Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win64/Patched.B.Gen trojan in svchost and services.exe


  • This topic is locked This topic is locked
6 replies to this topic

#1 Zyfell

Zyfell

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 08 October 2012 - 09:39 PM

Last week I started noticing my pc was acting odd, So I ran malwarebytes with the free trial. I noticed a notification would pop up every few seconds indicating it blocked an outgoing connection to a malicious site.
ESET also picked up that a trojan was acting from service.exe and svchost. The ESET popups have since stopped, but malwarebytes still pops up those notifications. I am running on windows 7 x64
I am unsure on what to do next so I have come here to request for some assistance. Thanks in advance to anybody willing to help.

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:50 PM

Posted 10 October 2012 - 10:34 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

I have identified a bad ZeroAccess infection.
Lets start with these scans.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 Zyfell

Zyfell
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 10 October 2012 - 10:59 AM

Hello, Nasdaq, Thank you for taking the time to help me resolve this. Here are the logs as per your instructions.

08:41:01.0981 1484 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
08:41:02.0727 1484 ============================================================
08:41:02.0727 1484 Current date / time: 2012/10/10 08:41:02.0727
08:41:02.0727 1484 SystemInfo:
08:41:02.0727 1484
08:41:02.0727 1484 OS Version: 6.1.7600 ServicePack: 0.0
08:41:02.0727 1484 Product type: Workstation
08:41:02.0727 1484 ComputerName: AFFHAZARD
08:41:02.0727 1484 UserName: Zyfell
08:41:02.0727 1484 Windows directory: C:\Windows
08:41:02.0727 1484 System windows directory: C:\Windows
08:41:02.0727 1484 Running under WOW64
08:41:02.0727 1484 Processor architecture: Intel x64
08:41:02.0727 1484 Number of processors: 2
08:41:02.0727 1484 Page size: 0x1000
08:41:02.0727 1484 Boot type: Normal boot
08:41:02.0728 1484 ============================================================
08:41:04.0646 1484 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:41:04.0653 1484 Drive \Device\Harddisk1\DR1 - Size: 0x1DCD80000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:41:04.0656 1484 ============================================================
08:41:04.0656 1484 \Device\Harddisk0\DR0:
08:41:04.0656 1484 MBR partitions:
08:41:04.0656 1484 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74706000
08:41:04.0656 1484 \Device\Harddisk1\DR1:
08:41:04.0656 1484 MBR partitions:
08:41:04.0656 1484 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xEE6000
08:41:04.0656 1484 ============================================================
08:41:04.0671 1484 C: <-> \Device\Harddisk0\DR0\Partition1
08:41:04.0711 1484 ============================================================
08:41:04.0712 1484 Initialize success
08:41:04.0712 1484 ============================================================
08:41:43.0669 1348 ============================================================
08:41:43.0669 1348 Scan started
08:41:43.0669 1348 Mode: Manual;
08:41:43.0669 1348 ============================================================
08:41:45.0078 1348 ================ Scan system memory ========================
08:41:45.0078 1348 System memory - ok
08:41:45.0078 1348 ================ Scan services =============================
08:41:45.0266 1348 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
08:41:45.0290 1348 1394ohci - ok
08:41:45.0307 1348 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
08:41:45.0323 1348 ACPI - ok
08:41:45.0337 1348 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
08:41:45.0352 1348 AcpiPmi - ok
08:41:45.0372 1348 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
08:41:45.0414 1348 adp94xx - ok
08:41:45.0436 1348 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
08:41:45.0479 1348 adpahci - ok
08:41:45.0490 1348 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
08:41:45.0497 1348 adpu320 - ok
08:41:45.0532 1348 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:41:45.0534 1348 AeLookupSvc - ok
08:41:45.0575 1348 [ 6EF20DDF3172E97D69F596FB90602F29 ] AFD C:\Windows\system32\drivers\afd.sys
08:41:45.0582 1348 AFD - ok
08:41:45.0591 1348 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
08:41:45.0613 1348 agp440 - ok
08:41:45.0761 1348 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll
08:41:45.0761 1348 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
08:41:45.0773 1348 Akamai ( HiddenFile.Multi.Generic ) - warning
08:41:45.0774 1348 Akamai - detected HiddenFile.Multi.Generic (1)
08:41:45.0807 1348 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
08:41:45.0810 1348 ALG - ok
08:41:45.0816 1348 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
08:41:45.0832 1348 aliide - ok
08:41:45.0892 1348 [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
08:41:45.0899 1348 AMD External Events Utility - ok
08:41:45.0970 1348 AMD FUEL Service - ok
08:41:45.0976 1348 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
08:41:45.0992 1348 amdide - ok
08:41:46.0012 1348 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
08:41:46.0035 1348 amdiox64 - ok
08:41:46.0051 1348 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
08:41:46.0074 1348 AmdK8 - ok
08:41:46.0231 1348 [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
08:41:46.0434 1348 amdkmdag - ok
08:41:46.0459 1348 [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
08:41:46.0489 1348 amdkmdap - ok
08:41:46.0502 1348 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
08:41:46.0518 1348 AmdPPM - ok
08:41:46.0547 1348 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
08:41:46.0576 1348 amdsata - ok
08:41:46.0590 1348 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
08:41:46.0609 1348 amdsbs - ok
08:41:46.0624 1348 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
08:41:46.0639 1348 amdxata - ok
08:41:46.0669 1348 [ 71AFF825B960731E2AE366467BC0D1F3 ] Amfilter C:\Windows\system32\DRIVERS\Amfltx64.sys
08:41:46.0685 1348 Amfilter - ok
08:41:46.0715 1348 [ B3EA36A68F359A0883919B7EDC7AC5D2 ] Amps2prt C:\Windows\system32\DRIVERS\Amps2x64.sys
08:41:46.0733 1348 Amps2prt - ok
08:41:46.0762 1348 [ 8F1DB3D133197AFFA3A721953EB0988C ] Amusbprt C:\Windows\system32\DRIVERS\Amusbx64.sys
08:41:46.0778 1348 Amusbprt - ok
08:41:46.0813 1348 AODDriver2 - ok
08:41:46.0912 1348 [ 03FBB7C5EA4EF153F10282614B9771CB ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
08:41:46.0918 1348 AppHostSvc - ok
08:41:46.0925 1348 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
08:41:46.0957 1348 AppID - ok
08:41:46.0986 1348 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
08:41:46.0989 1348 AppIDSvc - ok
08:41:47.0000 1348 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
08:41:47.0009 1348 Appinfo - ok
08:41:47.0025 1348 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
08:41:47.0032 1348 AppMgmt - ok
08:41:47.0044 1348 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
08:41:47.0061 1348 arc - ok
08:41:47.0067 1348 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
08:41:47.0073 1348 arcsas - ok
08:41:47.0211 1348 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:41:47.0238 1348 aspnet_state - ok
08:41:47.0256 1348 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:41:47.0278 1348 AsyncMac - ok
08:41:47.0291 1348 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
08:41:47.0292 1348 atapi - ok
08:41:47.0353 1348 [ 36322190763845975E0D001E90687BF2 ] athur C:\Windows\system32\DRIVERS\athurx.sys
08:41:47.0387 1348 athur - ok
08:41:47.0422 1348 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
08:41:47.0439 1348 AtiHDAudioService - ok
08:41:47.0466 1348 [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
08:41:47.0470 1348 AtiHdmiService - ok
08:41:47.0489 1348 [ 09149D03629A44F4773E621C432D1D89 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
08:41:47.0510 1348 atksgt - ok
08:41:47.0551 1348 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:41:47.0562 1348 AudioEndpointBuilder - ok
08:41:47.0584 1348 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
08:41:47.0589 1348 AudioSrv - ok
08:41:47.0600 1348 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
08:41:47.0603 1348 AxInstSV - ok
08:41:47.0621 1348 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
08:41:47.0631 1348 b06bdrv - ok
08:41:47.0649 1348 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
08:41:47.0668 1348 b57nd60a - ok
08:41:47.0683 1348 BCMH43XX - ok
08:41:47.0695 1348 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
08:41:47.0698 1348 BDESVC - ok
08:41:47.0712 1348 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
08:41:47.0715 1348 Beep - ok
08:41:47.0757 1348 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
08:41:47.0767 1348 BFE - ok
08:41:47.0807 1348 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
08:41:47.0950 1348 BITS - ok
08:41:47.0970 1348 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
08:41:47.0997 1348 blbdrive - ok
08:41:48.0033 1348 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:41:48.0061 1348 bowser - ok
08:41:48.0074 1348 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:41:48.0077 1348 BrFiltLo - ok
08:41:48.0088 1348 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:41:48.0090 1348 BrFiltUp - ok
