    11:20:10.0669 4784 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
    11:20:10.0716 4784 vmbus - ok
    11:20:10.0716 4784 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
    11:20:10.0732 4784 VMBusHID - ok
    11:20:10.0763 4784 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    11:20:10.0778 4784 volmgr - ok
    11:20:10.0794 4784 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    11:20:10.0794 4784 volmgrx - ok
    11:20:10.0825 4784 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
    11:20:10.0856 4784 volsnap - ok
    11:20:10.0872 4784 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    11:20:10.0888 4784 vsmraid - ok
    11:20:10.0934 4784 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    11:20:10.0950 4784 VSS - ok
    11:20:10.0966 4784 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    11:20:10.0981 4784 vwifibus - ok
    11:20:11.0012 4784 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    11:20:11.0028 4784 W32Time - ok
    11:20:11.0028 4784 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    11:20:11.0028 4784 WacomPen - ok
    11:20:11.0059 4784 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    11:20:11.0075 4784 WANARP - ok
    11:20:11.0075 4784 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    11:20:11.0075 4784 Wanarpv6 - ok
    11:20:11.0137 4784 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    11:20:11.0153 4784 WatAdminSvc - ok
    11:20:11.0200 4784 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    11:20:11.0231 4784 wbengine - ok
    11:20:11.0246 4784 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    11:20:11.0246 4784 WbioSrvc - ok
    11:20:11.0278 4784 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    11:20:11.0278 4784 wcncsvc - ok
    11:20:11.0293 4784 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    11:20:11.0309 4784 WcsPlugInService - ok
    11:20:11.0324 4784 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    11:20:11.0324 4784 Wd - ok
    11:20:11.0340 4784 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    11:20:11.0356 4784 Wdf01000 - ok
    11:20:11.0371 4784 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    11:20:11.0371 4784 WdiServiceHost - ok
    11:20:11.0371 4784 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    11:20:11.0371 4784 WdiSystemHost - ok
    11:20:11.0402 4784 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    11:20:11.0402 4784 WebClient - ok
    11:20:11.0434 4784 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    11:20:11.0434 4784 Wecsvc - ok
    11:20:11.0449 4784 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    11:20:11.0465 4784 wercplsupport - ok
    11:20:11.0480 4784 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    11:20:11.0480 4784 WerSvc - ok
    11:20:11.0496 4784 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    11:20:11.0512 4784 WfpLwf - ok
    11:20:11.0512 4784 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    11:20:11.0543 4784 WIMMount - ok
    11:20:11.0558 4784 WinDefend - ok
    11:20:11.0558 4784 WinHttpAutoProxySvc - ok
    11:20:11.0590 4784 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    11:20:11.0590 4784 Winmgmt - ok
    11:20:11.0636 4784 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    11:20:11.0683 4784 WinRM - ok
    11:20:11.0730 4784 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
    11:20:11.0746 4784 WinUSB - ok
    11:20:11.0777 4784 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    11:20:11.0792 4784 Wlansvc - ok
    11:20:11.0902 4784 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    11:20:11.0902 4784 wlidsvc - ok
    11:20:11.0933 4784 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    11:20:11.0933 4784 WmiAcpi - ok
    11:20:11.0933 4784 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    11:20:11.0948 4784 wmiApSrv - ok
    11:20:11.0948 4784 WMPNetworkSvc - ok
    11:20:11.0964 4784 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    11:20:11.0964 4784 WPCSvc - ok
    11:20:11.0980 4784 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    11:20:11.0995 4784 WPDBusEnum - ok
    11:20:12.0011 4784 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    11:20:12.0026 4784 ws2ifsl - ok
    11:20:12.0042 4784 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
    11:20:12.0042 4784 wscsvc - ok
    11:20:12.0042 4784 WSearch - ok
    11:20:12.0104 4784 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    11:20:12.0136 4784 wuauserv - ok
    11:20:12.0167 4784 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    11:20:12.0182 4784 WudfPf - ok
    11:20:12.0198 4784 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    11:20:12.0214 4784 WUDFRd - ok
    11:20:12.0229 4784 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    11:20:12.0229 4784 wudfsvc - ok
    11:20:12.0245 4784 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    11:20:12.0245 4784 WwanSvc - ok
    11:20:12.0260 4784 ================ Scan global ===============================
    11:20:12.0276 4784 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    11:20:12.0307 4784 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    11:20:12.0307 4784 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    11:20:12.0338 4784 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    11:20:12.0370 4784 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    11:20:12.0370 4784 [Global] - ok
    11:20:12.0370 4784 ================ Scan MBR ==================================
    11:20:12.0385 4784 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    11:20:12.0650 4784 \Device\Harddisk0\DR0 - ok
    11:20:12.0650 4784 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
    11:20:12.0650 4784 \Device\Harddisk1\DR1 - ok
    11:20:12.0666 4784 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
    11:20:12.0666 4784 \Device\Harddisk2\DR2 - ok
    11:20:12.0666 4784 ================ Scan VBR ==================================
    11:20:12.0666 4784 [ 8EF7CFB547C1B3D51C05CBD3C4B45443 ] \Device\Harddisk0\DR0\Partition1
    11:20:12.0666 4784 \Device\Harddisk0\DR0\Partition1 - ok
    11:20:12.0682 4784 [ 3D9A8344ABE387E14CC0D8CA11D79334 ] \Device\Harddisk0\DR0\Partition2
    11:20:12.0682 4784 \Device\Harddisk0\DR0\Partition2 - ok
    11:20:12.0682 4784 [ BDFD66A6D65D677D5E153E681DDEEBC0 ] \Device\Harddisk1\DR1\Partition1
    11:20:12.0697 4784 \Device\Harddisk1\DR1\Partition1 - ok
    11:20:12.0697 4784 [ BEAABC1A2A57A6B4C78045831B425CC3 ] \Device\Harddisk2\DR2\Partition1
    11:20:12.0697 4784 \Device\Harddisk2\DR2\Partition1 - ok
    11:20:12.0697 4784 ============================================================
    11:20:12.0697 4784 Scan finished
    11:20:12.0697 4784 ============================================================
    11:20:12.0697 3500 Detected object count: 0
    11:20:12.0697 3500 Actual detected object count: 0
    11:20:20.0310 4240 ============================================================
    11:20:20.0310 4240 Scan started
    11:20:20.0310 4240 Mode: Manual; SigCheck; TDLFS;
    11:20:20.0310 4240 ============================================================
    11:20:20.0513 4240 ================ Scan system memory ========================
    11:20:20.0513 4240 System memory - ok
    11:20:20.0513 4240 ================ Scan services =============================
    11:20:20.0591 4240 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    11:20:20.0669 4240 1394ohci - ok
    11:20:20.0684 4240 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    11:20:20.0700 4240 ACPI - ok
    11:20:20.0716 4240 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    11:20:20.0747 4240 AcpiPmi - ok
    11:20:20.0809 4240 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    11:20:20.0825 4240 AdobeARMservice - ok
    11:20:20.0840 4240 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    11:20:20.0856 4240 adp94xx - ok
    11:20:20.0872 4240 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    11:20:20.0872 4240 adpahci - ok
    11:20:20.0887 4240 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    11:20:20.0903 4240 adpu320 - ok
    11:20:20.0918 4240 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    11:20:20.0934 4240 AeLookupSvc - ok
    11:20:20.0965 4240 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    11:20:20.0981 4240 AFD - ok
    11:20:20.0996 4240 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    11:20:20.0996 4240 agp440 - ok
    11:20:21.0012 4240 [ 8B6625D53C18774F0102F690E285B5E8 ] AiChargerPlus C:\Windows\system32\DRIVERS\AiChargerPlus.sys
    11:20:21.0028 4240 AiChargerPlus - ok
    11:20:21.0043 4240 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    11:20:21.0074 4240 ALG - ok
    11:20:21.0090 4240 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    11:20:21.0090 4240 aliide - ok
    11:20:21.0121 4240 [ 5EC60409BD50953BD4F892B18840039E ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    11:20:21.0168 4240 AMD External Events Utility - ok
    11:20:21.0199 4240 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    11:20:21.0199 4240 amdide - ok
    11:20:21.0215 4240 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    11:20:21.0246 4240 AmdK8 - ok
    11:20:21.0402 4240 [ 322E5C178990F116F00E3D923F4E6B1C ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    11:20:21.0496 4240 amdkmdag - ok
    11:20:21.0496 4240 [ 961A81A84FDD700E361E8294528A37BA ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
    11:20:21.0511 4240 amdkmdap - ok
  13. Adikov

