Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Luhe.Sirefef.A Infection


  • Please log in to reply
7 replies to this topic

#1 paul1996

paul1996

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 26 August 2012 - 01:02 AM

Hi. I'm operating on Windows 7, 64 bit and am infected with the Luhe.Sirefef.A Virus, from what AVG tells me from a recent computer scan. The scan also showed about 300 other potentially dangerous threats. I addressed the threats and healed & removed all but 2. Here's the two threats, copied from AVG:
"";"C:\Users\OWNER\AppData\Local\Google\Chrome\Application\chrome.exe (1692):\memory_02e10000";"Found Luhe.Sirefef.A";"Object is inaccessible."
"";"C:\Users\OWNER\AppData\Local\Google\Chrome\Application\chrome.exe (1692)";"Found Luhe.Sirefef.A";""

I've recently just used Malwarebytes to run a full scan of my computer and remove the Sirefef virus but I'm not sure if there are any damage to files or any malicuous viruses hidden or remaining on my computer. My friends told me that I should wipe-out everything, but I would like to see if there was an alternative to that. I stumbled across this site (nice site btw) and saw the excellent helping service so thought I'd register and ask.

Before the Malwarebytes scan and cleanup, AVG would show warnings about trojans which I couldn't move to the vault for some reason. But ever since the Malwarebytes cleanup I haven't had any pop-ups or problems from AVG about any viruses being detected.

But I still want to make sure that there isn't anything that might have been left behind.

Thank-you for your time.

*EDIT*
I just got a pop-up from AVG Resident Shield Alert:
"";"C:\Windows\System32\services.exe";"Trojan horse Dropper.Generic_c.MMI";"Object is white-listed (critical/system file that should not be removed)"

Edited by paul1996, 26 August 2012 - 01:07 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:25 AM

Posted 26 August 2012 - 07:02 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 paul1996

paul1996
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 26 August 2012 - 11:09 AM

Thank you for replying, naren. All the results that were requested are below.

