Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cyber-Crime-Unit Belgian Police Ukash payment


  • Please log in to reply
29 replies to this topic

#1 HensyrWolf

HensyrWolf

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium (Europe)
  • Local time:06:53 AM

Posted 07 July 2012 - 05:14 PM

Hi,

Hopefuly you guys can understand what i'm writing here in my best englisch, i'm 48 years old and only learn dutch language in my country Belgium (Europe).

The following occurt:

I was searching on a porno site www.uporn.com friday the 6 of july 2012 01:30 u (Brussels time)
suddenly my computer get blockted by the Belgium Cyber Crime unit of the Belgium Police and ask me to pay 100 € to unblock my computer with the Ukash method
Everything was blockted, even my taskbar, start button and desktop wallpaper and desktop icons dissapear.
I try to make a screenshot but that also didn't work

So i went to my second computer and find out that it was a hacker who takes over my computer.

I went back to my first computer who is infected and restart the computer to get in to save mode with network
i did system recovery and bring the computer back to an urly date (3 days) and restart in normal mode
that gives me the opportunity to get back my computer and download Malwarebytes and run it but nothing was found accept of some crack keys on other drives
so i'm pretty sure the hacker has stil some files or other things in my computer and i like to have them removed of it

I have reed in previous topics here to do nothing with programs that go deep in to my computer without any asking to do so.

My question now is what sould i do next?

My computer is a Medion Windows7 PC, Intel® Core™2 Duo CPU E7400 @ 2.80GHz
Installed memory (RAM): 4,00 GB
System type: 64-bit Operating System
Windows 7 Enterprise N Service Pack 1
Windows is activated: product ID: 00426-OEM-8992662-00009
i use two screens with NVIDIA GeForce GT 230


Thanks Sincerely

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:53 PM

Posted 07 July 2012 - 05:17 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)



Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 HensyrWolf

HensyrWolf
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium (Europe)
  • Local time:06:53 AM

Posted 07 July 2012 - 05:21 PM

That's very fast.
Thanks for your reply and i will try to do what you asked asap

Thanks very much

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:53 PM

Posted 07 July 2012 - 05:40 PM

:thumbup2:

#5 HensyrWolf

HensyrWolf
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium (Europe)
  • Local time:06:53 AM

Posted 07 July 2012 - 06:03 PM

Ok it seems not to go very smooth.

The first TDSSkiller did go good!
this is the log:

00:23:52.0819 4932 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
00:23:52.0913 4932 ============================================================
00:23:52.0913 4932 Current date / time: 2012/07/08 00:23:52.0913
00:23:52.0913 4932 SystemInfo:
00:23:52.0913 4932
00:23:52.0913 4932 OS Version: 6.1.7601 ServicePack: 1.0
00:23:52.0913 4932 Product type: Workstation
00:23:52.0913 4932 ComputerName: HENDRIK-PC1
00:23:52.0913 4932 UserName: Hendrik
00:23:52.0913 4932 Windows directory: C:\Windows
00:23:52.0913 4932 System windows directory: C:\Windows
00:23:52.0913 4932 Running under WOW64
00:23:52.0913 4932 Processor architecture: Intel x64
00:23:52.0913 4932 Number of processors: 2
00:23:52.0913 4932 Page size: 0x1000
00:23:52.0913 4932 Boot type: Normal boot
00:23:52.0913 4932 ============================================================
00:23:54.0910 4932 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:24:04.0535 4932 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:24:04.0566 4932 Drive \Device\Harddisk5\DR5 - Size: 0x1DD800000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:24:04.0566 4932 Drive \Device\Harddisk6\DR6 - Size: 0x3BA300000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:24:04.0831 4932 Drive \Device\Harddisk7\DR7 - Size: 0x7D00000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:24:04.0894 4932 ============================================================
00:24:04.0894 4932 \Device\Harddisk0\DR0:
00:24:04.0894 4932 MBR partitions:
00:24:04.0894 4932 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xD629800
00:24:04.0894 4932 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xD65C000, BlocksNum 0x39593000
00:24:04.0894 4932 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x46BEF000, BlocksNum 0x64000
00:24:04.0925 4932 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xB, StartLBA 0x46C53FB4, BlocksNum 0x3C02F0D
00:24:04.0925 4932 \Device\Harddisk1\DR1:
00:24:04.0925 4932 MBR partitions:
00:24:04.0925 4932 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E07482
00:24:04.0925 4932 \Device\Harddisk5\DR5:
00:24:04.0925 4932 MBR partitions:
00:24:04.0925 4932 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x7, StartLBA 0x1F80, BlocksNum 0xEEA080
00:24:04.0925 4932 \Device\Harddisk6\DR6:
00:24:04.0925 4932 MBR partitions:
00:24:04.0925 4932 \Device\Harddisk6\DR6\Partition0: MBR, Type 0x7, StartLBA 0x20, BlocksNum 0x1DD17E0
00:24:04.0925 4932 \Device\Harddisk7\DR7:
00:24:04.0925 4932 MBR partitions:
00:24:04.0925 4932 \Device\Harddisk7\DR7\Partition0: MBR, Type 0x6, StartLBA 0x2F, BlocksNum 0x3E7D1
00:24:04.0925 4932 ============================================================
00:24:04.0956 4932 C: <-> \Device\Harddisk0\DR0\Partition0
00:24:04.0956 4932 E: <-> \Device\Harddisk0\DR0\Partition3
00:24:04.0987 4932 S: <-> \Device\Harddisk1\DR1\Partition0
00:24:05.0003 4932 D: <-> \Device\Harddisk0\DR0\Partition1
00:24:05.0050 4932 O: <-> \Device\Harddisk0\DR0\Partition2
00:24:05.0050 4932 ============================================================
00:24:05.0050 4932 Initialize success
00:24:05.0050 4932 ============================================================
00:25:26.0434 5836 ============================================================
00:25:26.0434 5836 Scan started
00:25:26.0434 5836 Mode: Manual; TDLFS;
00:25:26.0434 5836 ============================================================
00:25:26.0980 5836 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
00:25:26.0996 5836 1394ohci - ok
00:25:27.0043 5836 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:25:27.0043 5836 ACPI - ok
00:25:27.0074 5836 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:25:27.0074 5836 AcpiPmi - ok
00:25:27.0152 5836 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:25:27.0152 5836 AdobeARMservice - ok
00:25:27.0277 5836 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:25:27.0277 5836 AdobeFlashPlayerUpdateSvc - ok
00:25:27.0355 5836 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:25:27.0355 5836 adp94xx - ok
00:25:27.0386 5836 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:25:27.0402 5836 adpahci - ok
00:25:27.0433 5836 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:25:27.0433 5836 adpu320 - ok
00:25:27.0464 5836 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
00:25:27.0464 5836 AeLookupSvc - ok
00:25:27.0542 5836 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
00:25:27.0542 5836 AFD - ok
00:25:27.0573 5836 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:25:27.0573 5836 agp440 - ok
00:25:27.0589 5836 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
00:25:27.0604 5836 ALG - ok
00:25:27.0620 5836 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:25:27.0620 5836 aliide - ok
00:25:27.0651 5836 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:25:27.0651 5836 amdide - ok
00:25:27.0667 5836 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:25:27.0667 5836 AmdK8 - ok
00:25:27.0682 5836 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:25:27.0682 5836 AmdPPM - ok
00:25:27.0714 5836 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:25:27.0714 5836 amdsata - ok
00:25:27.0745 5836 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:25:27.0760 5836 amdsbs - ok
00:25:27.0776 5836 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:25:27.0792 5836 amdxata - ok
00:25:27.0823 5836 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:25:27.0823 5836 AppID - ok
00:25:27.0838 5836 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
00:25:27.0838 5836 AppIDSvc - ok
00:25:27.0870 5836 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
00:25:27.0870 5836 Appinfo - ok
00:25:27.0901 5836 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
00:25:27.0916 5836 AppMgmt - ok
00:25:27.0916 5836 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:25:27.0916 5836 arc - ok
00:25:27.0932 5836 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:25:27.0932 5836 arcsas - ok
00:25:28.0041 5836 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
00:25:28.0057 5836 aspnet_state - ok
00:25:28.0072 5836 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:25:28.0088 5836 AsyncMac - ok
00:25:28.0119 5836 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:25:28.0119 5836 atapi - ok
00:25:28.0166 5836 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:25:28.0182 5836 AudioEndpointBuilder - ok
00:25:28.0182 5836 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:25:28.0197 5836 AudioSrv - ok
00:25:28.0213 5836 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
00:25:28.0213 5836 AxInstSV - ok
00:25:28.0244 5836 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:25:28.0260 5836 b06bdrv - ok
00:25:28.0291 5836 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:25:28.0291 5836 b57nd60a - ok
00:25:28.0400 5836 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
00:25:28.0431 5836 BBSvc - ok
00:25:28.0462 5836 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
00:25:28.0462 5836 BDESVC - ok
00:25:28.0478 5836 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:25:28.0478 5836 Beep - ok
00:25:28.0540 5836 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
00:25:28.0556 5836 BFE - ok
00:25:28.0618 5836 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
00:25:28.0634 5836 BITS - ok
00:25:28.0696 5836 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:25:28.0696 5836 blbdrive - ok
00:25:28.0790 5836 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
00:25:28.0806 5836 Bonjour Service - ok
00:25:28.0837 5836 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:25:28.0837 5836 bowser - ok
00:25:28.0868 5836 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:25:28.0868 5836 BrFiltLo - ok
00:25:28.0868 5836 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:25:28.0868 5836 BrFiltUp - ok
00:25:28.0899 5836 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
00:25:28.0899 5836 Browser - ok
00:25:28.0930 5836 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:25:28.0962 5836 Brserid - ok
00:25:28.0977 5836 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:25:28.0977 5836 BrSerWdm - ok
00:25:28.0977 5836 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:25:28.0977 5836 BrUsbMdm - ok
00:25:28.0993 5836 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:25:28.0993 5836 BrUsbSer - ok
00:25:28.0993 5836 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:25:29.0008 5836 BTHMODEM - ok
00:25:29.0024 5836 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
00:25:29.0024 5836 bthserv - ok
00:25:29.0040 5836 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:25:29.0040 5836 cdfs - ok
00:25:29.0086 5836 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
00:25:29.0102 5836 cdrom - ok
00:25:29.0133 5836 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:25:29.0149 5836 CertPropSvc - ok
00:25:29.0164 5836 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:25:29.0164 5836 circlass - ok
00:25:29.0196 5836 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:25:29.0211 5836 CLFS - ok
00:25:29.0289 5836 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:25:29.0289 5836 clr_optimization_v2.0.50727_32 - ok