    Adikov Newcomer, in training Topic Starter

    Accidental doublepost
  14. Adikov

    Adikov Newcomer, in training Topic Starter

    11:20:21.0527 4240 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    11:20:21.0527 4240 AmdPPM - ok
    11:20:21.0558 4240 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    11:20:21.0574 4240 amdsata - ok
    11:20:21.0589 4240 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    11:20:21.0605 4240 amdsbs - ok
    11:20:21.0605 4240 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    11:20:21.0620 4240 amdxata - ok
    11:20:21.0636 4240 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    11:20:21.0698 4240 AppID - ok
    11:20:21.0730 4240 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    11:20:21.0776 4240 AppIDSvc - ok
    11:20:21.0792 4240 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    11:20:21.0823 4240 Appinfo - ok
    11:20:21.0870 4240 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
    11:20:21.0901 4240 AppMgmt - ok
    11:20:21.0901 4240 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    11:20:21.0917 4240 arc - ok
    11:20:21.0917 4240 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    11:20:21.0932 4240 arcsas - ok
    11:20:21.0964 4240 [ 6E3F4538B33BC19259E99BE1826286A3 ] asComSvc C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
    11:20:21.0995 4240 asComSvc - ok
    11:20:22.0057 4240 [ 4B720CC508B4FB999A7BF0E6D84F73E1 ] ASDR C:\Windows\SysWOW64\ASDR.exe
    11:20:22.0073 4240 ASDR ( UnsignedFile.Multi.Generic ) - warning
    11:20:22.0073 4240 ASDR - detected UnsignedFile.Multi.Generic (1)
    11:20:22.0104 4240 [ A63173897EA1A73A75D0E65036DE5B15 ] asHmComSvc C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
    11:20:22.0135 4240 asHmComSvc - ok
    11:20:22.0166 4240 [ FEF9DD9EA587F8886ADE43C1BEFBDAFE ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
    11:20:22.0166 4240 AsIO - ok
    11:20:22.0182 4240 [ 954950D11ADA98AC1B7EE3C770E4622C ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
    11:20:22.0213 4240 asmthub3 - ok
    11:20:22.0229 4240 [ 01DBB05DB1DB95803E3C9F2B49AFE79C ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
    11:20:22.0244 4240 asmtxhci - ok
    11:20:22.0307 4240 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    11:20:22.0322 4240 aspnet_state - ok
    11:20:22.0354 4240 [ 5C31DFB196CB3A488A041881634D86D2 ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
    11:20:22.0369 4240 AsSysCtrlService - ok
    11:20:22.0400 4240 [ 1392B92179B07B672720763D9B1028A5 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
    11:20:22.0416 4240 AsUpIO - ok
    11:20:22.0463 4240 [ A4398A8914C32F18EC2AB562CBA3CAAF ] asusgsb C:\Windows\system32\drivers\asusgsb.sys
    11:20:22.0494 4240 asusgsb - ok
    11:20:22.0525 4240 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    11:20:22.0556 4240 AsyncMac - ok
    11:20:22.0572 4240 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    11:20:22.0572 4240 atapi - ok
    11:20:22.0603 4240 [ 230CF51113CD4B830B3BFD09B0D4C066 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
    11:20:22.0603 4240 AtiHDAudioService - ok
    11:20:22.0619 4240 [ FB4187C282CB467E5E606913A1FA79A3 ] atkdisplf C:\Windows\system32\Drivers\atkdisplowfilter.sys
    11:20:22.0650 4240 atkdisplf - ok
    11:20:22.0666 4240 [ 86D873FD396FA6708A99A1BDF104D120 ] ATKFUSService C:\Windows\system32\ATKFUSService.exe
    11:20:22.0681 4240 ATKFUSService ( UnsignedFile.Multi.Generic ) - warning
    11:20:22.0681 4240 ATKFUSService - detected UnsignedFile.Multi.Generic (1)
    11:20:22.0728 4240 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
    11:20:22.0744 4240 atksgt - ok
    11:20:22.0775 4240 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    11:20:22.0837 4240 AudioEndpointBuilder - ok
    11:20:22.0853 4240 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    11:20:22.0884 4240 AudioSrv - ok
    11:20:22.0900 4240 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    11:20:22.0962 4240 AxInstSV - ok
    11:20:23.0009 4240 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    11:20:23.0040 4240 b06bdrv - ok
    11:20:23.0056 4240 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    11:20:23.0087 4240 b57nd60a - ok
    11:20:23.0118 4240 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    11:20:23.0165 4240 BDESVC - ok
    11:20:23.0180 4240 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    11:20:23.0243 4240 Beep - ok
    11:20:23.0290 4240 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    11:20:23.0336 4240 BFE - ok
    11:20:23.0399 4240 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
    11:20:23.0446 4240 BITS - ok
    11:20:23.0477 4240 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    11:20:23.0508 4240 blbdrive - ok
    11:20:23.0539 4240 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    11:20:23.0570 4240 bowser - ok
    11:20:23.0586 4240 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    11:20:23.0633 4240 BrFiltLo - ok
    11:20:23.0633 4240 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    11:20:23.0648 4240 BrFiltUp - ok
    11:20:23.0664 4240 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
    11:20:23.0680 4240 BridgeMP - ok
    11:20:23.0726 4240 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
    11:20:23.0758 4240 Browser - ok
    11:20:23.0789 4240 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    11:20:23.0820 4240 Brserid - ok
    11:20:23.0836 4240 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    11:20:23.0836 4240 BrSerWdm - ok
    11:20:23.0851 4240 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    11:20:23.0867 4240 BrUsbMdm - ok
    11:20:23.0882 4240 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    11:20:23.0882 4240 BrUsbSer - ok
    11:20:23.0898 4240 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    11:20:23.0929 4240 BTHMODEM - ok
    11:20:23.0945 4240 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    11:20:23.0976 4240 bthserv - ok
    11:20:23.0992 4240 catchme - ok
    11:20:24.0007 4240 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    11:20:24.0054 4240 cdfs - ok
    11:20:24.0085 4240 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    11:20:24.0116 4240 cdrom - ok
    11:20:24.0148 4240 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    11:20:24.0179 4240 CertPropSvc - ok
    11:20:24.0210 4240 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    11:20:24.0226 4240 circlass - ok
    11:20:24.0241 4240 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    11:20:24.0257 4240 CLFS - ok
    11:20:24.0304 4240 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    11:20:24.0319 4240 clr_optimization_v2.0.50727_32 - ok
    11:20:24.0335 4240 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    11:20:24.0350 4240 clr_optimization_v2.0.50727_64 - ok
    11:20:24.0413 4240 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    11:20:24.0413 4240 clr_optimization_v4.0.30319_32 - ok
    11:20:24.0428 4240 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    11:20:24.0444 4240 clr_optimization_v4.0.30319_64 - ok
    11:20:24.0444 4240 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    11:20:24.0475 4240 CmBatt - ok
    11:20:24.0506 4240 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    11:20:24.0522 4240 cmdide - ok
    11:20:24.0553 4240 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    11:20:24.0569 4240 CNG - ok
    11:20:24.0569 4240 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    11:20:24.0584 4240 Compbatt - ok
