Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lost internet connection after running combofix


  • Please log in to reply
34 replies to this topic

#1 Bass10

Bass10

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 04 September 2012 - 09:52 PM

My computer, running Windows 7 Pro (64 bit), was infected with the File Recovery malware

I found your guide for removing it via Google:
http://www.bleepingcomputer.com/virus-removal/remove-file-recovery

  • I followed the first step to reboot into safe mode, but Windows 7 would not load.
  • I tried using Windows Start Repair via the installation disc and that could not fix the problem.
  • I then booted into safe mode on an old Vista partition on the same computer and followed the steps in the instructions linked to above.
  • This found the problems and I had the tools clean them out.
  • I was then able to boot into safe mode on the Windows 7 partition.
  • I followed the instructions again from the link above.
  • This found a few more problems that the tools fixed.

At this point, it was looking like everything was back to normal.

-BUT-

I was a fool and ran combofix without instructions to do so.


  • Combofix ran through it's tests and then eventually rebooted the computer.
  • Upon logging back in, combofix resumed and said something like "Wait until combofix is finished"
  • Then the message changed to something like "Combofix is compiling the log - don't use any other programs until it is finished"
  • It said this same message for a couple hours, so I thought it must of hung.
  • I killed the Combofix processes and rebooted the computer.
  • When the computer rebooted, the computer could no longer connect to the internet.

I followed the "Manually restoring internet connection" instructions located here:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix#restore

But, I still can't connect to the internet.

Here's a link to the original topic:
http://www.bleepingcomputer.com/forums/topic467482.html

As requested, I started following the guide at step 6.

Step 6: Installed and ran DeFogger


Step 7: Installed and ran DDS

Here's the contents of the DDS.txt file:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Bass10 at 21:06:27 on 2012-09-04
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8126.4732 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Zend\ZendServer\bin\zdd.exe
C:\Program Files (x86)\Zend\ZendServer\bin\MonitorNode.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Logitech\SetPointG\SetPointII.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
C:\Program Files (x86)\Ditto\Ditto.exe
C:\Users\Bass10\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe
C:\Users\Bass10\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\MiniBin\minibin.exe
C:\Users\Bass10\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files (x86)\Zend\Apache2\bin\ApacheMonitor.exe
C:\Program Files (x86)\Zend\ZendServer\bin\zendcontroller.exe
C:\Users\Bass10\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Bass10\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Users\Bass10\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bass10\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bass10\AppData\Local\Google\Chrome\Application\chrome.exe
H:\Downloads\Software\Malware\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
uRun: [Ditto] C:\Program Files (x86)\Ditto\Ditto.exe
uRun: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
uRun: [Akamai NetSession Interface] "C:\Users\Bass10\AppData\Local\Akamai\netsession_win.exe"
uRun: [Xmarks] C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe -q
uRun: [Spotify Web Helper] "C:\Users\Bass10\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [MiniBin] C:\Program Files (x86)\MiniBin\minibin.exe
uRun: [Facebook Update] "C:\Users\Bass10\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\Bass10\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Bass10\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Bass10\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APACHE~1.LNK - C:\Program Files (x86)\Zend\Apache2\bin\ApacheMonitor.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ZENDCO~1.LNK - C:\Program Files (x86)\Zend\ZendServer\bin\zendcontroller.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
Trusted Zone: intuit.com\ttlc
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://acquiawebinars.webex.com/client/T27L/event/ieatgpc1.cab
TCP: Interfaces\{A02F686C-608F-4CBD-902C-8600D428BE68} : NameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE-X64: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
IE-X64: {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bass10\AppData\Roaming\Mozilla\Firefox\Profiles\14obhh7p.default\
FF - component: C:\Users\Bass10\AppData\Roaming\Mozilla\Firefox\Profiles\14obhh7p.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Opera\program\plugins\np_gp.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\Users\Bass10\AppData\Local\Facebook\Messenger\2.1.4590.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\Bass10\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Bass10\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: C:\Windows\SysWOW64\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 hMailServer;hMailServer;C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe RunAsService --> C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe RunAsService [?]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 ZendDeployment;Zend Deployment;C:\Program Files (x86)\Zend\ZendServer\bin\zdd.exe [2012-2-29 707504]
R2 ZendMonitor;Zend Monitor;C:\Program Files (x86)\Zend\ZendServer\bin\MonitorNode.exe [2012-2-29 474032]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 VST64_DPV;VST64_DPV;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
R3 VST64HWBS2;VST64HWBS2;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]
S2 Apache2.2-Zend;Apache2.2-Zend;C:\Program Files (x86)\Zend\Apache2\bin\httpd.exe [2012-2-29 27680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-24 136176]
S2 MySQL_ZendServer51;MySQL_ZendServer51;"C:\Program Files (x86)\Zend\MySQL51\bin\mysqld" --defaults-file="C:\Program Files (x86)\Zend\MySQL51\my.ini" MySQL_ZendServer51 --> C:\Program Files (x86)\Zend\MySQL51\bin\mysqld [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 ZendJobQueue;Zend Job Queue ;C:\Program Files (x86)\Zend\ZendServer\bin\jqd.exe [2012-2-29 801712]
S2 ZendSessionClustering;Zend Session Clustering;C:\Program Files (x86)\Zend\ZendServer\bin\ZendSessionManager.exe [2012-2-29 781232]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-12 250056]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-24 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 114144]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\system32\drivers\vpcuxd.sys --> C:\Windows\system32\drivers\vpcuxd.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-09-05 01:54:40 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2666582F-924A-4F33-9658-31B236F08BB7}\offreg.dll
2012-09-04 18:24:14 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2666582F-924A-4F33-9658-31B236F08BB7}\mpengine.dll
2012-09-04 16:18:48 -------- d-----w- C:\Users\Bass10\AppData\Local\Diagnostics
2012-09-04 16:00:59 -------- d-s---w- C:\Uninstall
2012-09-04 15:59:08 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-03 22:39:24 -------- d-----w- C:\Program Files\HitmanPro
2012-09-03 22:39:18 -------- d-----w- C:\ProgramData\HitmanPro
2012-09-03 19:31:44 -------- d-----w- C:\Users\Bass10\AppData\Roaming\Malwarebytes
2012-09-03 19:31:03 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-03 19:31:03 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-03 19:31:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-30 21:37:52 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-29 03:53:00 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-26 21:34:23 -------- d-----r- C:\Program Files (x86)\Skype
2012-08-24 04:06:24 -------- d-----w- C:\Users\Bass10\AppData\Local\Facebook
2012-08-21 14:14:31 224088 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2012-08-21 14:14:24 130904 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2012-08-20 22:23:52 166232 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2012-08-20 22:23:52 147288 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2012-08-20 22:23:50 320856 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
2012-08-15 15:05:08 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-15 15:05:08 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-15 15:05:08 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-15 15:05:08 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-15 15:05:07 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-15 15:05:07 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-15 15:05:04 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-15 15:05:04 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-15 15:05:04 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-15 15:04:36 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-15 15:04:35 956928 ----a-w- C:\Windows\System32\localspl.dll
.
==================== Find3M ====================
.
2012-08-29 14:28:20 298280 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-08-29 14:28:20 298280 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-08-28 03:12:53 298280 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-08-15 16:10:51 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-15 16:10:50 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-23 13:00:05 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 21:09:30.79 ===============


The attach.txt file is attached.


Step 8: Skipped due to 64 bit OS


Thanks for your help!

Attached Files



BC AdBot (Login to Remove)

 


#2 Ried

Ried

  • Malware Response Team
  • 1,009 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 PM

Posted 07 September 2012 - 09:23 AM

Hello Bass10,

What error message do you see when you try to connect to the internet? Are you connecting wirelessly?


