Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef.AH and Sirefef.R infection


  • This topic is locked This topic is locked
3 replies to this topic

#1 snuix89

snuix89

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 07 August 2012 - 06:24 AM

I have a laptop with Windows 7 Ultimate 32 bit. MSE reports both Sirefef.AH and Sirefef.R. The laptop reboots every minute. I have tried to remove them using both MSE and MalwareBytes with no success. The computer reboots before DDS or GMER can run. What should I do next. I have both an FRST log and TDSKiller log. I could not get DDS to complete prior to reboot.

FRST log

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 05-08-2012 01
Ran by SYSTEM at 06-08-2012 22:09:57
Running from G:\
Windows 7 Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet003

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-24] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe [1261568 2007-11-19] ()
HKLM\...\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup [3387392 2007-11-26] (Leader Technologies)
HKLM\...\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [147456 2008-10-08] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [167936 2008-10-08] (CyberLink)
HKLM\...\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" [544768 2008-09-11] (Acer Incorporated)
HKLM\...\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-07-29] (Egis Incorporated)
HKLM\...\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [417792 2008-11-28] (Acer Inc.)
HKLM\...\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun [122368 2009-08-18] (Google Inc.)
HKLM\...\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [167936 2008-10-17] (Acer Corp.)
HKLM\...\Run: [PLFSetI] C:\Windows\PLFSetI.exe [200704 2008-06-30] ()
HKLM\...\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [817672 2008-06-16] (Dritek System Inc.)
HKLM\...\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe" [672424 2009-08-31] ()
HKLM\...\Run: [EzPrint] "C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe" [107176 2008-06-13] (Lexmark International Inc.)
HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-05] (Apple Inc.)
HKLM\...\Run: [Belkin Storage Manager] "C:\Program Files\Belkin Storage Manager\StorageManager.exe" [858624 2009-02-03] (Belkin International, Inc.)
HKLM\...\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe" [295304 2012-07-05] (LeapFrog Enterprises, Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [217256 2012-05-03] (Visicom Media Inc. (Powered by Panda Security))
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot [296096 2012-06-28] (RealNetworks, Inc.)
HKU\Andrea\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2009-08-17] (Google Inc.)
HKU\Andrea\...\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [x]
HKU\Andrea\...\Run: [EasyTether] "C:\Program Files\Mobile Stream\EasyTether\easytthr.exe" [x]
HKU\Andrea\...\Run: [InstallIQUpdater] "C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun [1179648 2011-10-11] (W3i, LLC)
HKU\Boyce\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2009-08-17] (Google Inc.)
HKU\Boyce\...\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [x]
HKU\Boyce\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet [5252408 2010-06-01] (Yahoo! Inc.)
HKU\Boyce\...\Run: [Setpoint] C:\Users\Boyce\AppData\Roaming\Cryptedwithouticon.exe [x]
HKU\Boyce\...\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe" [13003448 2012-08-06] (The Weather Channel)
HKLM\...\Winlogon: [Userinit] userinit.exe, [x]
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
Startup: C:\Users\Boyce\Start Menu\Programs\Startup\Disney Vacation Connection.lnk
ShortcutTarget: Disney Vacation Connection.lnk -> C:\Program Files\Disney Vacation Connection\Disney Vacation Connection.exe (No File)
Startup: C:\Users\Boyce\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

================================ Services (Whitelisted) ==================

2 atashost; "C:\Windows\system32\atashost.exe" [20360 2010-01-20] (WebEx Communications, Inc.)
2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [69632 2008-10-04] ()
2 DisplayLinkService; "C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe" [4752744 2010-01-27] (DisplayLink Corp.)
2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-11-28] ()
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 gupdate1ca4d8344bb7341; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2009-10-15] (Google Inc.)
2 hasplms; C:\Windows\system32\hasplms.exe -run [3750400 2009-12-16] (SafeNet Inc.)
2 lxdx_device; C:\Windows\system32\lxdxcoms.exe -service [594600 2008-02-27] ( )
2 MDM; "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" [322120 2003-06-19] (Microsoft Corporation)
4 MobilityService; C:\Acer\Mobility Center\MobilityService.exe -p [110592 2007-12-06] ()
2 MsDepSvc; "C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe" -runService:MsDepSvc [67400 2011-04-01] (Microsoft Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-26] (Microsoft Corporation)
4 MSSQL$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [43028328 2011-09-22] (Microsoft Corporation)
4 MSSQLServerADHelper100; "C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [47128 2009-07-22] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [214952 2012-03-26] (Microsoft Corporation)
2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.)
4 OpcEnum; C:\Windows\system32\opcenum.exe [139488 2009-02-04] (OPC Foundation)
2 RichVideo; "C:\Program Files\Cyberlink\Shared files\RichVideo.exe" [272024 2007-01-08] ()
2 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3048136 2012-05-30] (Skype Technologies S.A.)
2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [160944 2012-06-07] (Skype Technologies)
4 SQLAgent$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [370024 2011-09-22] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

3 AgereSoftModem; C:\Windows\System32\DRIVERS\AGRSM.sys [1035776 2009-07-13] (LSI Corp)
2 aksfridge; \??\C:\Windows\system32\drivers\aksfridge.sys [358400 2010-04-13] (SafeNet Inc.)
3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_5.2.23219.0.sys [21888 2010-01-27] (http://libusb-win32.sourceforge.net)
3 dlkmd; C:\Windows\system32\drivers\dlkmd.sys [165488 2010-01-27] (DisplayLink Corp.)
0 dlkmdldr; C:\Windows\System32\drivers\dlkmdldr.sys [13936 2010-01-27] (DisplayLink Corp.)
3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [19456 2008-04-01] (LeapFrog)
2 hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [588800 2009-12-09] (SafeNet Inc.)
3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2009-08-23] (Atheros Communications, Inc.)
3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-07-31] (Malwarebytes Corporation)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [16640 2007-12-04] (PalmSource, Inc.)
3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [13440 2011-11-24] (June Fabrics Technology Inc.)
3 PTAPCBUS; C:\Windows\System32\DRIVERS\PTAPCBUS.sys [84608 2011-06-23] (DEVGURU Co., LTD.)
3 PTAPCMDM; C:\Windows\System32\DRIVERS\PTAPCMDM.sys [168704 2011-06-23] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 PTAPCVSP; C:\Windows\System32\DRIVERS\PTAPCVSP.sys [168704 2011-06-23] (DEVGURU Co., LTD.(www.devguru.co.kr))
4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)
3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [155808 2008-12-25] (Realtek Semiconductor Corp.)
3 SMSIVZAM5; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [32408 2009-05-25] (Smith Micro Inc.)
3 usbkey; C:\Windows\System32\DRIVERS\USBKey.sys [33852 2009-05-06] ()
3 usb_rndisx; C:\Windows\System32\DRIVERS\usb8023x.sys [15872 2009-07-13] (Microsoft Corporation)
3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [x]
4 MySql; C:\mysql\bin\mysqld-nt [x]
3 RimUsb; C:\Windows\System32\Drivers\RimUsb.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-06 22:09 - 2012-08-06 22:09 - 00000000 ____D C:\FRST
2012-08-06 13:53 - 2012-08-06 13:53 - 00000000 ____D C:\Program Files\ESET
2012-08-06 07:35 - 2012-08-06 06:12 - 00607260 ____R (Swearware) C:\Users\Boyce\Desktop\dds.com
2012-08-06 07:35 - 2011-07-16 18:21 - 00302592 ____A C:\Users\Boyce\Desktop\gmer.exe
2012-08-06 07:31 - 2012-08-06 07:31 - 00001270 ____A C:\Users\Public\Desktop\The Weather Channel App.lnk
2012-07-31 04:18 - 2012-07-31 04:18 - 00000000 ____D C:\Users\Andrea\AppData\Roaming\Malwarebytes
2012-07-31 04:03 - 2012-07-31 15:44 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-07-29 05:13 - 2012-07-29 05:13 - 00000000 ____D C:\Users\Boyce\AppData\Local\{54DFEE3D-F430-4C8D-8D6A-ABC38EA0E626}
2012-07-29 05:13 - 2012-07-29 05:13 - 00000000 ____D C:\Users\Boyce\AppData\Local\{4F6D0E9A-23CA-41D7-8627-4E16BE48F020}
2012-07-28 10:27 - 2012-07-28 10:27 - 00000000 ____D C:\Users\Boyce\AppData\Local\{66D40EB2-6617-4EE4-B255-8FC26D0286CD}
2012-07-28 10:26 - 2012-07-28 10:27 - 00000000 ____D C:\Users\Boyce\AppData\Local\{1652FF50-4D57-4A50-8A29-2C886FCB9341}
2012-07-27 23:23 - 2012-07-27 23:23 - 00424448 ____A (Stardock Systems, Inc) C:\Users\Boyce\Application Data\wuisht.dll
2012-07-27 23:23 - 2012-07-27 23:23 - 00424448 ____A (Stardock Systems, Inc) C:\Users\Boyce\AppData\Roaming\wuisht.dll
2012-07-27 23:23 - 2012-07-27 23:23 - 00000000 ____D C:\Users\Boyce\AppData\Local\{1D16C45F-D885-11E1-8270-B8AC6F996F26}
2012-07-27 22:56 - 2012-07-27 22:56 - 00056832 ___AH (FRISK Software International) C:\Windows\System32\DFDWetup.dll
2012-07-27 22:03 - 2012-07-27 22:03 - 00000000 ____D C:\Users\Boyce\AppData\Local\{F1DE1626-8C49-467B-A427-2657E52C2148}
2012-07-27 22:03 - 2012-07-27 22:03 - 00000000 ____D C:\Users\Boyce\AppData\Local\{F005AEEF-5C7E-4D79-A277-472523D66DB2}
2012-07-22 20:04 - 2012-07-22 20:04 - 00000000 ____D C:\Users\Boyce\AppData\Local\{87415C22-87A5-4F84-9B03-99A4ACB430D8}
2012-07-22 20:03 - 2012-07-22 20:03 - 00000000 ____D C:\Users\Boyce\AppData\Local\{139C18D9-CF16-483F-8542-147AF4A1BF92}
2012-07-22 18:38 - 2012-07-22 18:38 - 00000000 ____D C:\Users\Boyce\AppData\Local\LogMeIn
2012-07-22 18:38 - 2012-07-22 18:38 - 00000000 ____D C:\Users\All Users\LogMeIn
2012-07-21 17:12 - 2012-07-21 17:12 - 00007609 ____A C:\Users\Boyce\AppData\Local\Resmon.ResmonCfg
2012-07-16 21:48 - 2012-07-16 21:48 - 00000000 ____D C:\Users\Boyce\AppData\Local\{D79A5797-F7FB-46ED-8C87-B6C183B913E6}
2012-07-16 21:48 - 2012-07-16 21:48 - 00000000 ____D C:\Users\Boyce\AppData\Local\{7D61F582-3AD4-4180-B69B-78B572BCEA2B}
2012-07-16 18:38 - 2012-07-16 20:21 - 00000000 ____D C:\Bin
2012-07-16 03:58 - 2012-07-30 14:13 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-13 17:09 - 2012-07-13 17:10 - 00749832 ____A C:\Users\Andrea\Downloads\The-Virgin-s-Daughters-In-the-Court-of-Elizabeth-I.azw
2012-07-12 20:03 - 2012-07-12 20:03 - 00000000 ____D C:\Users\Boyce\AppData\Local\{9D23C051-6455-4E1C-9AD8-0CAC171232EB}
2012-07-12 20:03 - 2012-07-12 20:03 - 00000000 ____D C:\Users\Boyce\AppData\Local\{4FCD3611-6904-41A0-88DF-BDE737D00E14}
2012-07-12 05:24 - 2012-07-12 05:24 - 00000000 ____D C:\Windows\0A94AE0C677C491D8A72A5AB2DAA68C1.TMP
2012-07-12 05:23 - 2012-07-12 05:23 - 00000000 ____D C:\Windows\60431C725C624BD0A248E839C2FC0950.TMP
2012-07-11 18:27 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 18:27 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 18:27 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 18:27 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 18:27 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 18:27 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 18:27 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 18:27 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 18:27 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 18:27 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 18:27 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 18:27 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 18:27 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 18:27 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 18:13 - 2012-06-11 18:40 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 17:15 - 2012-07-11 17:16 - 00000000 ____D C:\Users\Boyce\AppData\Local\{825510F5-FA49-48B8-A406-B8B240E52EA9}
2012-07-11 17:15 - 2012-07-11 17:15 - 00000000 ____D C:\Users\Boyce\AppData\Local\{48A703D0-A2EE-4AF8-8014-0678DFA40EB1}
2012-07-11 02:23 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 02:23 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 02:23 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 02:23 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-11 02:23 - 2012-06-01 20:45 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-11 02:23 - 2012-06-01 20:45 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 02:23 - 2012-06-01 20:40 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-11 02:23 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 02:23 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 02:23 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-09 15:56 - 2012-07-30 03:50 - 00030720 ____A C:\Users\Boyce\Documents\RosterMASL.xls
2012-07-08 12:49 - 2012-07-08 13:07 - 00000000 ____D C:\Windows\System32\Adobe

