Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I am infected with Chrome M1N3R a keylogger of somesort


  • This topic is locked This topic is locked
11 replies to this topic

#1 pikeypikey

pikeypikey

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 03 January 2013 - 01:08 PM

Hello and thanks for anyone who would help me

Booting up my windows 7 machine suddenly alerted me of a file name "bleepakes.exe" and wishing to send them to microsoft, alt-tabbing between application I noticed I had several invisible applications running (they had invisible displays but they had small icons with what looks like the default one if you build a GUI from visual studio). Running task manager I spotted 4 applications that are suspicious.

One is called Chrome-M1N3R, I tried to kill it but it was constantly being rerun. I tried shutting down the other applications and killing M1N3R and seems to have killed it. The other applications look to be disguised as adobe bridge files.

also I have found the file "..net.exe" in my AppData/Roaming Folder, I am trying to delete it but it constantly gets rewritten to the folder. This folder also contains textfiles with my keylogged keyboard inputs in it. Along with a suspicious file named FacBook update. (yes its spelled FacBook)

As I am typing right now looks like the keylogger is still working. The paragraph I have typed above is saved in a newly created file name "Rs" in the same AppData/Roaming folder

Scanning the files above passes through MSE, Right now I am running Malwarebytes with 9 objects detected.

*EDIT NOTE- looks like the forum has a auto censoring function, the bleepsakes.exe above should be fu--sakes.exe, also M1N3R is running again.

Again thanks for any kindly soul who would lend a hand.

Edited by pikeypikey, 03 January 2013 - 01:16 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:25 PM

Posted 03 January 2013 - 02:00 PM

Hello, these do appear to be malware files. Post theMBAM log when complete..
Also run these,

TDSS Alt
Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.

>>>>

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.



MiniToolBox
Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#3 pikeypikey

pikeypikey
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 03 January 2013 - 06:19 PM

Hello again boopme, thanks for helping me out last time.

Here is the MBAM log

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.03.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ernest :: AMDSUPERBEAST [administrator]

Protection: Enabled

1/4/2013 1:08:55 AM
mbam-log-2013-01-04 (01-08-55).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 512911
Time elapsed: 2 hour(s), 43 second(s)

Memory Processes Detected: 2
C:\Users\Ernest\AppData\Local\Temp\AppLaunch\Service.exe (Trojan.Agent) -> 800 -> Delete on reboot.
C:\Users\Ernest\AppData\Local\Temp\AppLaunch\Service.exe (Trojan.Agent) -> 2432 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|FacbookUpdate (Trojan.MSIL) -> Data: C:\Users\Ernest\AppData\Roaming\FacbookUpdate.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|15295 (Trojan.Agent) -> Data: C:\PROGRA~3\LOCALS~1\Temp\msckfaa.bat -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 21
C:\Users\Ernest\AppData\Roaming\FacbookUpdate.exe (Trojan.MSIL) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1389998386-1187916591-2266619048-1000\$R0AWUTN.exe (Trojan.MSIL) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1389998386-1187916591-2266619048-1000\$R4B574D.exe (Trojan.MSIL) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1389998386-1187916591-2266619048-1000\$R7JQ3DV.exe (Trojan.MSIL) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1389998386-1187916591-2266619048-1000\$R9M17WH.exe (Trojan.MSIL) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1389998386-1187916591-2266619048-1000\$R9S7IEX.exe (Trojan.MSIL) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1389998386-1187916591-2266619048-1000\$RQR4ZHK.exe (Trojan.MSIL) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1389998386-1187916591-2266619048-1000\$RTXKERC.exe (Trojan.MSIL) -> Quarantined and deleted successfully.
C:\ProgramData\Local Settings\Temp\msjirmtr.scr (Trojan.MSIL) -> Quarantined and deleted successfully.
C:\Users\Ernest\beefcmfkh.exe (Trojan.MSIL) -> Quarantined and deleted successfully.
C:\Users\Ernest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5XO1BAW0\main[1].txt (PUP.Riskware.Bitcoin) -> Quarantined and deleted successfully.
C:\Users\Ernest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8UJ0BDCP\2miner[1].exe (Trojan.MSIL) -> Quarantined and deleted successfully.
C:\Users\Ernest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8UJ0BDCP\661989660.dpntcum[1].exe (Trojan.MSIL) -> Quarantined and deleted successfully.
C:\Users\Ernest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IKVT37M8\1113198314.hecker[1].exe (Trojan.MSIL) -> Quarantined and deleted successfully.
C:\Users\Ernest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IKVT37M8\152574220.2miner[1].exe (Trojan.MSIL) -> Quarantined and deleted successfully.
C:\Users\Ernest\AppData\Local\Temp\0003b309.exe (Trojan.MSIL) -> Quarantined and deleted successfully.
C:\Users\Ernest\Desktop\chrome miner\Windows\.exe (PUP.Riskware.Bitcoin) -> Quarantined and deleted successfully.
C:\Users\Ernest\AppData\Roaming\Rs (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Ernest\AppData\Local\Temp\AppLaunch\Service.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Ernest\AppData\Local\Temp\AppLaunch\msnmsgr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Local Settings\Temp\msckfaa.bat (Trojan.Agent) -> Delete on reboot.

(end)

#4 pikeypikey

pikeypikey
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 03 January 2013 - 06:21 PM