    11:20:24.0600 4240 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    11:20:24.0631 4240 CompositeBus - ok
    11:20:24.0631 4240 COMSysApp - ok
    11:20:24.0662 4240 [ DF3E8C2C443D3618260DFF5705CE2DF5 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
    11:20:24.0678 4240 cphs - ok
    11:20:24.0694 4240 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    11:20:24.0709 4240 crcdisk - ok
    11:20:24.0740 4240 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
    11:20:24.0756 4240 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
    11:20:24.0756 4240 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
    11:20:24.0772 4240 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    11:20:24.0787 4240 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
    11:20:24.0787 4240 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
    11:20:24.0818 4240 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    11:20:24.0834 4240 CryptSvc - ok
    11:20:24.0865 4240 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
    11:20:24.0928 4240 CSC - ok
    11:20:24.0959 4240 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
    11:20:24.0990 4240 CscService - ok
    11:20:25.0021 4240 [ 7DAA33AAEE034AE62EF631A3F13A027B ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    11:20:25.0037 4240 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
    11:20:25.0037 4240 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
    11:20:25.0084 4240 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    11:20:25.0130 4240 DcomLaunch - ok
    11:20:25.0177 4240 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    11:20:25.0240 4240 defragsvc - ok
    11:20:25.0271 4240 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    11:20:25.0318 4240 DfsC - ok
    11:20:25.0333 4240 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    11:20:25.0364 4240 Dhcp - ok
    11:20:25.0396 4240 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    11:20:25.0442 4240 discache - ok
    11:20:25.0458 4240 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    11:20:25.0458 4240 Disk - ok
    11:20:25.0489 4240 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    11:20:25.0536 4240 Dnscache - ok
    11:20:25.0552 4240 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    11:20:25.0583 4240 dot3svc - ok
    11:20:25.0630 4240 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    11:20:25.0645 4240 DPS - ok
    11:20:25.0692 4240 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    11:20:25.0692 4240 drmkaud - ok
    11:20:25.0723 4240 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    11:20:25.0723 4240 dtsoftbus01 - ok
    11:20:25.0754 4240 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    11:20:25.0786 4240 DXGKrnl - ok
    11:20:25.0817 4240 [ 471612D324D8682B98B267BD091D2219 ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
    11:20:25.0832 4240 e1cexpress - ok
    11:20:25.0848 4240 [ 13533557D01B88C83110D5CF749F14D7 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
    11:20:25.0848 4240 eamonm - ok
    11:20:25.0864 4240 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    11:20:25.0895 4240 EapHost - ok
    11:20:25.0957 4240 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    11:20:25.0988 4240 ebdrv - ok
    11:20:26.0020 4240 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    11:20:26.0020 4240 EFS - ok
    11:20:26.0051 4240 [ E097728129E7B79BF1089D7AEF42332B ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
    11:20:26.0051 4240 ehdrv - ok
    11:20:26.0098 4240 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    11:20:26.0129 4240 ehRecvr - ok
    11:20:26.0160 4240 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    11:20:26.0191 4240 ehSched - ok
    11:20:26.0207 4240 [ 343ADA10D948DB29251F2D9C809AF204 ] EIO64 C:\Windows\system32\DRIVERS\EIO64.sys
    11:20:26.0238 4240 EIO64 - ok
    11:20:26.0285 4240 [ F0EEBAC2F362AA866188A1C0EF819CB9 ] ekrn C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    11:20:26.0316 4240 ekrn - ok
    11:20:26.0347 4240 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    11:20:26.0378 4240 elxstor - ok
    11:20:26.0425 4240 [ 198C6FBC30BBD9632EA051203DCCF204 ] epfw C:\Windows\system32\DRIVERS\epfw.sys
    11:20:26.0441 4240 epfw - ok
    11:20:26.0456 4240 [ 56DE463F517710A8AA44EEF82C35B3C9 ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys
    11:20:26.0456 4240 EpfwLWF - ok
    11:20:26.0503 4240 [ 710B0442BB2F99278D7B8E02A8849C11 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys
    11:20:26.0503 4240 epfwwfp - ok
    11:20:26.0534 4240 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    11:20:26.0566 4240 ErrDev - ok
    11:20:26.0612 4240 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    11:20:26.0659 4240 EventSystem - ok
    11:20:26.0706 4240 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    11:20:26.0737 4240 exfat - ok
    11:20:26.0753 4240 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    11:20:26.0784 4240 fastfat - ok
    11:20:26.0815 4240 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    11:20:26.0862 4240 Fax - ok
    11:20:26.0878 4240 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    11:20:26.0893 4240 fdc - ok
    11:20:26.0909 4240 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    11:20:26.0940 4240 fdPHost - ok
    11:20:26.0956 4240 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    11:20:26.0987 4240 FDResPub - ok
    11:20:27.0002 4240 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    11:20:27.0018 4240 FileInfo - ok
    11:20:27.0018 4240 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    11:20:27.0034 4240 Filetrace - ok
    11:20:27.0112 4240 [ 8669BE94F63944E4F899C3950B520241 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    11:20:27.0127 4240 FLEXnet Licensing Service - ok
    11:20:27.0127 4240 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    11:20:27.0143 4240 flpydisk - ok
    11:20:27.0174 4240 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    11:20:27.0190 4240 FltMgr - ok
    11:20:27.0221 4240 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    11:20:27.0236 4240 FontCache - ok
    11:20:27.0299 4240 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    11:20:27.0299 4240 FontCache3.0.0.0 - ok
    11:20:27.0314 4240 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    11:20:27.0330 4240 FsDepends - ok
    11:20:27.0346 4240 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    11:20:27.0361 4240 Fs_Rec - ok
    11:20:27.0377 4240 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    11:20:27.0392 4240 fvevol - ok
    11:20:27.0392 4240 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    11:20:27.0392 4240 gagp30kx - ok
    11:20:27.0455 4240 GGSAFERDriver - ok
    11:20:27.0486 4240 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    11:20:27.0517 4240 gpsvc - ok
    11:20:27.0548 4240 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
    11:20:27.0564 4240 hamachi - ok
    11:20:27.0626 4240 [ F10C3F2E002100BF8B797DCF283FEA7D ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    11:20:27.0673 4240 Hamachi2Svc - ok
    11:20:27.0673 4240 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    11:20:27.0704 4240 hcw85cir - ok
    11:20:27.0736 4240 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    11:20:27.0751 4240 HdAudAddService - ok
    11:20:27.0767 4240 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    11:20:27.0782 4240 HDAudBus - ok
    11:20:27.0782 4240 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    11:20:27.0798 4240 HidBatt - ok
    11:20:27.0829 4240 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    11:20:27.0845 4240 HidBth - ok
