Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with FBI MoneyPak Virus


  • This topic is locked This topic is locked
21 replies to this topic

#1 george_d

george_d

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 18 September 2012 - 04:31 PM

I'm running a Dell Inspiron M5030 with Windows 7 Home Premium.

Boots to message "Page is Loading, please wait. This may take up to 30 seconds." Machine is not frozen. I can CTL-ALT-DEL to Task Manager launch screen although I can't launch task manager.

Tried to SAFE BOOT. Gets as far as blank screen with SAFE MODE in the corners and freeze. Tried to go to Repair computer. Freezes on Loading Windows fuel bar.

Your guidance would be very much appreciated.

George
deari128

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:22 PM

Posted 18 September 2012 - 05:25 PM

Do you have your windows 7 dvd ?

If yes insert it and press any key on bootup and select REPAIR COMPUTER option

Let me know if that works

Edited by narenxp, 18 September 2012 - 05:25 PM.


#3 george_d

george_d
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 18 September 2012 - 06:04 PM

Hi narenxp,

I do have a windows 7 dvd.

When I select Repair Computer, it comes up with System Recovery Option. Under the first option "Use Recovery tools", it shows nothing in the selection box. I can't select the second option "Restore your computer" because I don't have a system image to restore.

BTW, when I used the Repair Disc before, I am able to go to the command prompt and there is a partition (x:) that has the windows folders.

George

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:22 PM

Posted 18 September 2012 - 06:13 PM

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

What happens when you select SYSTEM RESTORE

Do you have previous restore points?

#5 george_d

george_d
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 18 September 2012 - 06:34 PM

It comes back the error message "To use System Restore, you must specify which Windows installation to restore."

I believe there are restore points but at this point the Windows installation is not being recognized.

George

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:22 PM

Posted 18 September 2012 - 06:36 PM

So you're able to use command prompt right?

We have other tools to remove this ransomware.Let me ask a malware response team member to assist you

good luck

#7 george_d

george_d
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 18 September 2012 - 07:08 PM

Yes, I can get to the command prompt.

Thanks for your help.

george

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:22 AM

Posted 18 September 2012 - 07:17 PM

Hi george_d,

Welcome to the forum.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

Edited by Orange Blossom, 18 September 2012 - 07:23 PM.
Moved to log forum. ~ OB


#9 george_d

george_d
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 18 September 2012 - 07:47 PM

Here is the frst64 report.

George

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-09-2012
Ran by SYSTEM at 18-09-2012 19:41:21
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet003

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3202928 2010-04-02] (Dell Inc.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10810912 2010-05-20] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [384296 2010-04-05] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [102400 2010-03-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()
HKLM-x32\...\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot [3926528 2010-08-23] (Dell, Inc.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey [136512 2009-08-25] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE [124224 2010-03-25] (McAfee, Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [wWUz971SLWY9Z3f] C:\Users\LAStone\AppData\Roaming\12wcfAYT.exe [398336 2012-09-06] ()
HKU\LAStone\...\Run: [Google Update] "C:\Users\LAStone\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-06-02] (Google Inc.)
HKU\LAStone\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\LAStone\...\Run: [wWUz971SLWY9Z3f] C:\Users\LAStone\AppData\Roaming\12wcfAYT.exe [398336 2012-09-06] ()
HKU\LAStone\...\Policies\system: [DisableTaskMgr] 1
HKU\LAStone\...\Policies\system: [DisableRegistryTools] 1
HKU\LAStone\...\Policies\Explorer: [NoDesktop] 1
HKU\LAStone\...\Winlogon: [Shell] C:\Users\LAStone\AppData\Roaming\12wcfAYT.exe [398336 2012-09-06] ()
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [560128 2011-09-15] (Dell)
HKLM-x32\...\Winlogon: [Shell] C:\Users\LAStone\AppData\Roaming\12wcfAYT.exe [x ] ()
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\Default\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\LAStone\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ===================

2 CrossLoopService; "C:\Users\LAStone\AppData\Local\CrossLoop\CrossLoopService.exe" --service [560848 2010-08-17] (CrossLoop Inc)
2 McAfeeEngineService; "C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe" [20792 2010-03-25] (McAfee, Inc.)
2 McAfeeFramework; "C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe" /ServiceStart [103744 2009-08-25] (McAfee, Inc.)
2 McShield; "C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe" [180968 2010-03-25] (McAfee, Inc.)
2 McTaskManager; "C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe" [66880 2010-03-25] (McAfee, Inc.)
2 mfevtp; C:\Windows\system32\mfevtps.exe [79504 2010-03-25] (McAfee, Inc.)
3 tvnserver; "C:\Users\LAStone\AppData\Local\CrossLoop\tvnserver.exe" -service [814080 2010-07-21] (GlavSoft LLC.)

==================== Drivers (Whitelisted) =====================

3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [97576 2010-03-25] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [120096 2010-03-25] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [469400 2010-03-25] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [78896 2010-03-25] (McAfee, Inc.)
1 mfetdik; C:\Windows\System32\Drivers\mfetdik.sys [84424 2010-03-25] (McAfee, Inc.)

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-09-18 19:41 - 2012-09-18 19:41 - 00000000 ____D C:\FRST
2012-09-06 07:51 - 2012-09-06 07:51 - 00398336 ____A C:\Users\LAStone\AppData\Roaming\12wcfAYT.exe
2012-09-04 17:39 - 2012-09-04 17:39 - 00000001 ____A C:\Users\All Users\VkvN4K5e.exe_.b
2012-09-04 17:39 - 2012-09-04 17:39 - 00000001 ____A C:\Users\All Users\VkvN4K5e.exe.b
2012-09-04 17:39 - 2012-09-04 17:39 - 00000000 ____A C:\Users\All Users\Q1eiD31cC.dat
2012-09-04 17:39 - 2012-09-04 17:38 - 00112128 ____A C:\Users\All Users\VkvN4K5e.exe
2012-09-04 05:36 - 2012-09-04 05:36 - 00001995 ____A C:\Users\LAStone\Desktop\CompUFloor.rdp.lnk
2012-09-04 00:07 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-04 00:07 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-04 00:07 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-04 00:07 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-04 00:07 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-04 00:07 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-04 00:07 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-04 00:07 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-04 00:07 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-04 00:07 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-09-04 00:07 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-09-04 00:07 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-09-04 00:07 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-09-04 00:07 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-09-04 00:07 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-09-04 00:07 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-09-04 00:07 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-09-04 00:06 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-04 00:06 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-04 00:06 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-04 00:06 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-04 00:06 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-04 00:06 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-09-04 00:06 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-09-04 00:06 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-09-04 00:06 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-09-04 00:06 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-09-04 00:06 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-09-03 17:17 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-09-03 17:17 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2012-09-03 17:16 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-09-03 17:16 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-09-03 17:16 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-09-03 17:16 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-09-03 17:16 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-09-03 17:16 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-09-03 16:23 - 2012-09-03 16:23 - 00000368 ___AH C:\Users\All Users\ifopEEfyaq7Qmw
2012-09-03 16:23 - 2012-09-03 16:23 - 00000184 ___AH C:\Users\All Users\-ifopEEfyaq7Qmwr
2012-09-03 16:23 - 2012-09-03 16:23 - 00000160 ___AH C:\Users\All Users\-ifopEEfyaq7Qmw
2012-09-01 07:18 - 2012-09-01 07:18 - 00000000 ___HD C:\Users\LAStone\AppData\Local\{0E795274-B918-4341-8A5E-6A4A23D725D9}
2012-09-01 06:29 - 2012-09-01 06:29 - 00000000 ____D C:\Program Files (x86)\Webfetti_52
2012-08-31 15:51 - 2012-08-31 15:51 - 00252260 ___AH C:\Users\LAStone\Downloads\attachments_2012_08_31.zip
2012-08-26 05:20 - 2012-08-26 05:21 - 00000000 ___HD C:\Users\LAStone\AppData\Local\{9F45D9FA-7D59-44D9-957E-FC92AC0491A9}
2012-08-22 18:03 - 2012-08-22 18:03 - 00204061 ___AH C:\Users\LAStone\Downloads\attachments_2012_08_22 (2).zip
2012-08-22 17:37 - 2012-08-22 17:37 - 00153902 ___AH C:\Users\LAStone\Downloads\attachments_2012_08_22 (1).zip
2012-08-22 17:21 - 2012-08-22 17:22 - 00157477 ___AH C:\Users\LAStone\Downloads\attachments_2012_08_22.zip