Please navigate to c:\qoobox\combofix-quarantined-files.txt and attach that report in your next reply.


I'd also like to see what Malwarebytes removed. Navigate to c:\users\Bass10\AppData\Roaming\Malwarebytes\Malwarebyte's Anti-Malware\Logs. Please attach the 3 most recent logs.

Microsoft MVP - Consumer Security 2010, 2011, 2012

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."


#3 Bass10

Bass10
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 07 September 2012 - 02:41 PM

Thanks Reid,

I'm connecting via an Ethernet cable.

When I boot the computer, the network icon in the taskbar has a yellow exclamation point over the icon. When I hover on the icon it says "no network connection" "Can't connect to the network."

When I try to visit Google using Chrome I get the following message:

The server at google.com can't be found, because the DNS lookup failed. DNS is the network service that translates a website's name to its Internet address. This error is most often caused by having no connection to the Internet or a misconfigured network. It can also be caused by an unresponsive DNS server or a firewall preventing Google Chrome from accessing the network.


I have noticed that when I try to set a static ip an dns address that the settings I enter are not saved - they always revert to "Obtain an IP Address automatically" and "Obtain DNS server address automatically"

But, even with those settings I should be able to connect to the internet.


I could not locate "combofix-quarantined-files.txt" on any of my drives and the "c:\qoobox\" directory does not exist either.

I'm guessing this may be because I killed the combofix processes during the log creating phase since it was taking so long and I thought the program had hung.


I have attached the 3 most recent Malwarebytes Logs.


I should mention that I had to run Rogue Killer from my Vista partition since I wasn't able to boot into my Windows 7 partition (Malwarebytes didn't detect anything when I ran it from my Vista partition) - I also included the RK logs from Vista and another scan on Windows 7.

Attached Files



#4 Ried

Ried

  • Malware Response Team
  • 1,009 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 PM

Posted 07 September 2012 - 04:35 PM

Thank you. :)

RP965: 9/4/2012 11:02:05 AM - ComboFix created restore point
RP966: 9/4/2012 1:19:39 PM - Restore Operation

It appears you already tried using System Restore - is that the case and do I understand correctly that the internet still isn't working after Restoring?


When I boot the computer, the network icon in the taskbar has a yellow exclamation point over the icon. When I hover on the icon it says "no network connection" "Can't connect to the network."


On your keyboard, press the Windows Logo key and the letter R to open the Run box. Type in the following and press OK:

devmgmt.msc

Take a look in Device Manager for any exclamation points. If you see any, please tell me what Device has the problem.

Microsoft MVP - Consumer Security 2010, 2011, 2012

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."


#5 Bass10

Bass10
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 07 September 2012 - 05:20 PM

Yes, that is correct - I used the system restore point that Combofix created and that did not fix the problem connecting to the internet. And, that is the only restore point I had since it appears the File Recovery malware deleted all my other restore points.

There were no exclamation points in Device Manager.

#6 Ried

Ried

  • Malware Response Team
  • 1,009 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 PM

Posted 07 September 2012 - 05:30 PM

I'd like to gather a bit more info. You can download these tools to a flash drive, transfer them to the desktop of the afflicted machine and run them.

Please download aswMBR.exe

Double click aswMBR.exe to start the tool. At this time, select No if prompted to download the Avast database.

  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.

=================================================


Download TDSSKiller.exe
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.

Microsoft MVP - Consumer Security 2010, 2011, 2012

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."


#7 Bass10

Bass10
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 07 September 2012 - 07:33 PM

Here's aswMBR.txt:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-07 19:19:24
-----------------------------
19:19:24.277 OS Version: Windows x64 6.1.7601 Service Pack 1
19:19:24.277 Number of processors: 4 586 0xF0B
19:19:24.277 ComputerName: FLAM5 UserName: Bass10
19:19:24.761 Initialize success
19:19:49.487 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:19:49.487 Disk 0 Vendor: ST3500630AS 3.ADG Size: 476940MB BusType: 3
19:19:49.487 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
19:19:49.487 Disk 1 Vendor: WDC_WD6401AALS-00L3B2 01.03B01 Size: 610480MB BusType: 3
19:19:49.518 Disk 1 MBR read successfully
19:19:49.518 Disk 1 MBR scan
19:19:49.518 Disk 1 Windows VISTA default MBR code
19:19:49.549 Disk 1 Partition 1 00 07 HPFS/NTFS NTFS 110000 MB offset 2048
19:19:49.565 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 500477 MB offset 225282048
19:19:49.627 Disk 1 scanning C:\Windows\system32\drivers
19:19:59.518 Service scanning
19:20:14.182 Modules scanning
19:20:14.182 Disk 1 trace - called modules:
19:20:14.197 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
19:20:14.213 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8007d10060]
19:20:14.213 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007704060]
19:20:14.229 Scan finished successfully
19:20:34.789 Disk 1 MBR has been saved successfully to "C:\Users\Bass10\Desktop\MBR.dat"
19:20:34.805 The log file has been saved successfully to "C:\Users\Bass10\Desktop\aswMBR.txt"


And, here's TDSSKiller.2.8.8.0_07.09.2012_19.21.23_log.txt:


19:21:23.0359 53096 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
19:21:23.0374 53096 ============================================================
19:21:23.0374 53096 Current date / time: 2012/09/07 19:21:23.0374
19:21:23.0374 53096 SystemInfo:
19:21:23.0374 53096
19:21:23.0374 53096 OS Version: 6.1.7601 ServicePack: 1.0
19:21:23.0374 53096 Product type: Workstation
19:21:23.0374 53096 ComputerName: FLAM5
19:21:23.0374 53096 UserName: Bass10
19:21:23.0374 53096 Windows directory: C:\Windows
19:21:23.0374 53096 System windows directory: C:\Windows
19:21:23.0374 53096 Running under WOW64
19:21:23.0374 53096 Processor architecture: Intel x64
19:21:23.0374 53096 Number of processors: 4
19:21:23.0374 53096 Page size: 0x1000
19:21:23.0374 53096 Boot type: Normal boot
19:21:23.0374 53096 ============================================================
19:21:24.0716 53096 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:21:24.0731 53096 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:21:24.0731 53096 ============================================================
19:21:24.0731 53096 \Device\Harddisk0\DR0:
19:21:24.0731 53096 MBR partitions:
19:21:24.0731 53096 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x18000, BlocksNum 0x143BFF8
19:21:24.0731 53096 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1454000, BlocksNum 0xCD14000
19:21:24.0747 53096 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xE168800, BlocksNum 0x2B859800
19:21:24.0763 53096 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x399C2800, BlocksNum 0x9BC030
19:21:24.0763 53096 \Device\Harddisk1\DR1:
19:21:24.0763 53096 MBR partitions:
19:21:24.0763 53096 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xD6D8000
19:21:24.0763 53096 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xD6D8800, BlocksNum 0x3D17E800
19:21:24.0763 53096 ============================================================
19:21:24.0778 53096 C: <-> \Device\Harddisk1\DR1\Partition1
19:21:24.0841 53096 D: <-> \Device\Harddisk0\DR0\Partition2
19:21:24.0872 53096 E: <-> \Device\Harddisk0\DR0\Partition3
19:21:24.0934 53096 F: <-> \Device\Harddisk0\DR0\Partition4
19:21:24.0965 53096 G: <-> \Device\Harddisk0\DR0\Partition1
19:21:25.0012 53096 H: <-> \Device\Harddisk1\DR1\Partition2
19:21:25.0012 53096 ============================================================
19:21:25.0012 53096 Initialize success
19:21:25.0012 53096 ============================================================
19:21:28.0007 33684 ============================================================
19:21:28.0007 33684 Scan started
19:21:28.0007 33684 Mode: Manual;
19:21:28.0007 33684 ============================================================
19:21:28.0787 33684 ================ Scan system memory ========================
19:21:28.0787 33684 System memory - ok
19:21:28.0787 33684 ================ Scan services =============================
19:21:28.0881 33684 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:21:28.0881 33684 1394ohci - ok
19:21:28.0928 33684 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:21:28.0928 33684 ACPI - ok
19:21:28.0959 33684 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:21:28.0959 33684 AcpiPmi - ok
19:21:29.0084 33684 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:21:29.0099 33684 AdobeARMservice - ok
19:21:29.0224 33684 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:21:29.0240 33684 AdobeFlashPlayerUpdateSvc - ok
19:21:29.0271 33684 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:21:29.0287 33684 adp94xx - ok
19:21:29.0302 33684 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:21:29.0302 33684 adpahci - ok
19:21:29.0318 33684 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:21:29.0318 33684 adpu320 - ok
19:21:29.0349 33684 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:21:29.0349 33684 AeLookupSvc - ok
19:21:29.0411 33684 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:21:29.0411 33684 AFD - ok
19:21:29.0443 33684 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:21:29.0443 33684 agp440 - ok
19:21:29.0599 33684 [ 29584F02A43E427C4227E3B1D9FF1B22 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll
19:21:29.0599 33684 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584F02A43E427C4227E3B1D9FF1B22
19:21:29.0599 33684 Akamai ( HiddenFile.Multi.Generic ) - warning
19:21:29.0599 33684 Akamai - detected HiddenFile.Multi.Generic (1)
19:21:29.0645 33684 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:21:29.0645 33684 ALG - ok
19:21:29.0692 33684 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:21:29.0692 33684 aliide - ok
19:21:29.0739 33684 [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:21:29.0770 33684 AMD External Events Utility - ok
19:21:29.0786 33684 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:21:29.0786 33684 amdide - ok
19:21:29.0801 33684 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:21:29.0801 33684 AmdK8 - ok
19:21:30.0129 33684 [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:21:30.0238 33684 amdkmdag - ok
19:21:30.0285 33684 [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:21:30.0301 33684 amdkmdap - ok
19:21:30.0316 33684 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:21:30.0316 33684 AmdPPM - ok
19:21:30.0347 33684 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:21:30.0379 33684 amdsata - ok
19:21:30.0425 33684 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:21:30.0425 33684 amdsbs - ok
19:21:30.0441 33684 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:21:30.0441 33684 amdxata - ok
19:21:30.0519 33684 [ 4AB4B818DB5D8BFD1B47EA01B7D97B15 ] Apache2.2-Zend C:\Program Files (x86)\Zend\Apache2\bin\httpd.exe
19:21:30.0519 33684 Apache2.2-Zend - ok
19:21:30.0566 33684 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:21:30.0566 33684 AppID - ok
19:21:30.0581 33684 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:21:30.0581 33684 AppIDSvc - ok
19:21:30.0628 33684 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:21:30.0628 33684 Appinfo - ok
19:21:30.0675 33684 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:21:30.0675 33684 Apple Mobile Device - ok
19:21:30.0722 33684 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
19:21:30.0722 33684 AppMgmt - ok
19:21:30.0737 33684 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:21:30.0737 33684 arc - ok
19:21:30.0753 33684 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:21:30.0753 33684 arcsas - ok
19:21:30.0878 33684 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:21:30.0909 33684 aspnet_state - ok
19:21:30.0956 33684 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:21:30.0956 33684 AsyncMac - ok
19:21:30.0987 33684 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:21:30.0987 33684 atapi - ok
19:21:31.0049 33684 [ CBE5F8B3E54198F5DFE403A55A95DE08 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
19:21:31.0049 33684 AtiHDAudioService - ok
19:21:31.0096 33684 [ 7E2F5A758F63F80F8B03F889B4E6B19F ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
19:21:31.0096 33684 AtiHdmiService - ok
19:21:31.0252 33684 [ 60216B0E704584DE6D5A9F59E9C34C47 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:21:31.0299 33684 atikmdag - ok
19:21:31.0346 33684 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:21:31.0361 33684 AudioEndpointBuilder - ok
19:21:31.0377 33684 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:21:31.0377 33684 AudioSrv - ok
19:21:31.0424 33684 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:21:31.0424 33684 AxInstSV - ok
19:21:31.0439 33684 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:21:31.0455 33684 b06bdrv - ok
19:21:31.0471 33684 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:21:31.0471 33684 b57nd60a - ok
19:21:31.0502 33684 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:21:31.0502 33684 BDESVC - ok
19:21:31.0517 33684 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:21:31.0517 33684 Beep - ok
19:21:31.0580 33684 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:21:31.0595 33684 BFE - ok
19:21:31.0642 33684 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
19:21:31.0642 33684 BITS - ok
19:21:31.0658 33684 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:21:31.0658 33684 blbdrive - ok
19:21:31.0751 33684 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:21:31.0751 33684 Bonjour Service - ok
19:21:31.0798 33684 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:21:31.0798 33684 bowser - ok
19:21:31.0814 33684 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:21:31.0814 33684 BrFiltLo - ok
19:21:31.0829 33684 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:21:31.0829 33684 BrFiltUp - ok
19:21:31.0829 33684 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
19:21:31.0829 33684 BridgeMP - ok
19:21:31.0876 33684 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:21:31.0876 33684 Browser - ok
19:21:31.0892 33684 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:21:31.0892 33684 Brserid - ok
19:21:31.0923 33684 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:21:31.0923 33684 BrSerWdm - ok
19:21:31.0923 33684 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:21:31.0923 33684 BrUsbMdm - ok
19:21:31.0939 33684 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:21:31.0939 33684 BrUsbSer - ok
19:21:31.0954 33684 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:21:31.0954 33684 BTHMODEM - ok
19:21:31.0985 33684 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:21:31.0985 33684 bthserv - ok
19:21:32.0001 33684 catchme - ok
19:21:32.0017 33684 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:21:32.0017 33684 cdfs - ok
19:21:32.0048 33684 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
19:21:32.0063 33684 cdrom - ok
19:21:32.0110 33684 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:21:32.0110 33684 CertPropSvc - ok
19:21:32.0126 33684 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:21:32.0126 33684 circlass - ok
19:21:32.0157 33684 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:21:32.0157 33684 CLFS - ok
19:21:32.0204 33684 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:21:32.0204 33684 clr_optimization_v2.0.50727_32 - ok
19:21:32.0235 33684 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:21:32.0251 33684 clr_optimization_v2.0.50727_64 - ok