    11:20:27.0860 4240 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    11:20:27.0876 4240 HidIr - ok
    11:20:27.0892 4240 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
    11:20:27.0923 4240 hidserv - ok
    11:20:27.0954 4240 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    11:20:27.0970 4240 HidUsb - ok
    11:20:28.0001 4240 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    11:20:28.0048 4240 hkmsvc - ok
    11:20:28.0063 4240 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    11:20:28.0079 4240 HomeGroupListener - ok
    11:20:28.0110 4240 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    11:20:28.0126 4240 HomeGroupProvider - ok
    11:20:28.0157 4240 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    11:20:28.0157 4240 HpSAMD - ok
    11:20:28.0188 4240 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    11:20:28.0266 4240 HTTP - ok
    11:20:28.0297 4240 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    11:20:28.0313 4240 hwpolicy - ok
    11:20:28.0328 4240 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    11:20:28.0344 4240 i8042prt - ok
    11:20:28.0360 4240 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    11:20:28.0375 4240 iaStorV - ok
    11:20:28.0391 4240 [ C1010ADD3DDAE1196ED21057AF7B2AAE ] ICCWDT C:\Windows\system32\DRIVERS\ICCWDT.sys
    11:20:28.0406 4240 ICCWDT - ok
    11:20:28.0453 4240 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    11:20:28.0485 4240 IDriverT ( UnsignedFile.Multi.Generic ) - warning
    11:20:28.0485 4240 IDriverT - detected UnsignedFile.Multi.Generic (1)
    11:20:28.0516 4240 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    11:20:28.0547 4240 idsvc - ok
    11:20:28.0765 4240 [ 276EE9CDAB16C50E1DF0E4CEFA882F5F ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    11:20:28.0906 4240 igfx - ok
    11:20:28.0921 4240 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    11:20:28.0937 4240 iirsp - ok
    11:20:28.0968 4240 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    11:20:29.0015 4240 IKEEXT - ok
    11:20:29.0077 4240 [ 26407A11D7E222AFB7CE32700ABBD9D1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    11:20:29.0109 4240 IntcAzAudAddService - ok
    11:20:29.0140 4240 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
    11:20:29.0155 4240 IntcDAud - ok
    11:20:29.0202 4240 [ 7A3F838F2D7C8FD8E8CFF480384A798C ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
    11:20:29.0202 4240 Intel(R) PROSet Monitoring Service - ok
    11:20:29.0218 4240 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    11:20:29.0233 4240 intelide - ok
    11:20:29.0249 4240 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    11:20:29.0265 4240 intelppm - ok
    11:20:29.0280 4240 [ A01C412699B6F21645B2885C2BAE4454 ] IOMap C:\Windows\system32\drivers\IOMap64.sys
    11:20:29.0280 4240 IOMap - ok
    11:20:29.0311 4240 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    11:20:29.0343 4240 IPBusEnum - ok
    11:20:29.0374 4240 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    11:20:29.0452 4240 IpFilterDriver - ok
    11:20:29.0467 4240 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    11:20:29.0483 4240 IPMIDRV - ok
    11:20:29.0499 4240 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    11:20:29.0530 4240 IPNAT - ok
    11:20:29.0530 4240 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    11:20:29.0545 4240 IRENUM - ok
    11:20:29.0561 4240 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    11:20:29.0577 4240 isapnp - ok
    11:20:29.0592 4240 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    11:20:29.0608 4240 iScsiPrt - ok
    11:20:29.0608 4240 [ A577F5DB30F70ECA9708C07C2EACBD9D ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
    11:20:29.0623 4240 JRAID - ok
    11:20:29.0623 4240 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
    11:20:29.0639 4240 kbdclass - ok
    11:20:29.0655 4240 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    11:20:29.0670 4240 kbdhid - ok
    11:20:29.0686 4240 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    11:20:29.0701 4240 KeyIso - ok
    11:20:29.0717 4240 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    11:20:29.0733 4240 KSecDD - ok
    11:20:29.0748 4240 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    11:20:29.0764 4240 KSecPkg - ok
    11:20:29.0764 4240 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    11:20:29.0795 4240 ksthunk - ok
    11:20:29.0826 4240 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    11:20:29.0857 4240 KtmRm - ok
    11:20:29.0889 4240 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
    11:20:29.0935 4240 LanmanServer - ok
    11:20:29.0951 4240 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    11:20:29.0982 4240 LanmanWorkstation - ok
    11:20:30.0013 4240 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
    11:20:30.0013 4240 lirsgt - ok
    11:20:30.0029 4240 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    11:20:30.0045 4240 lltdio - ok
    11:20:30.0076 4240 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    11:20:30.0123 4240 lltdsvc - ok
    11:20:30.0138 4240 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    11:20:30.0154 4240 lmhosts - ok
    11:20:30.0169 4240 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    11:20:30.0185 4240 LSI_FC - ok
    11:20:30.0201 4240 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    11:20:30.0201 4240 LSI_SAS - ok
    11:20:30.0216 4240 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    11:20:30.0216 4240 LSI_SAS2 - ok
    11:20:30.0216 4240 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    11:20:30.0232 4240 LSI_SCSI - ok
    11:20:30.0247 4240 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    11:20:30.0263 4240 luafv - ok
    11:20:30.0279 4240 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
    11:20:30.0294 4240 mcdbus - ok
    11:20:30.0325 4240 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    11:20:30.0341 4240 Mcx2Svc - ok
    11:20:30.0357 4240 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    11:20:30.0357 4240 megasas - ok
    11:20:30.0372 4240 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    11:20:30.0388 4240 MegaSR - ok
    11:20:30.0403 4240 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    11:20:30.0419 4240 MEIx64 - ok
    11:20:30.0450 4240 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
    11:20:30.0466 4240 Microsoft Office Groove Audit Service - ok
    11:20:30.0481 4240 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    11:20:30.0513 4240 MMCSS - ok
    11:20:30.0528 4240 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    11:20:30.0559 4240 Modem - ok
    11:20:30.0559 4240 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    11:20:30.0591 4240 monitor - ok
    11:20:30.0606 4240 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
    11:20:30.0622 4240 mouclass - ok
    11:20:30.0622 4240 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    11:20:30.0653 4240 mouhid - ok
    11:20:30.0700 4240 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    11:20:30.0715 4240 mountmgr - ok
    11:20:30.0747 4240 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    11:20:30.0762 4240 MozillaMaintenance - ok
    11:20:30.0778 4240 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    11:20:30.0793 4240 mpio - ok
    11:20:30.0809 4240 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    11:20:30.0825 4240 mpsdrv - ok
    11:20:30.0856 4240 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    11:20:30.0903 4240 MpsSvc - ok