==================== 3 Months Modified Files ==================

2012-09-18 13:25 - 2012-04-22 13:49 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-18 13:25 - 2010-11-26 05:13 - 01599324 ____A C:\Windows\WindowsUpdate.log
2012-09-18 13:25 - 2009-07-13 20:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-18 13:25 - 2009-07-13 20:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-18 13:16 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-18 13:16 - 2009-07-13 20:51 - 00058930 ____A C:\Windows\setupact.log
2012-09-06 07:51 - 2012-09-06 07:51 - 00398336 ____A C:\Users\LAStone\AppData\Roaming\12wcfAYT.exe
2012-09-06 07:21 - 2011-06-02 15:59 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2900595938-1094780226-2466077540-1000UA.job
2012-09-05 17:59 - 2011-06-02 15:59 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2900595938-1094780226-2466077540-1000Core.job
2012-09-04 17:39 - 2012-09-04 17:39 - 00000001 ____A C:\Users\All Users\VkvN4K5e.exe_.b
2012-09-04 17:39 - 2012-09-04 17:39 - 00000001 ____A C:\Users\All Users\VkvN4K5e.exe.b
2012-09-04 17:39 - 2012-09-04 17:39 - 00000000 ____A C:\Users\All Users\Q1eiD31cC.dat
2012-09-04 17:38 - 2012-09-04 17:39 - 00112128 ____A C:\Users\All Users\VkvN4K5e.exe
2012-09-04 05:36 - 2012-09-04 05:36 - 00001995 ____A C:\Users\LAStone\Desktop\CompUFloor.rdp.lnk
2012-09-04 00:28 - 2009-07-13 20:45 - 00304424 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-04 00:03 - 2011-06-02 16:01 - 00002469 ____A C:\Users\LAStone\Desktop\Google Chrome.lnk
2012-09-04 00:01 - 2011-03-28 00:00 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-03 16:23 - 2012-09-03 16:23 - 00000368 ___AH C:\Users\All Users\ifopEEfyaq7Qmw
2012-09-03 16:23 - 2012-09-03 16:23 - 00000184 ___AH C:\Users\All Users\-ifopEEfyaq7Qmwr
2012-09-03 16:23 - 2012-09-03 16:23 - 00000160 ___AH C:\Users\All Users\-ifopEEfyaq7Qmw
2012-08-31 15:51 - 2012-08-31 15:51 - 00252260 ___AH C:\Users\LAStone\Downloads\attachments_2012_08_31.zip
2012-08-22 18:03 - 2012-08-22 18:03 - 00204061 ___AH C:\Users\LAStone\Downloads\attachments_2012_08_22 (2).zip
2012-08-22 17:37 - 2012-08-22 17:37 - 00153902 ___AH C:\Users\LAStone\Downloads\attachments_2012_08_22 (1).zip
2012-08-22 17:22 - 2012-08-22 17:21 - 00157477 ___AH C:\Users\LAStone\Downloads\attachments_2012_08_22.zip
2012-08-14 15:25 - 2012-04-22 13:49 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-14 15:25 - 2011-05-17 19:19 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-11 06:00 - 2012-02-04 18:19 - 00000456 ___AH C:\Windows\Tasks\Norton Security Scan for LAStone.job
2012-08-06 12:19 - 2012-08-02 07:09 - 00012451 ___AH C:\Users\LAStone\Documents\Customer Listing.xlsx
2012-07-31 10:41 - 2012-07-30 11:03 - 00012339 ___AH C:\Users\LAStone\Documents\Ashcraft Consignment List July 2012.xlsx
2012-07-30 09:08 - 2012-07-30 09:07 - 00275800 ____A C:\Windows\Minidump\073012-21418-01.dmp
2012-07-30 09:07 - 2011-04-24 09:24 - 357975510 ____A C:\Windows\MEMORY.DMP
2012-07-29 11:27 - 2012-07-29 11:27 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-18 10:15 - 2012-09-03 17:16 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-12 13:42 - 2012-07-12 13:40 - 00738831 ___AH C:\Users\LAStone\Documents\Granite Masters Ralph Price Sheet.xlsx
2012-07-12 00:09 - 2009-07-13 18:34 - 00000510 ____A C:\Windows\win.ini
2012-07-11 06:29 - 2012-07-11 06:29 - 00019647 ___AH C:\Users\LAStone\Documents\May-June 2012 Expense Report.xlsx
2012-07-04 14:16 - 2012-09-03 17:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-09-03 17:16 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:13 - 2012-09-03 17:16 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:16 - 2012-08-14 13:36 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-09-03 17:16 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-06-28 20:55 - 2012-09-04 00:06 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 20:09 - 2012-09-04 00:06 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 19:56 - 2012-09-04 00:07 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 19:49 - 2012-09-04 00:07 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 19:49 - 2012-09-04 00:06 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 19:48 - 2012-09-04 00:07 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 19:47 - 2012-09-04 00:07 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 19:45 - 2012-09-04 00:06 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 19:44 - 2012-09-04 00:06 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 19:43 - 2012-09-04 00:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 19:42 - 2012-09-04 00:07 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 19:40 - 2012-09-04 00:07 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 19:39 - 2012-09-04 00:07 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 19:35 - 2012-09-04 00:07 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 16:52 - 2012-09-04 00:06 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 16:27 - 2012-09-04 00:06 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 16:16 - 2012-09-04 00:06 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 16:09 - 2012-09-04 00:07 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 16:09 - 2012-09-04 00:06 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 16:08 - 2012-09-04 00:07 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 16:07 - 2012-09-04 00:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 16:06 - 2012-09-04 00:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 16:04 - 2012-09-04 00:07 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 16:04 - 2012-09-04 00:06 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 16:01 - 2012-09-04 00:07 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 16:01 - 2012-09-04 00:07 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 16:00 - 2012-09-04 00:07 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 15:57 - 2012-09-04 00:07 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-23 20:20 - 2012-06-23 20:20 - 00122656 ___AH C:\Users\LAStone\Downloads\attachments_2012_06_23 (1).zip
2012-06-23 18:40 - 2012-06-23 18:40 - 00122656 ___AH C:\Users\LAStone\Downloads\attachments_2012_06_23.zip


ZeroAccess:
C:\Users\LAStone\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}
C:\Users\LAStone\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@
C:\Users\LAStone\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L
C:\Users\LAStone\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U
C:\Users\LAStone\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000001.@

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-07-24 01:02:24
Restore point made on: 2012-07-27 05:34:03
Restore point made on: 2012-07-31 05:43:18
Restore point made on: 2012-08-07 05:07:25
Restore point made on: 2012-08-10 11:31:34
Restore point made on: 2012-08-14 13:36:16
Restore point made on: 2012-08-15 00:00:57
Restore point made on: 2012-09-03 17:13:40
Restore point made on: 2012-09-04 00:01:08
Restore point made on: 2012-09-18 13:25:01

==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 2811.82 MB
Available physical RAM: 2231.02 MB
Total Pagefile: 2809.97 MB
Available Pagefile: 2228.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:283.33 GB) (Free:225.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: () (Removable) (Total:3.82 GB) (Free:3.62 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (Recovery) (Fixed) (Total:14.65 GB) (Free:9.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 3920 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 100 MB 1024 KB
Partition 2 Primary 14 GB 101 MB
Partition 3 Primary 283 GB 14 GB
Partition 4 Primary 10 MB 298 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 DELLUTILITY FAT Partition 100 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y Recovery NTFS Partition 14 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 283 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes

There is no volume associated with this partition.