00:25:29.0336 5836 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:25:29.0336 5836 clr_optimization_v2.0.50727_64 - ok
00:25:29.0414 5836 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:25:29.0601 5836 clr_optimization_v4.0.30319_32 - ok
00:25:29.0617 5836 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:25:29.0695 5836 clr_optimization_v4.0.30319_64 - ok
00:25:29.0726 5836 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:25:29.0726 5836 CmBatt - ok
00:25:29.0757 5836 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:25:29.0757 5836 cmdide - ok
00:25:29.0820 5836 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
00:25:29.0851 5836 CNG - ok
00:25:29.0882 5836 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:25:29.0882 5836 Compbatt - ok
00:25:29.0913 5836 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
00:25:29.0929 5836 CompositeBus - ok
00:25:29.0944 5836 COMSysApp - ok
00:25:30.0007 5836 cpuz134 - ok
00:25:30.0085 5836 cpuz135 (8f5b84350bfc4fe3a65d921b4bd0e737) C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys
00:25:30.0085 5836 cpuz135 - ok
00:25:30.0085 5836 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:25:30.0085 5836 crcdisk - ok
00:25:30.0132 5836 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
00:25:30.0132 5836 CryptSvc - ok
00:25:30.0194 5836 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
00:25:30.0194 5836 CSC - ok
00:25:30.0256 5836 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
00:25:30.0272 5836 CscService - ok
00:25:30.0366 5836 CTDevice_Srv (a5bea0e5c297f5f3835638a87e512fba) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
00:25:30.0366 5836 CTDevice_Srv - ok
00:25:30.0412 5836 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:25:30.0428 5836 DcomLaunch - ok
00:25:30.0459 5836 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
00:25:30.0475 5836 defragsvc - ok
00:25:30.0553 5836 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:25:30.0553 5836 DfsC - ok
00:25:30.0584 5836 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
00:25:30.0600 5836 Dhcp - ok
00:25:30.0615 5836 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:25:30.0615 5836 discache - ok
00:25:30.0646 5836 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:25:30.0646 5836 Disk - ok
00:25:30.0678 5836 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
00:25:30.0693 5836 Dnscache - ok
00:25:30.0724 5836 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
00:25:30.0740 5836 dot3svc - ok
00:25:30.0787 5836 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
00:25:30.0787 5836 Dot4 - ok
00:25:30.0802 5836 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
00:25:30.0802 5836 Dot4Print - ok
00:25:30.0818 5836 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
00:25:30.0818 5836 dot4usb - ok
00:25:30.0849 5836 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
00:25:30.0865 5836 DPS - ok
00:25:30.0896 5836 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:25:30.0896 5836 drmkaud - ok
00:25:30.0958 5836 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:25:30.0974 5836 DXGKrnl - ok
00:25:31.0021 5836 e1express (416a2007878ed1d6fc5dddb9e1f6db3e) C:\Windows\system32\DRIVERS\e1e6032e.sys
00:25:31.0036 5836 e1express - ok
00:25:31.0052 5836 EagleX64 - ok
00:25:31.0099 5836 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
00:25:31.0099 5836 EapHost - ok
00:25:31.0177 5836 EASEUS Agent (ec7819b90ee202bdc5a5059cf6cb6faa) C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe
00:25:31.0177 5836 EASEUS Agent - ok
00:25:31.0348 5836 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:25:31.0395 5836 ebdrv - ok
00:25:31.0489 5836 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
00:25:31.0489 5836 EFS - ok
00:25:31.0567 5836 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
00:25:31.0598 5836 ehRecvr - ok
00:25:31.0614 5836 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
00:25:31.0614 5836 ehSched - ok
00:25:31.0660 5836 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
00:25:31.0660 5836 ElbyCDIO - ok
00:25:31.0707 5836 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:25:31.0723 5836 elxstor - ok
00:25:31.0754 5836 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:25:31.0754 5836 ErrDev - ok
00:25:31.0801 5836 EUBAKUP (09a6390583c629532407ca7af026ff91) C:\Windows\system32\drivers\eubakup.sys
00:25:31.0801 5836 EUBAKUP - ok
00:25:31.0816 5836 EUBKMON (29f22c20748e3696af0d57dc71cc6a10) C:\Windows\system32\drivers\EUBKMON.sys
00:25:31.0816 5836 EUBKMON - ok
00:25:31.0848 5836 EUDISK (97cd68db973de9c17be205dd2de21563) C:\Windows\system32\drivers\eudisk.sys
00:25:31.0848 5836 EUDISK - ok
00:25:31.0863 5836 EUDSKACS (449070112444b188cf755add0627cd00) C:\Windows\system32\drivers\eudskacs.sys
00:25:31.0879 5836 EUDSKACS - ok
00:25:31.0879 5836 EUFS (6791502d2e6cb3ca67e43fe003e29e0a) C:\Windows\system32\drivers\eufs.sys
00:25:31.0879 5836 EUFS - ok
00:25:31.0941 5836 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
00:25:31.0941 5836 EventSystem - ok
00:25:31.0972 5836 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:25:31.0972 5836 exfat - ok
00:25:32.0004 5836 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:25:32.0019 5836 fastfat - ok
00:25:32.0097 5836 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
00:25:32.0113 5836 Fax - ok
00:25:32.0128 5836 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:25:32.0128 5836 fdc - ok
00:25:32.0144 5836 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
00:25:32.0144 5836 fdPHost - ok
00:25:32.0160 5836 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
00:25:32.0160 5836 FDResPub - ok
00:25:32.0175 5836 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:25:32.0175 5836 FileInfo - ok
00:25:32.0191 5836 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:25:32.0191 5836 Filetrace - ok
00:25:32.0191 5836 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:25:32.0191 5836 flpydisk - ok
00:25:32.0238 5836 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:25:32.0253 5836 FltMgr - ok
00:25:32.0347 5836 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
00:25:32.0362 5836 FontCache - ok
00:25:32.0425 5836 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:25:32.0425 5836 FontCache3.0.0.0 - ok
00:25:32.0456 5836 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:25:32.0456 5836 FsDepends - ok
00:25:32.0503 5836 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
00:25:32.0503 5836 fssfltr - ok
00:25:32.0659 5836 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
00:25:32.0690 5836 fsssvc - ok
00:25:32.0752 5836 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
00:25:32.0752 5836 Fs_Rec - ok
00:25:32.0799 5836 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:25:32.0799 5836 fvevol - ok
00:25:32.0830 5836 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:25:32.0830 5836 gagp30kx - ok
00:25:32.0862 5836 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:25:32.0862 5836 GEARAspiWDM - ok
00:25:32.0924 5836 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
00:25:32.0940 5836 gpsvc - ok
00:25:33.0064 5836 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:25:33.0064 5836 gupdate - ok
00:25:33.0064 5836 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:25:33.0064 5836 gupdatem - ok
00:25:33.0111 5836 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
00:25:33.0127 5836 gusvc - ok
00:25:33.0158 5836 hcmon (ba207b48aa3d9d73fd4856400f852458) C:\Windows\system32\drivers\hcmon.sys
00:25:33.0158 5836 hcmon - ok
00:25:33.0174 5836 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:25:33.0174 5836 hcw85cir - ok
00:25:33.0205 5836 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
00:25:33.0220 5836 HdAudAddService - ok
00:25:33.0267 5836 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
00:25:33.0267 5836 HDAudBus - ok
00:25:33.0283 5836 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:25:33.0283 5836 HidBatt - ok
00:25:33.0283 5836 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:25:33.0283 5836 HidBth - ok
00:25:33.0314 5836 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:25:33.0314 5836 HidIr - ok
00:25:33.0330 5836 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
00:25:33.0330 5836 hidserv - ok
00:25:33.0392 5836 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
00:25:33.0392 5836 HidUsb - ok
00:25:33.0408 5836 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
00:25:33.0408 5836 hkmsvc - ok
00:25:33.0439 5836 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
00:25:33.0454 5836 HomeGroupListener - ok
00:25:33.0501 5836 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
00:25:33.0517 5836 HomeGroupProvider - ok
00:25:33.0642 5836 hpqcxs08 (08457d8f8149757c70cea59c71ec5d27) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
00:25:33.0657 5836 hpqcxs08 - ok
00:25:33.0673 5836 hpqddsvc (75cc8c5146a3fb76221a7606628778d5) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
00:25:33.0673 5836 hpqddsvc - ok
00:25:33.0704 5836 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:25:33.0704 5836 HpSAMD - ok
00:25:33.0782 5836 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:25:33.0782 5836 HTTP - ok