============ 3 Months Modified Files ========================

2012-08-06 18:04 - 2011-07-30 03:56 - 03721278 ____A C:\Windows\setupact.log
2012-08-06 13:50 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-06 13:46 - 2009-11-12 21:37 - 01568289 ____A C:\Windows\WindowsUpdate.log
2012-08-06 13:46 - 2009-10-15 02:47 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-06 08:09 - 2009-06-17 20:07 - 00000000 ____A C:\Windows\System32\LogConfigTemp.xml
2012-08-06 08:02 - 2009-10-15 02:47 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-06 07:31 - 2012-08-06 07:31 - 00001270 ____A C:\Users\Public\Desktop\The Weather Channel App.lnk
2012-08-06 06:12 - 2012-08-06 07:35 - 00607260 ____R (Swearware) C:\Users\Boyce\Desktop\dds.com
2012-07-31 15:46 - 2009-07-13 20:34 - 00012288 _____ C:\Windows\System32\umstartup.etl
2012-07-31 15:44 - 2012-07-31 04:03 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-07-31 15:41 - 2009-07-13 15:11 - 00259072 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-30 14:17 - 2009-11-12 20:59 - 00011104 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-30 14:17 - 2009-11-12 20:59 - 00011104 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-30 14:13 - 2012-07-16 03:58 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-30 03:50 - 2012-07-09 15:56 - 00030720 ____A C:\Users\Boyce\Documents\RosterMASL.xls
2012-07-28 04:26 - 2009-11-12 21:27 - 00760992 ____A C:\Windows\PFRO.log
2012-07-27 23:36 - 2012-02-05 15:15 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-27 23:23 - 2012-07-27 23:23 - 00424448 ____A (Stardock Systems, Inc) C:\Users\Boyce\Application Data\wuisht.dll
2012-07-27 23:23 - 2012-07-27 23:23 - 00424448 ____A (Stardock Systems, Inc) C:\Users\Boyce\AppData\Roaming\wuisht.dll
2012-07-27 22:56 - 2012-07-27 22:56 - 00056832 ___AH (FRISK Software International) C:\Windows\System32\DFDWetup.dll
2012-07-26 16:13 - 2012-04-04 17:16 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-26 16:13 - 2011-05-20 02:45 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-21 17:12 - 2012-07-21 17:12 - 00007609 ____A C:\Users\Boyce\AppData\Local\Resmon.ResmonCfg
2012-07-16 18:21 - 2009-07-13 20:53 - 00032572 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-13 17:15 - 2009-11-12 21:47 - 00945640 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-13 17:10 - 2012-07-13 17:09 - 00749832 ____A C:\Users\Andrea\Downloads\The-Virgin-s-Daughters-In-the-Court-of-Elizabeth-I.azw
2012-07-12 05:24 - 2009-01-20 22:44 - 00121120 ____A C:\Windows\DPINST.LOG
2012-07-12 03:42 - 2009-07-13 20:33 - 00420744 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 18:13 - 2009-12-09 16:01 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-11 18:12 - 2006-11-02 02:23 - 00000240 ____A C:\Windows\win.ini
2012-07-03 09:46 - 2012-02-05 15:14 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-30 09:05 - 2012-06-27 18:04 - 00015360 ___RA C:\Users\Boyce\Documents\9F1F5600
2012-06-30 04:08 - 2012-06-27 18:04 - 00015360 ___RA C:\Users\Boyce\Documents\roster.xls
2012-06-28 15:00 - 2011-11-28 15:27 - 00198864 ____A (RealNetworks, Inc.) C:\Windows\System32\rmoc3260.dll
2012-06-28 14:59 - 2011-11-28 15:26 - 00272896 ____A (Progressive Networks) C:\Windows\System32\pncrt.dll
2012-06-28 14:59 - 2011-11-28 15:26 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5016.dll
2012-06-28 14:59 - 2011-11-28 15:26 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5032.dll
2012-06-25 19:44 - 2012-06-25 19:44 - 00000094 ____A C:\Windows\family.ini
2012-06-25 18:25 - 2011-01-31 18:48 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-25 18:20 - 2012-06-25 18:19 - 10288512 ____A (Microsoft Corporation) C:\Users\Boyce\Downloads\mseinstall.exe
2012-06-22 11:47 - 2012-06-22 11:47 - 00005879 ____A C:\Users\Andrea\Downloads\Fall Registration Open- (1)
2012-06-22 11:47 - 2012-06-22 11:47 - 00005879 ____A C:\Users\Andrea\Downloads\Fall Registration Open-
2012-06-21 10:42 - 2012-06-21 10:42 - 00000196 ____A C:\cca.lic.sfold
2012-06-21 10:42 - 2012-06-21 10:42 - 00000196 ____A C:\cca.lic
2012-06-19 18:06 - 2012-06-19 18:04 - 83541290 ____A C:\Users\Boyce\Downloads\Punching Bag.zip
2012-06-17 18:36 - 2012-06-17 18:36 - 00000218 ____A C:\Users\Boyce\.recently-used.xbel
2012-06-13 12:57 - 2012-06-13 12:57 - 00001970 ____A C:\Users\Andrea\Desktop\Disney for Frame - Shortcut.lnk
2012-06-13 12:56 - 2012-06-13 12:56 - 00001259 ____A C:\Users\Andrea\Desktop\IMG_0177 - Shortcut.lnk
2012-06-11 18:40 - 2012-07-11 18:13 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-09 04:48 - 2012-06-09 05:06 - 00002831 ____A C:\msgbox.log
2012-06-09 02:32 - 2012-06-09 04:42 - 00008452 ____A C:\OldKPServReg5.log
2012-06-08 20:41 - 2012-07-11 02:23 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 14:26 - 2012-06-09 04:53 - 00000374 ____A C:\FATAL.LOG
2012-06-05 21:05 - 2012-07-11 02:23 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:05 - 2012-07-11 02:23 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:03 - 2012-07-11 02:23 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-02 14:19 - 2012-06-21 02:54 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 02:54 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 02:54 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 02:53 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 02:53 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-21 02:54 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-21 02:53 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-21 02:53 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:12 - 2012-06-21 02:53 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 01:07 - 2012-07-11 18:27 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 00:43 - 2012-07-11 18:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 00:33 - 2012-07-11 18:27 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 00:26 - 2012-07-11 18:27 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 00:25 - 2012-07-11 18:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 18:27 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 00:23 - 2012-07-11 18:27 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 00:21 - 2012-07-11 18:27 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 18:27 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 18:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 00:19 - 2012-07-11 18:27 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 00:17 - 2012-07-11 18:27 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 18:27 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 18:27 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-01 20:45 - 2012-07-11 02:23 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 20:45 - 2012-07-11 02:23 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 20:40 - 2012-07-11 02:23 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 20:40 - 2012-07-11 02:23 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 20:39 - 2012-07-11 02:23 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-31 08:25 - 2010-08-09 19:22 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-27 04:27 - 2012-05-27 04:27 - 00001053 ____A C:\Users\Public\Desktop\CardRecoveryPro.lnk
2012-05-27 03:57 - 2012-05-27 03:57 - 00001819 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-05-09 15:46 - 2012-05-09 15:46 - 00174024 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-05-09 15:46 - 2012-05-09 15:46 - 00174024 ____A (Oracle Corporation) C:\Windows\System32\java.exe