19:21:32.0329 33684 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:21:32.0609 33684 clr_optimization_v4.0.30319_32 - ok
19:21:32.0609 33684 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:21:32.0672 33684 clr_optimization_v4.0.30319_64 - ok
19:21:32.0687 33684 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:21:32.0687 33684 CmBatt - ok
19:21:32.0703 33684 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:21:32.0703 33684 cmdide - ok
19:21:32.0750 33684 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:21:32.0750 33684 CNG - ok
19:21:32.0765 33684 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:21:32.0765 33684 Compbatt - ok
19:21:32.0812 33684 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:21:32.0812 33684 CompositeBus - ok
19:21:32.0812 33684 COMSysApp - ok
19:21:32.0828 33684 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:21:32.0828 33684 crcdisk - ok
19:21:32.0890 33684 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:21:32.0890 33684 CryptSvc - ok
19:21:32.0921 33684 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
19:21:32.0937 33684 CSC - ok
19:21:32.0984 33684 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
19:21:32.0984 33684 CscService - ok
19:21:33.0031 33684 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:21:33.0046 33684 DcomLaunch - ok
19:21:33.0062 33684 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:21:33.0077 33684 defragsvc - ok
19:21:33.0109 33684 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:21:33.0109 33684 DfsC - ok
19:21:33.0171 33684 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:21:33.0187 33684 Dhcp - ok
19:21:33.0218 33684 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:21:33.0218 33684 discache - ok
19:21:33.0233 33684 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:21:33.0233 33684 Disk - ok
19:21:33.0265 33684 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:21:33.0265 33684 Dnscache - ok
19:21:33.0311 33684 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:21:33.0311 33684 dot3svc - ok
19:21:33.0343 33684 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:21:33.0343 33684 DPS - ok
19:21:33.0389 33684 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:21:33.0389 33684 drmkaud - ok
19:21:33.0421 33684 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:21:33.0421 33684 DXGKrnl - ok
19:21:33.0499 33684 [ 099E01A94167CA8BDA2CF72037AD0E28 ] e1express C:\Windows\system32\DRIVERS\e1e6232e.sys
19:21:33.0499 33684 e1express - ok
19:21:33.0530 33684 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:21:33.0530 33684 EapHost - ok
19:21:33.0592 33684 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:21:33.0639 33684 ebdrv - ok
19:21:33.0686 33684 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:21:33.0686 33684 EFS - ok
19:21:33.0733 33684 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:21:33.0748 33684 ehRecvr - ok
19:21:33.0764 33684 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:21:33.0779 33684 ehSched - ok
19:21:33.0811 33684 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:21:33.0811 33684 elxstor - ok
19:21:33.0842 33684 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:21:33.0842 33684 ErrDev - ok
19:21:33.0889 33684 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:21:33.0889 33684 EventSystem - ok
19:21:33.0904 33684 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:21:33.0920 33684 exfat - ok
19:21:33.0935 33684 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:21:33.0935 33684 fastfat - ok
19:21:33.0998 33684 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:21:33.0998 33684 Fax - ok
19:21:34.0029 33684 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:21:34.0029 33684 fdc - ok
19:21:34.0045 33684 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:21:34.0045 33684 fdPHost - ok
19:21:34.0060 33684 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:21:34.0060 33684 FDResPub - ok
19:21:34.0060 33684 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:21:34.0060 33684 FileInfo - ok
19:21:34.0076 33684 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:21:34.0076 33684 Filetrace - ok
19:21:34.0091 33684 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:21:34.0091 33684 flpydisk - ok
19:21:34.0138 33684 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:21:34.0138 33684 FltMgr - ok
19:21:34.0201 33684 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:21:34.0216 33684 FontCache - ok
19:21:34.0279 33684 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:21:34.0279 33684 FontCache3.0.0.0 - ok
19:21:34.0294 33684 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:21:34.0294 33684 FsDepends - ok
19:21:34.0341 33684 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:21:34.0341 33684 Fs_Rec - ok
19:21:34.0403 33684 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:21:34.0403 33684 fvevol - ok
19:21:34.0435 33684 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:21:34.0435 33684 gagp30kx - ok
19:21:34.0481 33684 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:21:34.0481 33684 GEARAspiWDM - ok
19:21:34.0544 33684 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:21:34.0544 33684 gpsvc - ok
19:21:34.0669 33684 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:21:34.0669 33684 gupdate - ok
19:21:34.0700 33684 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:21:34.0700 33684 gupdatem - ok
19:21:34.0731 33684 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:21:34.0731 33684 hcw85cir - ok
19:21:34.0809 33684 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:21:34.0809 33684 HdAudAddService - ok
19:21:34.0856 33684 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:21:34.0856 33684 HDAudBus - ok
19:21:34.0871 33684 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:21:34.0871 33684 HidBatt - ok
19:21:34.0887 33684 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:21:34.0887 33684 HidBth - ok
19:21:34.0903 33684 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:21:34.0903 33684 HidIr - ok
19:21:34.0934 33684 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
19:21:34.0934 33684 hidserv - ok
19:21:34.0996 33684 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
19:21:34.0996 33684 HidUsb - ok
19:21:35.0012 33684 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:21:35.0012 33684 hkmsvc - ok
19:21:35.0043 33684 hMailServer - ok
19:21:35.0090 33684 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:21:35.0090 33684 HomeGroupListener - ok
19:21:35.0090 33684 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:21:35.0105 33684 HomeGroupProvider - ok
19:21:35.0137 33684 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:21:35.0137 33684 HpSAMD - ok
19:21:35.0199 33684 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:21:35.0215 33684 HTTP - ok
19:21:35.0215 33684 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:21:35.0215 33684 hwpolicy - ok
19:21:35.0261 33684 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:21:35.0261 33684 i8042prt - ok
19:21:35.0308 33684 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:21:35.0308 33684 iaStorV - ok
19:21:35.0371 33684 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:21:35.0386 33684 idsvc - ok
19:21:35.0417 33684 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:21:35.0417 33684 iirsp - ok
19:21:35.0464 33684 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:21:35.0480 33684 IKEEXT - ok
19:21:35.0495 33684 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:21:35.0495 33684 intelide - ok
19:21:35.0527 33684 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:21:35.0527 33684 intelppm - ok
19:21:35.0605 33684 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
19:21:35.0605 33684 IntuitUpdateService - ok
19:21:35.0698 33684 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
19:21:35.0714 33684 IntuitUpdateServiceV4 - ok
19:21:35.0729 33684 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:21:35.0729 33684 IPBusEnum - ok
19:21:35.0776 33684 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:21:35.0776 33684 IpFilterDriver - ok
19:21:35.0807 33684 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:21:35.0823 33684 iphlpsvc - ok
19:21:35.0839 33684 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:21:35.0839 33684 IPMIDRV - ok
19:21:35.0854 33684 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:21:35.0854 33684 IPNAT - ok
19:21:35.0932 33684 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:21:35.0932 33684 iPod Service - ok
19:21:35.0963 33684 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:21:35.0963 33684 IRENUM - ok
19:21:36.0010 33684 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:21:36.0010 33684 isapnp - ok
19:21:36.0026 33684 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:21:36.0026 33684 iScsiPrt - ok
19:21:36.0073 33684 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
19:21:36.0073 33684 kbdclass - ok
19:21:36.0104 33684 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:21:36.0104 33684 kbdhid - ok
19:21:36.0119 33684 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:21:36.0119 33684 KeyIso - ok
19:21:36.0151 33684 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:21:36.0151 33684 KSecDD - ok
19:21:36.0197 33684 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:21:36.0197 33684 KSecPkg - ok
19:21:36.0213 33684 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:21:36.0213 33684 ksthunk - ok
19:21:36.0244 33684 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:21:36.0244 33684 KtmRm - ok
19:21:36.0260 33684 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
19:21:36.0260 33684 LanmanServer - ok
19:21:36.0307 33684 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:21:36.0307 33684 LanmanWorkstation - ok
19:21:36.0400 33684 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
19:21:36.0416 33684 LBTServ - ok
19:21:36.0447 33684 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:21:36.0447 33684 LHidFilt - ok
19:21:36.0494 33684 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:21:36.0494 33684 lltdio - ok
19:21:36.0525 33684 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:21:36.0525 33684 lltdsvc - ok
19:21:36.0541 33684 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:21:36.0541 33684 lmhosts - ok
19:21:36.0572 33684 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:21:36.0587 33684 LMouFilt - ok