TDSSKiller LOG Report:
08:51:47.0514 1240  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
08:51:47.0982 1240  ============================================================
08:51:47.0982 1240  Current date / time: 2012/08/26 08:51:47.0982
08:51:47.0982 1240  SystemInfo:
08:51:47.0982 1240  
08:51:47.0982 1240  OS Version: 6.1.7601 ServicePack: 1.0
08:51:47.0982 1240  Product type: Workstation
08:51:47.0982 1240  ComputerName: OWNER-HP
08:51:47.0982 1240  UserName: OWNER
08:51:47.0982 1240  Windows directory: C:\Windows
08:51:47.0982 1240  System windows directory: C:\Windows
08:51:47.0982 1240  Running under WOW64
08:51:47.0982 1240  Processor architecture: Intel x64
08:51:47.0982 1240  Number of processors: 2
08:51:47.0982 1240  Page size: 0x1000
08:51:47.0982 1240  Boot type: Normal boot
08:51:47.0982 1240  ============================================================
08:51:50.0169 1240  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:51:50.0176 1240  Drive \Device\Harddisk1\DR1 - Size: 0x3BA300000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:51:50.0199 1240  ============================================================
08:51:50.0199 1240  \Device\Harddisk0\DR0:
08:51:50.0203 1240  MBR partitions:
08:51:50.0203 1240  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:51:50.0203 1240  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x38D08800
08:51:50.0203 1240  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38D3B000, BlocksNum 0x164A800
08:51:50.0203 1240  \Device\Harddisk1\DR1:
08:51:50.0205 1240  MBR partitions:
08:51:50.0205 1240  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x1DD17E0
08:51:50.0205 1240  ============================================================
08:51:50.0230 1240  C: <-> \Device\Harddisk0\DR0\Partition2
08:51:50.0410 1240  D: <-> \Device\Harddisk0\DR0\Partition3
08:51:50.0411 1240  ============================================================
08:51:50.0411 1240  Initialize success
08:51:50.0411 1240  ============================================================
08:53:32.0459 3756  ============================================================
08:53:32.0459 3756  Scan started
08:53:32.0459 3756  Mode: Manual; TDLFS; 
08:53:32.0459 3756  ============================================================
08:53:33.0567 3756  ================ Scan system memory ========================
08:53:33.0567 3756  System memory - ok
08:53:33.0567 3756  ================ Scan services =============================
08:53:33.0738 3756  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
08:53:33.0754 3756  1394ohci - ok
08:53:33.0769 3756  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
08:53:33.0785 3756  ACPI - ok
08:53:33.0785 3756  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
08:53:33.0801 3756  AcpiPmi - ok
08:53:33.0879 3756  [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:53:33.0894 3756  AdobeFlashPlayerUpdateSvc - ok
08:53:33.0941 3756  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
08:53:33.0941 3756  adp94xx - ok
08:53:33.0972 3756  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
08:53:33.0988 3756  adpahci - ok
08:53:34.0003 3756  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
08:53:34.0003 3756  adpu320 - ok
08:53:34.0035 3756  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
08:53:34.0035 3756  AeLookupSvc - ok
08:53:34.0081 3756  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
08:53:34.0081 3756  AFD - ok
08:53:34.0113 3756  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
08:53:34.0113 3756  agp440 - ok
08:53:34.0144 3756  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
08:53:34.0144 3756  ALG - ok
08:53:34.0159 3756  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
08:53:34.0159 3756  aliide - ok
08:53:34.0175 3756  [ CA0D6C1390F4B3BAF2A0A69D1A7F8332 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
08:53:34.0175 3756  AMD External Events Utility - ok
08:53:34.0191 3756  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
08:53:34.0191 3756  amdide - ok
08:53:34.0191 3756  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
08:53:34.0191 3756  AmdK8 - ok
08:53:34.0331 3756  [ 75E4BACA583AE02C11E9AC8747E2ABE0 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
08:53:34.0409 3756  amdkmdag - ok
08:53:34.0425 3756  [ B765CF4B32F347BE747B21AE22641025 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
08:53:34.0425 3756  amdkmdap - ok
08:53:34.0440 3756  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
08:53:34.0440 3756  AmdPPM - ok
08:53:34.0471 3756  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
08:53:34.0487 3756  amdsata - ok
08:53:34.0518 3756  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
08:53:34.0518 3756  amdsbs - ok
08:53:34.0549 3756  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
08:53:34.0549 3756  amdxata - ok
08:53:34.0581 3756  [ CAEE7C1AFC9F1C9EE8DD11ACD18D22E7 ] amd_sata        C:\Windows\system32\drivers\amd_sata.sys
08:53:34.0581 3756  amd_sata - ok
08:53:34.0596 3756  [ 23726116B4FBCC84FC45B95157C08F5F ] amd_xata        C:\Windows\system32\drivers\amd_xata.sys
08:53:34.0596 3756  amd_xata - ok
08:53:34.0612 3756  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
08:53:34.0612 3756  AppID - ok
08:53:34.0627 3756  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
08:53:34.0643 3756  AppIDSvc - ok
08:53:34.0643 3756  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
08:53:34.0643 3756  Appinfo - ok
08:53:34.0659 3756  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
08:53:34.0659 3756  arc - ok
08:53:34.0674 3756  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
08:53:34.0674 3756  arcsas - ok
08:53:34.0752 3756  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:53:34.0752 3756  aspnet_state - ok
08:53:34.0799 3756  [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
08:53:34.0799 3756  aswMonFlt - ok
08:53:34.0830 3756  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
08:53:34.0846 3756  AsyncMac - ok
08:53:34.0861 3756  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
08:53:34.0861 3756  atapi - ok
08:53:34.0893 3756  [ E82E61F46D1336447F4DEFF8C074F13E ] AtiPcie         C:\Windows\system32\drivers\AtiPcie64.sys
08:53:34.0893 3756  AtiPcie - ok
08:53:34.0939 3756  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:53:34.0939 3756  AudioEndpointBuilder - ok
08:53:34.0955 3756  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
08:53:34.0971 3756  AudioSrv - ok
08:53:35.0049 3756  [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
08:53:35.0064 3756  avast! Antivirus - ok
08:53:35.0236 3756  [ D67719BCFDE5798F5C30D14EFED3BCAF ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
08:53:35.0267 3756  AVGIDSAgent - ok
08:53:35.0314 3756  [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
08:53:35.0314 3756  AVGIDSDriver - ok
08:53:35.0329 3756  [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter    C:\Windows\system32\DRIVERS\avgidsfiltera.sys
08:53:35.0329 3756  AVGIDSFilter - ok
08:53:35.0376 3756  [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
08:53:35.0376 3756  AVGIDSHA - ok
08:53:35.0407 3756  [ 59955B4C288DD2A8B9FD2CD5158355C5 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
08:53:35.0407 3756  Avgldx64 - ok
08:53:35.0423 3756  [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
08:53:35.0423 3756  Avgmfx64 - ok
08:53:35.0454 3756  [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
08:53:35.0454 3756  Avgrkx64 - ok
08:53:35.0485 3756  [ 1BEE674AD792B1C63BB0DAC5FA724B23 ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
08:53:35.0485 3756  Avgtdia - ok
08:53:35.0517 3756  [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd           C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
08:53:35.0517 3756  avgwd - ok
08:53:35.0548 3756  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
08:53:35.0563 3756  AxInstSV - ok
08:53:35.0595 3756  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
08:53:35.0595 3756  b06bdrv - ok
08:53:35.0626 3756  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
08:53:35.0626 3756  b57nd60a - ok
08:53:35.0704 3756  [ 44E6E51AEDBF3E0B38A6CD5432649E57 ] BCMH43XX        C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
08:53:35.0704 3756  BCMH43XX - ok
08:53:35.0751 3756  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
08:53:35.0751 3756  BDESVC - ok
08:53:35.0782 3756  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
08:53:35.0782 3756  Beep - ok
08:53:35.0813 3756  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
08:53:35.0813 3756  BFE - ok
08:53:35.0844 3756  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