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3919 MB 512 B

==================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 3919 MB Healthy

=========================================================

Last Boot: 2012-07-09 14:50

==================== End Of Log =============================

Edited by Farbar, 18 September 2012 - 07:49 PM.
Opened the log.


#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:22 AM

Posted 18 September 2012 - 08:03 PM

FYI: When we both are online, to see my reply you have to use F5 key to refresh the web page otherwise you continue to see your own reply until you get close the page.

The computer is heavily infected. We remove some of the infection, boot and run a tool to take care of a partition infection the next round. Please do the fixes in the order they are written.

Please download Attached File  fixlist.txt   1.17KB   18 downloads
Save it to your flash drive.
Boot to System Recovery Options and select "Command Prompt".

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also restart, let it boot normally and tell me how it went.

#11 george_d

george_d
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 18 September 2012 - 08:15 PM

Here is the frstlog.

Attached Files



#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:22 AM

Posted 18 September 2012 - 08:17 PM

Please copy and paste the logs instead of attaching unless it is otherwise requested.

Also restart, let it boot normally and tell me how it went.

#13 george_d

george_d
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 18 September 2012 - 08:19 PM

Machine booted to desktop.

George

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:22 AM

Posted 18 September 2012 - 08:23 PM

Well done.

  • Please download Listparts64
    Run the tool, click Scan and post the log (Result.txt) it makes.
  • Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
    Let the options as it is and click Continue
  • Click on Report and post the contents of the text file that will open.
  • Let reboot if needed.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


#15 george_d

george_d
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 18 September 2012 - 08:41 PM

Here you are.

ListParts by Farbar Version: 17-09-2012
Ran by LAStone (administrator) on 18-09-2012 at 20:28:14
Windows 7 (X64)
Running From: E:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 38%
Total physical RAM: 2811.82 MB
Available physical RAM: 1740.23 MB
Total Pagefile: 5621.84 MB
Available Pagefile: 4171.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:283.33 GB) (Free:225.78 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: () (Removable) (Total:3.82 GB) (Free:3.62 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 3920 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 100 MB 1024 KB
Partition 2 Primary 14 GB 101 MB
Partition 3 Primary 283 GB 14 GB
Partition 4 Primary 10 MB 298 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Recovery NTFS Partition 14 GB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 283 GB Healthy Boot

======================================================================================================

Disk: 0
Partition 4
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes

There is no volume associated with this partition.

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3919 MB 512 B

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E FAT32 Removable 3919 MB Healthy

======================================================================================================