ZeroAccess:
C:\Windows\Installer\{29705fd8-db4a-7a33-8362-eac4941e9aa3}
C:\Windows\Installer\{29705fd8-db4a-7a33-8362-eac4941e9aa3}\@
C:\Windows\Installer\{29705fd8-db4a-7a33-8362-eac4941e9aa3}\L
C:\Windows\Installer\{29705fd8-db4a-7a33-8362-eac4941e9aa3}\U
C:\Windows\Installer\{29705fd8-db4a-7a33-8362-eac4941e9aa3}\U\00000001.@
C:\Windows\Installer\{29705fd8-db4a-7a33-8362-eac4941e9aa3}\U\80000000.@
C:\Windows\Installer\{29705fd8-db4a-7a33-8362-eac4941e9aa3}\U\800000cb.@

ZeroAccess:
C:\Users\Boyce\AppData\Local\{29705fd8-db4a-7a33-8362-eac4941e9aa3}
C:\Users\Boyce\AppData\Local\{29705fd8-db4a-7a33-8362-eac4941e9aa3}\@
C:\Users\Boyce\AppData\Local\{29705fd8-db4a-7a33-8362-eac4941e9aa3}\L
C:\Users\Boyce\AppData\Local\{29705fd8-db4a-7a33-8362-eac4941e9aa3}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 16%
Total physical RAM: 2814.36 MB
Available physical RAM: 2336.5 MB
Total Pagefile: 2812.64 MB
Available Pagefile: 2340.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.7 MB

======================= Partitions =========================

1 Drive c: (ACER) (Fixed) (Total:110.44 GB) (Free:16.1 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (DATA) (Fixed) (Total:106.9 GB) (Free:73.74 GB) NTFS
3 Drive e: (PQSERVICE) (Fixed) (Total:12 GB) (Free:1.12 GB) NTFS
5 Drive g: (PENDRIVE) (Removable) (Total:1.92 GB) (Free:1.91 GB) FAT
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 1967 MB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 12 GB 1024 KB
Partition 2 Primary 110 GB 12 GB
Partition 3 Primary 106 GB 122 GB
Partition 4 OEM 3628 MB 229 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partition 12 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C ACER NTFS Partition 110 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D DATA NTFS Partition 106 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 12
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 NTFS Partition 3628 MB Healthy Hidden

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1966 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0E
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G PENDRIVE FAT Removable 1966 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-28 03:26

======================= End Of Log ==========================

BC AdBot (Login to Remove)

 


#2 snuix89

snuix89
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 07 August 2012 - 06:25 AM