08:41:48.0106 1348 [ 5C2F352A4E961D72518261257AAE204B ] Bridge C:\Windows\system32\DRIVERS\bridge.sys
08:41:48.0121 1348 Bridge - ok
08:41:48.0126 1348 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
08:41:48.0128 1348 BridgeMP - ok
08:41:48.0145 1348 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
08:41:48.0149 1348 Browser - ok
08:41:48.0173 1348 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
08:41:48.0194 1348 Brserid - ok
08:41:48.0218 1348 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
08:41:48.0242 1348 BrSerWdm - ok
08:41:48.0254 1348 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
08:41:48.0269 1348 BrUsbMdm - ok
08:41:48.0283 1348 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
08:41:48.0286 1348 BrUsbSer - ok
08:41:48.0299 1348 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
08:41:48.0315 1348 BTHMODEM - ok
08:41:48.0334 1348 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
08:41:48.0337 1348 bthserv - ok
08:41:48.0353 1348 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:41:48.0362 1348 cdfs - ok
08:41:48.0369 1348 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
08:41:48.0398 1348 cdrom - ok
08:41:48.0428 1348 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
08:41:48.0436 1348 CertPropSvc - ok
08:41:48.0452 1348 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
08:41:48.0455 1348 circlass - ok
08:41:48.0466 1348 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
08:41:48.0474 1348 CLFS - ok
08:41:48.0542 1348 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:41:48.0547 1348 clr_optimization_v2.0.50727_32 - ok
08:41:48.0603 1348 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:41:48.0607 1348 clr_optimization_v2.0.50727_64 - ok
08:41:48.0662 1348 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:41:48.0706 1348 clr_optimization_v4.0.30319_32 - ok
08:41:48.0728 1348 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:41:48.0757 1348 clr_optimization_v4.0.30319_64 - ok
08:41:48.0776 1348 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
08:41:48.0792 1348 CmBatt - ok
08:41:48.0798 1348 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
08:41:48.0813 1348 cmdide - ok
08:41:48.0846 1348 [ 937BEB186A735ACA91D717044A49D17E ] CNG C:\Windows\system32\Drivers\cng.sys
08:41:48.0873 1348 CNG - ok
08:41:48.0884 1348 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
08:41:48.0911 1348 Compbatt - ok
08:41:48.0917 1348 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
08:41:48.0921 1348 CompositeBus - ok
08:41:48.0927 1348 COMSysApp - ok
08:41:48.0963 1348 [ B9BE50FEDB366B958AE5F3BC19A20D2B ] cpuz133 C:\Windows\system32\drivers\cpuz133_x64.sys
08:41:48.0973 1348 cpuz133 - ok
08:41:48.0985 1348 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
08:41:48.0988 1348 crcdisk - ok
08:41:49.0029 1348 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:41:49.0043 1348 CryptSvc - ok
08:41:49.0067 1348 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
08:41:49.0079 1348 CSC - ok
08:41:49.0102 1348 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
08:41:49.0112 1348 CscService - ok
08:41:49.0192 1348 [ 914A7156B0C0F10BE645A02E13F576B2 ] DAUpdaterSvc C:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
08:41:49.0195 1348 DAUpdaterSvc - ok
08:41:49.0239 1348 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
08:41:49.0251 1348 DcomLaunch - ok
08:41:49.0268 1348 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
08:41:49.0275 1348 defragsvc - ok
08:41:49.0309 1348 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:41:49.0314 1348 DfsC - ok
08:41:49.0326 1348 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
08:41:49.0341 1348 Dhcp - ok
08:41:49.0355 1348 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
08:41:49.0356 1348 discache - ok
08:41:49.0390 1348 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
08:41:49.0406 1348 Disk - ok
08:41:49.0445 1348 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:41:49.0452 1348 Dnscache - ok
08:41:49.0483 1348 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
08:41:49.0490 1348 dot3svc - ok
08:41:49.0503 1348 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
08:41:49.0507 1348 DPS - ok
08:41:49.0531 1348 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:41:49.0546 1348 drmkaud - ok
08:41:49.0586 1348 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:41:49.0602 1348 DXGKrnl - ok
08:41:49.0644 1348 [ 13533557D01B88C83110D5CF749F14D7 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
08:41:49.0651 1348 eamonm - ok
08:41:49.0674 1348 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
08:41:49.0683 1348 EapHost - ok
08:41:49.0749 1348 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
08:41:49.0820 1348 ebdrv - ok
08:41:49.0862 1348 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
08:41:49.0865 1348 EFS - ok
08:41:49.0888 1348 [ E097728129E7B79BF1089D7AEF42332B ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
08:41:49.0905 1348 ehdrv - ok
08:41:49.0973 1348 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:41:49.0989 1348 ehRecvr - ok
08:41:50.0004 1348 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
08:41:50.0007 1348 ehSched - ok
08:41:50.0112 1348 [ F0EEBAC2F362AA866188A1C0EF819CB9 ] ekrn C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
08:41:50.0125 1348 ekrn - ok
08:41:50.0144 1348 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
08:41:50.0156 1348 elxstor - ok
08:41:50.0170 1348 [ 198C6FBC30BBD9632EA051203DCCF204 ] epfw C:\Windows\system32\DRIVERS\epfw.sys
08:41:50.0178 1348 epfw - ok
08:41:50.0202 1348 [ 56DE463F517710A8AA44EEF82C35B3C9 ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys
08:41:50.0231 1348 EpfwLWF - ok
08:41:50.0261 1348 [ 710B0442BB2F99278D7B8E02A8849C11 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys
08:41:50.0277 1348 epfwwfp - ok
08:41:50.0310 1348 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
08:41:50.0325 1348 ErrDev - ok
08:41:50.0377 1348 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
08:41:50.0386 1348 EventSystem - ok
08:41:50.0418 1348 [ A0539478593A00AA64E600CF7E19F195 ] EvolveVirtualAdapter C:\Windows\system32\DRIVERS\evolve.sys
08:41:50.0422 1348 EvolveVirtualAdapter - ok
08:41:50.0442 1348 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
08:41:50.0476 1348 exfat - ok
08:41:50.0495 1348 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:41:50.0534 1348 fastfat - ok
08:41:50.0560 1348 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
08:41:50.0578 1348 Fax - ok
08:41:50.0584 1348 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
08:41:50.0611 1348 fdc - ok
08:41:50.0621 1348 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
08:41:50.0624 1348 fdPHost - ok
08:41:50.0638 1348 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
08:41:50.0641 1348 FDResPub - ok
08:41:50.0658 1348 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:41:50.0674 1348 FileInfo - ok
08:41:50.0685 1348 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:41:50.0705 1348 Filetrace - ok
08:41:50.0719 1348 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
08:41:50.0730 1348 flpydisk - ok
08:41:50.0740 1348 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:41:50.0759 1348 FltMgr - ok
08:41:50.0802 1348 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
08:41:50.0835 1348 FontCache - ok
08:41:50.0915 1348 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:41:50.0917 1348 FontCache3.0.0.0 - ok
08:41:50.0947 1348 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
08:41:50.0964 1348 FsDepends - ok
08:41:50.0969 1348 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:41:50.0985 1348 Fs_Rec - ok
08:41:51.0002 1348 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:41:51.0005 1348 fvevol - ok
08:41:51.0023 1348 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
08:41:51.0064 1348 gagp30kx - ok
08:41:51.0088 1348 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
08:41:51.0104 1348 gpsvc - ok
08:41:51.0201 1348 GPU-Z - ok
08:41:51.0263 1348 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
08:41:51.0272 1348 gusvc - ok
08:41:51.0297 1348 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
08:41:51.0326 1348 hamachi - ok
08:41:51.0344 1348 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
08:41:51.0347 1348 hcw85cir - ok
08:41:51.0376 1348 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:41:51.0392 1348 HdAudAddService - ok
08:41:51.0407 1348 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
08:41:51.0417 1348 HDAudBus - ok
08:41:51.0427 1348 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
08:41:51.0455 1348 HidBatt - ok
08:41:51.0465 1348 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
08:41:51.0482 1348 HidBth - ok
08:41:51.0487 1348 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
08:41:51.0516 1348 HidIr - ok
08:41:51.0530 1348 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
08:41:51.0543 1348 hidserv - ok
08:41:51.0553 1348 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
08:41:51.0568 1348 HidUsb - ok
08:41:51.0596 1348 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:41:51.0600 1348 hkmsvc - ok
08:41:51.0619 1348 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:41:51.0626 1348 HomeGroupListener - ok
08:41:51.0653 1348 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:41:51.0658 1348 HomeGroupProvider - ok
08:41:51.0698 1348 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