19:21:36.0619 33684 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:21:36.0619 33684 LSI_FC - ok
19:21:36.0634 33684 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:21:36.0634 33684 LSI_SAS - ok
19:21:36.0650 33684 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:21:36.0650 33684 LSI_SAS2 - ok
19:21:36.0665 33684 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:21:36.0665 33684 LSI_SCSI - ok
19:21:36.0697 33684 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:21:36.0697 33684 luafv - ok
19:21:36.0743 33684 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:21:36.0743 33684 Mcx2Svc - ok
19:21:36.0759 33684 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:21:36.0759 33684 megasas - ok
19:21:36.0790 33684 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:21:36.0806 33684 MegaSR - ok
19:21:36.0837 33684 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:21:36.0837 33684 MMCSS - ok
19:21:36.0853 33684 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:21:36.0853 33684 Modem - ok
19:21:36.0868 33684 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:21:36.0868 33684 monitor - ok
19:21:36.0915 33684 [ 81D8C94CCBF6CDBD70413DCA63C02AE4 ] motmodem C:\Windows\system32\DRIVERS\motmodem.sys
19:21:36.0915 33684 motmodem - ok
19:21:36.0993 33684 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:21:36.0993 33684 mouclass - ok
19:21:37.0009 33684 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:21:37.0009 33684 mouhid - ok
19:21:37.0040 33684 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:21:37.0040 33684 mountmgr - ok
19:21:37.0102 33684 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:21:37.0102 33684 MozillaMaintenance - ok
19:21:37.0149 33684 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:21:37.0149 33684 MpFilter - ok
19:21:37.0196 33684 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:21:37.0196 33684 mpio - ok
19:21:37.0211 33684 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:21:37.0211 33684 mpsdrv - ok
19:21:37.0258 33684 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:21:37.0258 33684 MpsSvc - ok
19:21:37.0305 33684 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:21:37.0305 33684 MRxDAV - ok
19:21:37.0336 33684 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:21:37.0336 33684 mrxsmb - ok
19:21:37.0383 33684 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:21:37.0383 33684 mrxsmb10 - ok
19:21:37.0414 33684 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:21:37.0414 33684 mrxsmb20 - ok
19:21:37.0461 33684 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:21:37.0477 33684 msahci - ok
19:21:37.0477 33684 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:21:37.0492 33684 msdsm - ok
19:21:37.0508 33684 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:21:37.0508 33684 MSDTC - ok
19:21:37.0539 33684 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:21:37.0539 33684 Msfs - ok
19:21:37.0555 33684 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:21:37.0555 33684 mshidkmdf - ok
19:21:37.0586 33684 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:21:37.0586 33684 msisadrv - ok
19:21:37.0617 33684 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:21:37.0633 33684 MSiSCSI - ok
19:21:37.0633 33684 msiserver - ok
19:21:37.0664 33684 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:21:37.0664 33684 MSKSSRV - ok
19:21:37.0726 33684 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
19:21:37.0726 33684 MsMpSvc - ok
19:21:37.0757 33684 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:21:37.0757 33684 MSPCLOCK - ok
19:21:37.0773 33684 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:21:37.0773 33684 MSPQM - ok
19:21:37.0820 33684 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:21:37.0835 33684 MsRPC - ok
19:21:37.0835 33684 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:21:37.0835 33684 mssmbios - ok
19:21:37.0851 33684 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:21:37.0851 33684 MSTEE - ok
19:21:37.0867 33684 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:21:37.0867 33684 MTConfig - ok
19:21:37.0898 33684 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:21:37.0898 33684 Mup - ok
19:21:37.0960 33684 MySQL_ZendServer51 - ok
19:21:37.0991 33684 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:21:38.0007 33684 napagent - ok
19:21:38.0038 33684 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:21:38.0054 33684 NativeWifiP - ok
19:21:38.0101 33684 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
19:21:38.0101 33684 NDIS - ok
19:21:38.0132 33684 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:21:38.0132 33684 NdisCap - ok
19:21:38.0163 33684 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:21:38.0163 33684 NdisTapi - ok
19:21:38.0225 33684 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:21:38.0225 33684 Ndisuio - ok
19:21:38.0257 33684 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:21:38.0272 33684 NdisWan - ok
19:21:38.0319 33684 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:21:38.0319 33684 NDProxy - ok
19:21:38.0350 33684 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:21:38.0350 33684 NetBIOS - ok
19:21:38.0397 33684 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:21:38.0397 33684 NetBT - ok
19:21:38.0413 33684 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:21:38.0413 33684 Netlogon - ok
19:21:38.0459 33684 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:21:38.0459 33684 Netman - ok
19:21:38.0522 33684 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:21:38.0553 33684 NetMsmqActivator - ok
19:21:38.0553 33684 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:21:38.0553 33684 NetPipeActivator - ok
19:21:38.0584 33684 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:21:38.0600 33684 netprofm - ok
19:21:38.0615 33684 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:21:38.0615 33684 NetTcpActivator - ok
19:21:38.0615 33684 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:21:38.0615 33684 NetTcpPortSharing - ok
19:21:38.0678 33684 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:21:38.0678 33684 nfrd960 - ok
19:21:38.0725 33684 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:21:38.0725 33684 NisDrv - ok
19:21:38.0771 33684 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
19:21:38.0771 33684 NisSrv - ok
19:21:38.0803 33684 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:21:38.0818 33684 NlaSvc - ok
19:21:38.0818 33684 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:21:38.0818 33684 Npfs - ok
19:21:38.0834 33684 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:21:38.0834 33684 nsi - ok
19:21:38.0849 33684 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:21:38.0849 33684 nsiproxy - ok
19:21:38.0912 33684 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:21:38.0927 33684 Ntfs - ok
19:21:38.0943 33684 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:21:38.0943 33684 Null - ok
19:21:39.0021 33684 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:21:39.0021 33684 nvraid - ok
19:21:39.0068 33684 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:21:39.0068 33684 nvstor - ok
19:21:39.0099 33684 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:21:39.0099 33684 nv_agp - ok
19:21:39.0208 33684 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:21:39.0224 33684 odserv - ok
19:21:39.0255 33684 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:21:39.0255 33684 ohci1394 - ok
19:21:39.0271 33684 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:21:39.0271 33684 ose - ok
19:21:39.0317 33684 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:21:39.0317 33684 p2pimsvc - ok
19:21:39.0333 33684 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:21:39.0349 33684 p2psvc - ok
19:21:39.0364 33684 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:21:39.0364 33684 Parport - ok
19:21:39.0411 33684 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:21:39.0411 33684 partmgr - ok
19:21:39.0427 33684 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:21:39.0427 33684 PcaSvc - ok
19:21:39.0473 33684 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:21:39.0473 33684 pci - ok
19:21:39.0489 33684 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:21:39.0489 33684 pciide - ok
19:21:39.0505 33684 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:21:39.0505 33684 pcmcia - ok
19:21:39.0520 33684 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:21:39.0520 33684 pcw - ok
19:21:39.0536 33684 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:21:39.0551 33684 PEAUTH - ok
19:21:39.0598 33684 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:21:39.0614 33684 PeerDistSvc - ok
19:21:39.0692 33684 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:21:39.0692 33684 PerfHost - ok
19:21:39.0754 33684 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:21:39.0785 33684 pla - ok
19:21:39.0832 33684 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:21:39.0832 33684 PlugPlay - ok
19:21:39.0863 33684 PnkBstrA - ok
19:21:39.0895 33684 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:21:39.0895 33684 PNRPAutoReg - ok
19:21:39.0910 33684 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:21:39.0910 33684 PNRPsvc - ok
19:21:39.0926 33684 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:21:39.0941 33684 PolicyAgent - ok
19:21:39.0973 33684 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:21:39.0973 33684 Power - ok
19:21:40.0019 33684 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:21:40.0019 33684 PptpMiniport - ok
19:21:40.0051 33684 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:21:40.0051 33684 Processor - ok
19:21:40.0097 33684 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:21:40.0097 33684 ProfSvc - ok
19:21:40.0113 33684 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:21:40.0113 33684 ProtectedStorage - ok
19:21:40.0160 33684 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:21:40.0160 33684 Psched - ok
19:21:40.0222 33684 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:21:40.0238 33684 ql2300 - ok
19:21:40.0253 33684 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:21:40.0253 33684 ql40xx - ok
19:21:40.0300 33684 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:21:40.0300 33684 QWAVE - ok
19:21:40.0300 33684 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:21:40.0316 33684 QWAVEdrv - ok