TDSKiller log


17:30:54.0696 1852 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
17:30:54.0727 1852 ============================================================
17:30:54.0727 1852 Current date / time: 2012/08/06 17:30:54.0727
17:30:54.0727 1852 SystemInfo:
17:30:54.0727 1852
17:30:54.0727 1852 OS Version: 6.1.7601 ServicePack: 1.0
17:30:54.0727 1852 Product type: Workstation
17:30:54.0727 1852 ComputerName: BAINE-ACER
17:30:54.0727 1852 UserName: Boyce
17:30:54.0727 1852 Windows directory: C:\Windows
17:30:54.0727 1852 System windows directory: C:\Windows
17:30:54.0727 1852 Processor architecture: Intel x86
17:30:54.0727 1852 Number of processors: 2
17:30:54.0727 1852 Page size: 0x1000
17:30:54.0727 1852 Boot type: Safe boot
17:30:54.0727 1852 ============================================================
17:30:56.0007 1852 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:30:56.0007 1852 Drive \Device\Harddisk1\DR1 - Size: 0x7AF00000 (1.92 Gb), SectorSize: 0x200, Cylinders: 0xFA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:30:56.0007 1852 ============================================================
17:30:56.0007 1852 \Device\Harddisk0\DR0:
17:30:56.0007 1852 MBR partitions:
17:30:56.0007 1852 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1800800, BlocksNum 0xDCE2000
17:30:56.0007 1852 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xF4E2800, BlocksNum 0xD5CC800
17:30:56.0007 1852 \Device\Harddisk1\DR1:
17:30:56.0007 1852 MBR partitions:
17:30:56.0007 1852 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xE, StartLBA 0x20, BlocksNum 0x3D77E0
17:30:56.0007 1852 ============================================================
17:30:56.0038 1852 C: <-> \Device\Harddisk0\DR0\Partition0
17:30:56.0085 1852 D: <-> \Device\Harddisk0\DR0\Partition1
17:30:56.0085 1852 ============================================================
17:30:56.0085 1852 Initialize success
17:30:56.0085 1852 ============================================================
17:30:58.0503 1880 ============================================================
17:30:58.0503 1880 Scan started
17:30:58.0503 1880 Mode: Manual;
17:30:58.0503 1880 ============================================================
17:30:59.0969 1880 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
17:30:59.0985 1880 1394ohci - ok
17:31:00.0109 1880 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
17:31:00.0109 1880 ACPI - ok
17:31:00.0219 1880 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
17:31:00.0219 1880 AcpiPmi - ok
17:31:00.0312 1880 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:31:00.0328 1880 AdobeARMservice - ok
17:31:00.0468 1880 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:31:00.0468 1880 AdobeFlashPlayerUpdateSvc - ok
17:31:00.0593 1880 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
17:31:00.0593 1880 adp94xx - ok
17:31:00.0702 1880 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
17:31:00.0702 1880 adpahci - ok
17:31:00.0765 1880 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
17:31:00.0765 1880 adpu320 - ok
17:31:00.0936 1880 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
17:31:00.0936 1880 AeLookupSvc - ok
17:31:01.0092 1880 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
17:31:01.0092 1880 AFD - ok
17:31:01.0248 1880 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
17:31:01.0264 1880 AgereSoftModem - ok
17:31:01.0389 1880 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
17:31:01.0389 1880 agp440 - ok
17:31:01.0404 1880 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
17:31:01.0420 1880 aic78xx - ok
17:31:01.0560 1880 aksfridge (fb054e270d825a0ef262041577d6afd2) C:\Windows\system32\drivers\aksfridge.sys
17:31:01.0576 1880 aksfridge - ok
17:31:01.0685 1880 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
17:31:01.0685 1880 ALG - ok
17:31:01.0747 1880 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
17:31:01.0747 1880 aliide - ok
17:31:01.0888 1880 AMD External Events Utility (5fe81700b1c45e6ae9727dfd6ebf8df7) C:\Windows\system32\atiesrxx.exe
17:31:01.0888 1880 AMD External Events Utility - ok
17:31:02.0013 1880 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
17:31:02.0013 1880 amdagp - ok
17:31:02.0059 1880 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
17:31:02.0059 1880 amdide - ok
17:31:02.0200 1880 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
17:31:02.0200 1880 AmdK8 - ok
17:31:02.0262 1880 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
17:31:02.0262 1880 AmdPPM - ok
17:31:02.0309 1880 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
17:31:02.0325 1880 amdsata - ok
17:31:02.0403 1880 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
17:31:02.0403 1880 amdsbs - ok
17:31:02.0559 1880 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
17:31:02.0559 1880 amdxata - ok
17:31:02.0683 1880 AppHostSvc (d1af38fbac0dc7e6d796b0ed01707ee0) C:\Windows\system32\inetsrv\apphostsvc.dll
17:31:02.0683 1880 AppHostSvc - ok
17:31:02.0808 1880 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
17:31:02.0808 1880 AppID - ok
17:31:02.0933 1880 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
17:31:02.0933 1880 AppIDSvc - ok
17:31:02.0995 1880 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
17:31:02.0995 1880 Appinfo - ok
17:31:03.0198 1880 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:31:03.0198 1880 Apple Mobile Device - ok
17:31:03.0323 1880 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
17:31:03.0339 1880 AppMgmt - ok
17:31:03.0463 1880 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
17:31:03.0463 1880 arc - ok
17:31:03.0479 1880 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
17:31:03.0479 1880 arcsas - ok
17:31:03.0682 1880 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:31:03.0713 1880 aspnet_state - ok
17:31:03.0744 1880 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
17:31:03.0744 1880 AsyncMac - ok
17:31:03.0931 1880 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
17:31:03.0931 1880 atapi - ok
17:31:03.0994 1880 atashost (6e1cbcdaa2b331eece3147b34ce4764e) C:\Windows\system32\atashost.exe
17:31:03.0994 1880 atashost - ok
17:31:04.0197 1880 athr (8b412ddc62a0510767c5d48192ee1324) C:\Windows\system32\DRIVERS\athr.sys
17:31:04.0212 1880 athr - ok
17:31:04.0743 1880 atikmdag (77f8ac3e93babc451e49d6d63d5c5282) C:\Windows\system32\DRIVERS\atikmdag.sys
17:31:04.0867 1880 atikmdag - ok
17:31:05.0070 1880 AtiPcie (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys
17:31:05.0070 1880 AtiPcie - ok
17:31:05.0211 1880 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
17:31:05.0226 1880 AudioEndpointBuilder - ok
17:31:05.0320 1880 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
17:31:05.0320 1880 Audiosrv - ok
17:31:05.0367 1880 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
17:31:05.0382 1880 AxInstSV - ok
17:31:05.0476 1880 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
17:31:05.0476 1880 b06bdrv - ok
17:31:05.0538 1880 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
17:31:05.0538 1880 b57nd60x - ok
17:31:05.0616 1880 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
17:31:05.0616 1880 BDESVC - ok
17:31:05.0632 1880 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
17:31:05.0632 1880 Beep - ok
17:31:05.0741 1880 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
17:31:05.0757 1880 BFE - ok
17:31:05.0835 1880 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
17:31:05.0835 1880 blbdrive - ok
17:31:05.0944 1880 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
17:31:05.0944 1880 Bonjour Service - ok
17:31:06.0037 1880 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
17:31:06.0037 1880 bowser - ok
17:31:06.0100 1880 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:31:06.0115 1880 BrFiltLo - ok
17:31:06.0131 1880 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:31:06.0131 1880 BrFiltUp - ok
17:31:06.0225 1880 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
17:31:06.0225 1880 Browser - ok
17:31:06.0443 1880 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
17:31:06.0443 1880 Brserid - ok
17:31:06.0459 1880 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
17:31:06.0459 1880 BrSerWdm - ok
17:31:06.0537 1880 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:31:06.0537 1880 BrUsbMdm - ok
17:31:06.0552 1880 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
17:31:06.0568 1880 BrUsbSer - ok
17:31:06.0583 1880 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
17:31:06.0583 1880 BTHMODEM - ok
17:31:06.0677 1880 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
17:31:06.0677 1880 bthserv - ok
17:31:06.0755 1880 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
17:31:06.0755 1880 cdfs - ok
17:31:06.0849 1880 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
17:31:06.0849 1880 cdrom - ok
17:31:06.0927 1880 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
17:31:06.0958 1880 CertPropSvc - ok
17:31:06.0973 1880 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
17:31:06.0973 1880 circlass - ok
17:31:07.0067 1880 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
17:31:07.0067 1880 CLFS - ok
17:31:07.0317 1880 CLHNService (8b67044ae0621c005245ef62eef0746f) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
17:31:07.0317 1880 CLHNService - ok
17:31:07.0441 1880 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:31:07.0504 1880 clr_optimization_v2.0.50727_32 - ok
17:31:07.0644 1880 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:31:07.0863 1880 clr_optimization_v4.0.30319_32 - ok
17:31:07.0878 1880 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
17:31:07.0878 1880 CmBatt - ok
17:31:07.0941 1880 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
17:31:07.0941 1880 cmdide - ok
17:31:08.0097 1880 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
17:31:08.0112 1880 CNG - ok
17:31:08.0190 1880 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
17:31:08.0190 1880 Compbatt - ok
17:31:08.0237 1880 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
17:31:08.0237 1880 CompositeBus - ok
17:31:08.0284 1880 COMSysApp - ok
17:31:08.0331 1880 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
17:31:08.0331 1880 crcdisk - ok
17:31:08.0549 1880 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
17:31:08.0549 1880 CryptSvc - ok
17:31:08.0721 1880 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
17:31:08.0721 1880 CSC - ok
17:31:08.0861 1880 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
17:31:08.0861 1880 CscService - ok
17:31:08.0970 1880 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
17:31:08.0970 1880 DcomLaunch - ok
17:31:09.0064 1880 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
17:31:09.0079 1880 defragsvc - ok
17:31:09.0251 1880 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
17:31:09.0251 1880 DfsC - ok
17:31:09.0360 1880 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
17:31:09.0360 1880 Dhcp - ok
17:31:09.0454 1880 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
17:31:09.0454 1880 discache - ok
17:31:09.0547 1880 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
17:31:09.0547 1880 Disk - ok
17:31:10.0140 1880 DisplayLinkService (61122468de610b5c6c5ea660c548ade1) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