08:41:51.0986 1348 HpSAMD - ok
08:41:52.0012 1348 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:41:52.0022 1348 HTTP - ok
08:41:52.0054 1348 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
08:41:52.0054 1348 hwpolicy - ok
08:41:52.0065 1348 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
08:41:52.0087 1348 i8042prt - ok
08:41:52.0129 1348 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
08:41:52.0154 1348 iaStorV - ok
08:41:52.0254 1348 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:41:52.0267 1348 idsvc - ok
08:41:52.0285 1348 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
08:41:52.0289 1348 iirsp - ok
08:41:52.0331 1348 [ E38700363287B9FD3C53D47FF2FB9F2D ] IISADMIN C:\Windows\system32\inetsrv\inetinfo.exe
08:41:52.0360 1348 IISADMIN - ok
08:41:52.0402 1348 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
08:41:52.0417 1348 IKEEXT - ok
08:41:52.0451 1348 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
08:41:52.0454 1348 intelide - ok
08:41:52.0471 1348 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:41:52.0487 1348 intelppm - ok
08:41:52.0504 1348 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:41:52.0516 1348 IPBusEnum - ok
08:41:52.0529 1348 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:41:52.0534 1348 IpFilterDriver - ok
08:41:52.0553 1348 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
08:41:52.0557 1348 IPMIDRV - ok
08:41:52.0569 1348 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
08:41:52.0589 1348 IPNAT - ok
08:41:52.0603 1348 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:41:52.0606 1348 IRENUM - ok
08:41:52.0622 1348 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
08:41:52.0637 1348 isapnp - ok
08:41:52.0651 1348 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
08:41:52.0671 1348 iScsiPrt - ok
08:41:52.0688 1348 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
08:41:52.0691 1348 kbdclass - ok
08:41:52.0703 1348 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
08:41:52.0706 1348 kbdhid - ok
08:41:52.0720 1348 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
08:41:52.0721 1348 KeyIso - ok
08:41:52.0756 1348 [ 16C1B906FC5EAD84769F90B736B6BF0E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:41:52.0760 1348 KSecDD - ok
08:41:52.0772 1348 [ 0B711550C56444879D71C7DAABDA6C83 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
08:41:52.0778 1348 KSecPkg - ok
08:41:52.0824 1348 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
08:41:52.0839 1348 ksthunk - ok
08:41:52.0876 1348 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
08:41:52.0891 1348 KtmRm - ok
08:41:52.0926 1348 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
08:41:52.0932 1348 LanmanServer - ok
08:41:52.0961 1348 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:41:52.0984 1348 LanmanWorkstation - ok
08:41:53.0045 1348 [ 285954C6C6EF43B78AB84034750FAC6A ] libusb0 C:\Windows\system32\DRIVERS\libusb0.sys
08:41:53.0058 1348 libusb0 - ok
08:41:53.0069 1348 [ 5EA407821BB3104C31A705175AB4F309 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
08:41:53.0093 1348 lirsgt - ok
08:41:53.0105 1348 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:41:53.0121 1348 lltdio - ok
08:41:53.0156 1348 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:41:53.0166 1348 lltdsvc - ok
08:41:53.0193 1348 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:41:53.0195 1348 lmhosts - ok
08:41:53.0211 1348 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
08:41:53.0228 1348 LSI_FC - ok
08:41:53.0239 1348 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
08:41:53.0256 1348 LSI_SAS - ok
08:41:53.0270 1348 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:41:53.0288 1348 LSI_SAS2 - ok
08:41:53.0301 1348 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:41:53.0319 1348 LSI_SCSI - ok
08:41:53.0341 1348 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
08:41:53.0346 1348 luafv - ok
08:41:53.0367 1348 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
08:41:53.0382 1348 LVPr2M64 - ok
08:41:53.0407 1348 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys
08:41:53.0408 1348 LVPr2Mon - ok
08:41:53.0451 1348 [ A35679E56E78091E1042A2D7ADBF2958 ] LVPrcS64 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
08:41:53.0455 1348 LVPrcS64 - ok
08:41:53.0483 1348 [ 6562FCEE704F14C05F5338B147D67A16 ] LVUSBS64 C:\Windows\system32\DRIVERS\LVUSBS64.sys
08:41:53.0487 1348 LVUSBS64 - ok
08:41:53.0525 1348 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
08:41:53.0529 1348 MBAMProtector - ok
08:41:53.0582 1348 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
08:41:53.0589 1348 MBAMScheduler - ok
08:41:53.0615 1348 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
08:41:53.0625 1348 MBAMService - ok
08:41:53.0656 1348 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:41:53.0662 1348 Mcx2Svc - ok
08:41:53.0676 1348 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
08:41:53.0705 1348 megasas - ok
08:41:53.0722 1348 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
08:41:53.0755 1348 MegaSR - ok
08:41:53.0790 1348 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
08:41:53.0793 1348 MMCSS - ok
08:41:53.0809 1348 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
08:41:53.0813 1348 Modem - ok
08:41:53.0826 1348 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:41:53.0842 1348 monitor - ok
08:41:53.0859 1348 [ EB03D4164E7F10B601D280413655ADE4 ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
08:41:53.0866 1348 MotioninJoyXFilter - ok
08:41:53.0877 1348 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
08:41:53.0882 1348 mouclass - ok
08:41:53.0894 1348 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:41:53.0898 1348 mouhid - ok
08:41:53.0908 1348 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
08:41:53.0910 1348 mountmgr - ok
08:41:53.0956 1348 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:41:53.0962 1348 MozillaMaintenance - ok
08:41:53.0973 1348 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
08:41:53.0980 1348 mpio - ok
08:41:53.0995 1348 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:41:54.0011 1348 mpsdrv - ok
08:41:54.0059 1348 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
08:41:54.0071 1348 MpsSvc - ok
08:41:54.0098 1348 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:41:54.0103 1348 MRxDAV - ok
08:41:54.0131 1348 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:41:54.0149 1348 mrxsmb - ok
08:41:54.0164 1348 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:41:54.0171 1348 mrxsmb10 - ok
08:41:54.0186 1348 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:41:54.0211 1348 mrxsmb20 - ok
08:41:54.0223 1348 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
08:41:54.0239 1348 msahci - ok
08:41:54.0278 1348 [ A592A054D78750B4D73ABAA4C94DECDF ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe
08:41:54.0291 1348 MSCamSvc - ok
08:41:54.0302 1348 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
08:41:54.0320 1348 msdsm - ok
08:41:54.0344 1348 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
08:41:54.0352 1348 MSDTC - ok
08:41:54.0374 1348 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:41:54.0378 1348 Msfs - ok
08:41:54.0386 1348 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
08:41:54.0389 1348 mshidkmdf - ok
08:41:54.0423 1348 [ 55218F924E55FD2786ED40EDF4ED79C3 ] MSHUSBVideo C:\Windows\system32\Drivers\nx6000.sys
08:41:54.0454 1348 MSHUSBVideo - ok
08:41:54.0485 1348 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
08:41:54.0501 1348 msisadrv - ok
08:41:54.0527 1348 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:41:54.0535 1348 MSiSCSI - ok
08:41:54.0540 1348 msiserver - ok
08:41:54.0560 1348 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:41:54.0563 1348 MSKSSRV - ok
08:41:54.0607 1348 [ 103B3BBE23AB774B009D182276EC6786 ] msloop C:\Windows\system32\DRIVERS\loop.sys
08:41:54.0622 1348 msloop - ok
08:41:54.0635 1348 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:41:54.0638 1348 MSPCLOCK - ok
08:41:54.0650 1348 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:41:54.0666 1348 MSPQM - ok
08:41:54.0703 1348 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:41:54.0711 1348 MsRPC - ok
08:41:54.0725 1348 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
08:41:54.0729 1348 mssmbios - ok
08:41:54.0743 1348 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:41:54.0747 1348 MSTEE - ok
08:41:54.0768 1348 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
08:41:54.0771 1348 MTConfig - ok
08:41:54.0785 1348 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
08:41:54.0801 1348 Mup - ok
08:41:54.0834 1348 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
08:41:54.0846 1348 napagent - ok
08:41:54.0871 1348 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:41:54.0913 1348 NativeWifiP - ok
08:41:54.0946 1348 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
08:41:54.0960 1348 NDIS - ok
08:41:54.0975 1348 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
08:41:54.0991 1348 NdisCap - ok
08:41:55.0007 1348 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:41:55.0010 1348 NdisTapi - ok
08:41:55.0020 1348 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:41:55.0024 1348 Ndisuio - ok
08:41:55.0041 1348 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:41:55.0059 1348 NdisWan - ok