Here is the TDS remover log


07:13:24.0630 2992 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
07:13:25.0473 2992 ============================================================
07:13:25.0473 2992 Current date / time: 2013/01/04 07:13:25.0473
07:13:25.0473 2992 SystemInfo:
07:13:25.0473 2992
07:13:25.0473 2992 OS Version: 6.1.7601 ServicePack: 1.0
07:13:25.0473 2992 Product type: Workstation
07:13:25.0473 2992 ComputerName: AMDSUPERBEAST
07:13:25.0473 2992 UserName: Ernest
07:13:25.0473 2992 Windows directory: C:\Windows
07:13:25.0473 2992 System windows directory: C:\Windows
07:13:25.0473 2992 Running under WOW64
07:13:25.0473 2992 Processor architecture: Intel x64
07:13:25.0473 2992 Number of processors: 4
07:13:25.0473 2992 Page size: 0x1000
07:13:25.0473 2992 Boot type: Normal boot
07:13:25.0473 2992 ============================================================
07:13:26.0456 2992 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:13:26.0456 2992 ============================================================
07:13:26.0456 2992 \Device\Harddisk0\DR0:
07:13:26.0456 2992 MBR partitions:
07:13:26.0456 2992 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
07:13:26.0456 2992 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
07:13:26.0456 2992 ============================================================
07:13:26.0487 2992 C: <-> \Device\Harddisk0\DR0\Partition2
07:13:26.0487 2992 ============================================================
07:13:26.0487 2992 Initialize success
07:13:26.0487 2992 ============================================================
07:13:30.0303 3868 ============================================================
07:13:30.0303 3868 Scan started
07:13:30.0303 3868 Mode: Manual;
07:13:30.0303 3868 ============================================================
07:13:30.0711 3868 ================ Scan system memory ========================
07:13:30.0711 3868 System memory - ok
07:13:30.0712 3868 ================ Scan services =============================
07:13:30.0933 3868 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
07:13:30.0938 3868 1394ohci - ok
07:13:30.0961 3868 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
07:13:30.0968 3868 ACPI - ok
07:13:30.0987 3868 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
07:13:30.0988 3868 AcpiPmi - ok
07:13:31.0152 3868 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
07:13:31.0156 3868 AdobeFlashPlayerUpdateSvc - ok
07:13:31.0197 3868 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
07:13:31.0212 3868 adp94xx - ok
07:13:31.0238 3868 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
07:13:31.0246 3868 adpahci - ok
07:13:31.0266 3868 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
07:13:31.0270 3868 adpu320 - ok
07:13:31.0304 3868 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
07:13:31.0306 3868 AeLookupSvc - ok
07:13:31.0369 3868 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
07:13:31.0379 3868 AFD - ok
07:13:31.0397 3868 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
07:13:31.0400 3868 agp440 - ok
07:13:31.0414 3868 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
07:13:31.0416 3868 ALG - ok
07:13:31.0425 3868 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
07:13:31.0426 3868 aliide - ok
07:13:31.0507 3868 [ 4C1E3649C89C7D542CD18ECC5210099D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
07:13:31.0512 3868 AMD External Events Utility - ok
07:13:31.0617 3868 AMD FUEL Service - ok
07:13:31.0629 3868 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
07:13:31.0630 3868 amdide - ok
07:13:31.0646 3868 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
07:13:31.0646 3868 amdiox64 - ok
07:13:31.0682 3868 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
07:13:31.0684 3868 AmdK8 - ok
07:13:31.0900 3868 [ A3C0A15B39F979E8F3EABA901D72ECD7 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
07:13:32.0057 3868 amdkmdag - ok
07:13:32.0087 3868 [ 20F3CD38B107C1BD747C0EA37D450165 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
07:13:32.0089 3868 amdkmdap - ok
07:13:32.0111 3868 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
07:13:32.0111 3868 AmdPPM - ok
07:13:32.0162 3868 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
07:13:32.0166 3868 amdsata - ok
07:13:32.0196 3868 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
07:13:32.0201 3868 amdsbs - ok
07:13:32.0218 3868 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
07:13:32.0219 3868 amdxata - ok
07:13:32.0281 3868 [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
07:13:32.0283 3868 AODDriver4.01 - ok
07:13:32.0306 3868 [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
07:13:32.0307 3868 AODDriver4.2 - ok
07:13:32.0326 3868 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
07:13:32.0328 3868 AppID - ok
07:13:32.0345 3868 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
07:13:32.0347 3868 AppIDSvc - ok
07:13:32.0359 3868 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
07:13:32.0360 3868 Appinfo - ok
07:13:32.0394 3868 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
07:13:32.0397 3868 AppMgmt - ok
07:13:32.0419 3868 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
07:13:32.0422 3868 arc - ok
07:13:32.0442 3868 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
07:13:32.0444 3868 arcsas - ok
07:13:32.0494 3868 aspnet_state - ok
07:13:32.0521 3868 [ EDC0C73FA41DF1C8B1FEA3852AED2848 ] AsrHidFilter C:\Windows\system32\DRIVERS\AsrHidFilter.sys
07:13:32.0537 3868 AsrHidFilter - ok
07:13:32.0545 3868 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
07:13:32.0546 3868 AsyncMac - ok
07:13:32.0563 3868 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
07:13:32.0563 3868 atapi - ok
07:13:32.0679 3868 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
07:13:32.0681 3868 AtiHDAudioService - ok
07:13:32.0715 3868 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:13:32.0723 3868 AudioEndpointBuilder - ok
07:13:32.0740 3868 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
07:13:32.0745 3868 AudioSrv - ok
07:13:32.0763 3868 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
07:13:32.0765 3868 AxInstSV - ok
07:13:32.0786 3868 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
07:13:32.0792 3868 b06bdrv - ok
07:13:32.0819 3868 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
07:13:32.0823 3868 b57nd60a - ok
07:13:32.0837 3868 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
07:13:32.0839 3868 BDESVC - ok
07:13:32.0854 3868 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
07:13:32.0855 3868 Beep - ok
07:13:32.0892 3868 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
07:13:32.0901 3868 BFE - ok
07:13:32.0937 3868 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
07:13:32.0954 3868 BITS - ok
07:13:32.0978 3868 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
07:13:32.0980 3868 blbdrive - ok
07:13:33.0002 3868 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
07:13:33.0004 3868 bowser - ok
07:13:33.0014 3868 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
07:13:33.0015 3868 BrFiltLo - ok
07:13:33.0028 3868 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
07:13:33.0029 3868 BrFiltUp - ok
07:13:33.0085 3868 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
07:13:33.0088 3868 Browser - ok
07:13:33.0112 3868 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
07:13:33.0120 3868 Brserid - ok
07:13:33.0134 3868 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
07:13:33.0136 3868 BrSerWdm - ok
07:13:33.0144 3868 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
07:13:33.0146 3868 BrUsbMdm - ok
07:13:33.0159 3868 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
07:13:33.0160 3868 BrUsbSer - ok
07:13:33.0172 3868 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
07:13:33.0173 3868 BTHMODEM - ok
07:13:33.0196 3868 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
07:13:33.0198 3868 bthserv - ok
07:13:33.0213 3868 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
07:13:33.0215 3868 cdfs - ok
07:13:33.0241 3868 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
07:13:33.0243 3868 cdrom - ok
07:13:33.0251 3868 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
07:13:33.0253 3868 CertPropSvc - ok
07:13:33.0316 3868 [ 33B82CF69E41B38A2EC0C3CABDE80D6E ] cFosSpeed C:\Windows\system32\DRIVERS\cfosspeed6.sys
07:13:33.0331 3868 cFosSpeed - ok
07:13:33.0360 3868 [ 760085908644D2988F1B504C3FCA6959 ] cFosSpeedS C:\Program Files\ASRock\XFast LAN\spd.exe
07:13:33.0362 3868 cFosSpeedS - ok
07:13:33.0386 3868 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
07:13:33.0389 3868 circlass - ok
07:13:33.0417 3868 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
07:13:33.0421 3868 CLFS - ok
07:13:33.0442 3868 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:13:33.0443 3868 clr_optimization_v2.0.50727_32 - ok
07:13:33.0485 3868 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:13:33.0489 3868 clr_optimization_v2.0.50727_64 - ok
07:13:33.0602 3868 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:13:33.0611 3868 clr_optimization_v4.0.30319_32 - ok
07:13:33.0638 3868 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:13:33.0640 3868 clr_optimization_v4.0.30319_64 - ok
07:13:33.0658 3868 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
07:13:33.0659 3868 CmBatt - ok
07:13:33.0680 3868 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
07:13:33.0681 3868 cmdide - ok
07:13:33.0745 3868 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
07:13:33.0754 3868 CNG - ok