    11:20:30.0934 4240 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    11:20:30.0965 4240 MRxDAV - ok
    11:20:30.0981 4240 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    11:20:31.0012 4240 mrxsmb - ok
    11:20:31.0027 4240 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    11:20:31.0043 4240 mrxsmb10 - ok
    11:20:31.0059 4240 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    11:20:31.0074 4240 mrxsmb20 - ok
    11:20:31.0074 4240 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    11:20:31.0090 4240 msahci - ok
    11:20:31.0105 4240 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    11:20:31.0121 4240 msdsm - ok
    11:20:31.0137 4240 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    11:20:31.0152 4240 MSDTC - ok
    11:20:31.0168 4240 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    11:20:31.0183 4240 Msfs - ok
    11:20:31.0215 4240 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    11:20:31.0230 4240 mshidkmdf - ok
    11:20:31.0261 4240 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    11:20:31.0261 4240 msisadrv - ok
    11:20:31.0293 4240 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    11:20:31.0324 4240 MSiSCSI - ok
    11:20:31.0324 4240 msiserver - ok
    11:20:31.0339 4240 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    11:20:31.0355 4240 MSKSSRV - ok
    11:20:31.0371 4240 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    11:20:31.0386 4240 MSPCLOCK - ok
    11:20:31.0402 4240 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    11:20:31.0417 4240 MSPQM - ok
    11:20:31.0449 4240 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    11:20:31.0449 4240 MsRPC - ok
    11:20:31.0464 4240 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    11:20:31.0464 4240 mssmbios - ok
    11:20:31.0480 4240 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    11:20:31.0495 4240 MSTEE - ok
    11:20:31.0495 4240 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    11:20:31.0511 4240 MTConfig - ok
    11:20:31.0511 4240 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    11:20:31.0527 4240 Mup - ok
    11:20:31.0542 4240 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    11:20:31.0589 4240 napagent - ok
    11:20:31.0589 4240 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    11:20:31.0605 4240 NativeWifiP - ok
    11:20:31.0651 4240 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
    11:20:31.0683 4240 NDIS - ok
    11:20:31.0698 4240 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    11:20:31.0714 4240 NdisCap - ok
    11:20:31.0729 4240 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    11:20:31.0745 4240 NdisTapi - ok
    11:20:31.0776 4240 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    11:20:31.0823 4240 Ndisuio - ok
    11:20:31.0839 4240 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    11:20:31.0885 4240 NdisWan - ok
    11:20:31.0901 4240 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    11:20:31.0932 4240 NDProxy - ok
    11:20:31.0932 4240 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    11:20:31.0963 4240 NetBIOS - ok
    11:20:31.0995 4240 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    11:20:32.0010 4240 NetBT - ok
    11:20:32.0010 4240 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    11:20:32.0026 4240 Netlogon - ok
    11:20:32.0041 4240 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    11:20:32.0073 4240 Netman - ok
    11:20:32.0104 4240 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    11:20:32.0119 4240 NetMsmqActivator - ok
    11:20:32.0119 4240 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    11:20:32.0119 4240 NetPipeActivator - ok
    11:20:32.0135 4240 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    11:20:32.0166 4240 netprofm - ok
    11:20:32.0166 4240 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    11:20:32.0166 4240 NetTcpActivator - ok
    11:20:32.0182 4240 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    11:20:32.0182 4240 NetTcpPortSharing - ok
    11:20:32.0182 4240 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    11:20:32.0197 4240 nfrd960 - ok
    11:20:32.0213 4240 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    11:20:32.0275 4240 NlaSvc - ok
    11:20:32.0291 4240 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    11:20:32.0307 4240 Npfs - ok
    11:20:32.0322 4240 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    11:20:32.0338 4240 nsi - ok
    11:20:32.0353 4240 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    11:20:32.0369 4240 nsiproxy - ok
    11:20:32.0416 4240 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    11:20:32.0431 4240 Ntfs - ok
    11:20:32.0447 4240 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    11:20:32.0478 4240 Null - ok
    11:20:32.0494 4240 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    11:20:32.0494 4240 nvraid - ok
    11:20:32.0509 4240 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    11:20:32.0525 4240 nvstor - ok
    11:20:32.0541 4240 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    11:20:32.0541 4240 nv_agp - ok
    11:20:32.0587 4240 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    11:20:32.0619 4240 odserv - ok
    11:20:32.0634 4240 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    11:20:32.0650 4240 ohci1394 - ok
    11:20:32.0665 4240 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    11:20:32.0681 4240 ose - ok
    11:20:32.0697 4240 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    11:20:32.0728 4240 p2pimsvc - ok
    11:20:32.0743 4240 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    11:20:32.0759 4240 p2psvc - ok
    11:20:32.0775 4240 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    11:20:32.0775 4240 Parport - ok
    11:20:32.0806 4240 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    11:20:32.0806 4240 partmgr - ok
    11:20:32.0806 4240 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    11:20:32.0821 4240 PcaSvc - ok
    11:20:32.0837 4240 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    11:20:32.0837 4240 pci - ok
    11:20:32.0853 4240 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    11:20:32.0853 4240 pciide - ok
    11:20:32.0853 4240 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    11:20:32.0868 4240 pcmcia - ok
    11:20:32.0868 4240 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    11:20:32.0884 4240 pcw - ok
    11:20:32.0899 4240 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    11:20:32.0946 4240 PEAUTH - ok
    11:20:32.0993 4240 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    11:20:33.0009 4240 PeerDistSvc - ok
    11:20:33.0071 4240 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    11:20:33.0102 4240 PerfHost - ok
    11:20:33.0149 4240 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    11:20:33.0211 4240 pla - ok
    11:20:33.0243 4240 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    11:20:33.0274 4240 PlugPlay - ok
    11:20:33.0274 4240 PnkBstrA - ok
    11:20:33.0274 4240 PnkBstrB - ok
    11:20:33.0289 4240 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    11:20:33.0305 4240 PNRPAutoReg - ok
    11:20:33.0336 4240 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    11:20:33.0336 4240 PNRPsvc - ok
    11:20:33.0367 4240 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
    11:20:33.0367 4240 Point64 - ok
    11:20:33.0383 4240 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    11:20:33.0414 4240 PolicyAgent - ok
    11:20:33.0430 4240 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    11:20:33.0461 4240 Power - ok
  15. Adikov