08:41:55.0073 1348 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:41:55.0089 1348 NDProxy - ok
08:41:55.0120 1348 [ 7E7410989ADB54F6A60BE9919AD2C71D ] Neo_VPN C:\Windows\system32\DRIVERS\Neo_0075.sys
08:41:55.0130 1348 Neo_VPN - ok
08:41:55.0146 1348 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:41:55.0161 1348 NetBIOS - ok
08:41:55.0187 1348 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
08:41:55.0190 1348 NetBT - ok
08:41:55.0203 1348 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
08:41:55.0205 1348 Netlogon - ok
08:41:55.0236 1348 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
08:41:55.0246 1348 Netman - ok
08:41:55.0281 1348 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:41:55.0292 1348 NetMsmqActivator - ok
08:41:55.0302 1348 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:41:55.0304 1348 NetPipeActivator - ok
08:41:55.0322 1348 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
08:41:55.0330 1348 netprofm - ok
08:41:55.0337 1348 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:41:55.0338 1348 NetTcpActivator - ok
08:41:55.0364 1348 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:41:55.0365 1348 NetTcpPortSharing - ok
08:41:55.0375 1348 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
08:41:55.0404 1348 nfrd960 - ok
08:41:55.0426 1348 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
08:41:55.0435 1348 NlaSvc - ok
08:41:55.0460 1348 NPF - ok
08:41:55.0478 1348 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:41:55.0494 1348 Npfs - ok
08:41:55.0526 1348 npggsvc - ok
08:41:55.0558 1348 [ 94698B25E88EA16F127246FC90F8B3C2 ] nrtap C:\Windows\system32\DRIVERS\nrtap.sys
08:41:55.0561 1348 nrtap - ok
08:41:55.0575 1348 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
08:41:55.0578 1348 nsi - ok
08:41:55.0591 1348 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:41:55.0592 1348 nsiproxy - ok
08:41:55.0654 1348 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:41:55.0714 1348 Ntfs - ok
08:41:55.0728 1348 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
08:41:55.0743 1348 Null - ok
08:41:55.0754 1348 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:41:55.0772 1348 nvraid - ok
08:41:55.0810 1348 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:41:55.0843 1348 nvstor - ok
08:41:55.0900 1348 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:41:55.0907 1348 odserv - ok
08:41:55.0928 1348 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
08:41:55.0944 1348 ohci1394 - ok
08:41:55.0960 1348 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:41:55.0981 1348 ose - ok
08:41:56.0103 1348 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:41:56.0185 1348 osppsvc - ok
08:41:56.0237 1348 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
08:41:56.0245 1348 p2pimsvc - ok
08:41:56.0284 1348 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
08:41:56.0293 1348 p2psvc - ok
08:41:56.0305 1348 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
08:41:56.0321 1348 Parport - ok
08:41:56.0336 1348 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:41:56.0352 1348 partmgr - ok
08:41:56.0363 1348 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
08:41:56.0369 1348 PcaSvc - ok
08:41:56.0391 1348 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
08:41:56.0394 1348 pci - ok
08:41:56.0409 1348 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
08:41:56.0425 1348 pciide - ok
08:41:56.0442 1348 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
08:41:56.0462 1348 pcmcia - ok
08:41:56.0469 1348 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
08:41:56.0485 1348 pcw - ok
08:41:56.0510 1348 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:41:56.0545 1348 PEAUTH - ok
08:41:56.0583 1348 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
08:41:56.0632 1348 PeerDistSvc - ok
08:41:56.0736 1348 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
08:41:56.0739 1348 PerfHost - ok
08:41:56.0783 1348 [ B47DEE29B5E6E1939567A926C7A3E6A4 ] PID_0928 C:\Windows\system32\DRIVERS\LV561V64.SYS
08:41:56.0812 1348 PID_0928 - ok
08:41:56.0848 1348 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
08:41:56.0871 1348 pla - ok
08:41:56.0914 1348 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:41:56.0922 1348 PlugPlay - ok
08:41:56.0935 1348 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
08:41:56.0939 1348 PNRPAutoReg - ok
08:41:56.0954 1348 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
08:41:56.0957 1348 PNRPsvc - ok
08:41:56.0992 1348 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:41:57.0007 1348 PolicyAgent - ok
08:41:57.0046 1348 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
08:41:57.0059 1348 Power - ok
08:41:57.0087 1348 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:41:57.0104 1348 PptpMiniport - ok
08:41:57.0119 1348 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
08:41:57.0135 1348 Processor - ok
08:41:57.0163 1348 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
08:41:57.0170 1348 ProfSvc - ok
08:41:57.0186 1348 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:41:57.0188 1348 ProtectedStorage - ok
08:41:57.0201 1348 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
08:41:57.0204 1348 Psched - ok
08:41:57.0240 1348 [ F3A3C10E20AB29925000EDFF0CC23022 ] pspdisp C:\Windows\system32\DRIVERS\pspdisp_x64.sys
08:41:57.0253 1348 pspdisp - ok
08:41:57.0284 1348 [ 86154F3A156FA2A5429C2940C69F426F ] PsSdk41 C:\Windows\system32\Drivers\pssdk41.sys
08:41:57.0301 1348 PsSdk41 - ok
08:41:57.0351 1348 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
08:41:57.0376 1348 ql2300 - ok
08:41:57.0393 1348 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
08:41:57.0397 1348 ql40xx - ok
08:41:57.0418 1348 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
08:41:57.0425 1348 QWAVE - ok
08:41:57.0437 1348 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:41:57.0438 1348 QWAVEdrv - ok
08:41:57.0450 1348 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:41:57.0465 1348 RasAcd - ok
08:41:57.0497 1348 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
08:41:57.0500 1348 RasAgileVpn - ok
08:41:57.0521 1348 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
08:41:57.0525 1348 RasAuto - ok
08:41:57.0542 1348 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:41:57.0564 1348 Rasl2tp - ok
08:41:57.0579 1348 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
08:41:57.0596 1348 RasMan - ok
08:41:57.0610 1348 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:41:57.0623 1348 RasPppoe - ok
08:41:57.0636 1348 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:41:57.0652 1348 RasSstp - ok
08:41:57.0671 1348 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:41:57.0680 1348 rdbss - ok
08:41:57.0708 1348 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
08:41:57.0736 1348 rdpbus - ok
08:41:57.0745 1348 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:41:57.0746 1348 RDPCDD - ok
08:41:57.0765 1348 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
08:41:57.0799 1348 RDPDR - ok
08:41:57.0805 1348 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:41:57.0806 1348 RDPENCDD - ok
08:41:57.0829 1348 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
08:41:57.0830 1348 RDPREFMP - ok
08:41:57.0844 1348 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:41:57.0863 1348 RDPWD - ok
08:41:57.0876 1348 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
08:41:57.0895 1348 rdyboost - ok
08:41:57.0967 1348 [ BBFCAC1C23B867AE5D7EF96DF40680C5 ] Realtek11nSU C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
08:41:57.0969 1348 Realtek11nSU - ok
08:41:57.0973 1348 RealtekUSB - ok
08:41:58.0008 1348 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:41:58.0012 1348 RemoteAccess - ok
08:41:58.0050 1348 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:41:58.0055 1348 RemoteRegistry - ok
08:41:58.0067 1348 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
08:41:58.0071 1348 RpcEptMapper - ok
08:41:58.0092 1348 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
08:41:58.0096 1348 RpcLocator - ok
08:41:58.0122 1348 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
08:41:58.0128 1348 RpcSs - ok
08:41:58.0142 1348 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:41:58.0159 1348 rspndr - ok
08:41:58.0199 1348 [ 16D4E350420BAA7E63E16E3FC033E1F5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
08:41:58.0232 1348 RTL8167 - ok
08:41:58.0278 1348 [ 1C546EA56A06B773A52EE48E0205072D ] RTL8187 C:\Windows\system32\DRIVERS\RTL8187.sys
08:41:58.0287 1348 RTL8187 - ok
08:41:58.0320 1348 [ B3F36B4B3F192EA87DDC119F3A0B3E45 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
08:41:58.0334 1348 RTL8192su - ok
08:41:58.0370 1348 [ D1664991A07ACF2703D4A4E5BE4B6C80 ] RtlProt C:\Windows\system32\DRIVERS\rtlprot.sys
08:41:58.0386 1348 RtlProt - ok
08:41:58.0422 1348 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
08:41:58.0425 1348 s3cap - ok
08:41:58.0456 1348 [ F50CFDB1DA64E271D031BF35A2BF6BC2 ] SaiK0CC3 C:\Windows\system32\DRIVERS\SaiK0CC3.sys
08:41:58.0490 1348 SaiK0CC3 - ok
08:41:58.0521 1348 [ AEED8C88C9515F2791AD87C694DAA4CE ] SaiMini C:\Windows\system32\DRIVERS\SaiMini.sys
08:41:58.0534 1348 SaiMini - ok
08:41:58.0562 1348 [ 59B3537819309D8DF9CE3DC09B0B7DE1 ] SaiNtBus C:\Windows\system32\drivers\SaiBus.sys
08:41:58.0566 1348 SaiNtBus - ok
08:41:58.0575 1348 [ C1A1CE0B198C08F0A295787E36A53459 ] SaiU0CC3 C:\Windows\system32\DRIVERS\SaiU0CC3.sys
08:41:58.0591 1348 SaiU0CC3 - ok