07:13:33.0763 3868 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
07:13:33.0765 3868 Compbatt - ok
07:13:33.0786 3868 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
07:13:33.0787 3868 CompositeBus - ok
07:13:33.0801 3868 COMSysApp - ok
07:13:33.0870 3868 [ C08063F052308B6F5882482615387F30 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
07:13:33.0871 3868 cpuz135 - ok
07:13:33.0890 3868 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
07:13:33.0892 3868 crcdisk - ok
07:13:33.0959 3868 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
07:13:33.0964 3868 CryptSvc - ok
07:13:34.0000 3868 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
07:13:34.0011 3868 CSC - ok
07:13:34.0040 3868 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
07:13:34.0058 3868 CscService - ok
07:13:34.0100 3868 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
07:13:34.0108 3868 DcomLaunch - ok
07:13:34.0133 3868 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
07:13:34.0138 3868 defragsvc - ok
07:13:34.0159 3868 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
07:13:34.0161 3868 DfsC - ok
07:13:34.0191 3868 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
07:13:34.0195 3868 Dhcp - ok
07:13:34.0208 3868 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
07:13:34.0209 3868 discache - ok
07:13:34.0229 3868 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
07:13:34.0231 3868 Disk - ok
07:13:34.0266 3868 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
07:13:34.0268 3868 dmvsc - ok
07:13:34.0294 3868 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
07:13:34.0297 3868 Dnscache - ok
07:13:34.0310 3868 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
07:13:34.0314 3868 dot3svc - ok
07:13:34.0330 3868 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
07:13:34.0333 3868 DPS - ok
07:13:34.0361 3868 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
07:13:34.0362 3868 drmkaud - ok
07:13:34.0427 3868 [ 400582B09E0BB557D0EC28A945150EEB ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
07:13:34.0431 3868 dtsoftbus01 - ok
07:13:34.0481 3868 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
07:13:34.0496 3868 DXGKrnl - ok
07:13:34.0517 3868 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
07:13:34.0519 3868 EapHost - ok
07:13:34.0594 3868 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
07:13:34.0650 3868 ebdrv - ok
07:13:34.0691 3868 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
07:13:34.0692 3868 EFS - ok
07:13:34.0752 3868 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
07:13:34.0770 3868 ehRecvr - ok
07:13:34.0785 3868 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
07:13:34.0788 3868 ehSched - ok
07:13:34.0826 3868 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
07:13:34.0833 3868 elxstor - ok
07:13:34.0842 3868 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
07:13:34.0843 3868 ErrDev - ok
07:13:34.0881 3868 [ E093ABFB67A4B9D94F80611A7D0A8BB9 ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys
07:13:34.0882 3868 EtronXHCI - ok
07:13:34.0907 3868 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
07:13:34.0912 3868 EventSystem - ok
07:13:34.0925 3868 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
07:13:34.0928 3868 exfat - ok
07:13:34.0941 3868 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
07:13:34.0944 3868 fastfat - ok
07:13:34.0967 3868 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
07:13:34.0976 3868 Fax - ok
07:13:35.0000 3868 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
07:13:35.0001 3868 fdc - ok
07:13:35.0019 3868 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
07:13:35.0020 3868 fdPHost - ok
07:13:35.0034 3868 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
07:13:35.0036 3868 FDResPub - ok
07:13:35.0048 3868 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
07:13:35.0049 3868 FileInfo - ok
07:13:35.0066 3868 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
07:13:35.0067 3868 Filetrace - ok
07:13:35.0082 3868 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
07:13:35.0083 3868 flpydisk - ok
07:13:35.0107 3868 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
07:13:35.0110 3868 FltMgr - ok
07:13:35.0147 3868 [ 508401A63E6B1CBF0B9C9A011498731F ] FNETTBOH_305 C:\Windows\system32\drivers\FNETTBOH_305.SYS
07:13:35.0162 3868 FNETTBOH_305 - ok
07:13:35.0193 3868 [ 7C3C4B4C951EC1BDFD4F769D05E2CC68 ] FNETURPX C:\Windows\system32\drivers\FNETURPX.SYS
07:13:35.0208 3868 FNETURPX - ok
07:13:35.0280 3868 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
07:13:35.0316 3868 FontCache - ok
07:13:35.0356 3868 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:13:35.0357 3868 FontCache3.0.0.0 - ok
07:13:35.0373 3868 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
07:13:35.0375 3868 FsDepends - ok
07:13:35.0423 3868 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
07:13:35.0425 3868 Fs_Rec - ok
07:13:35.0457 3868 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
07:13:35.0462 3868 fvevol - ok
07:13:35.0486 3868 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
07:13:35.0488 3868 gagp30kx - ok
07:13:35.0536 3868 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
07:13:35.0563 3868 gpsvc - ok
07:13:35.0579 3868 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
07:13:35.0580 3868 hcw85cir - ok
07:13:35.0618 3868 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:13:35.0623 3868 HdAudAddService - ok
07:13:35.0649 3868 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
07:13:35.0651 3868 HDAudBus - ok
07:13:35.0672 3868 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
07:13:35.0673 3868 HidBatt - ok
07:13:35.0686 3868 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
07:13:35.0688 3868 HidBth - ok
07:13:35.0699 3868 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
07:13:35.0700 3868 HidIr - ok
07:13:35.0724 3868 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
07:13:35.0726 3868 hidserv - ok
07:13:35.0763 3868 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
07:13:35.0764 3868 HidUsb - ok
07:13:35.0896 3868 [ FD1837DEE0A1D7F180D7B301C0656511 ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
07:13:35.0897 3868 HiPatchService - ok
07:13:35.0938 3868 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
07:13:35.0943 3868 hkmsvc - ok
07:13:35.0967 3868 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:13:35.0974 3868 HomeGroupListener - ok
07:13:36.0002 3868 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:13:36.0009 3868 HomeGroupProvider - ok
07:13:36.0031 3868 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
07:13:36.0034 3868 HpSAMD - ok
07:13:36.0082 3868 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
07:13:36.0091 3868 HTTP - ok
07:13:36.0133 3868 [ 129128E192F9470EB92DB28B6730B06B ] hugoio64 C:\Program Files (x86)\i-Menu\hugoio64.sys
07:13:36.0147 3868 hugoio64 - ok
07:13:36.0160 3868 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
07:13:36.0160 3868 hwpolicy - ok
07:13:36.0186 3868 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
07:13:36.0188 3868 i8042prt - ok
07:13:36.0217 3868 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
07:13:36.0222 3868 iaStorV - ok
07:13:36.0327 3868 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
07:13:36.0330 3868 IDriverT - ok
07:13:36.0390 3868 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:13:36.0415 3868 idsvc - ok
07:13:36.0447 3868 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
07:13:36.0449 3868 iirsp - ok
07:13:36.0495 3868 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
07:13:36.0521 3868 IKEEXT - ok
07:13:36.0629 3868 [ C7124DA48E557D8F88D0D7F1254557F4 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
07:13:36.0645 3868 IntcAzAudAddService - ok
07:13:36.0667 3868 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
07:13:36.0668 3868 intelide - ok
07:13:36.0687 3868 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
07:13:36.0690 3868 intelppm - ok
07:13:36.0709 3868 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
07:13:36.0714 3868 IPBusEnum - ok
07:13:36.0727 3868 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:13:36.0729 3868 IpFilterDriver - ok
07:13:36.0790 3868 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
07:13:36.0807 3868 iphlpsvc - ok
07:13:36.0824 3868 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
07:13:36.0826 3868 IPMIDRV - ok
07:13:36.0837 3868 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
07:13:36.0839 3868 IPNAT - ok
07:13:36.0864 3868 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
07:13:36.0865 3868 IRENUM - ok
07:13:36.0882 3868 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
07:13:36.0883 3868 isapnp - ok
07:13:36.0896 3868 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
07:13:36.0900 3868 iScsiPrt - ok
07:13:36.0936 3868 [ 455B75C19BF3F1F2EE3AC10E1169826C ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
07:13:36.0940 3868 k57nd60a - ok
07:13:36.0956 3868 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
07:13:36.0957 3868 kbdclass - ok
07:13:36.0975 3868 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
07:13:36.0976 3868 kbdhid - ok
07:13:36.0982 3868 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
07:13:36.0984 3868 KeyIso - ok
07:13:37.0032 3868 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
07:13:37.0035 3868 KSecDD - ok
07:13:37.0052 3868 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
07:13:37.0054 3868 KSecPkg - ok
07:13:37.0064 3868 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
07:13:37.0065 3868 ksthunk - ok