08:53:35.0844 3756  blbdrive - ok
08:53:35.0860 3756  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
08:53:35.0875 3756  bowser - ok
08:53:35.0891 3756  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
08:53:35.0891 3756  BrFiltLo - ok
08:53:35.0891 3756  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
08:53:35.0891 3756  BrFiltUp - ok
08:53:35.0922 3756  [ 8EF0D5C41EC907751B8429162B1239ED ] Browser         C:\Windows\System32\browser.dll
08:53:35.0922 3756  Browser - ok
08:53:35.0938 3756  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
08:53:35.0938 3756  Brserid - ok
08:53:35.0938 3756  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
08:53:35.0938 3756  BrSerWdm - ok
08:53:35.0953 3756  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
08:53:35.0953 3756  BrUsbMdm - ok
08:53:35.0953 3756  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
08:53:35.0953 3756  BrUsbSer - ok
08:53:35.0969 3756  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
08:53:35.0969 3756  BTHMODEM - ok
08:53:35.0985 3756  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
08:53:35.0985 3756  bthserv - ok
08:53:36.0016 3756  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
08:53:36.0016 3756  cdfs - ok
08:53:36.0016 3756  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
08:53:36.0016 3756  cdrom - ok
08:53:36.0047 3756  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
08:53:36.0047 3756  CertPropSvc - ok
08:53:36.0047 3756  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
08:53:36.0047 3756  circlass - ok
08:53:36.0063 3756  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
08:53:36.0063 3756  CLFS - ok
08:53:36.0094 3756  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:53:36.0094 3756  clr_optimization_v2.0.50727_32 - ok
08:53:36.0125 3756  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:53:36.0141 3756  clr_optimization_v2.0.50727_64 - ok
08:53:36.0187 3756  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:53:36.0250 3756  clr_optimization_v4.0.30319_32 - ok
08:53:36.0281 3756  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:53:36.0297 3756  clr_optimization_v4.0.30319_64 - ok
08:53:36.0328 3756  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
08:53:36.0328 3756  CmBatt - ok
08:53:36.0343 3756  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
08:53:36.0343 3756  cmdide - ok
08:53:36.0390 3756  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
08:53:36.0406 3756  CNG - ok
08:53:36.0406 3756  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
08:53:36.0406 3756  Compbatt - ok
08:53:36.0453 3756  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
08:53:36.0453 3756  CompositeBus - ok
08:53:36.0453 3756  COMSysApp - ok
08:53:36.0453 3756  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
08:53:36.0453 3756  crcdisk - ok
08:53:36.0499 3756  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
08:53:36.0499 3756  CryptSvc - ok
08:53:36.0671 3756  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
08:53:36.0687 3756  cvhsvc - ok
08:53:36.0733 3756  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
08:53:36.0733 3756  DcomLaunch - ok
08:53:36.0765 3756  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
08:53:36.0765 3756  defragsvc - ok
08:53:36.0796 3756  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
08:53:36.0796 3756  DfsC - ok
08:53:36.0811 3756  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
08:53:36.0827 3756  Dhcp - ok
08:53:36.0843 3756  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
08:53:36.0843 3756  discache - ok
08:53:36.0858 3756  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
08:53:36.0858 3756  Disk - ok
08:53:36.0889 3756  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
08:53:36.0889 3756  Dnscache - ok
08:53:36.0921 3756  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
08:53:36.0936 3756  dot3svc - ok
08:53:36.0936 3756  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
08:53:36.0936 3756  DPS - ok
08:53:36.0967 3756  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
08:53:36.0967 3756  drmkaud - ok
08:53:37.0014 3756  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
08:53:37.0014 3756  dtsoftbus01 - ok
08:53:37.0061 3756  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
08:53:37.0077 3756  DXGKrnl - ok
08:53:37.0108 3756  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
08:53:37.0108 3756  EapHost - ok
08:53:37.0186 3756  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
08:53:37.0217 3756  ebdrv - ok
08:53:37.0248 3756  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
08:53:37.0248 3756  EFS - ok
08:53:37.0295 3756  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
08:53:37.0311 3756  ehRecvr - ok
08:53:37.0326 3756  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
08:53:37.0326 3756  ehSched - ok
08:53:37.0357 3756  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
08:53:37.0373 3756  elxstor - ok
08:53:37.0373 3756  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
08:53:37.0373 3756  ErrDev - ok
08:53:37.0404 3756  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
08:53:37.0404 3756  EventSystem - ok
08:53:37.0435 3756  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
08:53:37.0435 3756  exfat - ok
08:53:37.0451 3756  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
08:53:37.0451 3756  fastfat - ok
08:53:37.0467 3756  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
08:53:37.0482 3756  Fax - ok
08:53:37.0482 3756  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
08:53:37.0482 3756  fdc - ok
08:53:37.0498 3756  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
08:53:37.0513 3756  fdPHost - ok
08:53:37.0513 3756  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
08:53:37.0513 3756  FDResPub - ok
08:53:37.0529 3756  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
08:53:37.0529 3756  FileInfo - ok
08:53:37.0529 3756  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
08:53:37.0545 3756  Filetrace - ok
08:53:37.0545 3756  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
08:53:37.0545 3756  flpydisk - ok
08:53:37.0560 3756  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
08:53:37.0560 3756  FltMgr - ok
08:53:37.0607 3756  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
08:53:37.0638 3756  FontCache - ok
08:53:37.0669 3756  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:53:37.0669 3756  FontCache3.0.0.0 - ok
08:53:37.0685 3756  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
08:53:37.0685 3756  FsDepends - ok
08:53:37.0716 3756  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
08:53:37.0716 3756  Fs_Rec - ok
08:53:37.0732 3756  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
08:53:37.0732 3756  fvevol - ok
08:53:37.0747 3756  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
08:53:37.0747 3756  gagp30kx - ok
08:53:37.0857 3756  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
08:53:37.0872 3756  GamesAppService - ok
08:53:37.0888 3756  GEARAspiWDM - ok
08:53:37.0919 3756  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
08:53:37.0935 3756  gpsvc - ok
08:53:37.0950 3756  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
08:53:37.0950 3756  hcw85cir - ok
08:53:37.0966 3756  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:53:37.0981 3756  HdAudAddService - ok
08:53:37.0997 3756  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
08:53:37.0997 3756  HDAudBus - ok
08:53:37.0997 3756  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
08:53:38.0013 3756  HidBatt - ok
08:53:38.0013 3756  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
08:53:38.0013 3756  HidBth - ok
08:53:38.0028 3756  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
08:53:38.0028 3756  HidIr - ok
08:53:38.0044 3756  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
08:53:38.0044 3756  hidserv - ok
08:53:38.0059 3756  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
08:53:38.0059 3756  HidUsb - ok
08:53:38.0075 3756  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
08:53:38.0075 3756  hkmsvc - ok
08:53:38.0106 3756  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:53:38.0106 3756  HomeGroupListener - ok
08:53:38.0106 3756  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:53:38.0122 3756  HomeGroupProvider - ok
08:53:38.0153 3756  [ 45A12CACB97B4F15858FCFD59355A1E9 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
08:53:38.0153 3756  HP Health Check Service - ok
08:53:38.0200 3756  [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc     C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
08:53:38.0200 3756  HPClientSvc - ok