****** End Of Log ******

20:33:24.0647 3512 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
20:33:25.0848 3512 ============================================================
20:33:25.0848 3512 Current date / time: 2012/09/18 20:33:25.0848
20:33:25.0848 3512 SystemInfo:
20:33:25.0848 3512
20:33:25.0848 3512 OS Version: 6.1.7601 ServicePack: 1.0
20:33:25.0848 3512 Product type: Workstation
20:33:25.0848 3512 ComputerName: LASTONE-PC
20:33:25.0848 3512 UserName: LAStone
20:33:25.0848 3512 Windows directory: C:\Windows
20:33:25.0848 3512 System windows directory: C:\Windows
20:33:25.0848 3512 Running under WOW64
20:33:25.0848 3512 Processor architecture: Intel x64
20:33:25.0848 3512 Number of processors: 2
20:33:25.0848 3512 Page size: 0x1000
20:33:25.0848 3512 Boot type: Normal boot
20:33:25.0848 3512 ============================================================
20:33:27.0237 3512 BG loaded
20:33:28.0812 3512 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x000000A0
20:33:28.0812 3512 Drive \Device\Harddisk1\DR1 - Size: 0xF5000000 (3.83 Gb), SectorSize: 0x200, Cylinders: 0x1F3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:33:28.0812 3512 ============================================================
20:33:28.0812 3512 \Device\Harddisk0\DR0:
20:33:28.0828 3512 MBR partitions:
20:33:28.0828 3512 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
20:33:28.0828 3512 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x236A8AB0
20:33:28.0828 3512 \Device\Harddisk1\DR1:
20:33:28.0828 3512 MBR partitions:
20:33:28.0828 3512 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x1, BlocksNum 0x7A7FFF
20:33:28.0828 3512 ============================================================
20:33:28.0875 3512 C: <-> \Device\Harddisk0\DR0\Partition2
20:33:28.0875 3512 ============================================================
20:33:28.0875 3512 Initialize success
20:33:28.0875 3512 ============================================================
20:33:57.0565 3692 ============================================================
20:33:57.0565 3692 Scan started
20:33:57.0565 3692 Mode: Manual;
20:33:57.0565 3692 ============================================================
20:34:13.0770 3692 ================ Scan system memory ========================
20:34:13.0770 3692 System memory - ok
20:34:13.0770 3692 ================ Scan services =============================
20:34:14.0659 3692 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:34:15.0392 3692 1394ohci - ok
20:34:16.0375 3692 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:34:16.0391 3692 ACPI - ok
20:34:16.0453 3692 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:34:16.0656 3692 AcpiPmi - ok
20:34:17.0436 3692 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:34:19.0027 3692 AdobeFlashPlayerUpdateSvc - ok
20:34:19.0136 3692 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:34:19.0136 3692 adp94xx - ok
20:34:19.0339 3692 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:34:19.0542 3692 adpahci - ok
20:34:19.0604 3692 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:34:19.0604 3692 adpu320 - ok
20:34:19.0792 3692 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:34:19.0792 3692 AeLookupSvc - ok
20:34:19.0932 3692 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
20:34:21.0258 3692 AERTFilters - ok
20:34:21.0414 3692 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:34:22.0178 3692 AFD - ok
20:34:22.0210 3692 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:34:22.0210 3692 agp440 - ok
20:34:22.0334 3692 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:34:22.0334 3692 ALG - ok
20:34:22.0366 3692 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:34:22.0366 3692 aliide - ok
20:34:22.0444 3692 [ 2115FB360C02A4B4C3696BF8E9524BDB ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:34:22.0880 3692 AMD External Events Utility - ok
20:34:22.0943 3692 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:34:22.0958 3692 amdide - ok
20:34:23.0052 3692 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:34:23.0068 3692 AmdK8 - ok
20:34:24.0253 3692 [ D212E021F43891FBD0669DD8457D455C ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:34:24.0503 3692 amdkmdag - ok
20:34:24.0612 3692 [ 1C2421393CDC5A97269109FB352DDF1A ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
20:34:26.0578 3692 amdkmdap - ok
20:34:26.0656 3692 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:34:26.0749 3692 AmdPPM - ok
20:34:26.0890 3692 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:34:27.0451 3692 amdsata - ok
20:34:27.0576 3692 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:34:27.0670 3692 amdsbs - ok
20:34:27.0919 3692 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:34:28.0840 3692 amdxata - ok
20:34:28.0980 3692 [ 98449A2957778A6F025C418438A380F4 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
20:34:29.0432 3692 ApfiltrService - ok
20:34:29.0573 3692 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:34:30.0587 3692 AppID - ok
20:34:30.0649 3692 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:34:30.0665 3692 AppIDSvc - ok
20:34:30.0790 3692 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:34:31.0648 3692 Appinfo - ok
20:34:31.0991 3692 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:34:32.0256 3692 Apple Mobile Device - ok
20:34:32.0303 3692 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:34:32.0318 3692 arc - ok
20:34:32.0318 3692 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:34:32.0334 3692 arcsas - ok
20:34:32.0506 3692 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:34:32.0521 3692 AsyncMac - ok
20:34:32.0599 3692 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:34:32.0599 3692 atapi - ok
20:34:32.0880 3692 [ F8633CDD09647A64EE8DB550630427FF ] athr C:\Windows\system32\DRIVERS\athrx.sys
20:34:32.0989 3692 athr - ok
20:34:33.0036 3692 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
20:34:33.0473 3692 AtiPcie - ok
20:34:33.0629 3692 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:34:34.0487 3692 AudioEndpointBuilder - ok
20:34:34.0612 3692 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:34:34.0627 3692 AudioSrv - ok
20:34:34.0705 3692 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:34:35.0797 3692 AxInstSV - ok
20:34:36.0016 3692 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:34:36.0047 3692 b06bdrv - ok
20:34:36.0437 3692 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:34:36.0686 3692 b57nd60a - ok
20:34:36.0905 3692 [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
20:34:38.0746 3692 BBSvc - ok
20:34:38.0808 3692 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:34:38.0808 3692 BDESVC - ok
20:34:39.0011 3692 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:34:39.0026 3692 Beep - ok
20:34:39.0104 3692 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:34:40.0945 3692 BFE - ok
20:34:41.0039 3692 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
20:34:43.0207 3692 BITS - ok
20:34:43.0441 3692 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:34:43.0457 3692 blbdrive - ok
20:34:43.0550 3692 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:34:43.0847 3692 Bonjour Service - ok
20:34:43.0987 3692 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:34:44.0347 3692 bowser - ok
20:34:44.0394 3692 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:34:44.0394 3692 BrFiltLo - ok
20:34:44.0472 3692 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:34:44.0487 3692 BrFiltUp - ok
20:34:44.0628 3692 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:34:45.0423 3692 Browser - ok
20:34:46.0001 3692 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:34:46.0188 3692 Brserid - ok
20:34:46.0250 3692 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:34:46.0250 3692 BrSerWdm - ok
20:34:46.0266 3692 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:34:46.0281 3692 BrUsbMdm - ok
20:34:46.0313 3692 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:34:46.0328 3692 BrUsbSer - ok
20:34:46.0375 3692 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:34:46.0375 3692 BTHMODEM - ok
20:34:46.0531 3692 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:34:46.0547 3692 bthserv - ok
20:34:46.0734 3692 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:34:46.0734 3692 cdfs - ok
20:34:46.0937 3692 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
20:34:48.0045 3692 cdrom - ok
20:34:48.0109 3692 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:34:48.0389 3692 CertPropSvc - ok
20:34:48.0499 3692 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:34:48.0499 3692 circlass - ok
20:34:48.0623 3692 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:34:48.0655 3692 CLFS - ok
20:34:49.0107 3692 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:34:49.0154 3692 clr_optimization_v2.0.50727_32 - ok
20:34:49.0310 3692 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:34:49.0325 3692 clr_optimization_v2.0.50727_64 - ok
20:34:49.0637 3692 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:34:50.0246 3692 clr_optimization_v4.0.30319_32 - ok
20:34:50.0433 3692 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:34:50.0745 3692 clr_optimization_v4.0.30319_64 - ok
20:34:50.0792 3692 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:34:50.0792 3692 CmBatt - ok
20:34:50.0823 3692 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:34:50.0823 3692 cmdide - ok
20:34:50.0979 3692 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
20:34:51.0073 3692 CNG - ok
20:34:51.0119 3692 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:34:51.0135 3692 Compbatt - ok
20:34:51.0197 3692 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:34:51.0478 3692 CompositeBus - ok
20:34:51.0478 3692 COMSysApp - ok
20:34:51.0525 3692 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:34:51.0541 3692 crcdisk - ok
20:34:52.0071 3692 [ C128E740CDB1048FB72F4F80FA384943 ] CrossLoopService C:\Users\LAStone\AppData\Local\CrossLoop\CrossLoopService.exe