07:13:37.0086 3868 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
07:13:37.0092 3868 KtmRm - ok
07:13:37.0123 3868 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
07:13:37.0128 3868 LanmanServer - ok
07:13:37.0142 3868 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:13:37.0146 3868 LanmanWorkstation - ok
07:13:37.0174 3868 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
07:13:37.0175 3868 lltdio - ok
07:13:37.0201 3868 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
07:13:37.0209 3868 lltdsvc - ok
07:13:37.0232 3868 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
07:13:37.0234 3868 lmhosts - ok
07:13:37.0255 3868 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
07:13:37.0257 3868 LSI_FC - ok
07:13:37.0274 3868 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
07:13:37.0276 3868 LSI_SAS - ok
07:13:37.0291 3868 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
07:13:37.0292 3868 LSI_SAS2 - ok
07:13:37.0308 3868 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
07:13:37.0310 3868 LSI_SCSI - ok
07:13:37.0339 3868 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
07:13:37.0340 3868 luafv - ok
07:13:37.0394 3868 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
07:13:37.0395 3868 MBAMProtector - ok
07:13:37.0481 3868 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
07:13:37.0489 3868 MBAMScheduler - ok
07:13:37.0524 3868 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
07:13:37.0550 3868 MBAMService - ok
07:13:37.0591 3868 [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt C:\Windows\system32\drivers\MBfilt64.sys
07:13:37.0592 3868 MBfilt - ok
07:13:37.0615 3868 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
07:13:37.0621 3868 Mcx2Svc - ok
07:13:37.0647 3868 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
07:13:37.0650 3868 megasas - ok
07:13:37.0673 3868 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
07:13:37.0680 3868 MegaSR - ok
07:13:37.0721 3868 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
07:13:37.0725 3868 MMCSS - ok
07:13:37.0738 3868 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
07:13:37.0740 3868 Modem - ok
07:13:37.0807 3868 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
07:13:37.0808 3868 monitor - ok
07:13:37.0830 3868 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
07:13:37.0832 3868 mouclass - ok
07:13:37.0853 3868 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
07:13:37.0855 3868 mouhid - ok
07:13:37.0874 3868 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
07:13:37.0877 3868 mountmgr - ok
07:13:37.0955 3868 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
07:13:37.0958 3868 MozillaMaintenance - ok
07:13:38.0044 3868 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
07:13:38.0049 3868 MpFilter - ok
07:13:38.0072 3868 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
07:13:38.0076 3868 mpio - ok
07:13:38.0093 3868 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
07:13:38.0095 3868 mpsdrv - ok
07:13:38.0134 3868 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
07:13:38.0158 3868 MpsSvc - ok
07:13:38.0169 3868 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
07:13:38.0171 3868 MRxDAV - ok
07:13:38.0198 3868 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
07:13:38.0200 3868 mrxsmb - ok
07:13:38.0215 3868 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:13:38.0219 3868 mrxsmb10 - ok
07:13:38.0233 3868 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:13:38.0235 3868 mrxsmb20 - ok
07:13:38.0249 3868 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
07:13:38.0250 3868 msahci - ok
07:13:38.0263 3868 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
07:13:38.0265 3868 msdsm - ok
07:13:38.0278 3868 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
07:13:38.0282 3868 MSDTC - ok
07:13:38.0306 3868 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
07:13:38.0307 3868 Msfs - ok
07:13:38.0317 3868 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
07:13:38.0318 3868 mshidkmdf - ok
07:13:38.0337 3868 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
07:13:38.0338 3868 msisadrv - ok
07:13:38.0371 3868 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
07:13:38.0374 3868 MSiSCSI - ok
07:13:38.0378 3868 msiserver - ok
07:13:38.0403 3868 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
07:13:38.0404 3868 MSKSSRV - ok
07:13:38.0517 3868 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
07:13:38.0518 3868 MsMpSvc - ok
07:13:38.0535 3868 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
07:13:38.0537 3868 MSPCLOCK - ok
07:13:38.0545 3868 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
07:13:38.0547 3868 MSPQM - ok
07:13:38.0572 3868 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
07:13:38.0576 3868 MsRPC - ok
07:13:38.0587 3868 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
07:13:38.0588 3868 mssmbios - ok
07:13:38.0600 3868 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
07:13:38.0601 3868 MSTEE - ok
07:13:38.0615 3868 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
07:13:38.0615 3868 MTConfig - ok
07:13:38.0628 3868 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
07:13:38.0629 3868 Mup - ok
07:13:38.0650 3868 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
07:13:38.0656 3868 napagent - ok
07:13:38.0685 3868 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
07:13:38.0688 3868 NativeWifiP - ok
07:13:38.0759 3868 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
07:13:38.0772 3868 NDIS - ok
07:13:38.0788 3868 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
07:13:38.0789 3868 NdisCap - ok
07:13:38.0805 3868 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
07:13:38.0806 3868 NdisTapi - ok
07:13:38.0819 3868 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
07:13:38.0820 3868 Ndisuio - ok
07:13:38.0830 3868 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
07:13:38.0832 3868 NdisWan - ok
07:13:38.0840 3868 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
07:13:38.0841 3868 NDProxy - ok
07:13:38.0851 3868 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
07:13:38.0852 3868 NetBIOS - ok
07:13:38.0863 3868 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
07:13:38.0865 3868 NetBT - ok
07:13:38.0874 3868 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
07:13:38.0875 3868 Netlogon - ok
07:13:38.0913 3868 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
07:13:38.0923 3868 Netman - ok
07:13:38.0943 3868 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
07:13:38.0948 3868 netprofm - ok
07:13:38.0971 3868 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:13:38.0973 3868 NetTcpPortSharing - ok
07:13:38.0990 3868 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
07:13:38.0991 3868 nfrd960 - ok
07:13:39.0066 3868 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
07:13:39.0068 3868 NisDrv - ok
07:13:39.0142 3868 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
07:13:39.0148 3868 NisSrv - ok
07:13:39.0173 3868 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
07:13:39.0182 3868 NlaSvc - ok
07:13:39.0243 3868 [ AD42FB061166AF0643806800304BD76F ] NLNdisMP C:\Windows\system32\DRIVERS\nlndis.sys
07:13:39.0269 3868 NLNdisMP - ok
07:13:39.0280 3868 [ AD42FB061166AF0643806800304BD76F ] NLNdisPT C:\Windows\system32\DRIVERS\nlndis.sys
07:13:39.0281 3868 NLNdisPT - ok
07:13:39.0420 3868 [ 6988373E38223438B09F0C27D7E67393 ] nlsvc C:\Program Files\NetLimiter 3\nlsvc.exe
07:13:39.0434 3868 nlsvc - ok
07:13:39.0503 3868 [ 75E6581DE9A0B155EDAB6807E668BE06 ] nltdi C:\Program Files\NetLimiter 3\nltdi.sys
07:13:39.0539 3868 nltdi - ok
07:13:39.0556 3868 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
07:13:39.0557 3868 Npfs - ok
07:13:39.0572 3868 npggsvc - ok
07:13:39.0599 3868 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
07:13:39.0601 3868 nsi - ok
07:13:39.0629 3868 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
07:13:39.0630 3868 nsiproxy - ok
07:13:39.0726 3868 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
07:13:39.0758 3868 Ntfs - ok
07:13:39.0768 3868 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
07:13:39.0769 3868 Null - ok
07:13:39.0825 3868 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
07:13:39.0829 3868 nvraid - ok
07:13:39.0848 3868 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
07:13:39.0850 3868 nvstor - ok
07:13:39.0869 3868 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
07:13:39.0871 3868 nv_agp - ok
07:13:39.0884 3868 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
07:13:39.0886 3868 ohci1394 - ok
07:13:39.0909 3868 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
07:13:39.0914 3868 p2pimsvc - ok
07:13:39.0947 3868 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
07:13:39.0954 3868 p2psvc - ok
07:13:39.0965 3868 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
07:13:39.0967 3868 Parport - ok
07:13:40.0014 3868 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
07:13:40.0015 3868 partmgr - ok
07:13:40.0030 3868 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
07:13:40.0037 3868 PcaSvc - ok
07:13:40.0051 3868 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
07:13:40.0053 3868 pci - ok
07:13:40.0068 3868 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
07:13:40.0069 3868 pciide - ok
07:13:40.0080 3868 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
07:13:40.0084 3868 pcmcia - ok
07:13:40.0095 3868 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
07:13:40.0096 3868 pcw - ok
07:13:40.0117 3868 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