    Adikov Newcomer, in training Topic Starter

    11:20:33.0492 4240 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    11:20:33.0508 4240 PptpMiniport - ok
    11:20:33.0523 4240 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    11:20:33.0539 4240 Processor - ok
    11:20:33.0555 4240 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    11:20:33.0570 4240 ProfSvc - ok
    11:20:33.0586 4240 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    11:20:33.0601 4240 ProtectedStorage - ok
    11:20:33.0617 4240 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    11:20:33.0633 4240 Psched - ok
    11:20:33.0679 4240 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    11:20:33.0711 4240 ql2300 - ok
    11:20:33.0711 4240 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    11:20:33.0726 4240 ql40xx - ok
    11:20:33.0742 4240 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    11:20:33.0773 4240 QWAVE - ok
    11:20:33.0773 4240 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    11:20:33.0804 4240 QWAVEdrv - ok
    11:20:33.0804 4240 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    11:20:33.0835 4240 RasAcd - ok
    11:20:33.0851 4240 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    11:20:33.0882 4240 RasAgileVpn - ok
    11:20:33.0882 4240 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    11:20:33.0929 4240 RasAuto - ok
    11:20:33.0960 4240 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    11:20:33.0976 4240 Rasl2tp - ok
    11:20:34.0007 4240 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    11:20:34.0023 4240 RasMan - ok
    11:20:34.0038 4240 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    11:20:34.0069 4240 RasPppoe - ok
    11:20:34.0069 4240 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    11:20:34.0085 4240 RasSstp - ok
    11:20:34.0116 4240 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    11:20:34.0147 4240 rdbss - ok
    11:20:34.0147 4240 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    11:20:34.0163 4240 rdpbus - ok
    11:20:34.0163 4240 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    11:20:34.0194 4240 RDPCDD - ok
    11:20:34.0210 4240 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    11:20:34.0241 4240 RDPDR - ok
    11:20:34.0257 4240 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    11:20:34.0288 4240 RDPENCDD - ok
    11:20:34.0288 4240 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    11:20:34.0319 4240 RDPREFMP - ok
    11:20:34.0350 4240 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
    11:20:34.0381 4240 RdpVideoMiniport - ok
    11:20:34.0413 4240 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    11:20:34.0459 4240 RDPWD - ok
    11:20:34.0491 4240 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    11:20:34.0506 4240 rdyboost - ok
    11:20:34.0522 4240 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    11:20:34.0553 4240 RemoteAccess - ok
    11:20:34.0569 4240 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    11:20:34.0600 4240 RemoteRegistry - ok
    11:20:34.0615 4240 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    11:20:34.0631 4240 RpcEptMapper - ok
    11:20:34.0647 4240 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    11:20:34.0662 4240 RpcLocator - ok
    11:20:34.0693 4240 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    11:20:34.0709 4240 RpcSs - ok
    11:20:34.0725 4240 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    11:20:34.0740 4240 rspndr - ok
    11:20:34.0756 4240 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
    11:20:34.0787 4240 s3cap - ok
    11:20:34.0803 4240 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    11:20:34.0818 4240 SamSs - ok
    11:20:34.0834 4240 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    11:20:34.0849 4240 sbp2port - ok
    11:20:34.0881 4240 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    11:20:34.0943 4240 SCardSvr - ok
    11:20:34.0959 4240 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    11:20:35.0005 4240 scfilter - ok
    11:20:35.0037 4240 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    11:20:35.0083 4240 Schedule - ok
    11:20:35.0099 4240 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    11:20:35.0115 4240 SCPolicySvc - ok
    11:20:35.0146 4240 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    11:20:35.0161 4240 SDRSVC - ok
    11:20:35.0177 4240 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    11:20:35.0224 4240 secdrv - ok
    11:20:35.0255 4240 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    11:20:35.0271 4240 seclogon - ok
    11:20:35.0286 4240 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
    11:20:35.0333 4240 SENS - ok
    11:20:35.0349 4240 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    11:20:35.0364 4240 SensrSvc - ok
    11:20:35.0380 4240 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    11:20:35.0380 4240 Serenum - ok
    11:20:35.0395 4240 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    11:20:35.0411 4240 Serial - ok
    11:20:35.0427 4240 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    11:20:35.0427 4240 sermouse - ok
    11:20:35.0458 4240 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    11:20:35.0473 4240 SessionEnv - ok
    11:20:35.0505 4240 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    11:20:35.0520 4240 sffdisk - ok
    11:20:35.0536 4240 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    11:20:35.0551 4240 sffp_mmc - ok
    11:20:35.0567 4240 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    11:20:35.0583 4240 sffp_sd - ok
    11:20:35.0583 4240 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    11:20:35.0598 4240 sfloppy - ok
    11:20:35.0614 4240 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    11:20:35.0645 4240 SharedAccess - ok
    11:20:35.0723 4240 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    11:20:35.0754 4240 ShellHWDetection - ok
    11:20:35.0770 4240 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    11:20:35.0770 4240 SiSRaid2 - ok
    11:20:35.0785 4240 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    11:20:35.0801 4240 SiSRaid4 - ok
    11:20:35.0926 4240 [ DB0405D9AAD62F0762E0876AC142B7E1 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    11:20:35.0941 4240 SkypeUpdate - ok
    11:20:35.0941 4240 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    11:20:35.0973 4240 Smb - ok
    11:20:35.0973 4240 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    11:20:35.0988 4240 SNMPTRAP - ok
    11:20:35.0988 4240 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    11:20:36.0004 4240 spldr - ok
    11:20:36.0035 4240 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
    11:20:36.0051 4240 Spooler - ok
    11:20:36.0113 4240 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    11:20:36.0175 4240 sppsvc - ok
    11:20:36.0175 4240 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    11:20:36.0222 4240 sppuinotify - ok
    11:20:36.0238 4240 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    11:20:36.0269 4240 srv - ok
    11:20:36.0285 4240 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    11:20:36.0285 4240 srv2 - ok
    11:20:36.0300 4240 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    11:20:36.0300 4240 srvnet - ok
    11:20:36.0316 4240 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    11:20:36.0331 4240 SSDPSRV - ok
    11:20:36.0347 4240 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    11:20:36.0363 4240 SstpSvc - ok
    11:20:36.0378 4240 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    11:20:36.0378 4240 stexstor - ok
    11:20:36.0409 4240 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    11:20:36.0441 4240 stisvc - ok
    11:20:36.0472 4240 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
    11:20:36.0487 4240 storflt - ok
    11:20:36.0503 4240 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
    11:20:36.0519 4240 storvsc - ok
    11:20:36.0534 4240 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    11:20:36.0550 4240 swenum - ok
    11:20:36.0597 4240 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    11:20:36.0612 4240 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
    11:20:36.0612 4240 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
    11:20:36.0643 4240 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    11:20:36.0675 4240 swprv - ok
    11:20:36.0675 4240 Synth3dVsc - ok
    11:20:36.0721 4240 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    11:20:36.0753 4240 SysMain - ok
    11:20:36.0784 4240 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    11:20:36.0799 4240 TabletInputService - ok
    11:20:36.0815 4240 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    11:20:36.0846 4240 TapiSrv - ok
    11:20:36.0846 4240 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    11:20:36.0877 4240 TBS - ok
    11:20:36.0924 4240 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    11:20:36.0971 4240 Tcpip - ok
    11:20:36.0987 4240 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    11:20:37.0018 4240 TCPIP6 - ok
    11:20:37.0033 4240 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    11:20:37.0049 4240 tcpipreg - ok
    11:20:37.0065 4240 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    11:20:37.0080 4240 TDPIPE - ok
    11:20:37.0111 4240 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    11:20:37.0111 4240 TDTCP - ok
    11:20:37.0127 4240 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    11:20:37.0158 4240 tdx - ok
    11:20:37.0174 4240 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    11:20:37.0189 4240 TermDD - ok
    11:20:37.0205 4240 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    11:20:37.0236 4240 TermService - ok
    11:20:37.0252 4240 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    11:20:37.0267 4240 Themes - ok
    11:20:37.0299 4240 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    11:20:37.0314 4240 THREADORDER - ok
    11:20:37.0330 4240 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    11:20:37.0345 4240 TrkWks - ok
    11:20:37.0392 4240 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    11:20:37.0439 4240 TrustedInstaller - ok
    11:20:37.0455 4240 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    11:20:37.0486 4240 tssecsrv - ok
    11:20:37.0501 4240 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    11:20:37.0548 4240 TsUsbFlt - ok
    11:20:37.0548 4240 tsusbhub - ok
    11:20:37.0579 4240 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    11:20:37.0611 4240 tunnel - ok
    11:20:37.0611 4240 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    11:20:37.0626 4240 uagp35 - ok
    11:20:37.0642 4240 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    11:20:37.0657 4240 udfs - ok