17:31:10.0281 1880 DisplayLinkService - ok
17:31:10.0468 1880 DisplayLinkUsbPort (24a1d0973d8d65691c47dbc78f539da9) C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.23219.0.sys
17:31:10.0468 1880 DisplayLinkUsbPort - ok
17:31:10.0499 1880 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
17:31:10.0561 1880 DKbFltr - ok
17:31:10.0671 1880 dlkmd (4285f8b4fa3b51fe764cbc5326b85bf5) C:\Windows\system32\drivers\dlkmd.sys
17:31:10.0671 1880 dlkmd - ok
17:31:10.0749 1880 dlkmdldr (b0a027364265d1fca68c27c9596dda0f) C:\Windows\system32\drivers\dlkmdldr.sys
17:31:10.0749 1880 dlkmdldr - ok
17:31:10.0858 1880 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
17:31:10.0858 1880 Dnscache - ok
17:31:10.0967 1880 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
17:31:10.0967 1880 dot3svc - ok
17:31:11.0076 1880 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
17:31:11.0076 1880 DPS - ok
17:31:11.0107 1880 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
17:31:11.0107 1880 drmkaud - ok
17:31:11.0295 1880 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
17:31:11.0295 1880 DXGKrnl - ok
17:31:11.0326 1880 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
17:31:11.0326 1880 EapHost - ok
17:31:11.0341 1880 easytether - ok
17:31:11.0685 1880 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
17:31:11.0731 1880 ebdrv - ok
17:31:11.0997 1880 eDataSecurity Service (b1f2503e23425b386df0f3413b2596f3) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
17:31:12.0012 1880 eDataSecurity Service - ok
17:31:12.0246 1880 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
17:31:12.0246 1880 EFS - ok
17:31:12.0449 1880 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
17:31:12.0465 1880 ehRecvr - ok
17:31:12.0558 1880 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
17:31:12.0558 1880 ehSched - ok
17:31:12.0745 1880 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
17:31:12.0761 1880 elxstor - ok
17:31:12.0855 1880 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
17:31:12.0855 1880 ErrDev - ok
17:31:13.0026 1880 ETService (f25247d0e011a643ee60052ce23be05e) C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
17:31:13.0026 1880 ETService - ok
17:31:13.0213 1880 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
17:31:13.0229 1880 EventSystem - ok
17:31:13.0323 1880 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
17:31:13.0323 1880 exfat - ok
17:31:13.0416 1880 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
17:31:13.0416 1880 fastfat - ok
17:31:13.0541 1880 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
17:31:13.0557 1880 Fax - ok
17:31:13.0603 1880 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
17:31:13.0603 1880 fdc - ok
17:31:13.0697 1880 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
17:31:13.0697 1880 fdPHost - ok
17:31:13.0775 1880 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
17:31:13.0791 1880 FDResPub - ok
17:31:13.0806 1880 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
17:31:13.0806 1880 FileInfo - ok
17:31:13.0884 1880 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
17:31:13.0884 1880 Filetrace - ok
17:31:13.0915 1880 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
17:31:13.0915 1880 flpydisk - ok
17:31:14.0009 1880 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
17:31:14.0025 1880 FltMgr - ok
17:31:14.0103 1880 FlyUsb (85e5ad3a9d56fd6f92db5fc9ca62e2e4) C:\Windows\system32\DRIVERS\FlyUsb.sys
17:31:14.0103 1880 FlyUsb - ok
17:31:14.0196 1880 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
17:31:14.0212 1880 FontCache - ok
17:31:14.0352 1880 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:31:14.0352 1880 FontCache3.0.0.0 - ok
17:31:14.0383 1880 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
17:31:14.0383 1880 FsDepends - ok
17:31:14.0477 1880 fssfltr (b0082808a6856a252f7cdd939892ce50) C:\Windows\system32\DRIVERS\fssfltr.sys
17:31:14.0477 1880 fssfltr - ok
17:31:14.0836 1880 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
17:31:14.0867 1880 fsssvc - ok
17:31:15.0179 1880 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
17:31:15.0179 1880 Fs_Rec - ok
17:31:15.0288 1880 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
17:31:15.0288 1880 fvevol - ok
17:31:15.0319 1880 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:31:15.0382 1880 gagp30kx - ok
17:31:15.0475 1880 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:31:15.0475 1880 GEARAspiWDM - ok
17:31:15.0678 1880 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
17:31:15.0694 1880 gpsvc - ok
17:31:15.0834 1880 gupdate1ca4d8344bb7341 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
17:31:15.0834 1880 gupdate1ca4d8344bb7341 - ok
17:31:15.0850 1880 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
17:31:15.0850 1880 gupdatem - ok
17:31:15.0959 1880 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:31:15.0959 1880 gusvc - ok
17:31:16.0099 1880 hardlock (995178a443b07fa9eeaea041d7b4b5ca) C:\Windows\system32\drivers\hardlock.sys
17:31:16.0099 1880 hardlock - ok
17:31:16.0115 1880 hasplms - ok
17:31:16.0146 1880 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
17:31:16.0146 1880 hcw85cir - ok
17:31:16.0255 1880 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
17:31:16.0255 1880 HDAudBus - ok
17:31:16.0333 1880 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
17:31:16.0333 1880 HidBatt - ok
17:31:16.0365 1880 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
17:31:16.0365 1880 HidBth - ok
17:31:16.0443 1880 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
17:31:16.0443 1880 HidIr - ok
17:31:16.0536 1880 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
17:31:16.0536 1880 hidserv - ok
17:31:16.0552 1880 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
17:31:16.0552 1880 HidUsb - ok
17:31:16.0661 1880 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
17:31:16.0661 1880 hkmsvc - ok
17:31:16.0755 1880 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
17:31:16.0770 1880 HomeGroupListener - ok
17:31:16.0879 1880 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
17:31:16.0879 1880 HomeGroupProvider - ok
17:31:16.0973 1880 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
17:31:16.0973 1880 HpSAMD - ok
17:31:17.0176 1880 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
17:31:17.0176 1880 HTTP - ok
17:31:17.0285 1880 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
17:31:17.0285 1880 hwpolicy - ok
17:31:17.0363 1880 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
17:31:17.0363 1880 i8042prt - ok
17:31:17.0410 1880 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
17:31:17.0488 1880 iaStorV - ok
17:31:17.0644 1880 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:31:17.0644 1880 IDriverT - ok
17:31:17.0940 1880 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:31:17.0956 1880 idsvc - ok
17:31:18.0127 1880 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
17:31:18.0127 1880 iirsp - ok
17:31:18.0330 1880 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
17:31:18.0346 1880 IKEEXT - ok
17:31:18.0455 1880 int15 (58ff11c95c3681c9250914521cb9f036) C:\Windows\system32\drivers\int15.sys
17:31:18.0455 1880 int15 - ok
17:31:19.0032 1880 IntcAzAudAddService (b8716d9677b04b82fa405c8c54954728) C:\Windows\system32\drivers\RTKVHDA.sys
17:31:19.0141 1880 IntcAzAudAddService - ok
17:31:19.0313 1880 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
17:31:19.0313 1880 intelide - ok
17:31:19.0391 1880 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
17:31:19.0391 1880 intelppm - ok
17:31:19.0422 1880 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
17:31:19.0422 1880 IPBusEnum - ok
17:31:19.0500 1880 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:31:19.0500 1880 IpFilterDriver - ok
17:31:19.0609 1880 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
17:31:19.0609 1880 iphlpsvc - ok
17:31:19.0719 1880 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
17:31:19.0750 1880 IPMIDRV - ok
17:31:19.0828 1880 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
17:31:19.0828 1880 IPNAT - ok
17:31:19.0937 1880 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
17:31:19.0937 1880 iPod Service - ok
17:31:19.0968 1880 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
17:31:19.0968 1880 IRENUM - ok
17:31:20.0046 1880 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
17:31:20.0046 1880 isapnp - ok
17:31:20.0140 1880 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
17:31:20.0140 1880 iScsiPrt - ok
17:31:20.0155 1880 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
17:31:20.0155 1880 kbdclass - ok
17:31:20.0233 1880 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
17:31:20.0233 1880 kbdhid - ok
17:31:20.0374 1880 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:31:20.0374 1880 KeyIso - ok
17:31:20.0467 1880 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
17:31:20.0467 1880 KSecDD - ok
17:31:20.0499 1880 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
17:31:20.0514 1880 KSecPkg - ok
17:31:20.0608 1880 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
17:31:20.0623 1880 KtmRm - ok
17:31:20.0701 1880 L1E (f7cdaba15c7e853f0a11af6d77fca990) C:\Windows\system32\DRIVERS\L1E62x86.sys
17:31:20.0701 1880 L1E - ok
17:31:20.0795 1880 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
17:31:20.0795 1880 LanmanServer - ok
17:31:20.0889 1880 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
17:31:20.0904 1880 LanmanWorkstation - ok
17:31:21.0575 1880 LeapFrog Connect Device Service (4ccc8aabe7880c56ba10043b8fbca3eb) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
17:31:21.0762 1880 LeapFrog Connect Device Service - ok
17:31:21.0965 1880 Leapfrog-USBLAN (5cffda921fe0c9e9ebde3150d3c81594) C:\Windows\system32\DRIVERS\btblan.sys
17:31:21.0965 1880 Leapfrog-USBLAN - ok
17:31:21.0996 1880 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
17:31:21.0996 1880 LHidFilt - ok
17:31:22.0105 1880 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
17:31:22.0105 1880 lltdio - ok
17:31:22.0215 1880 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
17:31:22.0215 1880 lltdsvc - ok
17:31:22.0277 1880 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
17:31:22.0293 1880 lmhosts - ok
17:31:22.0355 1880 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
17:31:22.0355 1880 LMouFilt - ok
17:31:22.0402 1880 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:31:22.0402 1880 LSI_FC - ok
17:31:22.0464 1880 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:31:22.0480 1880 LSI_SAS - ok
17:31:22.0589 1880 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:31:22.0589 1880 LSI_SAS2 - ok
17:31:22.0605 1880 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:31:22.0605 1880 LSI_SCSI - ok
17:31:22.0620 1880 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
17:31:22.0636 1880 luafv - ok
17:31:22.0683 1880 lxdx_device - ok
17:31:22.0776 1880 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
17:31:22.0776 1880 MBAMSwissArmy - ok
17:31:22.0854 1880 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
17:31:22.0854 1880 Mcx2Svc - ok
17:31:22.0995 1880 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
17:31:22.0995 1880 MDM - ok
17:31:23.0073 1880 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