00:25:33.0813 5836 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:25:33.0813 5836 hwpolicy - ok
00:25:33.0876 5836 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
00:25:33.0876 5836 i8042prt - ok
00:25:33.0907 5836 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:25:33.0922 5836 iaStorV - ok
00:25:34.0047 5836 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:25:34.0063 5836 idsvc - ok
00:25:34.0078 5836 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:25:34.0078 5836 iirsp - ok
00:25:34.0203 5836 IJPLMSVC (51516252dbbfed36f70b341dba263167) C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
00:25:34.0203 5836 IJPLMSVC - ok
00:25:34.0266 5836 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
00:25:34.0266 5836 IKEEXT - ok
00:25:34.0437 5836 IntcAzAudAddService (718a4008ee5da174400396b27509ef82) C:\Windows\system32\drivers\RTKVHD64.sys
00:25:34.0468 5836 IntcAzAudAddService - ok
00:25:34.0562 5836 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:25:34.0562 5836 intelide - ok
00:25:34.0593 5836 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:25:34.0593 5836 intelppm - ok
00:25:34.0624 5836 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
00:25:34.0624 5836 IPBusEnum - ok
00:25:34.0640 5836 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:25:34.0640 5836 IpFilterDriver - ok
00:25:34.0687 5836 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
00:25:34.0702 5836 iphlpsvc - ok
00:25:34.0734 5836 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:25:34.0734 5836 IPMIDRV - ok
00:25:34.0749 5836 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:25:34.0749 5836 IPNAT - ok
00:25:34.0780 5836 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:25:34.0780 5836 IRENUM - ok
00:25:34.0796 5836 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:25:34.0796 5836 isapnp - ok
00:25:34.0827 5836 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:25:34.0843 5836 iScsiPrt - ok
00:25:34.0890 5836 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
00:25:34.0890 5836 kbdclass - ok
00:25:34.0936 5836 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
00:25:34.0936 5836 kbdhid - ok
00:25:34.0968 5836 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:25:34.0968 5836 KeyIso - ok
00:25:34.0983 5836 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
00:25:34.0983 5836 KSecDD - ok
00:25:35.0014 5836 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
00:25:35.0030 5836 KSecPkg - ok
00:25:35.0046 5836 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:25:35.0046 5836 ksthunk - ok
00:25:35.0077 5836 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
00:25:35.0092 5836 KtmRm - ok
00:25:35.0139 5836 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
00:25:35.0155 5836 LanmanServer - ok
00:25:35.0186 5836 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
00:25:35.0202 5836 LanmanWorkstation - ok
00:25:35.0326 5836 LBTServ (19eff704cd16dd0429e128431f1dd631) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
00:25:35.0342 5836 LBTServ - ok
00:25:35.0373 5836 LHidFilt (1074c77a47835e03c15bf92452f9a750) C:\Windows\system32\DRIVERS\LHidFilt.Sys
00:25:35.0373 5836 LHidFilt - ok
00:25:35.0420 5836 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:25:35.0420 5836 lltdio - ok
00:25:35.0467 5836 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
00:25:35.0467 5836 lltdsvc - ok
00:25:35.0482 5836 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
00:25:35.0482 5836 lmhosts - ok
00:25:35.0529 5836 LMouFilt (96999c364c649e2866a268f7420a304a) C:\Windows\system32\DRIVERS\LMouFilt.Sys
00:25:35.0529 5836 LMouFilt - ok
00:25:35.0576 5836 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:25:35.0592 5836 LSI_FC - ok
00:25:35.0592 5836 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:25:35.0592 5836 LSI_SAS - ok
00:25:35.0607 5836 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:25:35.0607 5836 LSI_SAS2 - ok
00:25:35.0623 5836 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:25:35.0654 5836 LSI_SCSI - ok
00:25:35.0670 5836 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:25:35.0670 5836 luafv - ok
00:25:35.0716 5836 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
00:25:35.0716 5836 MBAMProtector - ok
00:25:35.0810 5836 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
00:25:35.0826 5836 MBAMService - ok
00:25:35.0872 5836 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
00:25:35.0919 5836 mcdbus - ok
00:25:35.0966 5836 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
00:25:35.0966 5836 Mcx2Svc - ok
00:25:35.0966 5836 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:25:35.0982 5836 megasas - ok
00:25:35.0997 5836 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:25:35.0997 5836 MegaSR - ok
00:25:36.0013 5836 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:25:36.0028 5836 MMCSS - ok
00:25:36.0028 5836 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:25:36.0028 5836 Modem - ok
00:25:36.0044 5836 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:25:36.0044 5836 monitor - ok
00:25:36.0075 5836 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:25:36.0075 5836 mouclass - ok
00:25:36.0106 5836 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:25:36.0106 5836 mouhid - ok
00:25:36.0138 5836 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:25:36.0138 5836 mountmgr - ok
00:25:36.0184 5836 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
00:25:36.0200 5836 MpFilter - ok
00:25:36.0231 5836 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:25:36.0247 5836 mpio - ok
00:25:36.0262 5836 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:25:36.0262 5836 mpsdrv - ok
00:25:36.0340 5836 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
00:25:36.0356 5836 MpsSvc - ok
00:25:36.0387 5836 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:25:36.0387 5836 MRxDAV - ok
00:25:36.0418 5836 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:25:36.0434 5836 mrxsmb - ok
00:25:36.0465 5836 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:25:36.0481 5836 mrxsmb10 - ok
00:25:36.0496 5836 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:25:36.0496 5836 mrxsmb20 - ok
00:25:36.0528 5836 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:25:36.0528 5836 msahci - ok
00:25:36.0574 5836 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:25:36.0574 5836 msdsm - ok
00:25:36.0621 5836 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
00:25:36.0621 5836 MSDTC - ok
00:25:36.0637 5836 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:25:36.0637 5836 Msfs - ok
00:25:36.0668 5836 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:25:36.0668 5836 mshidkmdf - ok
00:25:36.0699 5836 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:25:36.0699 5836 msisadrv - ok
00:25:36.0730 5836 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
00:25:36.0730 5836 MSiSCSI - ok
00:25:36.0746 5836 msiserver - ok
00:25:36.0762 5836 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:25:36.0777 5836 MSKSSRV - ok
00:25:36.0840 5836 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
00:25:36.0840 5836 MsMpSvc - ok
00:25:36.0855 5836 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:25:36.0855 5836 MSPCLOCK - ok
00:25:36.0871 5836 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:25:36.0871 5836 MSPQM - ok
00:25:36.0902 5836 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:25:36.0918 5836 MsRPC - ok
00:25:36.0933 5836 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
00:25:36.0933 5836 mssmbios - ok
00:25:37.0011 5836 MSSQL$SQLEXPRESS - ok
00:25:37.0105 5836 MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
00:25:37.0105 5836 MSSQLServerADHelper100 - ok
00:25:37.0105 5836 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:25:37.0105 5836 MSTEE - ok
00:25:37.0120 5836 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:25:37.0120 5836 MTConfig - ok
00:25:37.0136 5836 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:25:37.0136 5836 Mup - ok
00:25:37.0183 5836 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
00:25:37.0183 5836 napagent - ok
00:25:37.0214 5836 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:25:37.0230 5836 NativeWifiP - ok
00:25:37.0308 5836 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
00:25:37.0323 5836 NDIS - ok
00:25:37.0339 5836 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:25:37.0339 5836 NdisCap - ok
00:25:37.0370 5836 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:25:37.0370 5836 NdisTapi - ok
00:25:37.0386 5836 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:25:37.0386 5836 Ndisuio - ok
00:25:37.0417 5836 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:25:37.0417 5836 NdisWan - ok
00:25:37.0448 5836 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:25:37.0448 5836 NDProxy - ok
00:25:37.0464 5836 Net Driver HPZ12 (b6cba9a0403e2c1a9ea03c33a4932e89) C:\Windows\system32\HPZinw12.dll
00:25:37.0479 5836 Net Driver HPZ12 - ok
00:25:37.0479 5836 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:25:37.0479 5836 NetBIOS - ok
00:25:37.0510 5836 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:25:37.0510 5836 NetBT - ok