    11:20:37.0673 4240 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    11:20:37.0673 4240 UI0Detect - ok
    11:20:37.0689 4240 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    11:20:37.0704 4240 uliagpkx - ok
    11:20:37.0720 4240 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    11:20:37.0735 4240 umbus - ok
    11:20:37.0735 4240 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    11:20:37.0751 4240 UmPass - ok
    11:20:37.0767 4240 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
    11:20:37.0782 4240 UmRdpService - ok
    11:20:37.0798 4240 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    11:20:37.0829 4240 upnphost - ok
    11:20:37.0829 4240 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    11:20:37.0876 4240 usbccgp - ok
    11:20:37.0907 4240 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    11:20:37.0923 4240 usbcir - ok
    11:20:37.0938 4240 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
    11:20:37.0954 4240 usbehci - ok
    11:20:37.0969 4240 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    11:20:37.0969 4240 usbhub - ok
    11:20:37.0985 4240 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    11:20:38.0016 4240 usbohci - ok
    11:20:38.0032 4240 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    11:20:38.0063 4240 usbprint - ok
    11:20:38.0094 4240 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    11:20:38.0110 4240 usbscan - ok
    11:20:38.0125 4240 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    11:20:38.0141 4240 USBSTOR - ok
    11:20:38.0157 4240 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    11:20:38.0172 4240 usbuhci - ok
    11:20:38.0172 4240 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    11:20:38.0203 4240 UxSms - ok
    11:20:38.0203 4240 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    11:20:38.0219 4240 VaultSvc - ok
    11:20:38.0219 4240 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    11:20:38.0235 4240 vdrvroot - ok
    11:20:38.0250 4240 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    11:20:38.0297 4240 vds - ok
    11:20:38.0313 4240 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    11:20:38.0313 4240 vga - ok
    11:20:38.0328 4240 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    11:20:38.0359 4240 VgaSave - ok
    11:20:38.0359 4240 VGPU - ok
    11:20:38.0375 4240 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    11:20:38.0391 4240 vhdmp - ok
    11:20:38.0406 4240 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    11:20:38.0422 4240 viaide - ok
    11:20:38.0453 4240 [ 36ED684CAFEF28C378569EB64489AD2A ] VirtuWDDM C:\Windows\system32\DRIVERS\VirtuWDDM.sys
    11:20:38.0469 4240 VirtuWDDM - ok
    11:20:38.0469 4240 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
    11:20:38.0484 4240 vmbus - ok
    11:20:38.0500 4240 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
    11:20:38.0515 4240 VMBusHID - ok
    11:20:38.0531 4240 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    11:20:38.0531 4240 volmgr - ok
    11:20:38.0562 4240 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    11:20:38.0578 4240 volmgrx - ok
    11:20:38.0609 4240 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
    11:20:38.0625 4240 volsnap - ok
    11:20:38.0640 4240 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    11:20:38.0656 4240 vsmraid - ok
    11:20:38.0703 4240 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    11:20:38.0749 4240 VSS - ok
    11:20:38.0749 4240 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    11:20:38.0765 4240 vwifibus - ok
    11:20:38.0781 4240 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    11:20:38.0812 4240 W32Time - ok
    11:20:38.0812 4240 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    11:20:38.0827 4240 WacomPen - ok
    11:20:38.0827 4240 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    11:20:38.0859 4240 WANARP - ok
    11:20:38.0859 4240 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    11:20:38.0874 4240 Wanarpv6 - ok
    11:20:38.0921 4240 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    11:20:38.0937 4240 WatAdminSvc - ok
    11:20:38.0968 4240 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    11:20:38.0999 4240 wbengine - ok
    11:20:39.0015 4240 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    11:20:39.0015 4240 WbioSrvc - ok
    11:20:39.0046 4240 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    11:20:39.0077 4240 wcncsvc - ok
    11:20:39.0077 4240 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    11:20:39.0108 4240 WcsPlugInService - ok
    11:20:39.0108 4240 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    11:20:39.0108 4240 Wd - ok
    11:20:39.0124 4240 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    11:20:39.0139 4240 Wdf01000 - ok
    11:20:39.0155 4240 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    11:20:39.0171 4240 WdiServiceHost - ok
    11:20:39.0171 4240 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    11:20:39.0186 4240 WdiSystemHost - ok
    11:20:39.0202 4240 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    11:20:39.0233 4240 WebClient - ok
    11:20:39.0249 4240 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    11:20:39.0264 4240 Wecsvc - ok
    11:20:39.0280 4240 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    11:20:39.0311 4240 wercplsupport - ok
    11:20:39.0311 4240 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    11:20:39.0358 4240 WerSvc - ok
    11:20:39.0358 4240 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    11:20:39.0389 4240 WfpLwf - ok
    11:20:39.0389 4240 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    11:20:39.0389 4240 WIMMount - ok
    11:20:39.0405 4240 WinDefend - ok
    11:20:39.0420 4240 WinHttpAutoProxySvc - ok
    11:20:39.0451 4240 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    11:20:39.0483 4240 Winmgmt - ok
    11:20:39.0529 4240 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    11:20:39.0561 4240 WinRM - ok
    11:20:39.0592 4240 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
    11:20:39.0607 4240 WinUSB - ok
    11:20:39.0639 4240 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    11:20:39.0670 4240 Wlansvc - ok
    11:20:39.0763 4240 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    11:20:39.0795 4240 wlidsvc - ok
    11:20:39.0826 4240 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    11:20:39.0841 4240 WmiAcpi - ok
    11:20:39.0857 4240 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    11:20:39.0873 4240 wmiApSrv - ok
    11:20:39.0888 4240 WMPNetworkSvc - ok
    11:20:39.0904 4240 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    11:20:39.0935 4240 WPCSvc - ok
    11:20:39.0951 4240 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    11:20:39.0966 4240 WPDBusEnum - ok
    11:20:39.0982 4240 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    11:20:40.0013 4240 ws2ifsl - ok
    11:20:40.0013 4240 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
    11:20:40.0029 4240 wscsvc - ok
    11:20:40.0029 4240 WSearch - ok
    11:20:40.0091 4240 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    11:20:40.0122 4240 wuauserv - ok
    11:20:40.0153 4240 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    11:20:40.0169 4240 WudfPf - ok
    11:20:40.0185 4240 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    11:20:40.0216 4240 WUDFRd - ok
    11:20:40.0247 4240 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    11:20:40.0263 4240 wudfsvc - ok
    11:20:40.0278 4240 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    11:20:40.0294 4240 WwanSvc - ok
    11:20:40.0294 4240 ================ Scan global ===============================
    11:20:40.0325 4240 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    11:20:40.0341 4240 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    11:20:40.0341 4240 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    11:20:40.0372 4240 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    11:20:40.0403 4240 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    11:20:40.0403 4240 [Global] - ok
    11:20:40.0403 4240 ================ Scan MBR ==================================
    11:20:40.0419 4240 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    11:20:40.0746 4240 \Device\Harddisk0\DR0 - ok
    11:20:40.0762 4240 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
    11:20:40.0824 4240 \Device\Harddisk1\DR1 - ok
    11:20:40.0824 4240 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
    11:20:40.0918 4240 \Device\Harddisk2\DR2 - ok
    11:20:40.0918 4240 ================ Scan VBR ==================================
    11:20:40.0918 4240 [ 8EF7CFB547C1B3D51C05CBD3C4B45443 ] \Device\Harddisk0\DR0\Partition1
    11:20:40.0918 4240 \Device\Harddisk0\DR0\Partition1 - ok
    11:20:40.0933 4240 [ 3D9A8344ABE387E14CC0D8CA11D79334 ] \Device\Harddisk0\DR0\Partition2
    11:20:40.0965 4240 \Device\Harddisk0\DR0\Partition2 - ok
    11:20:40.0965 4240 [ BDFD66A6D65D677D5E153E681DDEEBC0 ] \Device\Harddisk1\DR1\Partition1
    11:20:40.0965 4240 \Device\Harddisk1\DR1\Partition1 - ok
    11:20:40.0965 4240 [ BEAABC1A2A57A6B4C78045831B425CC3 ] \Device\Harddisk2\DR2\Partition1
    11:20:40.0965 4240 \Device\Harddisk2\DR2\Partition1 - ok
    11:20:40.0965 4240 ============================================================
    11:20:40.0965 4240 Scan finished
    11:20:40.0965 4240 ============================================================
    11:20:40.0980 3588 Detected object count: 7
    11:20:40.0980 3588 Actual detected object count: 7
    11:21:08.0967 3588 ASDR ( UnsignedFile.Multi.Generic ) - skipped by user
    11:21:08.0967 3588 ASDR ( UnsignedFile.Multi.Generic ) - User select action: Skip
    11:21:08.0967 3588 ATKFUSService ( UnsignedFile.Multi.Generic ) - skipped by user
    11:21:08.0967 3588 ATKFUSService ( UnsignedFile.Multi.Generic ) - User select action: Skip
    11:21:08.0967 3588 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
    11:21:08.0967 3588 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
    11:21:08.0967 3588 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
    11:21:08.0967 3588 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
    11:21:08.0967 3588 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
    11:21:08.0967 3588 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
    11:21:08.0967 3588 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
    11:21:08.0967 3588 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
    11:21:08.0967 3588 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
    11:21:08.0967 3588 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
    11:21:14.0754 4548 Deinitialize success
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.
  17. Adikov