08:53:38.0247 3756  [ F55442690A70A0278A7EED4FAAEBF576 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
08:53:38.0247 3756  HPDrvMntSvc.exe - ok
08:53:38.0278 3756  [ 640E51DB253265C3EAC075866B3D2B33 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
08:53:38.0293 3756  hpqwmiex - ok
08:53:38.0340 3756  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
08:53:38.0340 3756  HpSAMD - ok
08:53:38.0371 3756  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
08:53:38.0371 3756  HTTP - ok
08:53:38.0387 3756  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
08:53:38.0387 3756  hwpolicy - ok
08:53:38.0387 3756  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
08:53:38.0387 3756  i8042prt - ok
08:53:38.0418 3756  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
08:53:38.0434 3756  iaStorV - ok
08:53:38.0465 3756  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:53:38.0496 3756  idsvc - ok
08:53:38.0668 3756  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
08:53:38.0746 3756  igfx - ok
08:53:38.0777 3756  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
08:53:38.0777 3756  iirsp - ok
08:53:38.0808 3756  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
08:53:38.0824 3756  IKEEXT - ok
08:53:38.0902 3756  [ 589B94A9B73A0E819FF873743A480834 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
08:53:38.0917 3756  IntcAzAudAddService - ok
08:53:38.0933 3756  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
08:53:38.0933 3756  intelide - ok
08:53:38.0949 3756  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
08:53:38.0949 3756  intelppm - ok
08:53:38.0964 3756  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
08:53:38.0964 3756  IPBusEnum - ok
08:53:38.0980 3756  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:53:38.0980 3756  IpFilterDriver - ok
08:53:38.0980 3756  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
08:53:38.0980 3756  IPMIDRV - ok
08:53:38.0995 3756  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
08:53:38.0995 3756  IPNAT - ok
08:53:39.0011 3756  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
08:53:39.0011 3756  IRENUM - ok
08:53:39.0011 3756  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
08:53:39.0011 3756  isapnp - ok
08:53:39.0027 3756  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
08:53:39.0027 3756  iScsiPrt - ok
08:53:39.0042 3756  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
08:53:39.0042 3756  kbdclass - ok
08:53:39.0058 3756  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
08:53:39.0058 3756  kbdhid - ok
08:53:39.0089 3756  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
08:53:39.0089 3756  KeyIso - ok
08:53:39.0105 3756  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
08:53:39.0105 3756  KSecDD - ok
08:53:39.0120 3756  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
08:53:39.0120 3756  KSecPkg - ok
08:53:39.0136 3756  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
08:53:39.0136 3756  ksthunk - ok
08:53:39.0151 3756  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
08:53:39.0167 3756  KtmRm - ok
08:53:39.0183 3756  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
08:53:39.0198 3756  LanmanServer - ok
08:53:39.0214 3756  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:53:39.0214 3756  LanmanWorkstation - ok
08:53:39.0229 3756  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
08:53:39.0229 3756  lltdio - ok
08:53:39.0261 3756  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
08:53:39.0261 3756  lltdsvc - ok
08:53:39.0261 3756  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
08:53:39.0276 3756  lmhosts - ok
08:53:39.0276 3756  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
08:53:39.0276 3756  LSI_FC - ok
08:53:39.0292 3756  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
08:53:39.0292 3756  LSI_SAS - ok
08:53:39.0307 3756  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
08:53:39.0307 3756  LSI_SAS2 - ok
08:53:39.0307 3756  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
08:53:39.0307 3756  LSI_SCSI - ok
08:53:39.0323 3756  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
08:53:39.0323 3756  luafv - ok
08:53:39.0354 3756  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
08:53:39.0354 3756  Mcx2Svc - ok
08:53:39.0354 3756  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
08:53:39.0354 3756  megasas - ok
08:53:39.0370 3756  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
08:53:39.0370 3756  MegaSR - ok
08:53:39.0385 3756  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
08:53:39.0385 3756  MMCSS - ok
08:53:39.0401 3756  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
08:53:39.0401 3756  Modem - ok
08:53:39.0417 3756  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
08:53:39.0417 3756  monitor - ok
08:53:39.0432 3756  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
08:53:39.0432 3756  mouclass - ok
08:53:39.0448 3756  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
08:53:39.0448 3756  mouhid - ok
08:53:39.0448 3756  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
08:53:39.0448 3756  mountmgr - ok
08:53:39.0463 3756  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
08:53:39.0463 3756  mpio - ok
08:53:39.0479 3756  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
08:53:39.0479 3756  mpsdrv - ok
08:53:39.0479 3756  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
08:53:39.0479 3756  MRxDAV - ok
08:53:39.0510 3756  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
08:53:39.0510 3756  mrxsmb - ok
08:53:39.0526 3756  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:53:39.0526 3756  mrxsmb10 - ok
08:53:39.0541 3756  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:53:39.0541 3756  mrxsmb20 - ok
08:53:39.0557 3756  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
08:53:39.0557 3756  msahci - ok
08:53:39.0557 3756  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
08:53:39.0573 3756  msdsm - ok
08:53:39.0588 3756  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
08:53:39.0588 3756  MSDTC - ok
08:53:39.0604 3756  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
08:53:39.0604 3756  Msfs - ok
08:53:39.0604 3756  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
08:53:39.0619 3756  mshidkmdf - ok
08:53:39.0619 3756  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
08:53:39.0619 3756  msisadrv - ok
08:53:39.0635 3756  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
08:53:39.0635 3756  MSiSCSI - ok
08:53:39.0635 3756  msiserver - ok
08:53:39.0651 3756  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
08:53:39.0651 3756  MSKSSRV - ok
08:53:39.0666 3756  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
08:53:39.0666 3756  MSPCLOCK - ok
08:53:39.0666 3756  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
08:53:39.0666 3756  MSPQM - ok
08:53:39.0682 3756  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
08:53:39.0682 3756  MsRPC - ok
08:53:39.0697 3756  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
08:53:39.0697 3756  mssmbios - ok
08:53:39.0697 3756  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
08:53:39.0697 3756  MSTEE - ok
08:53:39.0713 3756  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
08:53:39.0713 3756  MTConfig - ok
08:53:39.0713 3756  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
08:53:39.0713 3756  Mup - ok
08:53:39.0729 3756  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
08:53:39.0744 3756  napagent - ok
08:53:39.0775 3756  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
08:53:39.0775 3756  NativeWifiP - ok
08:53:39.0807 3756  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
08:53:39.0807 3756  NDIS - ok
08:53:39.0807 3756  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
08:53:39.0807 3756  NdisCap - ok
08:53:39.0822 3756  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
08:53:39.0838 3756  NdisTapi - ok
08:53:39.0838 3756  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
08:53:39.0838 3756  Ndisuio - ok
08:53:39.0838 3756  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
08:53:39.0853 3756  NdisWan - ok
08:53:39.0853 3756  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
08:53:39.0853 3756  NDProxy - ok
08:53:39.0869 3756  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
08:53:39.0869 3756  NetBIOS - ok
08:53:39.0869 3756  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
08:53:39.0869 3756  NetBT - ok
08:53:39.0885 3756  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
08:53:39.0900 3756  Netlogon - ok
08:53:39.0916 3756  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
08:53:39.0916 3756  Netman - ok