20:34:52.0336 3692 CrossLoopService - ok
20:34:52.0399 3692 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:34:52.0586 3692 CryptSvc - ok
20:34:52.0648 3692 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
20:34:52.0773 3692 CtClsFlt - ok
20:34:52.0945 3692 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:34:52.0960 3692 DcomLaunch - ok
20:34:53.0023 3692 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:34:53.0054 3692 defragsvc - ok
20:34:53.0101 3692 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:34:53.0225 3692 DfsC - ok
20:34:53.0272 3692 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:34:53.0366 3692 Dhcp - ok
20:34:53.0413 3692 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:34:53.0413 3692 discache - ok
20:34:53.0428 3692 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:34:53.0444 3692 Disk - ok
20:34:53.0522 3692 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
20:34:53.0631 3692 DNE - ok
20:34:53.0740 3692 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:34:53.0974 3692 Dnscache - ok
20:34:54.0146 3692 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
20:34:54.0333 3692 DockLoginService - ok
20:34:54.0411 3692 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:34:54.0614 3692 dot3svc - ok
20:34:54.0723 3692 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:34:55.0035 3692 DPS - ok
20:34:55.0066 3692 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:34:55.0082 3692 drmkaud - ok
20:34:55.0300 3692 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:34:55.0550 3692 DXGKrnl - ok
20:34:55.0612 3692 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:34:55.0628 3692 EapHost - ok
20:34:56.0065 3692 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:34:56.0486 3692 ebdrv - ok
20:34:56.0595 3692 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:34:56.0735 3692 EFS - ok
20:34:56.0954 3692 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:34:57.0219 3692 ehRecvr - ok
20:34:57.0266 3692 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:34:57.0281 3692 ehSched - ok
20:34:57.0422 3692 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:34:57.0453 3692 elxstor - ok
20:34:57.0500 3692 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:34:57.0500 3692 ErrDev - ok
20:34:57.0687 3692 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:34:57.0703 3692 EventSystem - ok
20:34:57.0749 3692 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:34:57.0765 3692 exfat - ok
20:34:57.0812 3692 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:34:57.0812 3692 fastfat - ok
20:34:57.0983 3692 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:34:58.0124 3692 Fax - ok
20:34:58.0171 3692 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:34:58.0171 3692 fdc - ok
20:34:58.0264 3692 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:34:58.0280 3692 fdPHost - ok
20:34:58.0311 3692 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:34:58.0311 3692 FDResPub - ok
20:34:58.0342 3692 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:34:58.0342 3692 FileInfo - ok
20:34:58.0373 3692 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:34:58.0373 3692 Filetrace - ok
20:34:58.0405 3692 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:34:58.0420 3692 flpydisk - ok
20:34:58.0545 3692 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:34:58.0748 3692 FltMgr - ok
20:34:58.0935 3692 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
20:34:59.0029 3692 FontCache - ok
20:34:59.0122 3692 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:34:59.0216 3692 FontCache3.0.0.0 - ok
20:34:59.0247 3692 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:34:59.0247 3692 FsDepends - ok
20:34:59.0294 3692 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:34:59.0559 3692 Fs_Rec - ok
20:34:59.0621 3692 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:34:59.0746 3692 fvevol - ok
20:34:59.0777 3692 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:34:59.0793 3692 gagp30kx - ok
20:34:59.0809 3692 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:34:59.0902 3692 GEARAspiWDM - ok
20:34:59.0933 3692 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
20:35:00.0089 3692 GoToAssist - ok
20:35:00.0245 3692 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:35:00.0448 3692 gpsvc - ok
20:35:00.0511 3692 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:35:00.0526 3692 hcw85cir - ok
20:35:00.0620 3692 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:35:00.0713 3692 HdAudAddService - ok
20:35:00.0760 3692 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:35:00.0869 3692 HDAudBus - ok
20:35:00.0932 3692 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:35:00.0932 3692 HidBatt - ok
20:35:00.0963 3692 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:35:00.0963 3692 HidBth - ok
20:35:00.0963 3692 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:35:00.0979 3692 HidIr - ok
20:35:01.0010 3692 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
20:35:01.0025 3692 hidserv - ok
20:35:01.0088 3692 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
20:35:01.0228 3692 HidUsb - ok
20:35:01.0275 3692 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:35:01.0337 3692 hkmsvc - ok
20:35:01.0400 3692 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:35:01.0493 3692 HomeGroupListener - ok
20:35:01.0540 3692 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:35:01.0556 3692 HomeGroupProvider - ok
20:35:01.0634 3692 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:35:01.0790 3692 HpSAMD - ok
20:35:01.0837 3692 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:35:01.0930 3692 HTTP - ok
20:35:02.0024 3692 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:35:02.0133 3692 hwpolicy - ok
20:35:02.0195 3692 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:35:02.0211 3692 i8042prt - ok
20:35:02.0273 3692 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:35:02.0554 3692 iaStorV - ok
20:35:02.0726 3692 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:35:03.0022 3692 idsvc - ok
20:35:03.0490 3692 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
20:35:03.0740 3692 igfx - ok
20:35:03.0755 3692 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:35:03.0771 3692 iirsp - ok
20:35:03.0865 3692 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:35:03.0958 3692 IKEEXT - ok
20:35:04.0145 3692 [ 30CE3B186D3F661050BE6FED23D842BA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:35:04.0223 3692 IntcAzAudAddService - ok
20:35:04.0270 3692 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:35:04.0270 3692 intelide - ok
20:35:04.0333 3692 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:35:04.0348 3692 intelppm - ok
20:35:04.0411 3692 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:35:04.0426 3692 IPBusEnum - ok
20:35:04.0504 3692 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:35:04.0816 3692 IpFilterDriver - ok
20:35:04.0925 3692 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:35:05.0019 3692 iphlpsvc - ok
20:35:05.0066 3692 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:35:05.0315 3692 IPMIDRV - ok
20:35:05.0362 3692 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:35:05.0393 3692 IPNAT - ok
20:35:05.0534 3692 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:35:05.0768 3692 iPod Service - ok
20:35:05.0799 3692 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:35:05.0799 3692 IRENUM - ok
20:35:05.0846 3692 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:35:05.0861 3692 isapnp - ok
20:35:05.0924 3692 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:35:06.0095 3692 iScsiPrt - ok
20:35:06.0127 3692 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
20:35:06.0127 3692 kbdclass - ok
20:35:06.0173 3692 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:35:06.0267 3692 kbdhid - ok
20:35:06.0329 3692 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:35:06.0329 3692 KeyIso - ok
20:35:06.0407 3692 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:35:06.0485 3692 KSecDD - ok
20:35:06.0532 3692 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:35:06.0688 3692 KSecPkg - ok
20:35:06.0735 3692 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:35:06.0751 3692 ksthunk - ok
20:35:06.0860 3692 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:35:06.0891 3692 KtmRm - ok
20:35:06.0922 3692 [ 9DDC68B87A9B837736A2B193EE14A4A5 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
20:35:07.0031 3692 L1C - ok
20:35:07.0109 3692 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:35:07.0281 3692 LanmanServer - ok
20:35:07.0328 3692 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:35:07.0468 3692 LanmanWorkstation - ok
20:35:07.0515 3692 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:35:07.0515 3692 lltdio - ok
20:35:07.0624 3692 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:35:07.0640 3692 lltdsvc - ok
20:35:07.0655 3692 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:35:07.0671 3692 lmhosts - ok
20:35:07.0796 3692 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:35:07.0811 3692 LSI_FC - ok
20:35:07.0843 3692 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:35:07.0858 3692 LSI_SAS - ok
20:35:07.0858 3692 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:35:07.0874 3692 LSI_SAS2 - ok
20:35:07.0889 3692 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:35:07.0889 3692 LSI_SCSI - ok
20:35:07.0921 3692 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:35:07.0921 3692 luafv - ok
20:35:08.0030 3692 [ CEC4D9C0A64993F4F82FD77A84B21944 ] McAfeeEngineService C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
20:35:08.0170 3692 McAfeeEngineService - ok
20:35:08.0404 3692 [ 1B963D79740B187795407CD03E2F7B4D ] McAfeeFramework C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
20:35:08.0560 3692 McAfeeFramework - ok
20:35:08.0607 3692 [ 911A6416D429EE8A8804D44F2E181A31 ] McShield C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