00:25:37.0557 5836 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:25:37.0557 5836 Netlogon - ok
00:25:37.0604 5836 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
00:25:37.0620 5836 Netman - ok
00:25:37.0744 5836 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:25:37.0744 5836 NetMsmqActivator - ok
00:25:37.0776 5836 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:25:37.0776 5836 NetPipeActivator - ok
00:25:37.0791 5836 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
00:25:37.0807 5836 netprofm - ok
00:25:37.0822 5836 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:25:37.0822 5836 NetTcpActivator - ok
00:25:37.0822 5836 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:25:37.0822 5836 NetTcpPortSharing - ok
00:25:37.0869 5836 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:25:37.0869 5836 nfrd960 - ok
00:25:37.0885 5836 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
00:25:37.0900 5836 NisDrv - ok
00:25:37.0978 5836 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
00:25:37.0978 5836 NisSrv - ok
00:25:38.0041 5836 NitroReaderDriverReadSpool2 (0734398d3d99986bb8006e9bb5eab1e5) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
00:25:38.0056 5836 NitroReaderDriverReadSpool2 - ok
00:25:38.0103 5836 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
00:25:38.0119 5836 NlaSvc - ok
00:25:38.0134 5836 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:25:38.0134 5836 Npfs - ok
00:25:38.0150 5836 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
00:25:38.0150 5836 nsi - ok
00:25:38.0166 5836 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:25:38.0166 5836 nsiproxy - ok
00:25:38.0259 5836 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:25:38.0290 5836 Ntfs - ok
00:25:38.0384 5836 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:25:38.0384 5836 Null - ok
00:25:38.0977 5836 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:25:39.0148 5836 nvlddmkm - ok
00:25:39.0289 5836 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:25:39.0289 5836 nvraid - ok
00:25:39.0320 5836 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:25:39.0320 5836 nvstor - ok
00:25:39.0398 5836 nvsvc (dfda089bb2cd0ff7e789e2ef6ba1e4ba) C:\Windows\system32\nvvsvc.exe
00:25:39.0414 5836 nvsvc - ok
00:25:39.0601 5836 nvUpdatusService (e7818cd4fb51284c948d68a7a85a69b8) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
00:25:39.0616 5836 nvUpdatusService - ok
00:25:39.0694 5836 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:25:39.0694 5836 nv_agp - ok
00:25:39.0788 5836 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:25:39.0804 5836 odserv - ok
00:25:39.0835 5836 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:25:39.0835 5836 ohci1394 - ok
00:25:39.0866 5836 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:25:39.0866 5836 ose - ok
00:25:39.0928 5836 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:25:39.0928 5836 p2pimsvc - ok
00:25:39.0960 5836 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
00:25:39.0975 5836 p2psvc - ok
00:25:40.0006 5836 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:25:40.0006 5836 Parport - ok
00:25:40.0038 5836 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
00:25:40.0038 5836 partmgr - ok
00:25:40.0053 5836 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
00:25:40.0053 5836 PcaSvc - ok
00:25:40.0100 5836 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:25:40.0100 5836 pci - ok
00:25:40.0116 5836 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:25:40.0116 5836 pciide - ok
00:25:40.0147 5836 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:25:40.0147 5836 pcmcia - ok
00:25:40.0162 5836 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:25:40.0162 5836 pcw - ok
00:25:40.0209 5836 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:25:40.0225 5836 PEAUTH - ok
00:25:40.0303 5836 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
00:25:40.0396 5836 PeerDistSvc - ok
00:25:40.0459 5836 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
00:25:40.0459 5836 PerfHost - ok
00:25:40.0599 5836 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
00:25:40.0630 5836 pla - ok
00:25:40.0662 5836 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
00:25:40.0677 5836 PlugPlay - ok
00:25:40.0708 5836 Pml Driver HPZ12 (35ccb20b0d730b7764d049463e4b2ac5) C:\Windows\system32\HPZipm12.dll
00:25:40.0708 5836 Pml Driver HPZ12 - ok
00:25:40.0724 5836 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
00:25:40.0724 5836 PNRPAutoReg - ok
00:25:40.0755 5836 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:25:40.0755 5836 PNRPsvc - ok
00:25:40.0802 5836 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
00:25:40.0818 5836 PolicyAgent - ok
00:25:40.0849 5836 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
00:25:40.0849 5836 Power - ok
00:25:40.0880 5836 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:25:40.0880 5836 PptpMiniport - ok
00:25:40.0896 5836 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:25:40.0911 5836 Processor - ok
00:25:40.0958 5836 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
00:25:40.0974 5836 ProfSvc - ok
00:25:40.0989 5836 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:25:40.0989 5836 ProtectedStorage - ok
00:25:41.0020 5836 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:25:41.0020 5836 Psched - ok
00:25:41.0052 5836 PSMounter (838e03c9da764467edd9b99d1efb809c) C:\Windows\system32\drivers\psmounter.sys
00:25:41.0395 5836 PSMounter - ok
00:25:41.0473 5836 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:25:41.0488 5836 ql2300 - ok
00:25:41.0551 5836 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:25:41.0551 5836 ql40xx - ok
00:25:41.0582 5836 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
00:25:41.0598 5836 QWAVE - ok
00:25:41.0613 5836 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:25:41.0629 5836 QWAVEdrv - ok
00:25:41.0629 5836 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:25:41.0629 5836 RasAcd - ok
00:25:41.0676 5836 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:25:41.0676 5836 RasAgileVpn - ok
00:25:41.0691 5836 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
00:25:41.0691 5836 RasAuto - ok
00:25:41.0722 5836 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:25:41.0738 5836 Rasl2tp - ok
00:25:41.0754 5836 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
00:25:41.0769 5836 RasMan - ok
00:25:41.0800 5836 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:25:41.0800 5836 RasPppoe - ok
00:25:41.0800 5836 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:25:41.0816 5836 RasSstp - ok
00:25:41.0832 5836 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:25:41.0847 5836 rdbss - ok
00:25:41.0863 5836 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:25:41.0863 5836 rdpbus - ok
00:25:41.0878 5836 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:25:41.0878 5836 RDPCDD - ok
00:25:41.0910 5836 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
00:25:41.0925 5836 RDPDR - ok
00:25:41.0941 5836 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:25:41.0941 5836 RDPENCDD - ok
00:25:41.0972 5836 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:25:41.0972 5836 RDPREFMP - ok
00:25:42.0003 5836 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
00:25:42.0003 5836 RdpVideoMiniport - ok
00:25:42.0034 5836 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
00:25:42.0050 5836 RDPWD - ok
00:25:42.0081 5836 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:25:42.0097 5836 rdyboost - ok
00:25:42.0175 5836 ReflectService (be9861e1a18e01c38338feacd75c5ead) C:\Program Files\Macrium\Reflect\ReflectService.exe
00:25:42.0206 5836 ReflectService - ok
00:25:42.0253 5836 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
00:25:42.0253 5836 RemoteAccess - ok
00:25:42.0268 5836 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
00:25:42.0284 5836 RemoteRegistry - ok
00:25:42.0284 5836 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
00:25:42.0300 5836 RpcEptMapper - ok
00:25:42.0331 5836 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
00:25:42.0331 5836 RpcLocator - ok
00:25:42.0378 5836 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:25:42.0378 5836 RpcSs - ok
00:25:42.0456 5836 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
00:25:42.0471 5836 RsFx0103 - ok
00:25:42.0518 5836 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:25:42.0518 5836 rspndr - ok
00:25:42.0518 5836 rt61x64 - ok
00:25:42.0596 5836 RTL8192su (a332db1dac07e95667a57aaeec236c37) C:\Windows\system32\DRIVERS\RTL8192su.sys
00:25:42.0612 5836 RTL8192su - ok
00:25:42.0627 5836 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
00:25:42.0627 5836 s3cap - ok
00:25:42.0658 5836 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:25:42.0658 5836 SamSs - ok
00:25:42.0690 5836 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:25:42.0690 5836 sbp2port - ok
00:25:42.0705 5836 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
00:25:42.0721 5836 SCardSvr - ok
00:25:42.0752 5836 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:25:42.0752 5836 scfilter - ok