08:41:58.0603 1348 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
08:41:58.0604 1348 SamSs - ok
08:41:58.0658 1348 [ D8A6FEDFB83DEEDFECA8218B195495F4 ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
08:41:58.0661 1348 SbieDrv - ok
08:41:58.0671 1348 [ EE370E7207A3F161945B049AF52A532F ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
08:41:58.0674 1348 SbieSvc - ok
08:41:58.0691 1348 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
08:41:58.0708 1348 sbp2port - ok
08:41:58.0743 1348 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:41:58.0749 1348 SCardSvr - ok
08:41:58.0787 1348 [ B2F50286DC82B93C013E3FC57BA1A956 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
08:41:58.0843 1348 SCDEmu - ok
08:41:58.0882 1348 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
08:41:58.0901 1348 scfilter - ok
08:41:58.0949 1348 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
08:41:58.0980 1348 Schedule - ok
08:41:59.0011 1348 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
08:41:59.0013 1348 SCPolicySvc - ok
08:41:59.0033 1348 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:41:59.0040 1348 SDRSVC - ok
08:41:59.0080 1348 [ 3EA8A16169C26AFBEB544E0E48421186 ] SecDrv C:\Windows\system32\drivers\SECDRV.SYS
08:41:59.0097 1348 SecDrv - ok
08:41:59.0119 1348 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
08:41:59.0123 1348 seclogon - ok
08:41:59.0134 1348 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
08:41:59.0140 1348 SENS - ok
08:41:59.0151 1348 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
08:41:59.0158 1348 SensrSvc - ok
08:41:59.0170 1348 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
08:41:59.0188 1348 Serenum - ok
08:41:59.0213 1348 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
08:41:59.0274 1348 Serial - ok
08:41:59.0292 1348 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
08:41:59.0320 1348 sermouse - ok
08:41:59.0351 1348 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
08:41:59.0355 1348 SessionEnv - ok
08:41:59.0387 1348 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
08:41:59.0416 1348 sffdisk - ok
08:41:59.0434 1348 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
08:41:59.0466 1348 sffp_mmc - ok
08:41:59.0478 1348 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
08:41:59.0482 1348 sffp_sd - ok
08:41:59.0507 1348 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
08:41:59.0524 1348 sfloppy - ok
08:41:59.0590 1348 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:41:59.0609 1348 SharedAccess - ok
08:41:59.0653 1348 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:41:59.0662 1348 ShellHWDetection - ok
08:41:59.0687 1348 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:41:59.0720 1348 SiSRaid2 - ok
08:41:59.0741 1348 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
08:41:59.0763 1348 SiSRaid4 - ok
08:41:59.0805 1348 [ 3D21FB9C088FB34D665A73F45B8DC2AC ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
08:41:59.0809 1348 SkypeUpdate - ok
08:41:59.0831 1348 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:41:59.0837 1348 Smb - ok
08:41:59.0895 1348 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:41:59.0898 1348 SNMPTRAP - ok
08:41:59.0917 1348 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
08:41:59.0940 1348 spldr - ok
08:41:59.0987 1348 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
08:41:59.0998 1348 Spooler - ok
08:42:00.0070 1348 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
08:42:00.0157 1348 sppsvc - ok
08:42:00.0174 1348 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
08:42:00.0180 1348 sppuinotify - ok
08:42:00.0217 1348 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
08:42:00.0227 1348 srv - ok
08:42:00.0247 1348 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:42:00.0273 1348 srv2 - ok
08:42:00.0312 1348 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:42:00.0317 1348 srvnet - ok
08:42:00.0330 1348 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:42:00.0340 1348 SSDPSRV - ok
08:42:00.0362 1348 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:42:00.0366 1348 SstpSvc - ok
08:42:00.0461 1348 [ 73CE15A847A9003FE51F0865ADFBB842 ] STacSV c:\program files\idt\v114_ecs_d_6207.2v7_6099.8xp_g2.0v_rc_sdc\wdm\STacSV64.exe
08:42:00.0472 1348 STacSV - ok
08:42:00.0491 1348 Steam Client Service - ok
08:42:00.0524 1348 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
08:42:00.0528 1348 stexstor - ok
08:42:00.0552 1348 [ B46C2AFF995380AA1A8DF870093CF07F ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
08:42:00.0563 1348 STHDA - ok
08:42:00.0587 1348 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
08:42:00.0598 1348 stisvc - ok
08:42:00.0613 1348 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
08:42:00.0616 1348 storflt - ok
08:42:00.0628 1348 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
08:42:00.0645 1348 storvsc - ok
08:42:00.0662 1348 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
08:42:00.0677 1348 swenum - ok
08:42:00.0762 1348 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
08:42:00.0785 1348 SwitchBoard - ok
08:42:00.0797 1348 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
08:42:00.0807 1348 swprv - ok
08:42:00.0849 1348 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
08:42:01.0098 1348 SysMain - ok
08:42:01.0113 1348 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:42:01.0128 1348 TabletInputService - ok
08:42:01.0187 1348 [ 4EF44915E522F3ECD1A3FF540AA64126 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
08:42:01.0203 1348 tap0901 - ok
08:42:01.0228 1348 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
08:42:01.0236 1348 TapiSrv - ok
08:42:01.0249 1348 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
08:42:01.0253 1348 TBS - ok
08:42:01.0322 1348 [ F18F56EFC0BFB9C87BA01C37B27F4DA5 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:42:01.0365 1348 Tcpip - ok
08:42:01.0396 1348 [ F18F56EFC0BFB9C87BA01C37B27F4DA5 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
08:42:01.0408 1348 TCPIP6 - ok
08:42:01.0449 1348 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:42:01.0453 1348 tcpipreg - ok
08:42:01.0472 1348 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:42:01.0488 1348 TDPIPE - ok
08:42:01.0500 1348 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:42:01.0512 1348 TDTCP - ok
08:42:01.0531 1348 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:42:01.0581 1348 tdx - ok
08:42:01.0603 1348 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
08:42:01.0606 1348 TermDD - ok
08:42:01.0633 1348 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
08:42:01.0645 1348 TermService - ok
08:42:01.0662 1348 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
08:42:01.0678 1348 Themes - ok
08:42:01.0716 1348 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
08:42:01.0718 1348 THREADORDER - ok
08:42:01.0819 1348 TRIXX - ok
08:42:01.0837 1348 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
08:42:01.0841 1348 TrkWks - ok
08:42:01.0900 1348 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:42:01.0904 1348 TrustedInstaller - ok
08:42:01.0925 1348 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:42:01.0929 1348 tssecsrv - ok
08:42:02.0012 1348 [ 3ECA5DD1DE45E5CD5EBA1900A99148CB ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
08:42:02.0062 1348 TuneUp.UtilitiesSvc - ok
08:42:02.0101 1348 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
08:42:02.0104 1348 TuneUpUtilitiesDrv - ok
08:42:02.0117 1348 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:42:02.0134 1348 tunnel - ok
08:42:02.0145 1348 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
08:42:02.0174 1348 uagp35 - ok
08:42:02.0202 1348 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:42:02.0209 1348 udfs - ok
08:42:02.0234 1348 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:42:02.0238 1348 UI0Detect - ok
08:42:02.0258 1348 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
08:42:02.0275 1348 uliagpkx - ok
08:42:02.0290 1348 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
08:42:02.0306 1348 umbus - ok
08:42:02.0319 1348 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
08:42:02.0334 1348 UmPass - ok
08:42:02.0352 1348 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
08:42:02.0358 1348 UmRdpService - ok
08:42:02.0376 1348 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
08:42:02.0387 1348 upnphost - ok
08:42:02.0418 1348 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
08:42:02.0445 1348 usbaudio - ok
08:42:02.0486 1348 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:42:02.0504 1348 usbccgp - ok
08:42:02.0517 1348 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
08:42:02.0521 1348 usbcir - ok
08:42:02.0557 1348 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
08:42:02.0573 1348 usbehci - ok
08:42:02.0587 1348 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:42:02.0608 1348 usbhub - ok
08:42:02.0623 1348 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
08:42:02.0638 1348 usbohci - ok
08:42:02.0653 1348 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
08:42:02.0669 1348 usbprint - ok
08:42:02.0687 1348 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:42:02.0704 1348 USBSTOR - ok
08:42:02.0719 1348 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
08:42:02.0723 1348 usbuhci - ok
08:42:02.0758 1348 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