20:35:08.0732 3692 McShield - ok
20:35:08.0841 3692 [ F199668780C3D208930257A7CE655C27 ] McTaskManager C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
20:35:09.0044 3692 McTaskManager - ok
20:35:09.0075 3692 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:35:09.0200 3692 Mcx2Svc - ok
20:35:09.0262 3692 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:35:09.0278 3692 megasas - ok
20:35:09.0309 3692 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:35:09.0340 3692 MegaSR - ok
20:35:09.0371 3692 [ 12AD015F8C2C109C6A74D25DA94607FE ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
20:35:09.0637 3692 mfeapfk - ok
20:35:09.0746 3692 [ DD17753AD5FA52F3BCD3B512934690C4 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
20:35:09.0855 3692 mfeavfk - ok
20:35:09.0886 3692 [ 3BA96B0584AD024F03EB9835D45619C2 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
20:35:09.0964 3692 mfehidk - ok
20:35:09.0980 3692 [ 158C24A8ED5F2CAB71A86FD775BC1727 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
20:35:10.0073 3692 mferkdet - ok
20:35:10.0089 3692 [ 6CFFF53E82808268DD61AB4790A36426 ] mfetdik C:\Windows\system32\drivers\mfetdik.sys
20:35:10.0214 3692 mfetdik - ok
20:35:10.0229 3692 [ BE9D3BF69F3958492B56DCE7EA7F5FA9 ] mfevtp C:\Windows\system32\mfevtps.exe
20:35:10.0464 3692 mfevtp - ok
20:35:10.0526 3692 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:35:10.0526 3692 MMCSS - ok
20:35:10.0604 3692 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:35:10.0666 3692 Modem - ok
20:35:10.0698 3692 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:35:10.0713 3692 monitor - ok
20:35:10.0776 3692 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
20:35:10.0791 3692 mouclass - ok
20:35:10.0885 3692 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:35:10.0900 3692 mouhid - ok
20:35:11.0088 3692 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:35:11.0259 3692 mountmgr - ok
20:35:11.0337 3692 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:35:11.0680 3692 mpio - ok
20:35:11.0758 3692 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:35:11.0774 3692 mpsdrv - ok
20:35:11.0977 3692 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:35:12.0148 3692 MpsSvc - ok
20:35:12.0211 3692 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:35:12.0320 3692 MRxDAV - ok
20:35:12.0414 3692 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:35:12.0523 3692 mrxsmb - ok
20:35:12.0632 3692 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:35:12.0913 3692 mrxsmb10 - ok
20:35:12.0960 3692 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:35:13.0194 3692 mrxsmb20 - ok
20:35:13.0240 3692 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:35:13.0724 3692 msahci - ok
20:35:13.0864 3692 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:35:14.0020 3692 msdsm - ok
20:35:14.0067 3692 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:35:14.0067 3692 MSDTC - ok
20:35:14.0192 3692 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:35:14.0192 3692 Msfs - ok
20:35:14.0223 3692 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:35:14.0239 3692 mshidkmdf - ok
20:35:14.0301 3692 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:35:14.0301 3692 msisadrv - ok
20:35:14.0582 3692 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:35:14.0676 3692 MSiSCSI - ok
20:35:14.0691 3692 msiserver - ok
20:35:14.0800 3692 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:35:14.0816 3692 MSKSSRV - ok
20:35:14.0847 3692 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:35:14.0863 3692 MSPCLOCK - ok
20:35:14.0894 3692 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:35:14.0894 3692 MSPQM - ok
20:35:15.0066 3692 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:35:15.0456 3692 MsRPC - ok
20:35:15.0518 3692 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:35:15.0518 3692 mssmbios - ok
20:35:15.0565 3692 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:35:15.0580 3692 MSTEE - ok
20:35:15.0658 3692 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:35:15.0674 3692 MTConfig - ok
20:35:15.0752 3692 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:35:15.0768 3692 Mup - ok
20:35:15.0877 3692 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:35:15.0892 3692 napagent - ok
20:35:15.0939 3692 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:35:15.0939 3692 NativeWifiP - ok
20:35:16.0204 3692 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
20:35:16.0828 3692 NDIS - ok
20:35:16.0922 3692 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:35:16.0938 3692 NdisCap - ok
20:35:16.0969 3692 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:35:16.0984 3692 NdisTapi - ok
20:35:17.0078 3692 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:35:17.0203 3692 Ndisuio - ok
20:35:17.0296 3692 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:35:17.0390 3692 NdisWan - ok
20:35:17.0437 3692 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:35:17.0686 3692 NDProxy - ok
20:35:17.0718 3692 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:35:17.0733 3692 NetBIOS - ok
20:35:17.0811 3692 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:35:17.0936 3692 NetBT - ok
20:35:17.0952 3692 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:35:17.0952 3692 Netlogon - ok
20:35:18.0092 3692 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:35:18.0108 3692 Netman - ok
20:35:18.0279 3692 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:35:18.0295 3692 netprofm - ok
20:35:18.0435 3692 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:35:18.0435 3692 NetTcpPortSharing - ok
20:35:18.0529 3692 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:35:18.0544 3692 nfrd960 - ok
20:35:18.0685 3692 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:35:18.0763 3692 NlaSvc - ok
20:35:18.0794 3692 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:35:18.0810 3692 Npfs - ok
20:35:18.0841 3692 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:35:18.0856 3692 nsi - ok
20:35:18.0903 3692 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:35:18.0919 3692 nsiproxy - ok
20:35:19.0012 3692 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:35:19.0200 3692 Ntfs - ok
20:35:19.0262 3692 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:35:19.0278 3692 Null - ok
20:35:19.0340 3692 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:35:19.0480 3692 nvraid - ok
20:35:19.0605 3692 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:35:19.0746 3692 nvstor - ok
20:35:19.0808 3692 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:35:19.0824 3692 nv_agp - ok
20:35:20.0026 3692 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:35:20.0214 3692 odserv - ok
20:35:20.0245 3692 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:35:20.0260 3692 ohci1394 - ok
20:35:20.0307 3692 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:35:20.0494 3692 ose - ok
20:35:20.0650 3692 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:35:20.0697 3692 p2pimsvc - ok
20:35:20.0806 3692 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:35:20.0884 3692 p2psvc - ok
20:35:20.0931 3692 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:35:20.0947 3692 Parport - ok
20:35:20.0994 3692 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:35:21.0118 3692 partmgr - ok
20:35:21.0290 3692 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:35:21.0321 3692 PcaSvc - ok
20:35:21.0368 3692 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:35:21.0368 3692 pci - ok
20:35:21.0399 3692 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:35:21.0399 3692 pciide - ok
20:35:21.0477 3692 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:35:21.0477 3692 pcmcia - ok
20:35:21.0493 3692 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:35:21.0508 3692 pcw - ok
20:35:21.0555 3692 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:35:21.0571 3692 PEAUTH - ok
20:35:21.0930 3692 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:35:21.0930 3692 PerfHost - ok
20:35:22.0086 3692 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:35:22.0460 3692 pla - ok
20:35:22.0663 3692 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:35:22.0834 3692 PlugPlay - ok
20:35:22.0990 3692 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:35:23.0006 3692 PNRPAutoReg - ok
20:35:23.0115 3692 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:35:23.0115 3692 PNRPsvc - ok
20:35:23.0334 3692 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:35:23.0427 3692 PolicyAgent - ok
20:35:23.0521 3692 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:35:23.0536 3692 Power - ok
20:35:23.0630 3692 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:35:23.0770 3692 PptpMiniport - ok
20:35:23.0864 3692 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:35:23.0880 3692 Processor - ok
20:35:23.0989 3692 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:35:24.0145 3692 ProfSvc - ok
20:35:24.0176 3692 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:35:24.0176 3692 ProtectedStorage - ok
20:35:24.0223 3692 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:35:24.0394 3692 Psched - ok
20:35:24.0457 3692 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
20:35:24.0628 3692 PxHlpa64 - ok
20:35:25.0081 3692 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:35:25.0221 3692 ql2300 - ok
20:35:25.0252 3692 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:35:25.0252 3692 ql40xx - ok
20:35:25.0346 3692 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:35:25.0377 3692 QWAVE - ok
20:35:25.0408 3692 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:35:25.0424 3692 QWAVEdrv - ok
20:35:25.0455 3692 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:35:25.0471 3692 RasAcd - ok
20:35:25.0502 3692 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:35:25.0518 3692 RasAgileVpn - ok
20:35:25.0564 3692 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:35:25.0580 3692 RasAuto - ok