17:31:23.0073 1880 megasas - ok
17:31:23.0104 1880 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
17:31:23.0104 1880 MegaSR - ok
17:31:23.0182 1880 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
17:31:23.0182 1880 MMCSS - ok
17:31:23.0307 1880 MobilityService - ok
17:31:23.0322 1880 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
17:31:23.0338 1880 Modem - ok
17:31:23.0416 1880 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
17:31:23.0416 1880 monitor - ok
17:31:23.0447 1880 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
17:31:23.0447 1880 mouclass - ok
17:31:23.0525 1880 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
17:31:23.0525 1880 mouhid - ok
17:31:23.0665 1880 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
17:31:23.0665 1880 mountmgr - ok
17:31:23.0759 1880 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:31:23.0775 1880 MozillaMaintenance - ok
17:31:23.0868 1880 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
17:31:23.0884 1880 MpFilter - ok
17:31:23.0962 1880 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
17:31:23.0977 1880 mpio - ok
17:31:24.0055 1880 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
17:31:24.0055 1880 mpsdrv - ok
17:31:24.0227 1880 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
17:31:24.0243 1880 MpsSvc - ok
17:31:24.0289 1880 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
17:31:24.0289 1880 MRxDAV - ok
17:31:24.0399 1880 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:31:24.0399 1880 mrxsmb - ok
17:31:24.0445 1880 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:31:24.0445 1880 mrxsmb10 - ok
17:31:24.0492 1880 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:31:24.0492 1880 mrxsmb20 - ok
17:31:24.0539 1880 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
17:31:24.0555 1880 msahci - ok
17:31:24.0679 1880 MsDepSvc (aaac4b494de45836121a40aec980b631) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
17:31:24.0679 1880 MsDepSvc - ok
17:31:24.0726 1880 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
17:31:24.0726 1880 msdsm - ok
17:31:24.0789 1880 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
17:31:24.0804 1880 MSDTC - ok
17:31:24.0960 1880 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
17:31:24.0960 1880 Msfs - ok
17:31:25.0085 1880 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
17:31:25.0085 1880 mshidkmdf - ok
17:31:25.0257 1880 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
17:31:25.0257 1880 msisadrv - ok
17:31:25.0335 1880 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
17:31:25.0335 1880 MSiSCSI - ok
17:31:25.0366 1880 msiserver - ok
17:31:25.0491 1880 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
17:31:25.0491 1880 MSKSSRV - ok
17:31:25.0647 1880 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
17:31:25.0647 1880 MsMpSvc - ok
17:31:25.0709 1880 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
17:31:25.0709 1880 MSPCLOCK - ok
17:31:25.0787 1880 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
17:31:25.0787 1880 MSPQM - ok
17:31:25.0912 1880 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
17:31:25.0912 1880 MsRPC - ok
17:31:26.0052 1880 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
17:31:26.0052 1880 mssmbios - ok
17:31:26.0193 1880 MSSQL$SQLEXPRESS - ok
17:31:26.0302 1880 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
17:31:26.0317 1880 MSSQLServerADHelper100 - ok
17:31:26.0411 1880 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
17:31:26.0411 1880 MSTEE - ok
17:31:26.0505 1880 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
17:31:26.0505 1880 MTConfig - ok
17:31:26.0520 1880 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
17:31:26.0520 1880 Mup - ok
17:31:26.0598 1880 MySql - ok
17:31:26.0661 1880 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
17:31:26.0661 1880 napagent - ok
17:31:26.0739 1880 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
17:31:26.0739 1880 NativeWifiP - ok
17:31:26.0879 1880 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
17:31:26.0879 1880 NDIS - ok
17:31:26.0957 1880 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
17:31:26.0957 1880 NdisCap - ok
17:31:26.0973 1880 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
17:31:26.0973 1880 NdisTapi - ok
17:31:27.0160 1880 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
17:31:27.0160 1880 Ndisuio - ok
17:31:27.0207 1880 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
17:31:27.0222 1880 NdisWan - ok
17:31:27.0285 1880 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
17:31:27.0300 1880 NDProxy - ok
17:31:27.0363 1880 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
17:31:27.0363 1880 NetBIOS - ok
17:31:27.0425 1880 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
17:31:27.0425 1880 NetBT - ok
17:31:27.0487 1880 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:31:27.0487 1880 Netlogon - ok
17:31:27.0534 1880 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
17:31:27.0550 1880 Netman - ok
17:31:27.0706 1880 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:31:27.0737 1880 NetMsmqActivator - ok
17:31:27.0784 1880 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:31:27.0799 1880 NetPipeActivator - ok
17:31:27.0846 1880 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
17:31:27.0846 1880 netprofm - ok
17:31:28.0002 1880 netr28 (95725c00b580ed75a80e94acbc77cdbc) C:\Windows\system32\DRIVERS\netr28.sys
17:31:28.0002 1880 netr28 - ok
17:31:28.0018 1880 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:31:28.0033 1880 NetTcpActivator - ok
17:31:28.0033 1880 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:31:28.0033 1880 NetTcpPortSharing - ok
17:31:28.0127 1880 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
17:31:28.0127 1880 nfrd960 - ok
17:31:28.0236 1880 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:31:28.0236 1880 NisDrv - ok
17:31:28.0345 1880 NisSrv (290c0d4c4889398797f8df3be00b9698) C:\Program Files\Microsoft Security Client\NisSrv.exe
17:31:28.0345 1880 NisSrv - ok
17:31:28.0392 1880 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
17:31:28.0408 1880 NlaSvc - ok
17:31:28.0470 1880 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
17:31:28.0470 1880 Npfs - ok
17:31:28.0548 1880 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
17:31:28.0548 1880 nsi - ok
17:31:28.0564 1880 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
17:31:28.0564 1880 nsiproxy - ok
17:31:28.0751 1880 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
17:31:28.0767 1880 Ntfs - ok
17:31:28.0876 1880 NTIBackupSvc (973dcb15731339fca176e534055cf115) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
17:31:28.0876 1880 NTIBackupSvc - ok
17:31:29.0001 1880 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
17:31:29.0001 1880 NTIDrvr - ok
17:31:29.0094 1880 NTISchedulerSvc (58751f9248d50bce1053976c9e2f0859) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
17:31:29.0094 1880 NTISchedulerSvc - ok
17:31:29.0188 1880 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
17:31:29.0188 1880 Null - ok
17:31:29.0235 1880 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
17:31:29.0235 1880 nvraid - ok
17:31:29.0297 1880 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
17:31:29.0313 1880 nvstor - ok
17:31:29.0328 1880 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
17:31:29.0328 1880 nv_agp - ok
17:31:29.0406 1880 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
17:31:29.0406 1880 ohci1394 - ok
17:31:29.0500 1880 OpcEnum (4b46978a6c6793312e39e0a41496e75e) C:\Windows\system32\opcenum.exe
17:31:29.0515 1880 OpcEnum - ok
17:31:29.0593 1880 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:31:29.0593 1880 ose - ok
17:31:29.0640 1880 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
17:31:29.0656 1880 p2pimsvc - ok
17:31:29.0734 1880 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
17:31:29.0734 1880 p2psvc - ok
17:31:29.0812 1880 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\Windows\system32\drivers\PalmUSBD.sys
17:31:29.0812 1880 PalmUSBD - ok
17:31:29.0890 1880 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
17:31:29.0890 1880 Parport - ok
17:31:29.0983 1880 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
17:31:29.0983 1880 partmgr - ok
17:31:30.0077 1880 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
17:31:30.0077 1880 Parvdm - ok
17:31:30.0124 1880 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
17:31:30.0124 1880 PcaSvc - ok
17:31:30.0217 1880 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
17:31:30.0217 1880 pci - ok
17:31:30.0249 1880 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
17:31:30.0264 1880 pciide - ok
17:31:30.0295 1880 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
17:31:30.0295 1880 pcmcia - ok
17:31:30.0358 1880 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
17:31:30.0358 1880 pcw - ok
17:31:30.0405 1880 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
17:31:30.0405 1880 PEAUTH - ok
17:31:30.0514 1880 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
17:31:30.0529 1880 PeerDistSvc - ok
17:31:30.0701 1880 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
17:31:30.0732 1880 pla - ok
17:31:30.0888 1880 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
17:31:30.0888 1880 PlugPlay - ok
17:31:31.0044 1880 pneteth (713e294439d982bb161317de0136faa0) C:\Windows\system32\DRIVERS\pneteth.sys
17:31:31.0044 1880 pneteth - ok
17:31:31.0185 1880 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
17:31:31.0185 1880 PNRPAutoReg - ok
17:31:31.0216 1880 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
17:31:31.0216 1880 PNRPsvc - ok
17:31:31.0356 1880 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
17:31:31.0356 1880 PolicyAgent - ok
17:31:31.0419 1880 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
17:31:31.0434 1880 Power - ok
17:31:31.0512 1880 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
17:31:31.0512 1880 PptpMiniport - ok
17:31:31.0637 1880 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
17:31:31.0637 1880 Processor - ok
17:31:31.0668 1880 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
17:31:31.0668 1880 ProfSvc - ok
17:31:31.0762 1880 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:31:31.0762 1880 ProtectedStorage - ok
17:31:31.0777 1880 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
17:31:31.0777 1880 Psched - ok
17:31:31.0855 1880 PSDFilter (628321c8dd76ad369b362b202e655a68) C:\Windows\system32\DRIVERS\psdfilter.sys
17:31:31.0855 1880 PSDFilter - ok
17:31:31.0871 1880 PSDNServ (79d7117e62709c7690cf3dd55acead37) C:\Windows\system32\DRIVERS\PSDNServ.sys
17:31:31.0871 1880 PSDNServ - ok
17:31:31.0887 1880 psdvdisk (cae5e82827990cf4bd4a49576bde3a43) C:\Windows\system32\DRIVERS\PSDVdisk.sys
17:31:31.0887 1880 psdvdisk - ok
17:31:31.0965 1880 PTAPCBUS (66c777f155a2ce817adac644ef7762ee) C:\Windows\system32\DRIVERS\PTAPCBUS.sys
17:31:31.0980 1880 PTAPCBUS - ok
17:31:32.0027 1880 PTAPCMDM (b331216377821358665d3ecd0d54d5df) C:\Windows\system32\DRIVERS\PTAPCMDM.sys
17:31:32.0027 1880 PTAPCMDM - ok
17:31:32.0089 1880 PTAPCVSP (8d3d2f25236016e11783e1cbed513ddd) C:\Windows\system32\DRIVERS\PTAPCVSP.sys
17:31:32.0089 1880 PTAPCVSP - ok