07:13:40.0125 3868 PEAUTH - ok
07:13:40.0164 3868 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
07:13:40.0191 3868 PeerDistSvc - ok
07:13:40.0259 3868 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
07:13:40.0263 3868 PerfHost - ok
07:13:40.0334 3868 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
07:13:40.0369 3868 pla - ok
07:13:40.0403 3868 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
07:13:40.0410 3868 PlugPlay - ok
07:13:40.0424 3868 PnkBstrA - ok
07:13:40.0442 3868 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
07:13:40.0444 3868 PNRPAutoReg - ok
07:13:40.0467 3868 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
07:13:40.0471 3868 PNRPsvc - ok
07:13:40.0501 3868 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
07:13:40.0508 3868 PolicyAgent - ok
07:13:40.0545 3868 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
07:13:40.0550 3868 Power - ok
07:13:40.0579 3868 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
07:13:40.0581 3868 PptpMiniport - ok
07:13:40.0592 3868 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
07:13:40.0594 3868 Processor - ok
07:13:40.0659 3868 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
07:13:40.0667 3868 ProfSvc - ok
07:13:40.0690 3868 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
07:13:40.0692 3868 ProtectedStorage - ok
07:13:40.0702 3868 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
07:13:40.0705 3868 Psched - ok
07:13:40.0739 3868 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
07:13:40.0765 3868 ql2300 - ok
07:13:40.0793 3868 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
07:13:40.0795 3868 ql40xx - ok
07:13:40.0816 3868 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
07:13:40.0821 3868 QWAVE - ok
07:13:40.0839 3868 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
07:13:40.0841 3868 QWAVEdrv - ok
07:13:40.0856 3868 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
07:13:40.0857 3868 RasAcd - ok
07:13:40.0872 3868 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
07:13:40.0874 3868 RasAgileVpn - ok
07:13:40.0886 3868 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
07:13:40.0889 3868 RasAuto - ok
07:13:40.0906 3868 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
07:13:40.0908 3868 Rasl2tp - ok
07:13:40.0924 3868 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
07:13:40.0930 3868 RasMan - ok
07:13:40.0946 3868 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
07:13:40.0948 3868 RasPppoe - ok
07:13:40.0962 3868 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
07:13:40.0963 3868 RasSstp - ok
07:13:40.0978 3868 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
07:13:40.0982 3868 rdbss - ok
07:13:40.0997 3868 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
07:13:40.0998 3868 rdpbus - ok
07:13:41.0007 3868 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
07:13:41.0008 3868 RDPCDD - ok
07:13:41.0035 3868 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
07:13:41.0038 3868 RDPDR - ok
07:13:41.0049 3868 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
07:13:41.0050 3868 RDPENCDD - ok
07:13:41.0068 3868 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
07:13:41.0068 3868 RDPREFMP - ok
07:13:41.0121 3868 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
07:13:41.0126 3868 RDPWD - ok
07:13:41.0158 3868 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
07:13:41.0163 3868 rdyboost - ok
07:13:41.0183 3868 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
07:13:41.0189 3868 RemoteAccess - ok
07:13:41.0217 3868 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
07:13:41.0224 3868 RemoteRegistry - ok
07:13:41.0266 3868 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
07:13:41.0267 3868 ROOTMODEM - ok
07:13:41.0294 3868 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
07:13:41.0299 3868 RpcEptMapper - ok
07:13:41.0325 3868 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
07:13:41.0329 3868 RpcLocator - ok
07:13:41.0369 3868 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
07:13:41.0380 3868 RpcSs - ok
07:13:41.0424 3868 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
07:13:41.0426 3868 rspndr - ok
07:13:41.0453 3868 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
07:13:41.0455 3868 s3cap - ok
07:13:41.0465 3868 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
07:13:41.0469 3868 SamSs - ok
07:13:41.0490 3868 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
07:13:41.0492 3868 sbp2port - ok
07:13:41.0511 3868 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
07:13:41.0516 3868 SCardSvr - ok
07:13:41.0531 3868 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
07:13:41.0533 3868 scfilter - ok
07:13:41.0565 3868 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
07:13:41.0592 3868 Schedule - ok
07:13:41.0639 3868 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
07:13:41.0641 3868 SCPolicySvc - ok
07:13:41.0664 3868 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
07:13:41.0669 3868 SDRSVC - ok
07:13:41.0702 3868 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
07:13:41.0703 3868 secdrv - ok
07:13:41.0720 3868 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
07:13:41.0723 3868 seclogon - ok
07:13:41.0741 3868 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
07:13:41.0744 3868 SENS - ok
07:13:41.0754 3868 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
07:13:41.0757 3868 SensrSvc - ok
07:13:41.0770 3868 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
07:13:41.0771 3868 Serenum - ok
07:13:41.0791 3868 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
07:13:41.0793 3868 Serial - ok
07:13:41.0804 3868 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
07:13:41.0805 3868 sermouse - ok
07:13:41.0829 3868 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
07:13:41.0833 3868 SessionEnv - ok
07:13:41.0842 3868 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
07:13:41.0843 3868 sffdisk - ok
07:13:41.0862 3868 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
07:13:41.0863 3868 sffp_mmc - ok
07:13:41.0869 3868 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
07:13:41.0870 3868 sffp_sd - ok
07:13:41.0879 3868 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
07:13:41.0880 3868 sfloppy - ok
07:13:41.0912 3868 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
07:13:41.0918 3868 SharedAccess - ok
07:13:41.0938 3868 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:13:41.0944 3868 ShellHWDetection - ok
07:13:41.0965 3868 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
07:13:41.0966 3868 SiSRaid2 - ok
07:13:41.0977 3868 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
07:13:41.0979 3868 SiSRaid4 - ok
07:13:42.0009 3868 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
07:13:42.0011 3868 Smb - ok
07:13:42.0039 3868 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
07:13:42.0042 3868 SNMPTRAP - ok
07:13:42.0048 3868 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
07:13:42.0048 3868 spldr - ok
07:13:42.0114 3868 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
07:13:42.0133 3868 Spooler - ok
07:13:42.0236 3868 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
07:13:42.0304 3868 sppsvc - ok
07:13:42.0320 3868 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
07:13:42.0323 3868 sppuinotify - ok
07:13:42.0352 3868 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
07:13:42.0359 3868 srv - ok
07:13:42.0383 3868 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
07:13:42.0391 3868 srv2 - ok
07:13:42.0425 3868 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
07:13:42.0430 3868 srvnet - ok
07:13:42.0459 3868 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
07:13:42.0467 3868 SSDPSRV - ok
07:13:42.0484 3868 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
07:13:42.0487 3868 SstpSvc - ok
07:13:42.0530 3868 Steam Client Service - ok
07:13:42.0568 3868 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
07:13:42.0571 3868 stexstor - ok
07:13:42.0597 3868 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
07:13:42.0613 3868 stisvc - ok
07:13:42.0641 3868 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
07:13:42.0642 3868 storflt - ok
07:13:42.0662 3868 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
07:13:42.0665 3868 StorSvc - ok
07:13:42.0681 3868 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
07:13:42.0682 3868 storvsc - ok
07:13:42.0695 3868 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
07:13:42.0696 3868 swenum - ok
07:13:42.0718 3868 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
07:13:42.0726 3868 swprv - ok
07:13:42.0760 3868 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
07:13:42.0795 3868 SysMain - ok
07:13:42.0812 3868 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:13:42.0816 3868 TabletInputService - ok
07:13:42.0835 3868 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
07:13:42.0841 3868 TapiSrv - ok
07:13:42.0856 3868 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
07:13:42.0860 3868 TBS - ok
07:13:42.0945 3868 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
07:13:42.0977 3868 Tcpip - ok
07:13:43.0019 3868 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
07:13:43.0033 3868 TCPIP6 - ok
07:13:43.0091 3868 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
07:13:43.0093 3868 tcpipreg - ok
07:13:43.0114 3868 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
07:13:43.0116 3868 TDPIPE - ok
07:13:43.0161 3868 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
07:13:43.0162 3868 TDTCP - ok