08:42:02.0777 1348 usbvideo - ok
08:42:02.0791 1348 [ D0FE8CB5F84303E73FF0754437FAD3D1 ] USB_RNDIS C:\Windows\system32\DRIVERS\usb8023.sys
08:42:02.0806 1348 USB_RNDIS - ok
08:42:02.0858 1348 [ 8599FB7060746D7B068B6432E4538176 ] USTOR2K C:\Windows\system32\DRIVERS\ustor2k.sys
08:42:02.0874 1348 USTOR2K - ok
08:42:02.0908 1348 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
08:42:02.0912 1348 UxSms - ok
08:42:02.0937 1348 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
08:42:02.0939 1348 VaultSvc - ok
08:42:02.0947 1348 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
08:42:02.0976 1348 vdrvroot - ok
08:42:03.0001 1348 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
08:42:03.0013 1348 vds - ok
08:42:03.0039 1348 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:42:03.0043 1348 vga - ok
08:42:03.0062 1348 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
08:42:03.0078 1348 VgaSave - ok
08:42:03.0102 1348 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
08:42:03.0122 1348 vhdmp - ok
08:42:03.0142 1348 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
08:42:03.0160 1348 viaide - ok
08:42:03.0177 1348 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
08:42:03.0236 1348 vmbus - ok
08:42:03.0254 1348 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
08:42:03.0271 1348 VMBusHID - ok
08:42:03.0291 1348 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
08:42:03.0320 1348 volmgr - ok
08:42:03.0340 1348 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:42:03.0347 1348 volmgrx - ok
08:42:03.0382 1348 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
08:42:03.0441 1348 volsnap - ok
08:42:03.0458 1348 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
08:42:03.0477 1348 vsmraid - ok
08:42:03.0520 1348 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
08:42:03.0578 1348 VSS - ok
08:42:03.0600 1348 vtany - ok
08:42:03.0617 1348 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
08:42:03.0634 1348 vwifibus - ok
08:42:03.0649 1348 [ 6A3D66263414FF0D6FA754C646612F3F ] VWiFiFlt C:\Windows\system32\DRIVERS\vwififlt.sys
08:42:03.0652 1348 VWiFiFlt - ok
08:42:03.0668 1348 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
08:42:03.0683 1348 vwifimp - ok
08:42:03.0701 1348 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
08:42:03.0710 1348 W32Time - ok
08:42:03.0794 1348 [ 06D2B9BC146BB0F45F45FF7A296D50C4 ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
08:42:03.0803 1348 W3SVC - ok
08:42:03.0838 1348 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
08:42:03.0841 1348 WacomPen - ok
08:42:03.0856 1348 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
08:42:03.0874 1348 WANARP - ok
08:42:03.0881 1348 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:42:03.0883 1348 Wanarpv6 - ok
08:42:03.0927 1348 [ 06D2B9BC146BB0F45F45FF7A296D50C4 ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
08:42:03.0931 1348 WAS - ok
08:42:03.0969 1348 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
08:42:03.0994 1348 wbengine - ok
08:42:04.0017 1348 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
08:42:04.0024 1348 WbioSrvc - ok
08:42:04.0075 1348 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:42:04.0096 1348 wcncsvc - ok
08:42:04.0129 1348 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:42:04.0144 1348 WcsPlugInService - ok
08:42:04.0162 1348 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
08:42:04.0166 1348 Wd - ok
08:42:04.0193 1348 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:42:04.0205 1348 Wdf01000 - ok
08:42:04.0222 1348 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:42:04.0226 1348 WdiServiceHost - ok
08:42:04.0233 1348 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:42:04.0236 1348 WdiSystemHost - ok
08:42:04.0272 1348 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
08:42:04.0279 1348 WebClient - ok
08:42:04.0302 1348 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:42:04.0309 1348 Wecsvc - ok
08:42:04.0321 1348 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:42:04.0336 1348 wercplsupport - ok
08:42:04.0350 1348 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
08:42:04.0355 1348 WerSvc - ok
08:42:04.0370 1348 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
08:42:04.0387 1348 WfpLwf - ok
08:42:04.0397 1348 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
08:42:04.0412 1348 WIMMount - ok
08:42:04.0431 1348 WinHttpAutoProxySvc - ok
08:42:04.0506 1348 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:42:04.0512 1348 Winmgmt - ok
08:42:04.0575 1348 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
08:42:04.0607 1348 WinRM - ok
08:42:04.0664 1348 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
08:42:04.0682 1348 WinUSB - ok
08:42:04.0727 1348 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
08:42:04.0742 1348 Wlansvc - ok
08:42:04.0857 1348 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:42:04.0900 1348 wlidsvc - ok
08:42:04.0917 1348 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
08:42:04.0932 1348 WmiAcpi - ok
08:42:04.0971 1348 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:42:04.0976 1348 wmiApSrv - ok
08:42:05.0014 1348 WMPNetworkSvc - ok
08:42:05.0023 1348 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:42:05.0028 1348 WPCSvc - ok
08:42:05.0046 1348 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:42:05.0051 1348 WPDBusEnum - ok
08:42:05.0062 1348 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:42:05.0077 1348 ws2ifsl - ok
08:42:05.0119 1348 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll
08:42:05.0127 1348 wscsvc - ok
08:42:05.0136 1348 WSearch - ok
08:42:05.0217 1348 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
08:42:05.0260 1348 wuauserv - ok
08:42:05.0283 1348 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:42:05.0299 1348 WudfPf - ok
08:42:05.0318 1348 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:42:05.0336 1348 WUDFRd - ok
08:42:05.0369 1348 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:42:05.0373 1348 wudfsvc - ok
08:42:05.0389 1348 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
08:42:05.0441 1348 WwanSvc - ok
08:42:05.0449 1348 X6va003 - ok
08:42:05.0467 1348 X6va005 - ok
08:42:05.0492 1348 xsherlock - ok
08:42:05.0530 1348 [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
08:42:05.0547 1348 xusb21 - ok
08:42:05.0587 1348 ================ Scan global ===============================
08:42:05.0634 1348 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
08:42:05.0674 1348 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
08:42:05.0690 1348 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
08:42:05.0721 1348 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
08:42:05.0752 1348 [ 014A9CB92514E27C0107614DF764BC06 ] C:\Windows\system32\services.exe
08:42:05.0759 1348 Suspicious file (NoAccess): C:\Windows\system32\services.exe. md5: 014A9CB92514E27C0107614DF764BC06
08:42:05.0762 1348 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - infected
08:42:05.0762 1348 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.b (0)
08:42:05.0765 1348 ================ Scan MBR ==================================
08:42:05.0772 1348 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:42:06.0171 1348 \Device\Harddisk0\DR0 - ok
08:42:06.0178 1348 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
08:42:06.0950 1348 \Device\Harddisk1\DR1 - ok
08:42:06.0950 1348 ================ Scan VBR ==================================
08:42:06.0954 1348 [ A19C028A62A8E2D9838C6616F5BCF919 ] \Device\Harddisk0\DR0\Partition1
08:42:06.0955 1348 \Device\Harddisk0\DR0\Partition1 - ok
08:42:06.0961 1348 [ 9014BBDD9C88E18035DBA24124885B41 ] \Device\Harddisk1\DR1\Partition1
08:42:06.0965 1348 \Device\Harddisk1\DR1\Partition1 - ok
08:42:06.0965 1348 ============================================================
08:42:06.0965 1348 Scan finished
08:42:06.0965 1348 ============================================================
08:42:06.0981 2304 Detected object count: 2
08:42:06.0981 2304 Actual detected object count: 2
08:42:42.0738 2304 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
08:42:42.0738 2304 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
08:42:42.0786 2304 C:\Windows\system32\services.exe - copied to quarantine
08:42:44.0690 2304 C:\Windows\installer\{bac0c47d-8b2d-be14-f809-6df2bace6038}\@ - copied to quarantine
08:42:44.0694 2304 C:\Windows\installer\{bac0c47d-8b2d-be14-f809-6df2bace6038}\U\00000001.@ - copied to quarantine
08:42:44.0710 2304 C:\Windows\installer\{bac0c47d-8b2d-be14-f809-6df2bace6038}\U\800000cb.@ - copied to quarantine
08:42:44.0832 2304 C:\Users\Zyfell\AppData\Local\{bac0c47d-8b2d-be14-f809-6df2bace6038}\@ - copied to quarantine
08:43:02.0522 2304 Backup copy found, using it..
08:43:03.0569 2304 C:\Windows\installer\{bac0c47d-8b2d-be14-f809-6df2bace6038}\@ - will be deleted on reboot
08:43:03.0570 2304 C:\Windows\installer\{bac0c47d-8b2d-be14-f809-6df2bace6038}\U\00000001.@ - will be deleted on reboot
08:43:03.0571 2304 C:\Windows\installer\{bac0c47d-8b2d-be14-f809-6df2bace6038}\U\800000cb.@ - will be deleted on reboot
08:43:03.0575 2304 C:\Users\Zyfell\AppData\Local\{bac0c47d-8b2d-be14-f809-6df2bace6038}\@ - will be deleted on reboot
08:43:03.0576 2304 C:\Windows\system32\services.exe - will be cured on reboot
08:43:03.0576 2304 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - User select action: Cure
08:43:21.0777 1648 Deinitialize success