00:25:42.0830 5836 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
00:25:42.0846 5836 Schedule - ok
00:25:42.0877 5836 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:25:42.0877 5836 SCPolicySvc - ok
00:25:42.0908 5836 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
00:25:42.0908 5836 SDRSVC - ok
00:25:43.0002 5836 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
00:25:43.0017 5836 SeaPort - ok
00:25:43.0080 5836 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:25:43.0080 5836 secdrv - ok
00:25:43.0095 5836 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
00:25:43.0095 5836 seclogon - ok
00:25:43.0111 5836 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
00:25:43.0126 5836 SENS - ok
00:25:43.0126 5836 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
00:25:43.0142 5836 SensrSvc - ok
00:25:43.0158 5836 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:25:43.0158 5836 Serenum - ok
00:25:43.0173 5836 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:25:43.0173 5836 Serial - ok
00:25:43.0204 5836 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:25:43.0204 5836 sermouse - ok
00:25:43.0236 5836 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
00:25:43.0236 5836 SessionEnv - ok
00:25:43.0251 5836 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:25:43.0251 5836 sffdisk - ok
00:25:43.0267 5836 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:25:43.0282 5836 sffp_mmc - ok
00:25:43.0282 5836 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:25:43.0282 5836 sffp_sd - ok
00:25:43.0298 5836 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:25:43.0298 5836 sfloppy - ok
00:25:43.0345 5836 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
00:25:43.0360 5836 SharedAccess - ok
00:25:43.0392 5836 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
00:25:43.0407 5836 ShellHWDetection - ok
00:25:43.0407 5836 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:25:43.0407 5836 SiSRaid2 - ok
00:25:43.0423 5836 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:25:43.0423 5836 SiSRaid4 - ok
00:25:43.0438 5836 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:25:43.0438 5836 Smb - ok
00:25:43.0470 5836 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
00:25:43.0470 5836 SNMPTRAP - ok
00:25:43.0485 5836 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:25:43.0485 5836 spldr - ok
00:25:43.0532 5836 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
00:25:43.0548 5836 Spooler - ok
00:25:43.0735 5836 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
00:25:43.0782 5836 sppsvc - ok
00:25:43.0860 5836 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
00:25:43.0860 5836 sppuinotify - ok
00:25:44.0000 5836 SQLAgent$SQLEXPRESS (12e6d95cde974b131defaa44bab8b056) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
00:25:44.0000 5836 SQLAgent$SQLEXPRESS - ok
00:25:44.0094 5836 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
00:25:44.0109 5836 SQLBrowser - ok
00:25:44.0187 5836 SQLWriter (6d65985945b03ca59b67d0b73702fc7b) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
00:25:44.0187 5836 SQLWriter - ok
00:25:44.0250 5836 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:25:44.0265 5836 srv - ok
00:25:44.0281 5836 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:25:44.0296 5836 srv2 - ok
00:25:44.0312 5836 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:25:44.0374 5836 srvnet - ok
00:25:44.0406 5836 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
00:25:44.0406 5836 SSDPSRV - ok
00:25:44.0421 5836 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
00:25:44.0421 5836 SstpSvc - ok
00:25:44.0530 5836 Stereo Service (6086b60f2e36d06a063cb07ed0524332) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
00:25:44.0546 5836 Stereo Service - ok
00:25:44.0577 5836 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:25:44.0577 5836 stexstor - ok
00:25:44.0624 5836 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
00:25:44.0640 5836 stisvc - ok
00:25:44.0655 5836 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
00:25:44.0655 5836 storflt - ok
00:25:44.0686 5836 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
00:25:44.0686 5836 StorSvc - ok
00:25:44.0718 5836 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
00:25:44.0718 5836 storvsc - ok
00:25:44.0733 5836 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
00:25:44.0733 5836 swenum - ok
00:25:44.0764 5836 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
00:25:44.0780 5836 swprv - ok
00:25:44.0796 5836 Synth3dVsc - ok
00:25:44.0905 5836 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
00:25:44.0936 5836 SysMain - ok
00:25:45.0045 5836 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
00:25:45.0045 5836 TabletInputService - ok
00:25:45.0076 5836 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
00:25:45.0092 5836 TapiSrv - ok
00:25:45.0123 5836 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
00:25:45.0123 5836 TBS - ok
00:25:45.0248 5836 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
00:25:45.0279 5836 Tcpip - ok
00:25:45.0388 5836 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
00:25:45.0404 5836 TCPIP6 - ok
00:25:45.0466 5836 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:25:45.0466 5836 tcpipreg - ok
00:25:45.0498 5836 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:25:45.0498 5836 TDPIPE - ok
00:25:45.0529 5836 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
00:25:45.0529 5836 TDTCP - ok
00:25:45.0560 5836 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:25:45.0560 5836 tdx - ok
00:25:45.0778 5836 TeamViewer7 (de09282b3abef632917ebedc4dcdfb56) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
00:25:45.0794 5836 TeamViewer7 - ok
00:25:45.0841 5836 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
00:25:45.0841 5836 TermDD - ok
00:25:45.0888 5836 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
00:25:45.0903 5836 TermService - ok
00:25:45.0934 5836 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
00:25:45.0934 5836 Themes - ok
00:25:45.0966 5836 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:25:45.0966 5836 THREADORDER - ok
00:25:45.0981 5836 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
00:25:45.0981 5836 TrkWks - ok
00:25:46.0028 5836 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
00:25:46.0044 5836 TrustedInstaller - ok
00:25:46.0075 5836 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:25:46.0075 5836 tssecsrv - ok
00:25:46.0090 5836 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:25:46.0090 5836 TsUsbFlt - ok
00:25:46.0106 5836 tsusbhub - ok
00:25:46.0137 5836 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:25:46.0137 5836 tunnel - ok
00:25:46.0153 5836 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:25:46.0168 5836 uagp35 - ok
00:25:46.0184 5836 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:25:46.0200 5836 udfs - ok
00:25:46.0246 5836 ufad-ws60 (215462ae7e6a897d675e84dd1e3b3b56) D:\VMWare Workstation\vmware-ufad.exe
00:25:46.0309 5836 ufad-ws60 - ok
00:25:46.0356 5836 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
00:25:46.0356 5836 UI0Detect - ok
00:25:46.0387 5836 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:25:46.0387 5836 uliagpkx - ok
00:25:46.0418 5836 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
00:25:46.0418 5836 umbus - ok
00:25:46.0434 5836 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:25:46.0434 5836 UmPass - ok
00:25:46.0465 5836 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
00:25:46.0480 5836 UmRdpService - ok
00:25:46.0512 5836 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
00:25:46.0527 5836 upnphost - ok
00:25:46.0558 5836 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
00:25:46.0558 5836 USBAAPL64 - ok
00:25:46.0590 5836 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
00:25:46.0590 5836 usbccgp - ok
00:25:46.0621 5836 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:25:46.0621 5836 usbcir - ok
00:25:46.0636 5836 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
00:25:46.0636 5836 usbehci - ok
00:25:46.0683 5836 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
00:25:46.0699 5836 usbhub - ok
00:25:46.0730 5836 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
00:25:46.0730 5836 usbohci - ok
00:25:46.0746 5836 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:25:46.0746 5836 usbprint - ok
00:25:46.0777 5836 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
00:25:46.0777 5836 usbscan - ok
00:25:46.0808 5836 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:25:46.0808 5836 USBSTOR - ok
00:25:46.0824 5836 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
00:25:46.0824 5836 usbuhci - ok
00:25:46.0839 5836 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
00:25:46.0839 5836 UxSms - ok
00:25:46.0870 5836 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:25:46.0870 5836 VaultSvc - ok
00:25:47.0229 5836 VBoxNetAdp (d119c47f337b5b5a80e259563703a922) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
00:25:47.0229 5836 VBoxNetAdp - ok
00:25:47.0245 5836 VBoxNetFlt - ok