07:13:43.0185 3868 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
07:13:43.0189 3868 tdx - ok
07:13:43.0202 3868 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
07:13:43.0203 3868 TermDD - ok
07:13:43.0234 3868 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
07:13:43.0244 3868 TermService - ok
07:13:43.0261 3868 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
07:13:43.0264 3868 Themes - ok
07:13:43.0269 3868 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
07:13:43.0271 3868 THREADORDER - ok
07:13:43.0286 3868 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
07:13:43.0289 3868 TrkWks - ok
07:13:43.0332 3868 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:13:43.0334 3868 TrustedInstaller - ok
07:13:43.0347 3868 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
07:13:43.0349 3868 tssecsrv - ok
07:13:43.0369 3868 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
07:13:43.0371 3868 TsUsbFlt - ok
07:13:43.0386 3868 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
07:13:43.0387 3868 TsUsbGD - ok
07:13:43.0410 3868 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
07:13:43.0412 3868 tunnel - ok
07:13:43.0423 3868 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
07:13:43.0425 3868 uagp35 - ok
07:13:43.0445 3868 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
07:13:43.0450 3868 udfs - ok
07:13:43.0476 3868 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
07:13:43.0479 3868 UI0Detect - ok
07:13:43.0487 3868 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
07:13:43.0489 3868 uliagpkx - ok
07:13:43.0516 3868 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
07:13:43.0518 3868 umbus - ok
07:13:43.0522 3868 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
07:13:43.0523 3868 UmPass - ok
07:13:43.0550 3868 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
07:13:43.0555 3868 UmRdpService - ok
07:13:43.0571 3868 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
07:13:43.0577 3868 upnphost - ok
07:13:43.0634 3868 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
07:13:43.0637 3868 usbccgp - ok
07:13:43.0651 3868 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
07:13:43.0653 3868 usbcir - ok
07:13:43.0706 3868 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
07:13:43.0709 3868 usbehci - ok
07:13:43.0734 3868 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
07:13:43.0741 3868 usbhub - ok
07:13:43.0754 3868 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
07:13:43.0756 3868 usbohci - ok
07:13:43.0774 3868 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
07:13:43.0775 3868 usbprint - ok
07:13:43.0823 3868 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:13:43.0827 3868 USBSTOR - ok
07:13:43.0842 3868 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
07:13:43.0845 3868 usbuhci - ok
07:13:43.0865 3868 UserAccess7 - ok
07:13:43.0892 3868 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
07:13:43.0897 3868 UxSms - ok
07:13:43.0905 3868 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
07:13:43.0908 3868 VaultSvc - ok
07:13:43.0935 3868 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
07:13:43.0937 3868 vdrvroot - ok
07:13:43.0968 3868 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
07:13:43.0986 3868 vds - ok
07:13:44.0005 3868 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
07:13:44.0007 3868 vga - ok
07:13:44.0025 3868 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
07:13:44.0027 3868 VgaSave - ok
07:13:44.0048 3868 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
07:13:44.0051 3868 vhdmp - ok
07:13:44.0062 3868 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
07:13:44.0063 3868 viaide - ok
07:13:44.0087 3868 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
07:13:44.0090 3868 vmbus - ok
07:13:44.0106 3868 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
07:13:44.0108 3868 VMBusHID - ok
07:13:44.0125 3868 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
07:13:44.0126 3868 volmgr - ok
07:13:44.0142 3868 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
07:13:44.0147 3868 volmgrx - ok
07:13:44.0159 3868 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
07:13:44.0163 3868 volsnap - ok
07:13:44.0184 3868 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
07:13:44.0186 3868 vsmraid - ok
07:13:44.0234 3868 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
07:13:44.0269 3868 VSS - ok
07:13:44.0285 3868 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
07:13:44.0286 3868 vwifibus - ok
07:13:44.0304 3868 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
07:13:44.0310 3868 W32Time - ok
07:13:44.0323 3868 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
07:13:44.0324 3868 WacomPen - ok
07:13:44.0353 3868 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
07:13:44.0354 3868 WANARP - ok
07:13:44.0358 3868 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
07:13:44.0360 3868 Wanarpv6 - ok
07:13:44.0409 3868 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
07:13:44.0435 3868 WatAdminSvc - ok
07:13:44.0499 3868 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
07:13:44.0536 3868 wbengine - ok
07:13:44.0553 3868 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
07:13:44.0558 3868 WbioSrvc - ok
07:13:44.0581 3868 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
07:13:44.0587 3868 wcncsvc - ok
07:13:44.0599 3868 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:13:44.0602 3868 WcsPlugInService - ok
07:13:44.0625 3868 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
07:13:44.0626 3868 Wd - ok
07:13:44.0695 3868 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
07:13:44.0721 3868 Wdf01000 - ok
07:13:44.0743 3868 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
07:13:44.0749 3868 WdiServiceHost - ok
07:13:44.0756 3868 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
07:13:44.0762 3868 WdiSystemHost - ok
07:13:44.0784 3868 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
07:13:44.0794 3868 WebClient - ok
07:13:44.0814 3868 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
07:13:44.0824 3868 Wecsvc - ok
07:13:44.0845 3868 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
07:13:44.0851 3868 wercplsupport - ok
07:13:44.0874 3868 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
07:13:44.0880 3868 WerSvc - ok
07:13:44.0901 3868 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
07:13:44.0902 3868 WfpLwf - ok
07:13:44.0923 3868 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
07:13:44.0925 3868 WIMMount - ok
07:13:44.0941 3868 WinDefend - ok
07:13:44.0947 3868 WinHttpAutoProxySvc - ok
07:13:44.0994 3868 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
07:13:44.0999 3868 Winmgmt - ok
07:13:45.0057 3868 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
07:13:45.0098 3868 WinRM - ok
07:13:45.0145 3868 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
07:13:45.0162 3868 Wlansvc - ok
07:13:45.0271 3868 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:13:45.0288 3868 wlidsvc - ok
07:13:45.0310 3868 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
07:13:45.0311 3868 WmiAcpi - ok
07:13:45.0336 3868 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
07:13:45.0338 3868 wmiApSrv - ok
07:13:45.0341 3868 WMPNetworkSvc - ok
07:13:45.0347 3868 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
07:13:45.0349 3868 WPCSvc - ok
07:13:45.0364 3868 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
07:13:45.0366 3868 WPDBusEnum - ok
07:13:45.0385 3868 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
07:13:45.0386 3868 ws2ifsl - ok
07:13:45.0399 3868 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
07:13:45.0401 3868 wscsvc - ok
07:13:45.0404 3868 WSearch - ok
07:13:45.0498 3868 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
07:13:45.0540 3868 wuauserv - ok
07:13:45.0594 3868 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
07:13:45.0595 3868 WudfPf - ok
07:13:45.0617 3868 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
07:13:45.0620 3868 WUDFRd - ok
07:13:45.0667 3868 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
07:13:45.0674 3868 wudfsvc - ok
07:13:45.0703 3868 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
07:13:45.0713 3868 WwanSvc - ok
07:13:45.0728 3868 ================ Scan global ===============================
07:13:45.0749 3868 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
07:13:45.0807 3868 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
07:13:45.0816 3868 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
07:13:45.0843 3868 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
07:13:45.0871 3868 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
07:13:45.0881 3868 [Global] - ok
07:13:45.0882 3868 ================ Scan MBR ==================================
07:13:45.0897 3868 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
07:13:46.0097 3868 \Device\Harddisk0\DR0 - ok
07:13:46.0098 3868 ================ Scan VBR ==================================
07:13:46.0103 3868 [ 9CD2979241BA619BEE6F929FA6B4398C ] \Device\Harddisk0\DR0\Partition1
07:13:46.0106 3868 \Device\Harddisk0\DR0\Partition1 - ok
07:13:46.0119 3868 [ 977D669CEC5D35ADFF4085C1E4DBF8F0 ] \Device\Harddisk0\DR0\Partition2
07:13:46.0122 3868 \Device\Harddisk0\DR0\Partition2 - ok
07:13:46.0123 3868 ============================================================
07:13:46.0123 3868 Scan finished
07:13:46.0123 3868 ============================================================
07:13:46.0139 4100 Detected object count: 0
07:13:46.0139 4100 Actual detected object count: 0