17:31:32.0245 1880 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
17:31:32.0261 1880 ql2300 - ok
17:31:32.0511 1880 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
17:31:32.0511 1880 ql40xx - ok
17:31:32.0542 1880 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
17:31:32.0557 1880 QWAVE - ok
17:31:32.0573 1880 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
17:31:32.0573 1880 QWAVEdrv - ok
17:31:32.0635 1880 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
17:31:32.0635 1880 RasAcd - ok
17:31:32.0698 1880 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:31:32.0698 1880 RasAgileVpn - ok
17:31:32.0713 1880 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
17:31:32.0729 1880 RasAuto - ok
17:31:32.0745 1880 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:31:32.0745 1880 Rasl2tp - ok
17:31:32.0838 1880 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
17:31:32.0854 1880 RasMan - ok
17:31:32.0885 1880 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
17:31:32.0885 1880 RasPppoe - ok
17:31:32.0916 1880 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
17:31:32.0916 1880 RasSstp - ok
17:31:33.0010 1880 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
17:31:33.0010 1880 rdbss - ok
17:31:33.0072 1880 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
17:31:33.0072 1880 rdpbus - ok
17:31:33.0197 1880 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:31:33.0197 1880 RDPCDD - ok
17:31:33.0306 1880 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
17:31:33.0306 1880 RDPDR - ok
17:31:33.0384 1880 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
17:31:33.0384 1880 RDPENCDD - ok
17:31:33.0400 1880 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
17:31:33.0400 1880 RDPREFMP - ok
17:31:33.0525 1880 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
17:31:33.0540 1880 RdpVideoMiniport - ok
17:31:33.0712 1880 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
17:31:33.0712 1880 RDPWD - ok
17:31:33.0759 1880 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
17:31:33.0759 1880 rdyboost - ok
17:31:33.0868 1880 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
17:31:33.0868 1880 RemoteAccess - ok
17:31:33.0946 1880 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
17:31:33.0946 1880 RemoteRegistry - ok
17:31:34.0117 1880 RichVideo (17e0bef5ca5c9ce52cc8082ac6ebc449) C:\Program Files\Cyberlink\Shared files\RichVideo.exe
17:31:34.0133 1880 RichVideo - ok
17:31:34.0180 1880 RimUsb - ok
17:31:34.0227 1880 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
17:31:34.0227 1880 RimVSerPort - ok
17:31:34.0305 1880 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
17:31:34.0305 1880 ROOTMODEM - ok
17:31:34.0336 1880 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
17:31:34.0336 1880 RpcEptMapper - ok
17:31:34.0445 1880 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
17:31:34.0445 1880 RpcLocator - ok
17:31:34.0523 1880 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
17:31:34.0523 1880 RpcSs - ok
17:31:34.0601 1880 RsFx0105 (6a7360e36cbd636972aeef0dd292a946) C:\Windows\system32\DRIVERS\RsFx0105.sys
17:31:34.0601 1880 RsFx0105 - ok
17:31:34.0679 1880 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
17:31:34.0679 1880 rspndr - ok
17:31:34.0804 1880 RTHDMIAzAudService (a95b16ff762ff217847b97e6f05778ee) C:\Windows\system32\drivers\RtHDMIV.sys
17:31:34.0804 1880 RTHDMIAzAudService - ok
17:31:34.0819 1880 RTSTOR (d1fb9a678bd6c2b1129fcb09d5feb6dd) C:\Windows\system32\drivers\RTSTOR.SYS
17:31:34.0819 1880 RTSTOR - ok
17:31:34.0897 1880 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
17:31:34.0913 1880 s3cap - ok
17:31:35.0007 1880 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:31:35.0007 1880 SamSs - ok
17:31:35.0085 1880 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
17:31:35.0085 1880 sbp2port - ok
17:31:35.0116 1880 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
17:31:35.0116 1880 SCardSvr - ok
17:31:35.0241 1880 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
17:31:35.0241 1880 scfilter - ok
17:31:35.0365 1880 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
17:31:35.0381 1880 Schedule - ok
17:31:35.0459 1880 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
17:31:35.0459 1880 SCPolicySvc - ok
17:31:35.0553 1880 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
17:31:35.0553 1880 SDRSVC - ok
17:31:35.0631 1880 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:31:35.0631 1880 secdrv - ok
17:31:35.0646 1880 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
17:31:35.0662 1880 seclogon - ok
17:31:35.0677 1880 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
17:31:35.0677 1880 SENS - ok
17:31:35.0755 1880 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
17:31:35.0755 1880 SensrSvc - ok
17:31:35.0865 1880 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
17:31:35.0865 1880 Serenum - ok
17:31:35.0880 1880 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
17:31:35.0880 1880 Serial - ok
17:31:35.0974 1880 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
17:31:35.0989 1880 sermouse - ok
17:31:36.0099 1880 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
17:31:36.0099 1880 SessionEnv - ok
17:31:36.0177 1880 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
17:31:36.0177 1880 sffdisk - ok
17:31:36.0192 1880 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
17:31:36.0192 1880 sffp_mmc - ok
17:31:36.0208 1880 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
17:31:36.0208 1880 sffp_sd - ok
17:31:36.0286 1880 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
17:31:36.0286 1880 sfloppy - ok
17:31:36.0333 1880 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
17:31:36.0348 1880 SharedAccess - ok
17:31:36.0457 1880 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
17:31:36.0473 1880 ShellHWDetection - ok
17:31:36.0535 1880 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
17:31:36.0535 1880 sisagp - ok
17:31:36.0660 1880 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:31:36.0660 1880 SiSRaid2 - ok
17:31:36.0691 1880 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
17:31:36.0707 1880 SiSRaid4 - ok
17:31:37.0081 1880 Skype C2C Service (4ca43b85f22c7739311788b651a779cb) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
17:31:37.0128 1880 Skype C2C Service - ok
17:31:37.0253 1880 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files\Skype\Updater\Updater.exe
17:31:37.0269 1880 SkypeUpdate - ok
17:31:37.0440 1880 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
17:31:37.0440 1880 Smb - ok
17:31:37.0518 1880 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
17:31:37.0518 1880 SMSIVZAM5 - ok
17:31:37.0612 1880 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
17:31:37.0612 1880 SNMPTRAP - ok
17:31:37.0627 1880 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
17:31:37.0627 1880 spldr - ok
17:31:37.0737 1880 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
17:31:37.0737 1880 Spooler - ok
17:31:38.0002 1880 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
17:31:38.0049 1880 sppsvc - ok
17:31:38.0236 1880 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
17:31:38.0236 1880 sppuinotify - ok
17:31:38.0439 1880 SQLAgent$SQLEXPRESS (a892134c28777978ecde8283dc57ac0f) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
17:31:38.0470 1880 SQLAgent$SQLEXPRESS - ok
17:31:38.0532 1880 SQLBrowser (10d936dced9eacd1a1b3fcdda6d7a4eb) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:31:38.0563 1880 SQLBrowser - ok
17:31:38.0595 1880 SQLWriter (135cdccc167ef0c250125bbd3abe18d5) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:31:38.0595 1880 SQLWriter - ok
17:31:38.0719 1880 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
17:31:38.0719 1880 srv - ok
17:31:38.0766 1880 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
17:31:38.0766 1880 srv2 - ok
17:31:38.0813 1880 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
17:31:38.0813 1880 srvnet - ok
17:31:38.0891 1880 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
17:31:38.0891 1880 SSDPSRV - ok
17:31:38.0907 1880 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
17:31:38.0907 1880 SstpSvc - ok
17:31:38.0985 1880 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
17:31:38.0985 1880 stexstor - ok
17:31:39.0031 1880 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
17:31:39.0047 1880 StiSvc - ok
17:31:39.0125 1880 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
17:31:39.0125 1880 storflt - ok
17:31:39.0187 1880 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
17:31:39.0203 1880 storvsc - ok
17:31:39.0219 1880 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
17:31:39.0219 1880 swenum - ok
17:31:39.0312 1880 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
17:31:39.0312 1880 swprv - ok
17:31:39.0390 1880 Synth3dVsc - ok
17:31:39.0484 1880 SynTP (4c9bb4b3b9eac26211484c30b914c6dc) C:\Windows\system32\DRIVERS\SynTP.sys
17:31:39.0484 1880 SynTP - ok
17:31:39.0593 1880 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
17:31:39.0624 1880 SysMain - ok
17:31:39.0718 1880 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
17:31:39.0718 1880 TabletInputService - ok
17:31:39.0811 1880 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
17:31:39.0811 1880 TapiSrv - ok
17:31:39.0889 1880 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
17:31:39.0905 1880 TBS - ok
17:31:40.0077 1880 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
17:31:40.0108 1880 Tcpip - ok
17:31:40.0357 1880 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
17:31:40.0373 1880 TCPIP6 - ok
17:31:40.0467 1880 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
17:31:40.0467 1880 tcpipreg - ok
17:31:40.0545 1880 TcUsb (72b9e77565da5fa564581976e000d29b) C:\Windows\system32\Drivers\tcusb.sys
17:31:40.0545 1880 TcUsb - ok
17:31:40.0591 1880 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
17:31:40.0591 1880 TDPIPE - ok
17:31:40.0669 1880 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
17:31:40.0669 1880 TDTCP - ok
17:31:40.0763 1880 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
17:31:40.0763 1880 tdx - ok
17:31:40.0794 1880 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
17:31:40.0794 1880 TermDD - ok
17:31:40.0919 1880 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
17:31:40.0935 1880 TermService - ok
17:31:40.0981 1880 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
17:31:40.0997 1880 Themes - ok
17:31:41.0075 1880 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
17:31:41.0075 1880 THREADORDER - ok
17:31:41.0091 1880 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
17:31:41.0091 1880 TrkWks - ok
17:31:41.0184 1880 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
17:31:41.0184 1880 TrustedInstaller - ok
17:31:41.0200 1880 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:31:41.0200 1880 tssecsrv - ok
17:31:41.0309 1880 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
17:31:41.0309 1880 TsUsbFlt - ok
17:31:41.0387 1880 tsusbhub - ok
17:31:41.0434 1880 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
17:31:41.0434 1880 tunnel - ok
17:31:41.0449 1880 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
17:31:41.0449 1880 uagp35 - ok