19:21:40.0316 33684 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:21:40.0316 33684 RasAcd - ok
19:21:40.0363 33684 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:21:40.0363 33684 RasAgileVpn - ok
19:21:40.0378 33684 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:21:40.0378 33684 RasAuto - ok
19:21:40.0394 33684 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:21:40.0394 33684 Rasl2tp - ok
19:21:40.0425 33684 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:21:40.0441 33684 RasMan - ok
19:21:40.0456 33684 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:21:40.0456 33684 RasPppoe - ok
19:21:40.0487 33684 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:21:40.0487 33684 RasSstp - ok
19:21:40.0503 33684 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:21:40.0519 33684 rdbss - ok
19:21:40.0519 33684 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:21:40.0534 33684 rdpbus - ok
19:21:40.0534 33684 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:21:40.0534 33684 RDPCDD - ok
19:21:40.0581 33684 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:21:40.0581 33684 RDPDR - ok
19:21:40.0597 33684 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:21:40.0597 33684 RDPENCDD - ok
19:21:40.0612 33684 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:21:40.0612 33684 RDPREFMP - ok
19:21:40.0643 33684 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:21:40.0643 33684 RDPWD - ok
19:21:40.0675 33684 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:21:40.0675 33684 rdyboost - ok
19:21:40.0706 33684 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:21:40.0706 33684 RemoteAccess - ok
19:21:40.0721 33684 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:21:40.0721 33684 RemoteRegistry - ok
19:21:40.0753 33684 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:21:40.0753 33684 RpcEptMapper - ok
19:21:40.0784 33684 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:21:40.0784 33684 RpcLocator - ok
19:21:40.0815 33684 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:21:40.0831 33684 RpcSs - ok
19:21:40.0831 33684 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:21:40.0831 33684 rspndr - ok
19:21:40.0878 33684 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:21:40.0878 33684 s3cap - ok
19:21:40.0893 33684 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:21:40.0893 33684 SamSs - ok
19:21:40.0924 33684 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:21:40.0924 33684 sbp2port - ok
19:21:40.0940 33684 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:21:40.0940 33684 SCardSvr - ok
19:21:40.0971 33684 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:21:40.0971 33684 scfilter - ok
19:21:41.0018 33684 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:21:41.0034 33684 Schedule - ok
19:21:41.0080 33684 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:21:41.0080 33684 SCPolicySvc - ok
19:21:41.0112 33684 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:21:41.0112 33684 SDRSVC - ok
19:21:41.0127 33684 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:21:41.0127 33684 secdrv - ok
19:21:41.0174 33684 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:21:41.0205 33684 seclogon - ok
19:21:41.0221 33684 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
19:21:41.0221 33684 SENS - ok
19:21:41.0236 33684 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:21:41.0236 33684 SensrSvc - ok
19:21:41.0252 33684 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:21:41.0252 33684 Serenum - ok
19:21:41.0268 33684 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:21:41.0268 33684 Serial - ok
19:21:41.0314 33684 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:21:41.0330 33684 sermouse - ok
19:21:41.0377 33684 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:21:41.0377 33684 SessionEnv - ok
19:21:41.0408 33684 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:21:41.0408 33684 sffdisk - ok
19:21:41.0424 33684 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:21:41.0424 33684 sffp_mmc - ok
19:21:41.0439 33684 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:21:41.0439 33684 sffp_sd - ok
19:21:41.0455 33684 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:21:41.0455 33684 sfloppy - ok
19:21:41.0470 33684 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:21:41.0486 33684 SharedAccess - ok
19:21:41.0517 33684 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:21:41.0533 33684 ShellHWDetection - ok
19:21:41.0548 33684 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:21:41.0548 33684 SiSRaid2 - ok
19:21:41.0564 33684 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:21:41.0564 33684 SiSRaid4 - ok
19:21:41.0642 33684 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:21:41.0642 33684 SkypeUpdate - ok
19:21:41.0673 33684 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:21:41.0673 33684 Smb - ok
19:21:41.0720 33684 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:21:41.0720 33684 SNMPTRAP - ok
19:21:41.0736 33684 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:21:41.0736 33684 spldr - ok
19:21:41.0782 33684 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:21:41.0782 33684 Spooler - ok
19:21:41.0876 33684 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:21:41.0923 33684 sppsvc - ok
19:21:41.0954 33684 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:21:41.0954 33684 sppuinotify - ok
19:21:42.0001 33684 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:21:42.0001 33684 srv - ok
19:21:42.0016 33684 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:21:42.0032 33684 srv2 - ok
19:21:42.0032 33684 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:21:42.0032 33684 srvnet - ok
19:21:42.0079 33684 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:21:42.0079 33684 SSDPSRV - ok
19:21:42.0094 33684 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:21:42.0094 33684 SstpSvc - ok
19:21:42.0126 33684 Steam Client Service - ok
19:21:42.0141 33684 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:21:42.0141 33684 stexstor - ok
19:21:42.0188 33684 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:21:42.0204 33684 stisvc - ok
19:21:42.0235 33684 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:21:42.0235 33684 storflt - ok
19:21:42.0250 33684 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
19:21:42.0250 33684 StorSvc - ok
19:21:42.0266 33684 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:21:42.0266 33684 storvsc - ok
19:21:42.0313 33684 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:21:42.0313 33684 swenum - ok
19:21:42.0391 33684 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
19:21:42.0391 33684 SwitchBoard - ok
19:21:42.0422 33684 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:21:42.0422 33684 swprv - ok
19:21:42.0484 33684 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:21:42.0500 33684 SysMain - ok
19:21:42.0531 33684 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:21:42.0547 33684 TabletInputService - ok
19:21:42.0578 33684 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:21:42.0578 33684 TapiSrv - ok
19:21:42.0594 33684 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:21:42.0594 33684 TBS - ok
19:21:42.0656 33684 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:21:42.0687 33684 Tcpip - ok
19:21:42.0718 33684 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:21:42.0718 33684 TCPIP6 - ok
19:21:42.0765 33684 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:21:42.0765 33684 tcpipreg - ok
19:21:42.0796 33684 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:21:42.0796 33684 TDPIPE - ok
19:21:42.0828 33684 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:21:42.0828 33684 TDTCP - ok
19:21:42.0874 33684 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:21:42.0874 33684 tdx - ok
19:21:42.0906 33684 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:21:42.0906 33684 TermDD - ok
19:21:42.0952 33684 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:21:42.0968 33684 TermService - ok
19:21:42.0984 33684 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:21:42.0984 33684 Themes - ok
19:21:43.0015 33684 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:21:43.0015 33684 THREADORDER - ok
19:21:43.0030 33684 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:21:43.0030 33684 TrkWks - ok
19:21:43.0093 33684 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:21:43.0093 33684 TrustedInstaller - ok
19:21:43.0124 33684 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:21:43.0124 33684 tssecsrv - ok
19:21:43.0171 33684 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:21:43.0171 33684 TsUsbFlt - ok
19:21:43.0218 33684 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:21:43.0218 33684 tunnel - ok
19:21:43.0233 33684 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:21:43.0249 33684 uagp35 - ok
19:21:43.0280 33684 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:21:43.0280 33684 udfs - ok
19:21:43.0311 33684 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:21:43.0311 33684 UI0Detect - ok
19:21:43.0327 33684 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:21:43.0327 33684 uliagpkx - ok
19:21:43.0405 33684 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
19:21:43.0405 33684 umbus - ok
19:21:43.0420 33684 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:21:43.0420 33684 UmPass - ok
19:21:43.0452 33684 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
19:21:43.0452 33684 UmRdpService - ok
19:21:43.0467 33684 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:21:43.0467 33684 upnphost - ok
19:21:43.0483 33684 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:21:43.0483 33684 usbccgp - ok
19:21:43.0530 33684 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:21:43.0530 33684 usbcir - ok
19:21:43.0576 33684 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:21:43.0576 33684 usbehci - ok
19:21:43.0639 33684 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:21:43.0639 33684 usbhub - ok
19:21:43.0654 33684 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:21:43.0654 33684 usbohci - ok
19:21:43.0701 33684 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:21:43.0701 33684 usbprint - ok
19:21:43.0732 33684 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:21:43.0732 33684 usbscan - ok