08:53:39.0947 3756  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:53:39.0994 3756  NetMsmqActivator - ok
08:53:40.0009 3756  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:53:40.0009 3756  NetPipeActivator - ok
08:53:40.0041 3756  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
08:53:40.0056 3756  netprofm - ok
08:53:40.0072 3756  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:53:40.0072 3756  NetTcpActivator - ok
08:53:40.0072 3756  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:53:40.0072 3756  NetTcpPortSharing - ok
08:53:40.0103 3756  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
08:53:40.0103 3756  nfrd960 - ok
08:53:40.0134 3756  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
08:53:40.0134 3756  NlaSvc - ok
08:53:40.0165 3756  [ C31FA031335EFF434B2D94278E74BCCE ] NPF             C:\Windows\system32\DRIVERS\npf.sys
08:53:40.0165 3756  NPF - ok
08:53:40.0181 3756  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
08:53:40.0181 3756  Npfs - ok
08:53:40.0197 3756  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
08:53:40.0212 3756  nsi - ok
08:53:40.0228 3756  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
08:53:40.0228 3756  nsiproxy - ok
08:53:40.0275 3756  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
08:53:40.0290 3756  Ntfs - ok
08:53:40.0306 3756  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
08:53:40.0306 3756  Null - ok
08:53:40.0337 3756  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
08:53:40.0353 3756  nvraid - ok
08:53:40.0353 3756  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
08:53:40.0368 3756  nvstor - ok
08:53:40.0384 3756  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
08:53:40.0399 3756  nv_agp - ok
08:53:40.0399 3756  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
08:53:40.0399 3756  ohci1394 - ok
08:53:40.0431 3756  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:53:40.0431 3756  ose - ok
08:53:40.0571 3756  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:53:40.0618 3756  osppsvc - ok
08:53:40.0665 3756  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
08:53:40.0665 3756  p2pimsvc - ok
08:53:40.0680 3756  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
08:53:40.0696 3756  p2psvc - ok
08:53:40.0711 3756  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
08:53:40.0711 3756  Parport - ok
08:53:40.0743 3756  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
08:53:40.0758 3756  partmgr - ok
08:53:40.0774 3756  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
08:53:40.0789 3756  PcaSvc - ok
08:53:40.0821 3756  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
08:53:40.0821 3756  pci - ok
08:53:40.0836 3756  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
08:53:40.0836 3756  pciide - ok
08:53:40.0852 3756  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
08:53:40.0867 3756  pcmcia - ok
08:53:40.0867 3756  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
08:53:40.0867 3756  pcw - ok
08:53:40.0899 3756  pdfcDispatcher - ok
08:53:40.0914 3756  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
08:53:40.0930 3756  PEAUTH - ok
08:53:41.0008 3756  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
08:53:41.0008 3756  PerfHost - ok
08:53:41.0070 3756  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
08:53:41.0086 3756  pla - ok
08:53:41.0133 3756  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
08:53:41.0133 3756  PlugPlay - ok
08:53:41.0164 3756  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
08:53:41.0164 3756  PNRPAutoReg - ok
08:53:41.0164 3756  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
08:53:41.0164 3756  PNRPsvc - ok
08:53:41.0179 3756  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
08:53:41.0195 3756  PolicyAgent - ok
08:53:41.0226 3756  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
08:53:41.0226 3756  Power - ok
08:53:41.0257 3756  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
08:53:41.0257 3756  PptpMiniport - ok
08:53:41.0273 3756  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
08:53:41.0273 3756  Processor - ok
08:53:41.0304 3756  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
08:53:41.0304 3756  ProfSvc - ok
08:53:41.0320 3756  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:53:41.0320 3756  ProtectedStorage - ok
08:53:41.0335 3756  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
08:53:41.0335 3756  Psched - ok
08:53:41.0382 3756  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
08:53:41.0398 3756  ql2300 - ok
08:53:41.0413 3756  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
08:53:41.0413 3756  ql40xx - ok
08:53:41.0429 3756  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
08:53:41.0429 3756  QWAVE - ok
08:53:41.0429 3756  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
08:53:41.0429 3756  QWAVEdrv - ok
08:53:41.0445 3756  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
08:53:41.0445 3756  RasAcd - ok
08:53:41.0460 3756  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
08:53:41.0460 3756  RasAgileVpn - ok
08:53:41.0476 3756  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
08:53:41.0476 3756  RasAuto - ok
08:53:41.0491 3756  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
08:53:41.0491 3756  Rasl2tp - ok
08:53:41.0523 3756  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
08:53:41.0523 3756  RasMan - ok
08:53:41.0523 3756  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
08:53:41.0523 3756  RasPppoe - ok
08:53:41.0538 3756  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
08:53:41.0538 3756  RasSstp - ok
08:53:41.0554 3756  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
08:53:41.0569 3756  rdbss - ok
08:53:41.0569 3756  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
08:53:41.0569 3756  rdpbus - ok
08:53:41.0569 3756  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
08:53:41.0585 3756  RDPCDD - ok
08:53:41.0585 3756  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
08:53:41.0585 3756  RDPENCDD - ok
08:53:41.0601 3756  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
08:53:41.0601 3756  RDPREFMP - ok
08:53:41.0632 3756  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
08:53:41.0632 3756  RDPWD - ok
08:53:41.0663 3756  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
08:53:41.0663 3756  rdyboost - ok
08:53:41.0679 3756  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
08:53:41.0679 3756  RemoteAccess - ok
08:53:41.0710 3756  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
08:53:41.0710 3756  RemoteRegistry - ok
08:53:41.0757 3756  [ 085D18C71AB2611A3D61528132B6501E ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
08:53:41.0757 3756  RoxioNow Service - ok
08:53:41.0788 3756  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
08:53:41.0788 3756  RpcEptMapper - ok
08:53:41.0803 3756  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
08:53:41.0819 3756  RpcLocator - ok
08:53:41.0835 3756  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
08:53:41.0835 3756  RpcSs - ok
08:53:41.0866 3756  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
08:53:41.0866 3756  rspndr - ok
08:53:41.0897 3756  [ AFC12DFA4C7B089673AD67402CA19EDB ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
08:53:41.0913 3756  RTL8167 - ok
08:53:41.0928 3756  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
08:53:41.0928 3756  SamSs - ok
08:53:41.0928 3756  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
08:53:41.0944 3756  sbp2port - ok
08:53:41.0944 3756  SBRE - ok
08:53:41.0975 3756  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
08:53:41.0975 3756  SCardSvr - ok
08:53:41.0991 3756  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
08:53:41.0991 3756  scfilter - ok
08:53:42.0006 3756  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
08:53:42.0022 3756  Schedule - ok
08:53:42.0053 3756  [ 2A50BE713FAF033420466C25979C028E ] SCMNdisP        C:\Windows\system32\DRIVERS\scmndisp.sys
08:53:42.0053 3756  SCMNdisP - ok
08:53:42.0069 3756  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
08:53:42.0069 3756  SCPolicySvc - ok
08:53:42.0100 3756  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
08:53:42.0100 3756  SDRSVC - ok
08:53:42.0131 3756  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
08:53:42.0131 3756  secdrv - ok
08:53:42.0147 3756  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
08:53:42.0147 3756  seclogon - ok
08:53:42.0162 3756  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
08:53:42.0162 3756  SENS - ok
08:53:42.0162 3756  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
08:53:42.0178 3756  SensrSvc - ok