17:31:41.0512 1880 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
17:31:41.0512 1880 UBHelper - ok
17:31:41.0574 1880 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
17:31:41.0574 1880 udfs - ok
17:31:41.0683 1880 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
17:31:41.0699 1880 UI0Detect - ok
17:31:41.0777 1880 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
17:31:41.0777 1880 uliagpkx - ok
17:31:41.0871 1880 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
17:31:41.0871 1880 umbus - ok
17:31:41.0902 1880 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
17:31:41.0902 1880 UmPass - ok
17:31:41.0995 1880 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
17:31:41.0995 1880 UmRdpService - ok
17:31:42.0089 1880 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
17:31:42.0105 1880 upnphost - ok
17:31:42.0183 1880 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
17:31:42.0198 1880 USBAAPL - ok
17:31:42.0229 1880 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
17:31:42.0229 1880 usbccgp - ok
17:31:42.0323 1880 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
17:31:42.0323 1880 usbcir - ok
17:31:42.0339 1880 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
17:31:42.0339 1880 usbehci - ok
17:31:42.0401 1880 usbfilter (edca5124b54bcf04e5c0538aa397a9c1) C:\Windows\system32\DRIVERS\usbfilter.sys
17:31:42.0401 1880 usbfilter - ok
17:31:42.0432 1880 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
17:31:42.0432 1880 usbhub - ok
17:31:42.0510 1880 usbkey (72ea03a93f12eedb036e0ceebc8d91eb) C:\Windows\system32\DRIVERS\USBKey.sys
17:31:42.0510 1880 usbkey - ok
17:31:42.0526 1880 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
17:31:42.0526 1880 usbohci - ok
17:31:42.0604 1880 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
17:31:42.0604 1880 usbprint - ok
17:31:42.0729 1880 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
17:31:42.0729 1880 usbscan - ok
17:31:42.0775 1880 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:31:42.0775 1880 USBSTOR - ok
17:31:42.0838 1880 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
17:31:42.0838 1880 usbuhci - ok
17:31:42.0900 1880 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
17:31:42.0900 1880 usbvideo - ok
17:31:42.0963 1880 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
17:31:42.0963 1880 usb_rndisx - ok
17:31:43.0072 1880 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
17:31:43.0072 1880 UxSms - ok
17:31:43.0119 1880 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:31:43.0119 1880 VaultSvc - ok
17:31:43.0212 1880 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
17:31:43.0212 1880 vdrvroot - ok
17:31:43.0321 1880 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
17:31:43.0337 1880 vds - ok
17:31:43.0368 1880 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
17:31:43.0368 1880 vga - ok
17:31:43.0431 1880 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
17:31:43.0431 1880 VgaSave - ok
17:31:43.0431 1880 VGPU - ok
17:31:43.0524 1880 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
17:31:43.0540 1880 vhdmp - ok
17:31:43.0555 1880 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
17:31:43.0555 1880 viaagp - ok
17:31:43.0633 1880 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
17:31:43.0649 1880 ViaC7 - ok
17:31:43.0696 1880 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
17:31:43.0696 1880 viaide - ok
17:31:43.0727 1880 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
17:31:43.0727 1880 vmbus - ok
17:31:43.0805 1880 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
17:31:43.0805 1880 VMBusHID - ok
17:31:43.0821 1880 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
17:31:43.0821 1880 volmgr - ok
17:31:43.0852 1880 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
17:31:43.0867 1880 volmgrx - ok
17:31:43.0961 1880 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
17:31:43.0961 1880 volsnap - ok
17:31:44.0039 1880 vpcbus (b26536add1d748cda104d856c979ae79) C:\Windows\system32\DRIVERS\vpchbus.sys
17:31:44.0039 1880 vpcbus - ok
17:31:44.0086 1880 vpcnfltr (a0f7e923a6261760130f22b85df9040e) C:\Windows\system32\DRIVERS\vpcnfltr.sys
17:31:44.0086 1880 vpcnfltr - ok
17:31:44.0148 1880 vpcusb (5f4b55e91ce7e2523c9e1e0ece858869) C:\Windows\system32\DRIVERS\vpcusb.sys
17:31:44.0148 1880 vpcusb - ok
17:31:44.0211 1880 vpcvmm (b487191fe18d6863381a1ac55482469a) C:\Windows\system32\drivers\vpcvmm.sys
17:31:44.0211 1880 vpcvmm - ok
17:31:44.0289 1880 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
17:31:44.0289 1880 vsmraid - ok
17:31:44.0445 1880 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
17:31:44.0460 1880 VSS - ok
17:31:44.0507 1880 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
17:31:44.0507 1880 vwifibus - ok
17:31:44.0601 1880 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
17:31:44.0616 1880 W32Time - ok
17:31:44.0726 1880 W3SVC (57c8c20bfa5bef6bd851ebac67a8ced0) C:\Windows\system32\inetsrv\iisw3adm.dll
17:31:44.0726 1880 W3SVC - ok
17:31:44.0788 1880 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
17:31:44.0788 1880 WacomPen - ok
17:31:44.0835 1880 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
17:31:44.0835 1880 WANARP - ok
17:31:44.0882 1880 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
17:31:44.0882 1880 Wanarpv6 - ok
17:31:44.0897 1880 WAS (57c8c20bfa5bef6bd851ebac67a8ced0) C:\Windows\system32\inetsrv\iisw3adm.dll
17:31:44.0897 1880 WAS - ok
17:31:45.0053 1880 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
17:31:45.0069 1880 WatAdminSvc - ok
17:31:45.0303 1880 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
17:31:45.0318 1880 wbengine - ok
17:31:45.0396 1880 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
17:31:45.0412 1880 WbioSrvc - ok
17:31:45.0474 1880 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
17:31:45.0474 1880 wcncsvc - ok
17:31:45.0506 1880 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
17:31:45.0506 1880 WcsPlugInService - ok
17:31:45.0584 1880 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
17:31:45.0584 1880 Wd - ok
17:31:45.0677 1880 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
17:31:45.0677 1880 Wdf01000 - ok
17:31:45.0724 1880 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
17:31:45.0740 1880 WdiServiceHost - ok
17:31:45.0833 1880 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
17:31:45.0833 1880 WdiSystemHost - ok
17:31:45.0896 1880 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
17:31:45.0896 1880 WebClient - ok
17:31:45.0989 1880 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
17:31:45.0989 1880 Wecsvc - ok
17:31:46.0067 1880 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
17:31:46.0067 1880 wercplsupport - ok
17:31:46.0083 1880 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
17:31:46.0083 1880 WerSvc - ok
17:31:46.0176 1880 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
17:31:46.0176 1880 WfpLwf - ok
17:31:46.0192 1880 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
17:31:46.0192 1880 WIMMount - ok
17:31:46.0223 1880 winbondcir (3fa87d56769838aac82fafc3e78fc732) C:\Windows\system32\DRIVERS\winbondcir.sys
17:31:46.0223 1880 winbondcir - ok
17:31:46.0442 1880 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
17:31:46.0442 1880 WinDefend - ok
17:31:46.0504 1880 WinHttpAutoProxySvc - ok
17:31:46.0613 1880 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
17:31:46.0613 1880 Winmgmt - ok
17:31:46.0785 1880 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
17:31:46.0800 1880 WinRM - ok
17:31:46.0925 1880 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
17:31:46.0925 1880 WinUsb - ok
17:31:47.0050 1880 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
17:31:47.0066 1880 Wlansvc - ok
17:31:47.0206 1880 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:31:47.0206 1880 wlcrasvc - ok
17:31:47.0409 1880 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:31:47.0424 1880 wlidsvc - ok
17:31:47.0612 1880 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
17:31:47.0612 1880 WmiAcpi - ok
17:31:47.0721 1880 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
17:31:47.0736 1880 wmiApSrv - ok
17:31:47.0908 1880 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
17:31:47.0924 1880 WMPNetworkSvc - ok
17:31:48.0126 1880 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
17:31:48.0126 1880 WPCSvc - ok
17:31:48.0204 1880 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
17:31:48.0204 1880 WPDBusEnum - ok
17:31:48.0251 1880 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
17:31:48.0251 1880 ws2ifsl - ok
17:31:48.0314 1880 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
17:31:48.0314 1880 wscsvc - ok
17:31:48.0438 1880 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
17:31:48.0438 1880 WSDPrintDevice - ok
17:31:48.0454 1880 WSearch - ok
17:31:48.0563 1880 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
17:31:48.0563 1880 WudfPf - ok
17:31:48.0579 1880 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:31:48.0579 1880 WUDFRd - ok
17:31:48.0672 1880 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
17:31:48.0672 1880 wudfsvc - ok
17:31:48.0735 1880 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
17:31:48.0750 1880 WwanSvc - ok
17:31:48.0875 1880 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
17:31:48.0875 1880 YahooAUService - ok
17:31:49.0094 1880 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:31:49.0374 1880 \Device\Harddisk0\DR0 - ok
17:31:49.0390 1880 MBR (0x1B8) (23b571400a29918f5392f6e85eeb756e) \Device\Harddisk1\DR1
17:31:58.0875 1880 \Device\Harddisk1\DR1 - ok
17:31:58.0890 1880 Boot (0x1200) (682aa3a1b11eb25df67d5802fefb5553) \Device\Harddisk0\DR0\Partition0
17:31:58.0890 1880 \Device\Harddisk0\DR0\Partition0 - ok
17:31:58.0906 1880 Boot (0x1200) (60d8472c1b531d3c12590c9234f39bbf) \Device\Harddisk0\DR0\Partition1
17:31:58.0906 1880 \Device\Harddisk0\DR0\Partition1 - ok
17:31:58.0953 1880 Boot (0x1200) (47aade6b3c3dded2b9e35519e16e32bd) \Device\Harddisk1\DR1\Partition0
17:31:58.0968 1880 \Device\Harddisk1\DR1\Partition0 - ok
17:31:58.0968 1880 ============================================================
17:31:58.0968 1880 Scan finished
17:31:58.0968 1880 ============================================================
17:31:59.0031 1872 Detected object count: 0
17:31:59.0031 1872 Actual detected object count: 0

Edited by snuix89, 07 August 2012 - 06:27 AM.


#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:36 PM

Posted 08 August 2012 - 05:25 PM

you machine wont stop rebooting until we can replace the infected services.exe, so we need to search for a replacement:

please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
C:\Windows\Installer\{29705fd8-db4a-7a33-8362-eac4941e9aa3}
C:\Users\Boyce\AppData\Local\{29705fd8-db4a-7a33-8362-eac4941e9aa3}
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


  • While you are still booted into System Recovery Options run FRST.

    Type the following in the edit box after "Search:" so it looks like this:

    Search: services.exe

    Click Search button and post the log it makes to your reply.



Reboot Normally.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:36 PM

Posted 16 August 2012 - 07:14 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users