19:21:43.0779 33684 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
19:21:43.0779 33684 USBSTOR - ok
19:21:43.0810 33684 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:21:43.0810 33684 usbuhci - ok
19:21:43.0826 33684 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:21:43.0826 33684 UxSms - ok
19:21:43.0842 33684 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:21:43.0842 33684 VaultSvc - ok
19:21:43.0904 33684 [ CF619CAFDABFF0A46E17509D5A24D8A6 ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys
19:21:43.0904 33684 VBoxDrv - ok
19:21:43.0935 33684 [ A20B65C4C40AA8E5C351DBEA4CE45636 ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
19:21:43.0935 33684 VBoxNetAdp - ok
19:21:43.0982 33684 [ 08202237262B9D9654B609FFBD8BD725 ] VBoxNetFlt C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
19:21:43.0982 33684 VBoxNetFlt - ok
19:21:44.0013 33684 [ 14EB14D8FC182C0D1CF82220025486B5 ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
19:21:44.0013 33684 VBoxUSBMon - ok
19:21:44.0044 33684 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:21:44.0044 33684 vdrvroot - ok
19:21:44.0091 33684 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:21:44.0107 33684 vds - ok
19:21:44.0122 33684 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:21:44.0138 33684 vga - ok
19:21:44.0138 33684 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:21:44.0138 33684 VgaSave - ok
19:21:44.0169 33684 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:21:44.0169 33684 vhdmp - ok
19:21:44.0185 33684 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:21:44.0185 33684 viaide - ok
19:21:44.0216 33684 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:21:44.0232 33684 vmbus - ok
19:21:44.0232 33684 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:21:44.0232 33684 VMBusHID - ok
19:21:44.0278 33684 [ 21C96AA588D3993191761A08DBAABB15 ] vmm C:\Windows\system32\Drivers\vmm.sys
19:21:44.0294 33684 vmm - ok
19:21:44.0325 33684 [ 93F279A2C172562050700A18FA84BE2E ] vncmirror C:\Windows\system32\DRIVERS\vncmirror.sys
19:21:44.0325 33684 vncmirror - ok
19:21:44.0356 33684 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:21:44.0356 33684 volmgr - ok
19:21:44.0403 33684 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:21:44.0403 33684 volmgrx - ok
19:21:44.0450 33684 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:21:44.0450 33684 volsnap - ok
19:21:44.0466 33684 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
19:21:44.0466 33684 vpcbus - ok
19:21:44.0512 33684 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
19:21:44.0512 33684 vpcnfltr - ok
19:21:44.0559 33684 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
19:21:44.0559 33684 vpcusb - ok
19:21:44.0590 33684 [ 63F4E10873BEB4124028C6D1A66B0968 ] vpcuxd C:\Windows\system32\drivers\vpcuxd.sys
19:21:44.0590 33684 vpcuxd - ok
19:21:44.0622 33684 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
19:21:44.0622 33684 vpcvmm - ok
19:21:44.0668 33684 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:21:44.0668 33684 vsmraid - ok
19:21:44.0715 33684 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:21:44.0746 33684 VSS - ok
19:21:44.0793 33684 [ 93132C69394A99D992095D8CFE464801 ] VST64HWBS2 C:\Windows\system32\DRIVERS\VSTBS26.SYS
19:21:44.0793 33684 VST64HWBS2 - ok
19:21:44.0824 33684 [ 02071D207A9858FBE3A48CBFD59C4A04 ] VST64_DPV C:\Windows\system32\DRIVERS\VSTDPV6.SYS
19:21:44.0840 33684 VST64_DPV - ok
19:21:44.0856 33684 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:21:44.0856 33684 vwifibus - ok
19:21:44.0871 33684 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:21:44.0887 33684 W32Time - ok
19:21:44.0902 33684 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:21:44.0902 33684 WacomPen - ok
19:21:44.0934 33684 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:21:44.0934 33684 WANARP - ok
19:21:44.0965 33684 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:21:44.0965 33684 Wanarpv6 - ok
19:21:45.0012 33684 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:21:45.0027 33684 WatAdminSvc - ok
19:21:45.0090 33684 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:21:45.0105 33684 wbengine - ok
19:21:45.0121 33684 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:21:45.0121 33684 WbioSrvc - ok
19:21:45.0168 33684 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:21:45.0168 33684 wcncsvc - ok
19:21:45.0183 33684 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:21:45.0183 33684 WcsPlugInService - ok
19:21:45.0199 33684 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:21:45.0199 33684 Wd - ok
19:21:45.0230 33684 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:21:45.0230 33684 Wdf01000 - ok
19:21:45.0246 33684 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:21:45.0246 33684 WdiServiceHost - ok
19:21:45.0261 33684 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:21:45.0261 33684 WdiSystemHost - ok
19:21:45.0292 33684 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:21:45.0308 33684 WebClient - ok
19:21:45.0324 33684 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:21:45.0324 33684 Wecsvc - ok
19:21:45.0339 33684 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:21:45.0339 33684 wercplsupport - ok
19:21:45.0370 33684 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:21:45.0386 33684 WerSvc - ok
19:21:45.0386 33684 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:21:45.0386 33684 WfpLwf - ok
19:21:45.0402 33684 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:21:45.0402 33684 WIMMount - ok
19:21:45.0433 33684 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
19:21:45.0448 33684 winachsf - ok
19:21:45.0464 33684 WinDefend - ok
19:21:45.0464 33684 WinHttpAutoProxySvc - ok
19:21:45.0526 33684 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:21:45.0526 33684 Winmgmt - ok
19:21:45.0620 33684 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:21:45.0651 33684 WinRM - ok
19:21:45.0714 33684 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:21:45.0714 33684 WinUsb - ok
19:21:45.0760 33684 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:21:45.0776 33684 Wlansvc - ok
19:21:45.0916 33684 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:21:45.0948 33684 wlidsvc - ok
19:21:45.0994 33684 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:21:45.0994 33684 WmiAcpi - ok
19:21:46.0010 33684 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:21:46.0010 33684 wmiApSrv - ok
19:21:46.0041 33684 WMPNetworkSvc - ok
19:21:46.0057 33684 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:21:46.0057 33684 WPCSvc - ok
19:21:46.0088 33684 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:21:46.0088 33684 WPDBusEnum - ok
19:21:46.0119 33684 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:21:46.0119 33684 ws2ifsl - ok
19:21:46.0135 33684 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
19:21:46.0135 33684 wscsvc - ok
19:21:46.0135 33684 WSearch - ok
19:21:46.0213 33684 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:21:46.0260 33684 wuauserv - ok
19:21:46.0260 33684 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:21:46.0275 33684 WudfPf - ok
19:21:46.0306 33684 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:21:46.0306 33684 WUDFRd - ok
19:21:46.0338 33684 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:21:46.0353 33684 wudfsvc - ok
19:21:46.0369 33684 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:21:46.0369 33684 WwanSvc - ok
19:21:46.0462 33684 [ DC6D7521A458692054B97ADD41FE0C62 ] ZendDeployment C:\Program Files (x86)\Zend\ZendServer\bin\zdd.exe
19:21:46.0494 33684 ZendDeployment - ok
19:21:46.0525 33684 [ 1CA617E05162C2AC96EC84FDAEE6727F ] ZendJobQueue C:\Program Files (x86)\Zend\ZendServer\bin\jqd.exe
19:21:46.0540 33684 ZendJobQueue - ok
19:21:46.0556 33684 [ 1E11B5D2630C027B45E61BB4CBC04CED ] ZendMonitor C:\Program Files (x86)\Zend\ZendServer\bin\MonitorNode.exe
19:21:46.0556 33684 ZendMonitor - ok
19:21:46.0603 33684 [ FFDEFD5163E05A2E957AA20BE96315A6 ] ZendSessionClustering C:\Program Files (x86)\Zend\ZendServer\bin\ZendSessionManager.exe
19:21:46.0603 33684 ZendSessionClustering - ok
19:21:46.0618 33684 ================ Scan global ===============================
19:21:46.0650 33684 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:21:46.0696 33684 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:21:46.0696 33684 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:21:46.0728 33684 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:21:46.0743 33684 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:21:46.0759 33684 [Global] - ok
19:21:46.0759 33684 ================ Scan MBR ==================================
19:21:46.0774 33684 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:21:46.0930 33684 \Device\Harddisk0\DR0 - ok
19:21:46.0946 33684 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
19:21:46.0946 33684 \Device\Harddisk1\DR1 - ok
19:21:46.0946 33684 ================ Scan VBR ==================================
19:21:46.0962 33684 [ 8C20BFD6E00D2D98E888E7D9E1B49371 ] \Device\Harddisk0\DR0\Partition1
19:21:46.0962 33684 \Device\Harddisk0\DR0\Partition1 - ok
19:21:46.0977 33684 [ 688C13A0DD63F90CAAEE8F8BF6840D18 ] \Device\Harddisk0\DR0\Partition2
19:21:46.0977 33684 \Device\Harddisk0\DR0\Partition2 - ok
19:21:46.0993 33684 [ 04EB0274DCC9072BBC3793D6042C0655 ] \Device\Harddisk0\DR0\Partition3
19:21:46.0993 33684 \Device\Harddisk0\DR0\Partition3 - ok
19:21:47.0024 33684 [ E14AC92E01066627713796F90BB807FF ] \Device\Harddisk0\DR0\Partition4
19:21:47.0024 33684 \Device\Harddisk0\DR0\Partition4 - ok
19:21:47.0024 33684 [ 3EA716837DCCAE3928BD099D6DB50B3B ] \Device\Harddisk1\DR1\Partition1
19:21:47.0024 33684 \Device\Harddisk1\DR1\Partition1 - ok
19:21:47.0040 33684 [ 08D9EAD3E2F46A3CE289DF287A4F7479 ] \Device\Harddisk1\DR1\Partition2
19:21:47.0040 33684 \Device\Harddisk1\DR1\Partition2 - ok
19:21:47.0055 33684 ============================================================
19:21:47.0055 33684 Scan finished
19:21:47.0055 33684 ============================================================
19:21:47.0055 91996 Detected object count: 1
19:21:47.0055 91996 Actual detected object count: 1
19:22:10.0689 91996 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
19:22:10.0689 91996 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