00:25:47.0276 5836 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
00:25:47.0276 5836 VClone - ok
00:25:47.0307 5836 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:25:47.0323 5836 vdrvroot - ok
00:25:47.0370 5836 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
00:25:47.0385 5836 vds - ok
00:25:47.0401 5836 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:25:47.0401 5836 vga - ok
00:25:47.0401 5836 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:25:47.0401 5836 VgaSave - ok
00:25:47.0416 5836 VGPU - ok
00:25:47.0432 5836 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:25:47.0432 5836 vhdmp - ok
00:25:47.0463 5836 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:25:47.0463 5836 viaide - ok
00:25:47.0916 5836 VMAuthdService (6fc9b272b838ee8f5fa0e4a7e971154a) D:\VMWare Workstation\vmware-authd.exe
00:25:47.0916 5836 VMAuthdService - ok
00:25:47.0962 5836 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
00:25:47.0962 5836 vmbus - ok
00:25:47.0994 5836 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
00:25:47.0994 5836 VMBusHID - ok
00:25:48.0025 5836 vmci (b49cb94db99519f9dc7f77d2d1f215b5) C:\Windows\system32\drivers\vmci.sys
00:25:48.0040 5836 vmci - ok
00:25:48.0056 5836 vmkbd (1af6462718e5ab0ed55014a6ef3790ef) C:\Windows\system32\drivers\VMkbd.sys
00:25:48.0056 5836 vmkbd - ok
00:25:48.0072 5836 VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys
00:25:48.0072 5836 VMnetAdapter - ok
00:25:48.0103 5836 VMnetBridge (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys
00:25:48.0103 5836 VMnetBridge - ok
00:25:48.0103 5836 VMnetDHCP - ok
00:25:48.0134 5836 VMnetuserif (163b05050fcd9635242ec5206c19a182) C:\Windows\system32\drivers\vmnetuserif.sys
00:25:48.0134 5836 VMnetuserif - ok
00:25:48.0181 5836 vmusb (415b167695c4b5960a13098622ef3d80) C:\Windows\system32\Drivers\vmusb.sys
00:25:48.0181 5836 vmusb - ok
00:25:48.0274 5836 VMUSBArbService (f22098dbdd13c1221c274496b3e18da7) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
00:25:48.0290 5836 VMUSBArbService - ok
00:25:48.0290 5836 VMware NAT Service - ok
00:25:48.0321 5836 vmx86 (f2a8ee62d7161e1598cdd269bf22a03d) C:\Windows\system32\drivers\vmx86.sys
00:25:48.0321 5836 vmx86 - ok
00:25:48.0352 5836 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:25:48.0368 5836 volmgr - ok
00:25:48.0415 5836 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:25:48.0415 5836 volmgrx - ok
00:25:48.0462 5836 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:25:48.0477 5836 volsnap - ok
00:25:48.0508 5836 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:25:48.0508 5836 vsmraid - ok
00:25:48.0602 5836 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
00:25:48.0633 5836 VSS - ok
00:25:48.0664 5836 vstor2-ws60 (e61c910e2ddf4797c1b1f9239636e894) D:\VMWare Workstation\vstor2-ws60.sys
00:25:48.0664 5836 vstor2-ws60 - ok
00:25:48.0758 5836 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
00:25:48.0758 5836 vwifibus - ok
00:25:48.0774 5836 VWiFiFlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:25:48.0774 5836 VWiFiFlt - ok
00:25:48.0789 5836 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
00:25:48.0789 5836 vwifimp - ok
00:25:48.0820 5836 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
00:25:48.0836 5836 W32Time - ok
00:25:48.0852 5836 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:25:48.0852 5836 WacomPen - ok
00:25:48.0898 5836 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:25:48.0898 5836 WANARP - ok
00:25:48.0898 5836 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:25:48.0898 5836 Wanarpv6 - ok
00:25:49.0008 5836 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
00:25:49.0023 5836 wbengine - ok
00:25:49.0101 5836 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
00:25:49.0117 5836 WbioSrvc - ok
00:25:49.0148 5836 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
00:25:49.0164 5836 wcncsvc - ok
00:25:49.0179 5836 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
00:25:49.0195 5836 WcsPlugInService - ok
00:25:49.0226 5836 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:25:49.0242 5836 Wd - ok
00:25:49.0273 5836 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:25:49.0288 5836 Wdf01000 - ok
00:25:49.0304 5836 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:25:49.0304 5836 WdiServiceHost - ok
00:25:49.0320 5836 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:25:49.0320 5836 WdiSystemHost - ok
00:25:49.0335 5836 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
00:25:49.0351 5836 WebClient - ok
00:25:49.0382 5836 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
00:25:49.0398 5836 Wecsvc - ok
00:25:49.0413 5836 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
00:25:49.0413 5836 wercplsupport - ok
00:25:49.0460 5836 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
00:25:49.0460 5836 WerSvc - ok
00:25:49.0491 5836 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:25:49.0491 5836 WfpLwf - ok
00:25:49.0522 5836 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:25:49.0522 5836 WIMMount - ok
00:25:49.0554 5836 WinDefend - ok
00:25:49.0554 5836 WinHttpAutoProxySvc - ok
00:25:49.0632 5836 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
00:25:49.0663 5836 Winmgmt - ok
00:25:49.0756 5836 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
00:25:49.0803 5836 WinRM - ok
00:25:49.0944 5836 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
00:25:49.0959 5836 Wlansvc - ok
00:25:50.0037 5836 WlanWpsSvc (c71ee856c4f5b52e2d094f494cee4936) C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe
00:25:50.0037 5836 WlanWpsSvc - ok
00:25:50.0100 5836 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:25:50.0100 5836 wlcrasvc - ok
00:25:50.0271 5836 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:25:50.0287 5836 wlidsvc - ok
00:25:50.0412 5836 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
00:25:50.0412 5836 WmiAcpi - ok
00:25:50.0458 5836 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
00:25:50.0474 5836 wmiApSrv - ok
00:25:50.0505 5836 WMPNetworkSvc - ok
00:25:50.0505 5836 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
00:25:50.0521 5836 WPCSvc - ok
00:25:50.0568 5836 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
00:25:50.0568 5836 WPDBusEnum - ok
00:25:50.0599 5836 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:25:50.0599 5836 ws2ifsl - ok
00:25:50.0614 5836 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
00:25:50.0614 5836 wscsvc - ok
00:25:50.0614 5836 WSearch - ok
00:25:50.0755 5836 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
00:25:50.0786 5836 wuauserv - ok
00:25:50.0880 5836 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:25:50.0880 5836 WudfPf - ok
00:25:50.0911 5836 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:25:50.0911 5836 WUDFRd - ok
00:25:50.0942 5836 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
00:25:50.0942 5836 wudfsvc - ok
00:25:50.0989 5836 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
00:25:51.0004 5836 WwanSvc - ok
00:25:51.0036 5836 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:25:51.0426 5836 \Device\Harddisk0\DR0 - ok
00:25:51.0441 5836 MBR (0x1B8) (180dbde3af7ea48b3db3ac27b1ddf401) \Device\Harddisk1\DR1
00:25:51.0628 5836 \Device\Harddisk1\DR1 - ok
00:25:51.0628 5836 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk5\DR5
00:25:51.0769 5836 \Device\Harddisk5\DR5 - ok
00:25:51.0784 5836 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk6\DR6
00:25:51.0909 5836 \Device\Harddisk6\DR6 - ok
00:25:51.0987 5836 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk7\DR7
00:25:52.0892 5836 \Device\Harddisk7\DR7 - ok
00:25:52.0892 5836 Boot (0x1200) (3a623bea0ec005541b9b8a64595108fd) \Device\Harddisk0\DR0\Partition0
00:25:52.0892 5836 \Device\Harddisk0\DR0\Partition0 - ok
00:25:52.0908 5836 Boot (0x1200) (175f891511d985c76f62ce3faf38ecbe) \Device\Harddisk0\DR0\Partition1
00:25:52.0923 5836 \Device\Harddisk0\DR0\Partition1 - ok
00:25:52.0939 5836 Boot (0x1200) (fafcfb6fb93f3bd1558b0088f9a3868b) \Device\Harddisk0\DR0\Partition2
00:25:52.0939 5836 \Device\Harddisk0\DR0\Partition2 - ok
00:25:52.0939 5836 Boot (0x1200) (2ed76532aa4ec9a321a28b4181c0671f) \Device\Harddisk0\DR0\Partition3
00:25:52.0954 5836 \Device\Harddisk0\DR0\Partition3 - ok
00:25:52.0954 5836 Boot (0x1200) (c011b465ffeb6613c0c73da055c7fcfc) \Device\Harddisk1\DR1\Partition0
00:25:52.0954 5836 \Device\Harddisk1\DR1\Partition0 - ok
00:25:52.0954 5836 Boot (0x1200) (6466998b754071a59125f12143c9b511) \Device\Harddisk5\DR5\Partition0
00:25:52.0954 5836 \Device\Harddisk5\DR5\Partition0 - ok
00:25:52.0970 5836 Boot (0x1200) (c17b078931aa91f198db71548a363ff3) \Device\Harddisk6\DR6\Partition0
00:25:52.0970 5836 \Device\Harddisk6\DR6\Partition0 - ok
00:25:52.0986 5836 Boot (0x1200) (c1fe5a95df91699314a8b6186a8cc4f0) \Device\Harddisk7\DR7\Partition0
00:25:52.0986 5836 \Device\Harddisk7\DR7\Partition0 - ok
00:25:52.0986 5836 ============================================================
00:25:52.0986 5836 Scan finished
00:25:52.0986 5836 ============================================================
00:25:53.0001 5492 Detected object count: 0
00:25:53.0001 5492 Actual detected object count: 0