20:35:25.0658 3692 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:35:25.0767 3692 Rasl2tp - ok
20:35:25.0923 3692 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:35:26.0126 3692 RasMan - ok
20:35:26.0204 3692 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:35:26.0220 3692 RasPppoe - ok
20:35:26.0266 3692 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:35:26.0266 3692 RasSstp - ok
20:35:26.0407 3692 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:35:26.0594 3692 rdbss - ok
20:35:26.0656 3692 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:35:26.0672 3692 rdpbus - ok
20:35:26.0703 3692 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:35:26.0719 3692 RDPCDD - ok
20:35:26.0766 3692 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:35:26.0781 3692 RDPENCDD - ok
20:35:26.0844 3692 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:35:26.0844 3692 RDPREFMP - ok
20:35:26.0906 3692 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:35:27.0078 3692 RDPWD - ok
20:35:27.0218 3692 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:35:27.0390 3692 rdyboost - ok
20:35:27.0499 3692 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:35:27.0514 3692 RemoteAccess - ok
20:35:27.0561 3692 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:35:27.0577 3692 RemoteRegistry - ok
20:35:27.0655 3692 [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
20:35:27.0858 3692 RimUsb - ok
20:35:27.0936 3692 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:35:27.0951 3692 RpcEptMapper - ok
20:35:28.0029 3692 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:35:28.0060 3692 RpcLocator - ok
20:35:28.0170 3692 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:35:28.0170 3692 RpcSs - ok
20:35:28.0232 3692 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:35:28.0248 3692 rspndr - ok
20:35:28.0341 3692 [ 30F463768D5143BFD7B2DF822B53CF4D ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
20:35:28.0450 3692 RSUSBSTOR - ok
20:35:28.0513 3692 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:35:28.0513 3692 SamSs - ok
20:35:28.0591 3692 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:35:28.0778 3692 sbp2port - ok
20:35:28.0872 3692 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:35:28.0887 3692 SCardSvr - ok
20:35:28.0950 3692 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:35:29.0137 3692 scfilter - ok
20:35:29.0308 3692 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:35:29.0542 3692 Schedule - ok
20:35:29.0589 3692 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:35:29.0589 3692 SCPolicySvc - ok
20:35:29.0761 3692 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:35:29.0901 3692 SDRSVC - ok
20:35:30.0088 3692 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
20:35:30.0291 3692 SeaPort - ok
20:35:30.0400 3692 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:35:30.0416 3692 secdrv - ok
20:35:30.0510 3692 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:35:30.0634 3692 seclogon - ok
20:35:30.0712 3692 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
20:35:30.0728 3692 SENS - ok
20:35:30.0775 3692 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:35:30.0775 3692 SensrSvc - ok
20:35:30.0853 3692 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:35:30.0868 3692 Serenum - ok
20:35:30.0884 3692 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:35:30.0884 3692 Serial - ok
20:35:30.0978 3692 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:35:30.0993 3692 sermouse - ok
20:35:31.0087 3692 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:35:31.0274 3692 SessionEnv - ok
20:35:31.0399 3692 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:35:31.0399 3692 sffdisk - ok
20:35:31.0477 3692 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:35:31.0477 3692 sffp_mmc - ok
20:35:31.0524 3692 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:35:31.0664 3692 sffp_sd - ok
20:35:31.0695 3692 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:35:31.0711 3692 sfloppy - ok
20:35:32.0023 3692 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
20:35:32.0163 3692 SftService - ok
20:35:32.0194 3692 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:35:32.0210 3692 SharedAccess - ok
20:35:32.0272 3692 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:35:32.0413 3692 ShellHWDetection - ok
20:35:32.0491 3692 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:35:32.0506 3692 SiSRaid2 - ok
20:35:32.0803 3692 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:35:32.0896 3692 SiSRaid4 - ok
20:35:32.0928 3692 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:35:32.0943 3692 Smb - ok
20:35:33.0177 3692 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:35:33.0193 3692 SNMPTRAP - ok
20:35:33.0411 3692 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:35:33.0427 3692 spldr - ok
20:35:33.0879 3692 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
20:35:34.0113 3692 Spooler - ok
20:35:34.0878 3692 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:35:34.0924 3692 sppsvc - ok
20:35:34.0987 3692 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:35:35.0018 3692 sppuinotify - ok
20:35:35.0096 3692 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:35:35.0252 3692 srv - ok
20:35:35.0426 3692 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:35:35.0613 3692 srv2 - ok
20:35:35.0660 3692 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:35:35.0784 3692 srvnet - ok
20:35:35.0925 3692 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:35:35.0940 3692 SSDPSRV - ok
20:35:36.0003 3692 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:35:36.0003 3692 SstpSvc - ok
20:35:36.0096 3692 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:35:36.0112 3692 stexstor - ok
20:35:36.0159 3692 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:35:36.0237 3692 stisvc - ok
20:35:36.0268 3692 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
20:35:36.0268 3692 swenum - ok
20:35:36.0346 3692 [ BA41A448446FDF839A32E27A8DCB7C9D ] SWGVCSvc C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
20:35:36.0471 3692 SWGVCSvc - ok
20:35:36.0518 3692 [ 1E036F98E6C780DD7669F516E8BE0CEA ] SWIPsec C:\Windows\system32\Drivers\SWIPsec.sys
20:35:36.0611 3692 SWIPsec - ok
20:35:36.0642 3692 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:35:36.0658 3692 swprv - ok
20:35:36.0705 3692 [ DCF11E08A8524B19EC47515C22BE492E ] SWVNIC C:\Windows\system32\DRIVERS\swvnic.sys
20:35:36.0876 3692 SWVNIC - ok
20:35:36.0954 3692 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:35:37.0001 3692 SysMain - ok
20:35:37.0469 3692 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:35:38.0078 3692 TabletInputService - ok
20:35:38.0109 3692 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:35:38.0171 3692 TapiSrv - ok
20:35:38.0218 3692 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:35:38.0218 3692 TBS - ok
20:35:38.0296 3692 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:35:38.0405 3692 Tcpip - ok
20:35:38.0436 3692 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:35:38.0436 3692 TCPIP6 - ok
20:35:38.0483 3692 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:35:38.0546 3692 tcpipreg - ok
20:35:38.0577 3692 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:35:38.0592 3692 TDPIPE - ok
20:35:38.0624 3692 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:35:38.0702 3692 TDTCP - ok
20:35:38.0748 3692 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:35:38.0842 3692 tdx - ok
20:35:38.0873 3692 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:35:38.0920 3692 TermDD - ok
20:35:38.0982 3692 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:35:39.0060 3692 TermService - ok
20:35:39.0092 3692 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:35:39.0092 3692 Themes - ok
20:35:39.0107 3692 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:35:39.0107 3692 THREADORDER - ok
20:35:39.0123 3692 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:35:39.0138 3692 TrkWks - ok
20:35:39.0216 3692 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:35:39.0310 3692 TrustedInstaller - ok
20:35:39.0341 3692 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:35:39.0435 3692 tssecsrv - ok
20:35:39.0497 3692 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:35:39.0591 3692 TsUsbFlt - ok
20:35:39.0684 3692 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:35:39.0747 3692 tunnel - ok
20:35:40.0480 3692 [ 7694DCA064D0B7E0D1A6972BB9C71B39 ] tvnserver C:\Users\LAStone\AppData\Local\CrossLoop\tvnserver.exe
20:35:40.0620 3692 tvnserver - ok
20:35:40.0714 3692 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:35:40.0730 3692 uagp35 - ok
20:35:40.0839 3692 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:35:40.0964 3692 udfs - ok
20:35:40.0995 3692 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:35:40.0995 3692 UI0Detect - ok
20:35:41.0026 3692 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:35:41.0026 3692 uliagpkx - ok
20:35:41.0057 3692 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
20:35:41.0260 3692 umbus - ok
20:35:41.0338 3692 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:35:41.0338 3692 UmPass - ok
20:35:41.0385 3692 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:35:41.0400 3692 upnphost - ok
20:35:41.0463 3692 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
20:35:41.0666 3692 USBAAPL64 - ok
20:35:41.0744 3692 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:35:41.0822 3692 usbccgp - ok
20:35:41.0915 3692 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:35:41.0931 3692 usbcir - ok
20:35:42.0009 3692 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:35:42.0243 3692 usbehci - ok
20:35:42.0274 3692 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:35:42.0383 3692 usbhub - ok
20:35:42.0414 3692 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:35:42.0508 3692 usbohci - ok