08:53:42.0178 3756  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
08:53:42.0178 3756  Serenum - ok
08:53:42.0178 3756  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
08:53:42.0193 3756  Serial - ok
08:53:42.0193 3756  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
08:53:42.0209 3756  sermouse - ok
08:53:42.0225 3756  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
08:53:42.0225 3756  SessionEnv - ok
08:53:42.0240 3756  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
08:53:42.0240 3756  sffdisk - ok
08:53:42.0256 3756  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
08:53:42.0256 3756  sffp_mmc - ok
08:53:42.0256 3756  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
08:53:42.0256 3756  sffp_sd - ok
08:53:42.0271 3756  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
08:53:42.0271 3756  sfloppy - ok
08:53:42.0318 3756  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
08:53:42.0334 3756  Sftfs - ok
08:53:42.0396 3756  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
08:53:42.0396 3756  sftlist - ok
08:53:42.0427 3756  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
08:53:42.0427 3756  Sftplay - ok
08:53:42.0459 3756  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
08:53:42.0459 3756  Sftredir - ok
08:53:42.0474 3756  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
08:53:42.0474 3756  Sftvol - ok
08:53:42.0490 3756  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
08:53:42.0490 3756  sftvsa - ok
08:53:42.0552 3756  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:53:42.0552 3756  ShellHWDetection - ok
08:53:42.0599 3756  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
08:53:42.0615 3756  SiSRaid2 - ok
08:53:42.0630 3756  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
08:53:42.0630 3756  SiSRaid4 - ok
08:53:42.0646 3756  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
08:53:42.0646 3756  Smb - ok
08:53:42.0661 3756  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
08:53:42.0661 3756  SNMPTRAP - ok
08:53:42.0677 3756  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
08:53:42.0677 3756  spldr - ok
08:53:42.0693 3756  [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler         C:\Windows\System32\spoolsv.exe
08:53:42.0708 3756  Spooler - ok
08:53:42.0755 3756  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
08:53:42.0771 3756  sppsvc - ok
08:53:42.0771 3756  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
08:53:42.0786 3756  sppuinotify - ok
08:53:42.0817 3756  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
08:53:42.0817 3756  srv - ok
08:53:42.0833 3756  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
08:53:42.0833 3756  srv2 - ok
08:53:42.0849 3756  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
08:53:42.0849 3756  srvnet - ok
08:53:42.0895 3756  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
08:53:42.0895 3756  SSDPSRV - ok
08:53:42.0895 3756  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
08:53:42.0895 3756  SstpSvc - ok
08:53:42.0927 3756  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
08:53:42.0927 3756  stexstor - ok
08:53:42.0942 3756  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
08:53:42.0958 3756  stisvc - ok
08:53:42.0958 3756  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
08:53:42.0958 3756  swenum - ok
08:53:42.0973 3756  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
08:53:42.0973 3756  swprv - ok
08:53:43.0036 3756  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
08:53:43.0036 3756  SysMain - ok
08:53:43.0051 3756  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:53:43.0051 3756  TabletInputService - ok
08:53:43.0067 3756  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
08:53:43.0067 3756  TapiSrv - ok
08:53:43.0083 3756  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
08:53:43.0083 3756  TBS - ok
08:53:43.0145 3756  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
08:53:43.0161 3756  Tcpip - ok
08:53:43.0192 3756  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
08:53:43.0207 3756  TCPIP6 - ok
08:53:43.0239 3756  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
08:53:43.0239 3756  tcpipreg - ok
08:53:43.0239 3756  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
08:53:43.0239 3756  TDPIPE - ok
08:53:43.0270 3756  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
08:53:43.0270 3756  TDTCP - ok
08:53:43.0285 3756  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
08:53:43.0285 3756  tdx - ok
08:53:43.0488 3756  [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7     C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
08:53:43.0504 3756  TeamViewer7 - ok
08:53:43.0535 3756  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
08:53:43.0535 3756  TermDD - ok
08:53:43.0582 3756  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
08:53:43.0597 3756  TermService - ok
08:53:43.0597 3756  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
08:53:43.0613 3756  Themes - ok
08:53:43.0629 3756  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
08:53:43.0629 3756  THREADORDER - ok
08:53:43.0644 3756  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
08:53:43.0644 3756  TrkWks - ok
08:53:43.0675 3756  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:53:43.0675 3756  TrustedInstaller - ok
08:53:43.0675 3756  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
08:53:43.0675 3756  tssecsrv - ok
08:53:43.0691 3756  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
08:53:43.0691 3756  TsUsbFlt - ok
08:53:43.0707 3756  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
08:53:43.0707 3756  TsUsbGD - ok
08:53:43.0722 3756  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
08:53:43.0722 3756  tunnel - ok
08:53:43.0722 3756  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
08:53:43.0722 3756  uagp35 - ok
08:53:43.0738 3756  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
08:53:43.0738 3756  udfs - ok
08:53:43.0769 3756  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
08:53:43.0769 3756  UI0Detect - ok
08:53:43.0785 3756  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
08:53:43.0785 3756  uliagpkx - ok
08:53:43.0785 3756  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
08:53:43.0800 3756  umbus - ok
08:53:43.0800 3756  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
08:53:43.0800 3756  UmPass - ok
08:53:43.0816 3756  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
08:53:43.0816 3756  upnphost - ok
08:53:43.0847 3756  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
08:53:43.0863 3756  usbccgp - ok
08:53:43.0878 3756  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
08:53:43.0878 3756  usbcir - ok
08:53:43.0894 3756  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
08:53:43.0894 3756  usbehci - ok
08:53:43.0909 3756  [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter       C:\Windows\system32\drivers\usbfilter.sys
08:53:43.0925 3756  usbfilter - ok
08:53:43.0941 3756  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
08:53:43.0956 3756  usbhub - ok
08:53:43.0972 3756  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
08:53:43.0972 3756  usbohci - ok
08:53:43.0987 3756  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
08:53:43.0987 3756  usbprint - ok
08:53:44.0019 3756  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
08:53:44.0019 3756  usbscan - ok
08:53:44.0034 3756  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:53:44.0050 3756  USBSTOR - ok
08:53:44.0050 3756  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
08:53:44.0065 3756  usbuhci - ok
08:53:44.0081 3756  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
08:53:44.0081 3756  UxSms - ok
08:53:44.0097 3756  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
08:53:44.0097 3756  VaultSvc - ok
08:53:44.0128 3756  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
08:53:44.0143 3756  vdrvroot - ok
08:53:44.0159 3756  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
08:53:44.0159 3756  vds - ok
08:53:44.0159 3756  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
08:53:44.0175 3756  vga - ok
08:53:44.0206 3756  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
08:53:44.0206 3756  VgaSave - ok
08:53:44.0206 3756  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
08:53:44.0206 3756  vhdmp - ok
08:53:44.0221 3756  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
08:53:44.0221 3756  viaide - ok
08:53:44.0221 3756  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
08:53:44.0221 3756  volmgr - ok
08:53:44.0237 3756  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
08:53:44.0237 3756  volmgrx - ok