#5 pikeypikey

pikeypikey
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 03 January 2013 - 06:28 PM

Here is the mini toolbox logs, I will post the ESET online scanner logs when it has finished scanning
Thanks again for helping Boopme

MiniToolBox by Farbar Version: 25-11-2012
Ran by Ernest (administrator) on 04-01-2013 at 07:22:05
Running from "C:\Users\Ernest\Downloads"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection 2 (Connected)
Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : AMDSuperbeast
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet #2
Physical Address. . . . . . . . . : BC-5F-F4-1B-AF-8D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::4d83:210a:c594:3ddb%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.35(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, January 04, 2013 7:00:37 AM
Lease Expires . . . . . . . . . . : Monday, January 07, 2013 7:00:37 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 314335220
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-9A-30-3B-BC-5F-F4-1B-AF-8B
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : BC-5F-F4-1B-AF-8B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{49258C51-A5CE-4576-A638-045C71C4EB48}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{4BA6E5F2-B1E4-4BDA-AE0C-3A9E1419EFB0}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:487:a91c:8f36:730d(Preferred)
Link-local IPv6 Address . . . . . : fe80::487:a91c:8f36:730d%15(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.1.1

DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 74.125.128.139
74.125.128.100
74.125.128.101
74.125.128.102
74.125.128.113
74.125.128.138


Pinging google.com [74.125.128.100] with 32 bytes of data:
Reply from 74.125.128.100: bytes=32 time=72ms TTL=48
Reply from 74.125.128.100: bytes=32 time=78ms TTL=48

Ping statistics for 74.125.128.100:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 72ms, Maximum = 78ms, Average = 75ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24
72.30.38.140
98.138.253.109


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=315ms TTL=44
Reply from 98.139.183.24: bytes=32 time=445ms TTL=44

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 315ms, Maximum = 445ms, Average = 380ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=4ms TTL=128
Reply from 127.0.0.1: bytes=32 time=4ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 4ms, Maximum = 4ms, Average = 4ms
===========================================================================
Interface List
13...bc 5f f4 1b af 8d ......Broadcom NetLink ™ Gigabit Ethernet #2
11...bc 5f f4 1b af 8b ......Broadcom NetLink ™ Gigabit Ethernet
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.35 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.35 276
192.168.1.35 255.255.255.255 On-link 192.168.1.35 276
192.168.1.255 255.255.255.255 On-link 192.168.1.35 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.35 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.35 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
15 58 ::/0 On-link
1 306 ::1/128 On-link
15 58 2001::/32 On-link
15 306 2001:0:9d38:6ab8:487:a91c:8f36:730d/128
On-link
13 276 fe80::/64 On-link
15 306 fe80::/64 On-link
15 306 fe80::487:a91c:8f36:730d/128
On-link
13 276 fe80::4d83:210a:c594:3ddb/128
On-link
1 306 ff00::/8 On-link
15 306 ff00::/8 On-link
13 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/04/2013 07:02:07 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/04/2013 06:54:43 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/04/2013 03:30:40 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (01/04/2013 00:35:20 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/03/2013 08:35:21 AM) (Source: Application Error) (User: )
Description: Faulting application name: rage.exe, version: 1.0.0.1, time stamp: 0x5075c933
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000374
Fault offset: 0x000ce6c3
Faulting process id: 0xe14
Faulting application start time: 0xrage.exe0
Faulting application path: rage.exe1
Faulting module path: rage.exe2
Report Id: rage.exe3

Error: (01/02/2013 11:30:45 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/02/2013 08:42:50 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2013 06:23:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2013 04:00:30 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (12/31/2012 10:30:37 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.


System errors:
=============
Error: (01/04/2013 07:00:40 AM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.2 service failed to start due to the following error:
%%2

Error: (01/04/2013 07:00:37 AM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.2 service failed to start due to the following error:
%%2

Error: (01/04/2013 06:57:52 AM) (Source: Service Control Manager) (User: )
Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).

Error: (01/04/2013 06:53:14 AM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.2 service failed to start due to the following error:
%%2

Error: (01/04/2013 06:53:12 AM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.2 service failed to start due to the following error:
%%2

Error: (01/04/2013 00:33:50 AM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.2 service failed to start due to the following error:
%%2

Error: (01/04/2013 00:33:49 AM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.2 service failed to start due to the following error:
%%2

Error: (01/02/2013 11:29:07 PM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.2 service failed to start due to the following error:
%%2

Error: (01/02/2013 11:29:06 PM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.2 service failed to start due to the following error:
%%2

Error: (01/02/2013 08:41:16 AM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.2 service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (01/04/2013 07:02:07 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/04/2013 06:54:43 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/04/2013 03:30:40 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (01/04/2013 00:35:20 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/03/2013 08:35:21 AM) (Source: Application Error)(User: )
Description: rage.exe1.0.0.15075c933ntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c3e1401cde9481058283dC:\Program Files (x86)\Steam\steamapps\common\RAGE\rage.exeC:\Windows\SysWOW64\ntdll.dll74323816-553d-11e2-b6b0-bc5ff41baf8b

Error: (01/02/2013 11:30:45 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/02/2013 08:42:50 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2013 06:23:36 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2013 04:00:30 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (12/31/2012 10:30:37 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3