20:35:42.0555 3692 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:35:42.0555 3692 usbprint - ok
20:35:42.0664 3692 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:35:42.0851 3692 USBSTOR - ok
20:35:42.0898 3692 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:35:42.0914 3692 usbuhci - ok
20:35:42.0960 3692 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
20:35:43.0116 3692 usbvideo - ok
20:35:43.0163 3692 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:35:43.0163 3692 UxSms - ok
20:35:43.0194 3692 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:35:43.0194 3692 VaultSvc - ok
20:35:43.0241 3692 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:35:43.0257 3692 vdrvroot - ok
20:35:43.0319 3692 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:35:43.0444 3692 vds - ok
20:35:43.0522 3692 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:35:43.0538 3692 vga - ok
20:35:43.0553 3692 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:35:43.0569 3692 VgaSave - ok
20:35:43.0631 3692 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:35:43.0787 3692 vhdmp - ok
20:35:43.0834 3692 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:35:43.0834 3692 viaide - ok
20:35:43.0881 3692 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:35:44.0068 3692 volmgr - ok
20:35:44.0115 3692 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:35:44.0271 3692 volmgrx - ok
20:35:44.0302 3692 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:35:44.0442 3692 volsnap - ok
20:35:44.0474 3692 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:35:44.0474 3692 vsmraid - ok
20:35:44.0552 3692 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:35:44.0832 3692 VSS - ok
20:35:44.0864 3692 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:35:44.0879 3692 vwifibus - ok
20:35:44.0910 3692 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:35:44.0910 3692 vwififlt - ok
20:35:44.0957 3692 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:35:44.0973 3692 W32Time - ok
20:35:45.0004 3692 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:35:45.0020 3692 WacomPen - ok
20:35:45.0051 3692 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:35:45.0113 3692 WANARP - ok
20:35:45.0129 3692 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:35:45.0129 3692 Wanarpv6 - ok
20:35:45.0191 3692 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:35:45.0347 3692 WatAdminSvc - ok
20:35:45.0394 3692 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:35:45.0503 3692 wbengine - ok
20:35:45.0550 3692 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:35:45.0566 3692 WbioSrvc - ok
20:35:45.0644 3692 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:35:45.0815 3692 wcncsvc - ok
20:35:45.0878 3692 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:35:45.0878 3692 WcsPlugInService - ok
20:35:45.0909 3692 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:35:45.0909 3692 Wd - ok
20:35:45.0940 3692 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:35:45.0956 3692 Wdf01000 - ok
20:35:46.0002 3692 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:35:46.0002 3692 WdiServiceHost - ok
20:35:46.0018 3692 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:35:46.0018 3692 WdiSystemHost - ok
20:35:46.0096 3692 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:35:46.0190 3692 WebClient - ok
20:35:46.0330 3692 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:35:46.0361 3692 Wecsvc - ok
20:35:46.0408 3692 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:35:46.0424 3692 wercplsupport - ok
20:35:46.0486 3692 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:35:46.0502 3692 WerSvc - ok
20:35:46.0548 3692 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:35:46.0564 3692 WfpLwf - ok
20:35:46.0673 3692 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
20:35:46.0829 3692 WimFltr - ok
20:35:46.0860 3692 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:35:46.0876 3692 WIMMount - ok
20:35:46.0892 3692 WinDefend - ok
20:35:46.0892 3692 WinHttpAutoProxySvc - ok
20:35:46.0954 3692 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:35:46.0970 3692 Winmgmt - ok
20:35:47.0063 3692 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:35:47.0235 3692 WinRM - ok
20:35:47.0297 3692 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:35:47.0438 3692 WinUsb - ok
20:35:47.0500 3692 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:35:47.0516 3692 Wlansvc - ok
20:35:47.0703 3692 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:35:47.0812 3692 wlidsvc - ok
20:35:47.0843 3692 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:35:47.0843 3692 WmiAcpi - ok
20:35:47.0890 3692 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:35:47.0906 3692 wmiApSrv - ok
20:35:47.0937 3692 WMPNetworkSvc - ok
20:35:47.0999 3692 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:35:48.0015 3692 WPCSvc - ok
20:35:48.0062 3692 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:35:48.0155 3692 WPDBusEnum - ok
20:35:48.0186 3692 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:35:48.0202 3692 ws2ifsl - ok
20:35:48.0218 3692 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
20:35:48.0218 3692 wscsvc - ok
20:35:48.0233 3692 WSearch - ok
20:35:48.0327 3692 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:35:48.0374 3692 wuauserv - ok
20:35:48.0389 3692 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:35:48.0514 3692 WudfPf - ok
20:35:48.0561 3692 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:35:48.0639 3692 WUDFRd - ok
20:35:48.0701 3692 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:35:48.0810 3692 wudfsvc - ok
20:35:48.0826 3692 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:35:48.0842 3692 WwanSvc - ok
20:35:48.0873 3692 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
20:35:48.0888 3692 yukonw7 - ok
20:35:48.0904 3692 ================ Scan global ===============================
20:35:49.0013 3692 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:35:49.0076 3692 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
20:35:49.0232 3692 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
20:35:49.0278 3692 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:35:49.0325 3692 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:35:49.0356 3692 [Global] - ok
20:35:49.0356 3692 ================ Scan MBR ==================================
20:35:49.0372 3692 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:35:49.0372 3692 Suspicious mbr (Forged): \Device\Harddisk0\DR0
20:35:49.0419 3692 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
20:35:49.0419 3692 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
20:35:49.0434 3692 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
20:35:49.0450 3692 \Device\Harddisk1\DR1 - ok
20:35:49.0450 3692 ================ Scan VBR ==================================
20:35:49.0466 3692 [ B4A651EA79A9998884DA67ECFFB5E2E7 ] \Device\Harddisk0\DR0\Partition1
20:35:49.0466 3692 \Device\Harddisk0\DR0\Partition1 - ok
20:35:49.0497 3692 [ F206A17465073A083149195A257B8102 ] \Device\Harddisk0\DR0\Partition2
20:35:49.0497 3692 \Device\Harddisk0\DR0\Partition2 - ok
20:35:49.0512 3692 [ E0ED63B0B321BD2D4EC23733EC14B4F5 ] \Device\Harddisk1\DR1\Partition1
20:35:49.0512 3692 \Device\Harddisk1\DR1\Partition1 - ok
20:35:49.0512 3692 ============================================================
20:35:49.0512 3692 Scan finished
20:35:49.0512 3692 ============================================================
20:35:49.0528 3448 Detected object count: 1
20:35:49.0528 3448 Actual detected object count: 1
20:36:33.0504 3448 \Device\Harddisk0\DR0\# - copied to quarantine
20:36:33.0520 3448 \Device\Harddisk0\DR0 - copied to quarantine
20:36:33.0801 3448 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
20:36:33.0816 3448 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
20:36:33.0832 3448 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
20:36:33.0848 3448 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
20:36:33.0848 3448 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
20:36:33.0894 3448 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
20:36:34.0300 3448 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
20:36:34.0565 3448 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
20:36:34.0752 3448 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
20:36:34.0877 3448 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
20:36:35.0642 3448 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
20:36:35.0829 3448 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
20:36:36.0266 3448 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
20:36:36.0624 3448 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
20:36:36.0718 3448 \Device\Harddisk0\DR0\TDLFS\tdi32 - copied to quarantine
20:36:36.0858 3448 \Device\Harddisk0\DR0\TDLFS\tdi64 - copied to quarantine
20:36:36.0999 3448 \Device\Harddisk0\DR0\TDLFS\main1 - copied to quarantine
20:36:37.0030 3448 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
20:36:37.0061 3448 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
20:36:37.0124 3448 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
20:36:37.0170 3448 \Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine
20:36:37.0670 3448 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
20:36:37.0810 3448 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
20:36:57.0653 3448 \Device\Harddisk0\DR0\TDLFS\serf364 - copied to quarantine
20:36:57.0809 3448 \Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine
20:36:57.0934 3448 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
20:36:58.0184 3448 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
20:36:58.0277 3448 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
20:36:58.0308 3448 \Device\Harddisk0\DR0 - ok
20:36:59.0166 3448 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure

Edited by Farbar, 19 September 2012 - 01:44 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users