08:53:44.0253 3756  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
08:53:44.0253 3756  volsnap - ok
08:53:44.0268 3756  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
08:53:44.0268 3756  vsmraid - ok
08:53:44.0315 3756  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
08:53:44.0315 3756  VSS - ok
08:53:44.0331 3756  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
08:53:44.0331 3756  vwifibus - ok
08:53:44.0346 3756  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
08:53:44.0346 3756  vwififlt - ok
08:53:44.0362 3756  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
08:53:44.0362 3756  W32Time - ok
08:53:44.0377 3756  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
08:53:44.0377 3756  WacomPen - ok
08:53:44.0393 3756  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
08:53:44.0393 3756  WANARP - ok
08:53:44.0409 3756  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
08:53:44.0409 3756  Wanarpv6 - ok
08:53:44.0455 3756  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
08:53:44.0487 3756  WatAdminSvc - ok
08:53:44.0565 3756  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
08:53:44.0596 3756  wbengine - ok
08:53:44.0596 3756  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
08:53:44.0596 3756  WbioSrvc - ok
08:53:44.0611 3756  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
08:53:44.0611 3756  wcncsvc - ok
08:53:44.0627 3756  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:53:44.0627 3756  WcsPlugInService - ok
08:53:44.0643 3756  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
08:53:44.0643 3756  Wd - ok
08:53:44.0658 3756  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
08:53:44.0674 3756  Wdf01000 - ok
08:53:44.0674 3756  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
08:53:44.0674 3756  WdiServiceHost - ok
08:53:44.0689 3756  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
08:53:44.0689 3756  WdiSystemHost - ok
08:53:44.0705 3756  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
08:53:44.0705 3756  WebClient - ok
08:53:44.0721 3756  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
08:53:44.0721 3756  Wecsvc - ok
08:53:44.0736 3756  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
08:53:44.0736 3756  wercplsupport - ok
08:53:44.0752 3756  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
08:53:44.0752 3756  WerSvc - ok
08:53:44.0767 3756  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
08:53:44.0767 3756  WfpLwf - ok
08:53:44.0767 3756  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
08:53:44.0783 3756  WIMMount - ok
08:53:44.0783 3756  WinHttpAutoProxySvc - ok
08:53:44.0830 3756  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
08:53:44.0830 3756  Winmgmt - ok
08:53:44.0877 3756  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
08:53:44.0892 3756  WinRM - ok
08:53:44.0923 3756  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
08:53:44.0939 3756  Wlansvc - ok
08:53:44.0986 3756  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:53:44.0986 3756  wlcrasvc - ok
08:53:45.0064 3756  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:53:45.0079 3756  wlidsvc - ok
08:53:45.0126 3756  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
08:53:45.0126 3756  WmiAcpi - ok
08:53:45.0142 3756  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
08:53:45.0142 3756  wmiApSrv - ok
08:53:45.0173 3756  WMPNetworkSvc - ok
08:53:45.0189 3756  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
08:53:45.0204 3756  WPCSvc - ok
08:53:45.0204 3756  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
08:53:45.0204 3756  WPDBusEnum - ok
08:53:45.0235 3756  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
08:53:45.0235 3756  ws2ifsl - ok
08:53:45.0235 3756  WSearch - ok
08:53:45.0345 3756  [ E7C84A8A763C460FE182F4DCBC17B9DC ] WSWNA3100       C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
08:53:45.0345 3756  WSWNA3100 - ok
08:53:45.0360 3756  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
08:53:45.0360 3756  WudfPf - ok
08:53:45.0391 3756  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
08:53:45.0407 3756  WUDFRd - ok
08:53:45.0438 3756  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
08:53:45.0438 3756  wudfsvc - ok
08:53:45.0454 3756  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
08:53:45.0469 3756  WwanSvc - ok
08:53:45.0485 3756  ================ Scan global ===============================
08:53:45.0516 3756  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
08:53:45.0532 3756  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
08:53:45.0547 3756  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
08:53:45.0563 3756  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
08:53:45.0594 3756  [ 014A9CB92514E27C0107614DF764BC06 ] C:\Windows\system32\services.exe
08:53:45.0610 3756  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - infected
08:53:45.0610 3756  C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.b (0)
08:53:45.0610 3756  ================ Scan MBR ==================================
08:53:45.0625 3756  [ 5C1B08DB690F592335E67F27C16CD707 ] \Device\Harddisk0\DR0
08:53:46.0031 3756  \Device\Harddisk0\DR0 - ok
08:53:46.0031 3756  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
08:53:46.0218 3756  \Device\Harddisk1\DR1 - ok
08:53:46.0218 3756  ================ Scan VBR ==================================
08:53:46.0218 3756  [ 8816D3F699CA66E63C69AE2D3A9B0305 ] \Device\Harddisk0\DR0\Partition1
08:53:46.0218 3756  \Device\Harddisk0\DR0\Partition1 - ok
08:53:46.0249 3756  [ D423A8BD0436BF61C867EF39BFEEB7C2 ] \Device\Harddisk0\DR0\Partition2
08:53:46.0265 3756  \Device\Harddisk0\DR0\Partition2 - ok
08:53:46.0296 3756  [ EB414A4A27D7D896FC2F00810258366A ] \Device\Harddisk0\DR0\Partition3
08:53:46.0296 3756  \Device\Harddisk0\DR0\Partition3 - ok
08:53:46.0296 3756  [ 816EECED16F4B650A9B67B81B14E5767 ] \Device\Harddisk1\DR1\Partition1
08:53:46.0312 3756  \Device\Harddisk1\DR1\Partition1 - ok
08:53:46.0312 3756  ============================================================
08:53:46.0312 3756  Scan finished
08:53:46.0312 3756  ============================================================
08:53:46.0327 0596  Detected object count: 1
08:53:46.0327 0596  Actual detected object count: 1
08:55:24.0433 0596  C:\Windows\system32\services.exe - copied to quarantine
08:55:26.0804 0596  C:\Windows\installer\{2540d493-5267-4bff-24b9-e6f5b7738e8d}\@ - copied to quarantine
08:55:26.0804 0596  C:\Windows\installer\{2540d493-5267-4bff-24b9-e6f5b7738e8d}\L\00000004.@ - copied to quarantine
08:55:26.0804 0596  C:\Windows\installer\{2540d493-5267-4bff-24b9-e6f5b7738e8d}\L\201d3dde - copied to quarantine
08:55:26.0819 0596  C:\Windows\installer\{2540d493-5267-4bff-24b9-e6f5b7738e8d}\U\00000004.@ - copied to quarantine
08:55:26.0819 0596  C:\Windows\installer\{2540d493-5267-4bff-24b9-e6f5b7738e8d}\U\00000008.@ - copied to quarantine
08:55:26.0819 0596  C:\Windows\installer\{2540d493-5267-4bff-24b9-e6f5b7738e8d}\U\000000cb.@ - copied to quarantine
08:55:26.0819 0596  C:\Windows\installer\{2540d493-5267-4bff-24b9-e6f5b7738e8d}\U\80000000.@ - copied to quarantine
08:55:26.0851 0596  C:\Windows\installer\{2540d493-5267-4bff-24b9-e6f5b7738e8d}\U\80000032.@ - copied to quarantine
08:55:26.0851 0596  C:\Windows\installer\{2540d493-5267-4bff-24b9-e6f5b7738e8d}\U\80000064.@ - copied to quarantine
08:55:27.0475 0596  C:\Users\OWNER\AppData\Local\{2540d493-5267-4bff-24b9-e6f5b7738e8d}\@ - copied to quarantine
08:55:44.0130 0596  Backup copy found, using it..
08:55:44.0182 0596  C:\Windows\installer\{2540d493-5267-4bff-24b9-e6f5b7738e8d}\@ - will be deleted on reboot
08:55:44.0183 0596  C:\Windows\installer\{2540d493-5267-4bff-24b9-e6f5b7738e8d}\U\00000004.@ - will be deleted on reboot
08:55:44.0184 0596  C:\Windows\installer\{2540d493-5267-4bff-24b9-e6f5b7738e8d}\U\00000008.@ - will be deleted on reboot
08:55:44.0184 0596  C:\Windows\installer\{2540d493-5267-4bff-24b9-e6f5b7738e8d}\U\000000cb.@ - will be deleted on reboot
08:55:44.0184 0596  C:\Windows\installer\{2540d493-5267-4bff-24b9-e6f5b7738e8d}\U\80000000.@ - will be deleted on reboot
08:55:44.0184 0596  C:\Windows\installer\{2540d493-5267-4bff-24b9-e6f5b7738e8d}\U\80000032.@ - will be deleted on reboot
08:55:44.0185 0596  C:\Windows\installer\{2540d493-5267-4bff-24b9-e6f5b7738e8d}\U\80000064.@ - will be deleted on reboot
08:55:44.0191 0596  C:\Users\OWNER\AppData\Local\{2540d493-5267-4bff-24b9-e6f5b7738e8d}\@ - will be deleted on reboot
08:55:44.0192 0596  C:\Windows\system32\services.exe - will be cured on reboot
08:55:44.0192 0596  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - User select action: Cure