=========================== Installed Programs ============================

µTorrent (Version: 3.1.3)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.135)
Adobe Flash Player 11 Plugin (Version: 11.5.502.135)
Age of Empires Online (Version: 1.0.0000.129)
Alan Wake
Alan Wake's American Nightmare
AMD Accelerated Video Transcoding (Version: 12.5.100.20928)
AMD APP SDK Runtime (Version: 10.0.1016.4)
AMD Catalyst Install Manager (Version: 8.0.891.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2012.0928.1532.26058)
AMD Media Foundation Decoders (Version: 1.0.70928.1539)
AMD VISION Engine Control Center (Version: 2012.0928.1532.26058)
Application Profiles (Version: 2.0.4595.34497)
AutoHotkey 1.0.48.05 (Version: 1.0.48.05)
Batman: Arkham Asylum GOTY Edition
Borderlands (Version: 1.4.1)
Broadcom NetLink Controller (Version: 14.8.5.1)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2012.0928.1532.26058)
Catalyst Control Center InstallProxy (Version: 2012.0928.1532.26058)
Catalyst Control Center Localization All (Version: 2012.0928.1532.26058)
ccc-utility64 (Version: 2012.0928.1532.26058)
CCC Help Chinese Standard (Version: 2012.0928.1531.26058)
CCC Help Chinese Traditional (Version: 2012.0928.1531.26058)
CCC Help Czech (Version: 2012.0928.1531.26058)
CCC Help Danish (Version: 2012.0928.1531.26058)
CCC Help Dutch (Version: 2012.0928.1531.26058)
CCC Help English (Version: 2012.0928.1531.26058)
CCC Help Finnish (Version: 2012.0928.1531.26058)
CCC Help French (Version: 2012.0928.1531.26058)
CCC Help German (Version: 2012.0928.1531.26058)
CCC Help Greek (Version: 2012.0928.1531.26058)
CCC Help Hungarian (Version: 2012.0928.1531.26058)
CCC Help Italian (Version: 2012.0928.1531.26058)
CCC Help Japanese (Version: 2012.0928.1531.26058)
CCC Help Korean (Version: 2012.0928.1531.26058)
CCC Help Norwegian (Version: 2012.0928.1531.26058)
CCC Help Polish (Version: 2012.0928.1531.26058)
CCC Help Portuguese (Version: 2012.0928.1531.26058)
CCC Help Russian (Version: 2012.0928.1531.26058)
CCC Help Spanish (Version: 2012.0928.1531.26058)
CCC Help Swedish (Version: 2012.0928.1531.26058)
CCC Help Thai (Version: 2012.0928.1531.26058)
CCC Help Turkish (Version: 2012.0928.1531.26058)
CDisplayEx 1.8
Cisco Connect (Version: 1.4.11299.0)
Cockatrice
Combined Community Codec Pack 2011-11-11 (Version: 2011.11.11.0)
Command & Conquer™ Red Alert™ 3 (Version: 1.0.1.0)
CPUID CPU-Z 1.59
Crysis
DAEMON Tools Lite (Version: 4.45.1.0236)
Dead Island
Dead Space
Dead Space 2
Diablo III (Version: 1.0.3.10485)
DiRT 3
Disciples 2 Gold Gallean
Disciples II Rise of the Elves
Disciples III: Renaissance
Disciples III: Resurrection
Dota 2
Driver Sweeper version 3.2.0 (Version: 3.2.0)
e-Saver 1.0
eMule
Etron USB3.0 Host Controller (Version: 0.96)
F-Stream Tuning v0.1.73.8
Fallout 3 (Version: 1.00.0000)
Fallout Mod Manager 0.13.21
Foxit Reader 5.1 (Version: 5.1.4.104)
Freenet
GameSpy Comrade (Version: 1.5.0.156)
GameStop App (Version: 4.00)
Gammu 1.31.0 (Version: 1.31.0)
Global Agenda Live (Version: 1.5.1.5)
Google Chrome (Version: 23.0.1271.97)
Heroes of Might and Magic V - Collectors Edition (Version: 3.1)
Hi-Rez Studios Authenticate and Update Service (Version: 3.0.0.0)
HotJava Browser
Hunted: The Demon's Forge
HyperSerialPort (Version: 0.2.24)
i-Menu 2.0
InstantBoot
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 30 (64-bit) (Version: 6.0.300)
Java™ 6 Update 32 (Version: 6.0.320)
Java™ SE Development Kit 6 Update 30 (64-bit) (Version: 1.6.0.300)
Legend of Grimrock
LibreOffice 3.4 (Version: 3.4.502)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Matrix-ks (Version: 3.6)
Metro 2033
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 16.0.2 (x86 en-US) (Version: 16.0.2)
Mozilla Maintenance Service (Version: 16.0.2)
NecroVisioN
NEStalgia (Version: 1.0.0.9)
NetLimiter 3 (Version: 3.0.0.11)
Neverwinter Nights 2 (Version: 1.00.0000)
Nexus Mod Manager (Version: 0.17.1)
Notepad++ (Version: 5.9.8)
NVIDIA PhysX (Version: 9.10.0224)
OpenAL
Path of Exile (Version: 0.9.8.15887)
Pidgin (Version: 2.10.1)
PunkBuster Services (Version: 0.986)
PyQt GPL v4.9.1 for Python v2.7 (x64) (Version: 4.9.1-1)
Python 2.7 (64-bit) (Version: 2.7.150)
Quake 4™ (Version: 1.0)
Quake Mission Pack 1: Scourge of Armagon
Quake Mission Pack 2: Dissolution of Eternity
RAGE
Rapture3D 2.4.8 Game
Real Alternative 2.0.2 (Version: 2.0.2)
Realtek High Definition Audio Driver (Version: 6.0.1.6378)
Sanctum
SD Gundam Online SEA (Version: 0.3.8)
Serious Sam: The First Encounter
Smite Closed Beta (Version: 0.1.1029.0)
Sniper Elite
Steam (Version: 1.0.0.0)
SteelSeries Xai Laser Mouse (Version: 1.4.2)
Super Street Fighter IV 1.1 (Version: 1.1)
The Elder Scrolls III: Morrowind
The Elder Scrolls V: Skyrim
THX TruStudio (Version: 1.00.01)
Torchlight
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
uTorrentControl2 Toolbar (Version: 6.8.9.0)
VASSAL (3.1.19) (Version: 3.1.19)
Warhammer® 40,000™: Dawn of War® II
Warhammer® 40,000™: Dawn of War® II - Chaos Rising™
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
XCOM: Enemy Unknown
XFast LAN v6.61 (Version: 6.61)
XFast USB

========================= Memory info: ===================================

Percentage of memory in use: 39%
Total physical RAM: 4091.63 MB
Available physical RAM: 2484.43 MB
Total Pagefile: 8181.46 MB
Available Pagefile: 6153.79 MB
Total Virtual: 4095.88 MB
Available Virtual: 3966.5 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:39.1 GB) NTFS
2 Drive d: (Setup) (CDROM) (Total:0.09 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\AMDSUPERBEAST

Administrator ASPNET Ernest
Guest


**** End of log ****

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:25 PM

Posted 03 January 2013 - 07:28 PM

FACBOOKUPDATE1.EXE is identified as the Trojan Program that is used for stealing bank information and users passwords.
When we are done you will need to change all passwords. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#7 pikeypikey

pikeypikey
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 04 January 2013 - 12:04 AM

I left the ESET scan running and will come back to it when I get home from work.

I am also changing all my passwords from a different Linux box now. Thanks for the heads up.

#8 macfarl99

macfarl99

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 04 January 2013 - 12:40 AM

I discovered Chrome M1N3R on my son’s computer this morning after it ground to a halt. He plays online games via facebook and other sites, and likes looking for ‘skins’ and ‘hacks’ for various games like Minecraft and WarZ, so God only knows where he picked this up. I thought I’d post my two-cent’s worth just in case it’s useful.

It’s an older computer running XP and the CPU went to 100% activity owing to two executables “Goozru.exe” and “hkcmd.exe” that appeared top of the list in the Task Manager. The computer would crash (BSOD) a few minutes after logging in and blame the display adapter. The NVIDIA icon had disappeared from the taskbar when he logged in but is present and working when I log in. I found the executables in a ‘Windows’ subfolder in his “Documents and Settings” folder, along with “miner.DLL” and some others. The offending exes don’t seem to be in my Docs and Settings. The info for the files revealed that they were actually Chrome M1N3R. I deleted the whole folder.

McAfee failed to notice or do anything about them. I ran TDSSKiller as suggested above and it picked up nothing either. I was planning to get rid of McAfee anyway and have now installed MS’s Security Essentials. That’s running as we speak and I’ll see what it detects and fixes; it’s already noted the presence of undesirable files in a pre-scan. After that I’ll see if everything runs OK when my son logs in. If the problem persists I’ll try running ESET’s online scanner and go from there.

I’m about to head off on a week’s holiday so probably won’t update this post, or fix the computer, in any hurry.

EDIT added later: MS Security Essentials' didn't fix it. Will have to try again in a week.

Edited by macfarl99, 04 January 2013 - 02:41 AM.


#9 pikeypikey

pikeypikey
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 04 January 2013 - 11:39 AM

Hello macfarl99 and goodluck on your endeavor

anyways here is what ESET coughed up.

C:\Users\Ernest\Desktop\chrome miner\Windows\miner.dll a variant of Win32/BitCoinMiner.H application cleaned by deleting - quarantined


Its inside the folder of the Chrome M1N3R I managed to move to another directory because I wanted to study it, also inside the folder are 2 header files both of them appear to be code snippets for BitCoin mining ( poclbm project ), what looks like a text output file containing hexes and another dll "usft_ext.dll". I am guessing I should probably delete that one as well

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:25 PM

Posted 04 January 2013 - 11:54 AM

These are hard to find,I think it best to post a DDS log and get a deeper look so all the BITCOINMINERS are found and removed.
Please follow this Preparation Guide and post in a new topic.

Let me know if all went well.

Include this link back to here...

http://www.bleepingcomputer.com/forums/topic480545.html/page__pid__2938520#entry2938520
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#11 pikeypikey

pikeypikey
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 15 January 2013 - 01:12 AM

Hello again boop

Fixed my malware problem, heres the forum link.

http://www.bleepingcomputer.com/forums/topic480654.html

You can safely close this thread now.

Thanks for all your help.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:25 PM

Posted 15 January 2013 - 11:50 AM

Thank you and glad it's all good.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users