    Adikov Newcomer, in training Topic Starter

    Finished this too

    C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
    C:\Users\AdiKOV\Downloads\iLividSetupV1(1).exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Users\AdiKOV\Downloads\installer_powerdirector.exe Win32/Toggle application cleaned by deleting - quarantined
    C:\Users\AdiKOV\Downloads\SoftonicDownloader_for_windows-live-messenger.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
    C:\Users\AdiKOV\Downloads\Darkness.II.skidrowcrack.com\DarknessII.exe a variant of Win32/Packed.VProtect.A application cleaned by deleting - quarantined
    F:\d?v\rld.dll a variant of Win32/Packed.VMProtect.AAH trojan cleaned by deleting - quarantined
    F:\provincijalka\Data\Base\_Dbg\Bin\Release\1911.dll a variant of Win32/Packed.VMProtect.AAA trojan cleaned by deleting - quarantined
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi! Your logs appear to be clean. If there are no more issues, then we shall finish up!

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create
    Now we can purge the infected ones
    • Go back to the System and Maintenance page
    • Select Performance Information and Tools
    • On the left select Open Disk Cleanup
    • Select Files from all users and accept the warning if you get one
    • In the drop down box select your main drive I.e. C
    • For a few moments the system will make some calculations:
      [​IMG]
    • Select the More Options tab
      [​IMG]
    • In the System Restore and Shadow Backups select Clean up
      [​IMG]
    • Select Delete on the pop up
    • Select OK
    • Select Delete

    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    Download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    * Double-click the CCleaner shortcut on the desktop to start the program.
    * Click on the Options block on the left, then choose Cookies.
    * Under Cookies to Delete, highlight any cookies you would like to retain permanently
    * Click the right arrow > to move them to the Cookies to Keep window.
    * Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
    * Click Cleaner on the left then Run Cleaner on the right to run the program.
    * Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
     
  19. Adikov

    Adikov Newcomer, in training Topic Starter

    And there we go the final log :) thank you so much

    Results of screen317's Security Check version 0.99.51
    Windows 7 Service Pack 1 x64 (UAC is disabled!)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    ESET Smart Security 5.0
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.0.1400
    Java(TM) 6 Update 31
    Java version out of Date!
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Flash Player 11.4.402.265
    Adobe Reader X (10.1.4)
    Mozilla Firefox (15.0.1)
    ````````Process Check: objlist.exe by Laurent````````
    ESET NOD32 Antivirus egui.exe
    ESET NOD32 Antivirus ekrn.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    You're welcome.

    Java Update!

    Please download the newest version of Java from Java.com.

    Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

    Once old versions are gone, please install the newest version.

    Read more about Java exploit problems
    Adobe Flash Player Update!

    Please download the newest version of Adobe Flash Player from Adobe.com

    Before installing: it is important to remove older versions of Flash Player since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Adobe Flash Player. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.

    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.

    Read more about "FAQ: How did Sirefef or ZeroAccess Infect You?"

    Any other questions before I mark this topic solved?
  21. Adikov

    Adikov Newcomer, in training Topic Starter

    As far as I can tell no questions... but another huge thank you DMJ
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Great. Topic marked as solved. :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.