the second went completely wrong:

The following occurt:

A window popup and says:
"Avast!Antirootkit has stopped working
a problem caused the program to stop working correctly.
Windows will close the program and notify you if a solution is available"

So i don't can give you a report of the scan results here.

Should i go on with the third Eset onlinescanner?

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:53 PM

Posted 07 July 2012 - 06:30 PM

yes

#7 HensyrWolf

HensyrWolf
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium (Europe)
  • Local time:06:53 AM

Posted 08 July 2012 - 04:33 AM

Ok here is the link for the Rootkit that has stopped working: Posted Image

Uploaded with ImageShack.us

i hope you can see it.

The Eset online scan list:

C:\Program Files (x86)\Edraw Max\ssloader.e32 a variant of Win32/KeyLogger.Ardamax.NAS application cleaned by deleting - quarantined
C:\Users\Hendrik\AppData\Local\setup.exe MSIL/DownVision.A application cleaned by deleting - quarantined
C:\Users\Hendrik\AppData\Local\Microsoft\Windows Live Mail\Gmail (Hens 46e\[Gmail]\Prullenbak\16496DF1-00000037.eml HTML/Pharmacy.A trojan cleaned by deleting - quarantined
D:\My Downloads\OpenAudit\openauditrelease-09.12.23-SVN1233\scripts\RemCom.exe a variant of Win32/RemoteAdmin.RemoteExec.AA application cleaned by deleting - quarantined
D:\My Downloads\school audio driver\windows 7 audio driver.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
D:\My Downloads\Winamp\winamp561_full_emusic-7plus_all.exe Win32/OpenCandy application cleaned by deleting - quarantined
D:\My Downloads\Zip file opener\installer_tugzip_3_5_0_0_Dutch.exe multiple threats cleaned by deleting - quarantined
M:\installer_tugzip_3_5_0_0_Dutch.exe multiple threats cleaned by deleting - quarantined
M:\winamp561_full_emusic-7plus_all.exe Win32/OpenCandy application cleaned by deleting - quarantined
M:\PC Wizzard\SoftonicDownloader_for_pc-wizard.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
M:\VDAB opleiding\Edraw Max\setup\edrawmax.exe a variant of Win32/KeyLogger.Ardamax.NAS application cleaned by deleting - quarantined
M:\VDAB opleiding\ISO\Microsoft\w7lxe.exe a variant of Win32/HackKMS.A application cleaned by deleting - quarantined
M:\VDAB opleiding\Tarim Windows\Edraw Max\setup\edrawmax.exe a variant of Win32/KeyLogger.Ardamax.NAS application cleaned by deleting - quarantined
M:\Winamp\winamp561_full_emusic-7plus_all.exe Win32/OpenCandy application cleaned by deleting - quarantined
M:\Windows 7 Loader eXtreme Edition\w7lxe.exe a variant of Win32/HackKMS.A application cleaned by deleting - quarantined
M:\Zip file opener\Tugzip\installer_tugzip_3_5_0_0_Dutch.exe multiple threats cleaned by deleting - quarantined
R:\Gegevens van documenten station\stick 8Gb recup\Tarim Windows\Edraw Max\setup\edrawmax.exe a variant of Win32/KeyLogger.Ardamax.NAS application cleaned by deleting - quarantined
R:\mail berichten opgeslagen\Gmail (Hens 46e\[Gmail]\Spam\0E220779-0000003B.eml HTML/Pharmacy.A trojan cleaned by deleting - quarantined
S:\$RECYCLE.BIN\S-1-5-21-1909459099-1005527334-456639413-1000\$R3UJUJC\Backup files 9.zip Win32/Adware.Bandoo application deleted - quarantined
S:\Backup stick 8Gb\8Gb stick\Edraw Max\setup\edrawmax.exe a variant of Win32/KeyLogger.Ardamax.NAS application cleaned by deleting - quarantined
S:\Backup stick 8Gb\8Gb stick\Mini Project\Edraw Max\setup\edrawmax.exe a variant of Win32/KeyLogger.Ardamax.NAS application cleaned by deleting - quarantined
S:\Backup stick 8Gb\8Gb stick\Software\Windows 7 Loader eXtreme Edition\w7lxe.exe a variant of Win32/HackKMS.A application cleaned by deleting - quarantined
S:\Backup stick 8Gb\8Gb stick\Windows 7 Loader eXtreme Edition\w7lxe.exe a variant of Win32/HackKMS.A application cleaned by deleting - quarantined

Here are 23 files infected, waaauw.

Should i delete these quarantined files?
Here is a screenshot of the Eset onlinescanner.

Posted Image

Uploaded with ImageShack.us

I hope you are satisfied with these results, and maybe we can solve the problem and get rid of the hacker.

Thanks for the effort to help.

#8 HensyrWolf

HensyrWolf
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium (Europe)
  • Local time:06:53 AM

Posted 08 July 2012 - 04:57 AM

I'm back after reeding the last list from Eset online scanner and see that not only trojans are quarantined but also some files from programs that ive got from my teacher on the computer school Tarim.
Are these programs still working after deleting these files?
For example there are programs like Windows 7 and EdrawMax that often bin used for school when we have to implement them in a new server excersize of VMWare
So maybe ive got problems then and have to ask Tarim again for the stick with software.

Hopfully you understand what i'm writing here, because now it begins difficult to find the wright words.

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:53 PM

Posted 08 July 2012 - 05:54 AM

Yes,you may need to reinstall them

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Did you try running ASWMBR in safemode with networking?

#10 HensyrWolf

HensyrWolf
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium (Europe)
  • Local time:06:53 AM

Posted 08 July 2012 - 05:57 AM

Did you try running ASWMBR in safemode with networking?

No i didn't. Just in normal mode, should i try again running ASWMBR in save mode with networking after mbam?
mbam is now scanning but that will take some time.
The link for mbam is good but the download knob won't work, so i scan with mbam that already exist on my computer, i hope this also is good?

Edited by HensyrWolf, 08 July 2012 - 06:16 AM.


#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:53 PM

Posted 08 July 2012 - 06:29 AM

No i didn't. Just in normal mode, should i try again running ASWMBR in save mode with networking after mbam?

yes

The link for mbam is good but the download knob won't work, so i scan with mbam that already exist on my computer, i hope this also is good?


Update MBAM before scanning

Edited by narenxp, 08 July 2012 - 06:29 AM.


#12 HensyrWolf

HensyrWolf
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium (Europe)
  • Local time:06:53 AM

Posted 08 July 2012 - 06:59 AM

Update MBAM before scanning


Ok thanks, i will run ASWMBR in save mode with netork after mbam.
I did update mbam before running yes, it is still running for now.

I also make some changes on my profile here while it's running, i hope this will not affect the running of mbam.

Haha these fine avatar i find here is exactly telling what i'm doeing here in the effort to try understand more about computers, haha

Edited by HensyrWolf, 08 July 2012 - 07:16 AM.


#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:53 PM

Posted 08 July 2012 - 07:15 AM

:thumbup2:

#14 HensyrWolf

HensyrWolf
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium (Europe)
  • Local time:06:53 AM

Posted 08 July 2012 - 07:28 AM

Haha i see :hello: :welcome: :cool: :busy: :thumbup2: :hysterical: :thumbsup: :hysterical:

mbam is still running hmmppfff :whistle: :unsure:

Edited by HensyrWolf, 08 July 2012 - 07:31 AM.


#15 HensyrWolf

HensyrWolf
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium (Europe)
  • Local time:06:53 AM

Posted 08 July 2012 - 09:12 AM

Wright, here is the mbam log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Databaseversie: v2012.07.08.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Hendrik :: HENDRIK-PC1 [administrator]

Realtime bescherming: Ingeschakeld

8/07/2012 13:07:28
mbam-log-2012-07-08 (13-07-28).txt

Scantype: Volledige scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM | P2P
Uitgeschakelde scanopties:
Objecten gescand: 960560
Verstreken tijd: 2 uur/uren, 53 minuut/minuten, 42 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

(einde)

there are no bad objects detected. :blink:

i also have an other report of mbam, a protection-log
maybe it is also usefull to you:

2012/07/08 00:59:55 +0200 HENDRIK-PC1 Hendrik IP-BLOCK 91.188.38.205 (Type: outgoing, Port: 49757, Process: utorrent.exe)
2012/07/08 01:16:28 +0200 HENDRIK-PC1 Hendrik IP-BLOCK 89.28.105.21 (Type: outgoing, Port: 49757, Process: utorrent.exe)
2012/07/08 01:16:36 +0200 HENDRIK-PC1 Hendrik IP-BLOCK 217.24.246.34 (Type: outgoing, Port: 49757, Process: utorrent.exe)
2012/07/08 01:16:44 +0200 HENDRIK-PC1 Hendrik IP-BLOCK 222.69.27.1 (Type: outgoing, Port: 49757, Process: utorrent.exe)
2012/07/08 13:05:14 +0200 HENDRIK-PC1 Hendrik MESSAGE Starting database refresh
2012/07/08 13:05:14 +0200 HENDRIK-PC1 Hendrik MESSAGE Stopping IP protection
2012/07/08 13:07:29 +0200 HENDRIK-PC1 Hendrik MESSAGE IP Protection stopped
2012/07/08 13:07:33 +0200 HENDRIK-PC1 Hendrik MESSAGE Database refreshed successfully
2012/07/08 13:07:33 +0200 HENDRIK-PC1 Hendrik MESSAGE Starting IP protection
2012/07/08 13:07:35 +0200 HENDRIK-PC1 Hendrik MESSAGE IP Protection started successfully

µtorrent is terminated by myself.

I will now proceed to restart the computer in save mode with network and run ASWMBR before continue in normal mode with the mini toolbox.

see ya later :wink:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users