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-10 08:50:39
-----------------------------
08:50:39.180 OS Version: Windows x64 6.1.7600
08:50:39.180 Number of processors: 2 586 0x6B02
08:50:39.181 ComputerName: AFFHAZARD UserName: Zyfell
08:50:47.322 Initialize success
08:51:20.506 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-4
08:51:20.510 Disk 0 Vendor: WDC_WD1001FALS-00E8B0 05.00K05 Size: 953869MB BusType: 3
08:51:20.555 Disk 0 MBR read successfully
08:51:20.558 Disk 0 MBR scan
08:51:20.560 Disk 0 Windows 7 default MBR code
08:51:20.583 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953868 MB offset 2048
08:51:20.614 Disk 0 scanning C:\Windows\system32\drivers
08:51:38.133 Service scanning
08:52:21.929 Modules scanning
08:52:21.936 Disk 0 trace - called modules:
08:52:22.031 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
08:52:22.035 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80027e0060]
08:52:22.038 3 CLASSPNP.SYS[fffff88000c7a43f] -> nt!IofCallDriver -> [0xfffffa80026c6520]
08:52:22.042 5 ACPI.sys[fffff88000f3a781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-4[0xfffffa80026aa060]
08:52:22.154 Scan finished successfully
08:52:44.522 Disk 0 MBR has been saved successfully to "C:\Users\Zyfell\Desktop\MBR.dat"
08:52:44.542 The log file has been saved successfully to "C:\Users\Zyfell\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   544bytes   0 downloads