Attached Files



#8 Ried

Ried

  • Malware Response Team
  • 1,009 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 PM

Posted 07 September 2012 - 08:14 PM

Thank you. System Restore should have brought that back if had been caused by ComboFix. It sounds as though the issue occurred sometime before that but you might not have been aware until a reboot.

I see you also recently installed HitManPro. I'm assuming you ran that as well? If so, did it detect ZAccess infection?

Microsoft MVP - Consumer Security 2010, 2011, 2012

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."


#9 Bass10

Bass10
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 07 September 2012 - 08:37 PM

I did a scan with HitmanPro - and, here's the log:


HitmanPro 3.6.1.164
www.hitmanpro.com

   Computer name . . . . : FLAM5
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Flam5\Bass10
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 1601-01-01 00:00:00
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 0s
   Disk access mode  . . : Direct disk access ()
   Cloud . . . . . . . . : No connection
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 1

   Objects scanned . . . : 0
   Files scanned . . . . : 0
   Remnants scanned  . . : 0 files / 0 keys

Repairs _____________________________________________________________________

   Repair Winsock
   HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9



It appears that repairing this problem should fix it - I did not choose to repair it yet.

I believe I ran HitmanPro after I thought everything had been fixed the first time and before attempting to run ComboFix. I didn't save the original log - I believe it didn't detect anything though.

#10 Ried

Ried

  • Malware Response Team
  • 1,009 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 PM

Posted 07 September 2012 - 08:44 PM

It certainly wouldn't hurt at this point. Give it a try and let me know how it worked out.

Microsoft MVP - Consumer Security 2010, 2011, 2012

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."


#11 Bass10

Bass10
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 07 September 2012 - 09:15 PM

Repairing that problem did not fix the problem.

#12 Ried

Ried

  • Malware Response Team
  • 1,009 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 PM

Posted 07 September 2012 - 10:00 PM

Did you reboot afterward? If so, then what I'd like you to do is run Combofix again. Since it has been several days since you last ran it, delete your existing ComboFix.exe and download the latest version from here. Transfer it to the desktop of the Win7 machine.

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.


====================================================

If you still don't have internet after running Combofix, please do the following:


Click Start>All Programs>Accessories and locate the command prompt in the list. Right click and select Run as Administrator.

A block dos type box will open. Type in the following and press Enter:

netsh winsock reset catalog

(note: there is a space between each word)


When that has completed, type in the following and press Enter:

netsh int ip reset reset.log

(note: there is a space between each word)

When that has completed, type in Exit and press Enter, then reboot the machine. Any luck?

Microsoft MVP - Consumer Security 2010, 2011, 2012

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."


#13 Bass10

Bass10
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 08 September 2012 - 07:48 AM

I started Combofix shortly after your reply and let it run all night and it is currently stuck at "Completed Stage_4".

Not sure if there is a certain way I should kill it or if I should leave it.

It has been stuck on this for 8+ hours.

#14 Ried

Ried

  • Malware Response Team
  • 1,009 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 PM

Posted 08 September 2012 - 09:09 AM

Close ComboFix.

Reboot into Safe Mode and run it from there.

Microsoft MVP - Consumer Security 2010, 2011, 2012

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."


#15 Bass10

Bass10
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 09 September 2012 - 08:35 AM

I started Combofix in Safe Mode shortly after your last reply yesterday-

It made very slow and steady progress throughout the day yesterday (some stages took an hour+ to complete).

But it appears to be hung at "Completed Stage_48"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users