-------------------------------------------------------------------------------

aswWBR LOG Results:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-26 08:58:29
-----------------------------
08:58:29.393    OS Version: Windows x64 6.1.7601 Service Pack 1
08:58:29.393    Number of processors: 2 586 0x603
08:58:29.393    ComputerName: OWNER-HP  UserName: OWNER
08:58:32.731    Initialize success
08:58:32.809    AVAST engine defs: 12082600
08:59:04.045    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000059
08:59:04.045    Disk 0 Vendor: Hitachi_ JP2O Size: 476940MB BusType: 11
08:59:04.060    Disk 0 MBR read successfully
08:59:04.060    Disk 0 MBR scan
08:59:04.060    Disk 0 unknown MBR code
08:59:04.076    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
08:59:04.076    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       465425 MB offset 206848
08:59:04.123    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        11413 MB offset 953397248
08:59:04.169    Disk 0 scanning C:\Windows\system32\drivers
08:59:09.676    Service scanning
08:59:09.941    Service 04071180 C:\Windows\system32\drivers\44446129.sys **HIDDEN**
08:59:37.912    Modules scanning
08:59:37.912    Disk 0 trace - called modules:
08:59:38.293    ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys 
08:59:38.297    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003d7c790]
08:59:38.302    3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8003d6eac0]
08:59:38.309    5 amd_xata.sys[fffff88000ff18b4] -> nt!IofCallDriver -> \Device\00000059[0xfffffa8003d6a8a0]
08:59:43.283    AVAST engine scan C:\Windows
08:59:45.701    AVAST engine scan C:\Windows\system32
09:00:22.424    File: C:\Windows\system32\services.exe  **INFECTED** Win32:Patched-AKC [Trj]
09:00:37.494    File: C:\Windows\assembly\GAC_32\Desktop.ini  **INFECTED** Win32:Sirefef-PL [Rtk]
09:00:38.773    File: C:\Windows\assembly\GAC_64\Desktop.ini  **INFECTED** Win32:Sirefef-PL [Rtk]
09:01:38.441    AVAST engine scan C:\Windows\system32\drivers
09:01:48.051    AVAST engine scan C:\Users\OWNER
09:04:49.410    AVAST engine scan C:\ProgramData
09:05:37.954    Scan finished successfully
09:05:47.470    Disk 0 MBR has been saved successfully to "C:\Users\OWNER\Downloads\MBR.dat"
09:05:47.486    The log file has been saved successfully to "C:\Users\OWNER\Downloads\aswMBR.txt"

-------------------------------------------------------------------------------

ESET online scanner Scan Results:
C:\TDSSKiller_Quarantine\26.08.2012_08.51.47\zasubsys0000\file0000\tsk0000.dta	Win64/Patched.B.Gen trojan	deleted - quarantined
C:\TDSSKiller_Quarantine\26.08.2012_08.51.47\zasubsys0000\zafs0000\tsk0004.dta	Win64/Agent.BA trojan	cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.08.2012_08.51.47\zasubsys0000\zafs0000\tsk0005.dta	Win64/Conedex.B trojan	cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.08.2012_08.51.47\zasubsys0000\zafs0000\tsk0006.dta	Win64/Sirefef.AP trojan	cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.08.2012_08.51.47\zasubsys0000\zafs0000\tsk0007.dta	a variant of Win32/Sirefef.FD trojan	cleaned by deleting - quarantined
C:\Users\OWNER\Downloads\IZArcInstall.exe	a variant of Win32/Somoto.A application	cleaned by deleting - quarantined
C:\Windows\Installer\{2540d493-5267-4bff-24b9-e6f5b7738e8d}\U\00000008.@	Win64/Agent.BA trojan	cleaned by deleting - quarantined
C:\Windows\Installer\{2540d493-5267-4bff-24b9-e6f5b7738e8d}\U\000000cb.@	Win64/Conedex.B trojan	cleaned by deleting - quarantined
C:\Windows\Installer\{2540d493-5267-4bff-24b9-e6f5b7738e8d}\U\80000000.@	Win64/Sirefef.AP trojan	cleaned by deleting - quarantined
C:\Windows\Installer\{2540d493-5267-4bff-24b9-e6f5b7738e8d}\U\80000032.@	a variant of Win32/Sirefef.FD trojan	cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\cat-and-dolphin-playing-together[1].htm	HTML/ScrInject.B.Gen virus	deleted - quarantined
Operating memory	multiple threats	

Sorry, for the late reply; Once again, thanks for your time.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:25 AM

Posted 26 August 2012 - 11:38 AM

Restart the PC and run ASWMBR again and post the new logDownload

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#5 paul1996

paul1996
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 26 August 2012 - 03:07 PM

Restarted PC, prompted with a run/cancel] message, clicked cancel on accident. aswMBR and did another computer scan (if I did what you said, wrong. please correct me.), here are the logs:
Spoiler


--------------------------------------------------------------------------------------------

Downloaded MBAM and installed. MBAM scan was completed. The program reported that there were no malicious items detected. Here is the LOG for MBAM incase you want to take a look.
Spoiler


--------------------------------------------------------------------------------------------

Downloaded and Installed Mini-Toolbox. Here are the logs:
Spoiler


--------------------------------------------------------------------------------------------

Downloaded and Installed FSS. Checked everything and ran the program. Here are the logs:
Spoiler


--------------------------------------------------------------------------------------------

Downloaded adware cleaner. Launched and Selected Delete. Here are the logs:
Spoiler

It seems like everything is working fine. I'll run another full computer scan to make sure.

Hope to hear from you soon. -Paul

Edited by paul1996, 26 August 2012 - 04:33 PM.


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:25 AM

Posted 26 August 2012 - 08:30 PM

Download

defender
wuauserv
BITS


Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset registry permissions
reset file permissions
Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Winsock & DNS Cache
Repair hosts


Checkmark Restart System When Finished option
click the Start button

System should restart after repair

Post the new FSS log

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

Edited by narenxp, 27 August 2012 - 09:57 PM.


#7 paul1996

paul1996
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 27 August 2012 - 05:34 PM

Downloaded Rogue Killer, Launched, Scanned, and clicked on Delete.

--------------------------------------------------------------------------------------------

Downloaded and Installed all three into the Registery, I think that's what it's called.

--------------------------------------------------------------------------------------------

Downloaded and Launched the Repair_Windows.exe file, Checked the options you asked me to and ran the scan. After the Scan was complete, it warned me that windows was about to restart. That's when AVG started to warn me about cmd.exe and other files. Before I could read what the threat was, windows restarted. Just thought I should let you know. Should I get rid of AVG? Or should I keep AVG?

--------------------------------------------------------------------------------------------

Anyways, I ran FSS once again, checked everything, and ran the program. Here are the logs:
Spoiler


--------------------------------------------------------------------------------------------

Downloaded RKill and ran the Program. Here are the logs:
Spoiler


Once again, I apologies for the late reply. Hope to hear from you soon.
-Paul

Edited by paul1996, 27 August 2012 - 05:44 PM.


#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:25 AM

Posted 27 August 2012 - 09:59 PM

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your flash player

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users