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:50 PM

Posted 10 October 2012 - 01:00 PM

Please run these tools.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Please post the logs for my review and let me know what problem persists.

#5 Zyfell

Zyfell
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 10 October 2012 - 06:35 PM

Hello again Nasdaq, here are the logs. I have noticed that Malwarebytes hasn't spammed any notifications of blocked malicious sites, so that's good. I don't see any other issues at the moment.

ComboFix 12-10-10.02 - Zyfell 10/10/2012 15:50:45.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.741 [GMT -7:00]
Running from: c:\users\Zyfell\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\Documents\MSIAA.tmp
c:\users\Zyfell\AppData\Local\assembly\tmp
c:\users\Zyfell\AppData\Local\Tempals_inst.exe
c:\users\Zyfell\AppData\Roaming\7za.exe
c:\users\Zyfell\AppData\Roaming\a.7z
c:\users\Zyfell\AppData\Roaming\chrtmp
c:\users\Zyfell\AppData\Roaming\inst.exe
c:\users\Zyfell\AppData\Roaming\vso_ts_preview.xml
c:\users\Zyfell\bridge.exe
c:\windows\apppatch\AppLoc.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\iun6002.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-10 to 2012-10-10 )))))))))))))))))))))))))))))))
.
.
2012-10-10 15:42 . 2012-10-10 15:42 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-08 08:34 . 2012-10-08 08:34 -------- d-----w- C:\FRST
2012-10-07 07:39 . 2012-10-07 07:39 -------- d-----w- c:\users\Zyfell\AppData\Roaming\Malwarebytes
2012-10-07 07:39 . 2012-10-07 07:39 -------- d-----w- c:\programdata\Malwarebytes
2012-10-07 07:39 . 2012-10-07 07:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-07 07:39 . 2012-09-08 00:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-06 21:01 . 2012-10-08 20:00 -------- d-----w- c:\windows\system32\catroot2
2012-10-06 10:45 . 2012-10-06 10:45 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2012-10-06 10:43 . 2008-05-08 05:03 303616 ----a-w- C:\SetACL.exe
2012-10-06 10:13 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe
2012-10-06 10:09 . 2012-10-06 10:09 -------- d-----w- C:\RegBackup
2012-10-06 10:08 . 2012-10-06 10:46 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-10-06 10:08 . 2012-10-06 10:08 -------- d-----w- c:\program files (x86)\Tweaking.com
2012-10-06 08:11 . 2012-10-06 08:11 -------- d-----w- c:\program files (x86)\Cisco
2012-10-06 08:10 . 2009-04-02 17:27 188416 ----a-w- c:\windows\RTLExtUI.dll
2012-10-06 08:10 . 2009-03-31 21:31 380928 ----a-w- c:\windows\RtlUI2.exe
2012-10-06 08:10 . 2008-07-01 19:31 614400 ----a-w- c:\windows\Rtlihvs.dll
2012-10-06 08:10 . 2012-10-06 08:10 -------- d-----w- c:\program files (x86)\REALTEK
2012-10-06 01:19 . 2011-04-20 10:07 1930240 ----a-w- c:\windows\system32\athurx.sys
2012-09-27 21:40 . 2012-09-27 21:41 -------- d-----w- c:\program files (x86)\Cursor Lock
2012-09-23 20:38 . 2012-09-23 20:38 -------- d-----w- c:\program files\Echobit
2012-09-22 09:05 . 2012-09-22 09:05 21656 ----a-w- c:\windows\system32\drivers\evolve.sys
2012-09-22 09:02 . 2012-09-22 09:02 -------- d-----w- c:\programdata\Echobit
2012-09-22 09:01 . 2012-09-22 09:01 -------- d-----w- c:\users\Zyfell\AppData\Local\Echobit
2012-09-22 05:21 . 2012-09-22 05:21 -------- d-----w- c:\programdata\ZebraNetworkSystems
2012-09-21 08:02 . 2012-09-24 09:31 -------- d-----w- c:\program files (x86)\Torchlight II
2012-09-20 21:38 . 2012-09-20 21:38 47208 ----a-w- c:\windows\system32\drivers\SaiU0CC3.sys
2012-09-20 21:38 . 2012-09-20 21:38 180584 ----a-w- c:\windows\system32\drivers\SaiK0CC3.sys
2012-09-18 11:12 . 2012-09-18 11:12 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-18 11:11 . 2012-09-18 11:12 -------- d-----r- c:\program files (x86)\Skype
2012-09-11 10:46 . 2002-10-07 02:37 487424 ----a-w- c:\windows\system32\MSVCP70.DLL
2012-09-11 10:09 . 2007-08-06 02:05 339968 ----a-w- c:\windows\SysWow64\msvcr70_2.dll
2012-09-11 10:09 . 2007-08-06 02:05 499712 ----a-w- c:\windows\SysWow64\msvcp71_2.dll
2012-09-11 10:09 . 2003-02-21 10:42 348160 ----a-w- c:\windows\SysWow64\msvcr71_2.dll
2012-09-11 10:09 . 2002-10-07 00:37 487424 ----a-w- c:\windows\SysWow64\msvcp70.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 15:45 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-10-06 10:46 . 2010-06-03 13:09 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-08-29 03:24 . 2012-08-06 21:16 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-29 03:24 . 2010-05-30 16:12 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-14 03:25 . 2009-08-18 19:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-08-14 03:25 . 2009-08-18 18:24 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-26 12:25 . 2012-03-26 10:25 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06005E7A-9DAF-413D-8A1F-5FF3C6302FC9}\offreg.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"CursorFX"="c:\program files (x86)\Stardock\CursorFX\CursorFX.exe" [2008-07-07 416768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
"PWRISOVM.EXE"=c:\program files (x86)\PowerISO\PWRISOVM.EXE -startup
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-08 676936]
R2 RealtekUSB;RealtekUSB;c:\program files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-09-11 160944]
R3 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 Amps2prt;Compatible PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2x64.sys [2007-10-15 21504]
R3 AODDriver2;AODDriver2;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [x]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys [2012-09-22 21656]
R3 GPU-Z;GPU-Z;c:\users\Zyfell\AppData\Local\Temp\GPU-Z.sys [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\DRIVERS\libusb0.sys [2010-10-02 43456]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [2007-10-12 50072]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-08 25928]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-09-03 117520]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 36720]
R3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0075.sys [2010-07-31 29808]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 nrtap;NeoRouter Virtual Network Interface;c:\windows\system32\DRIVERS\nrtap.sys [2009-09-01 29696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pspdisp;pspdisp;c:\windows\system32\DRIVERS\pspdisp_x64.sys [2011-01-18 4608]
R3 PsSdk41;PsSdk41;c:\windows\system32\Drivers\pssdk41.sys [2011-09-20 51776]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2008-06-27 399360]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USTOR2K;USB Mass Storage Windows Driver;c:\windows\system32\DRIVERS\ustor2k.sys [2011-09-16 34048]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 X6va003;X6va003;c:\users\Zyfell\AppData\Local\Temp\0036D53.tmp [x]
R3 X6va005;X6va005;c:\users\Zyfell\AppData\Local\Temp\0051D69.tmp [x]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]
R4 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 31016]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-20 365568]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [2010-03-11 20456]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-08-10 974944]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-08 399432]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [2009-12-07 40960]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-11-03 2072896]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 9319936]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 306176]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
S3 SaiK0CC3;SaiK0CC3;c:\windows\system32\DRIVERS\SaiK0CC3.sys [2012-09-20 180584]
S3 SaiU0CC3;SaiU0CC3;c:\windows\system32\DRIVERS\SaiU0CC3.sys [2012-09-20 47208]
S3 TRIXX;TRIXX;c:\users\Zyfell\AppData\Local\Temp\TRIXX.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-31 11856]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2011-05-18 310784]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2011-05-18 158208]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-08-10 4030008]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files\Theme Resource Changer\ThemeResourceChanger.dll" [2010-10-07 103936]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.minecrafthd.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: DOWNLOADWITH - file://c:\program files (x86)\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Zyfell\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Zyfell\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} - hxxp://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
SafeBoot-24324615.sys
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Yawle_0.3b - c:\windows\iun6002.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\Zyfell\AppData\Local\Temp\0036D53.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Zyfell\AppData\Local\Temp\0051D69.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-302506369-3899417888-1901875467-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:3e,10,fe,ed,17,b0,38,40,5e,3a,e8,86,eb,da,09,1e,0c,6d,0b,ff,78,90,e6,
3a,ce,89,a7,66,11,93,e0,b2,45,3b,dc,06,2f,83,ad,bc,cd,c0,c5,c2,f6,61,25,1a,\
"??"=hex:38,b6,5e,ef,d0,e0,44,49,d8,c5,e2,cf,6a,e4,45,a6
.
[HKEY_USERS\S-1-5-21-302506369-3899417888-1901875467-1000\Software\SecuROM\License information*]
"datasecu"=hex:b0,28,c8,27,fc,02,77,17,35,7b,21,9c,c3,12,85,37,9a,09,15,f5,72,
22,70,62,99,70,c5,02,eb,c7,34,b4,fd,70,53,a4,0c,f6,1b,19,74,2c,e3,f2,b8,95,\
"rkeysecu"=hex:fd,8d,25,70,85,d7,e1,b1,a4,16,93,93,5d,0d,7f,94
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Sapphire TRIXX\TRIXX.exe
c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe
.
**************************************************************************
.
Completion time: 2012-10-10 16:14:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-10 23:14
.
Pre-Run: 255,653,326,848 bytes free
Post-Run: 255,378,567,168 bytes free
.
- - End Of File - - E8E26EA28BE2D72730B7A799AB8AE909



Results of screen317's Security Check version 0.99.51
Windows 7 x64 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
ESET Smart Security 5.0
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-GB)
Java™ 6 Update 35
Java version out of Date!
Adobe Flash Player 11.1.102.55 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 14.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````



# AdwCleaner v2.004 - Logfile created 10/10/2012 at 16:25:10
# Updated 06/10/2012 by Xplode
# Operating system : Windows 7 Ultimate (64 bits)
# User : Zyfell - AFFHAZARD
# Boot Mode : Normal
# Running from : C:\Users\Zyfell\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Zyfell\AppData\Roaming\Mozilla\Firefox\Profiles\3hbtjv64.default\Conduit
Folder Deleted : C:\Users\Zyfell\AppData\Roaming\Mozilla\Firefox\Profiles\3hbtjv64.default\extensions\staged

***** [Registry] *****

Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Messenger Plus!\OpenCandy
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Zyfell\AppData\Roaming\Mozilla\Firefox\Profiles\3hbtjv64.default\prefs.js

C:\Users\Zyfell\AppData\Roaming\Mozilla\Firefox\Profiles\3hbtjv64.default\user.js ... Deleted !

Deleted : user_pref("de.soerenrinne.googlebuttons.wholeshebang", "eBookstore,Support,Teach Parents Tech,Plus -[...]
Deleted : user_pref("extensions.wmn.accounts.hotmail.zyfell@live.com.inboxOnly", true);
Deleted : user_pref("extensions.wmn.accounts.yahoo.shadowandroid10002.inboxOnly", true);

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Zyfell\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2011 octets] - [10/10/2012 16:25:10]

########## EOF - C:\AdwCleaner[S1].txt - [2071 octets] ##########

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:50 PM

Posted 11 October 2012 - 08:54 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 35


===

Critical vulnerabilities have been identified in Adobe Flash Player v11.3.300.264 and earlier versions... being exploited in the wild in active targeted attacks...

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

For your added security install the SP1 for Windows 7.

Learn how to install Windows 7 Service Pack 1 (SP1)
http://windows.microsoft.com/installwindows7sp1
<<<>>>

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on adwcleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#7 Zyfell

Zyfell
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 14 October 2012 - 08:08 PM

Sorry for the late reply, I just got back from a trip. Thanks for the help Nasdaq, I followed your instructions and everything is running good, if not better.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users