Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Attacked by Worm:W32/Morto.A, MSE does not launch after restart


  • This topic is locked This topic is locked
15 replies to this topic

#1 HothMonster

HothMonster

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 24 October 2012 - 09:28 PM

Because I am a forgetful idiot I had a bad admin password while Remote Desktop was enabled for about 24 hours. Upon coming home I noticed Admin was "connected from a". I logged into the account and saw dialog boxes referencing the failure of "tsclient/a/a.dll". Googled it and read about 8 descriptions of Morto. I attempted to retrace it's steps and remove and unmodify the reg keys it creates and modifies.

Microsoft Security Essentials was requesting a reboot as soon as I logged in. I had it run another scan, it said it found some things and continued to request a reboot. I ran a quick scan in mbam which came up clean.

I noticed in my event viewer that MSE had been fighting the virus all day. And comparing what it did to what the descriptions of what it does it seems it never fully ran it's routine.

I rebooted and MSE fails to start. It says the service is not started. When I hit start now it gives me the error that "the service does not exist as an installed service". So far the fixes from microsoft have not worked. But it does seem to be tied to a failed update so maybe semi/completely unrelated.

TL;DR
Was attacked by Morto. MSE caught it in the process. I cleaned up what I could find. I am worried that reports on the virus actions maybe outdated and it did something I missed. Also worried that MSE failed to contain it and it may have infected files. It is also possible the MSE did it's job and I borked it.

Thanks.

Attached Files


Edited by HothMonster, 24 October 2012 - 09:38 PM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:39 AM

Posted 25 October 2012 - 05:35 PM

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 HothMonster

HothMonster
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 30 October 2012 - 03:47 PM

Sorry I don't have an optical drive in the house currently and the flash drive I had my windows disc on was corrupted. So I had to wait till work to make a new one. Which I did, with the same disc I installed windows with but despite that it tells me "this isn't the same version so nah-nah-na-na-boo-boo" when I try to load repair mode. I imagine this could be caused by my RAID set-up so I'll try fiddling with that some more tonight. But I wanted to let you know I am attempting to respond to your request, things just don't want to cooperate.

Also I fixed MSE and it gave me a clear scan.

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:39 AM

Posted 30 October 2012 - 05:24 PM

ok, we can use another tool if the machine is not co-operating :)

Please run the following:


Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 HothMonster

HothMonster
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 30 October 2012 - 06:56 PM

Fine we can do the easy way I suppose. :P

Attached Files



#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:39 AM

Posted 30 October 2012 - 07:03 PM

Please run the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT



  • Download RogueKiller and save it to your desktop.
  • Quit all other programs
  • Start RogueKiller.exe
  • Wait until the Prescan has finished ...
  • Click on Scan
    Posted Image
  • Wait for the end of the scan
  • A report will be created on your desktop.
  • Click on the Delete button
    Posted Image
  • Next click on the ShortcutsFix
    Posted Image
  • another report will be created on your desktop.

Please post: All RKreport.txt text files located on your desktop.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 HothMonster

HothMonster
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 30 October 2012 - 07:12 PM

19:04:47.0507 6628 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
19:04:48.0154 6628 ============================================================
19:04:48.0154 6628 Current date / time: 2012/10/30 19:04:48.0154
19:04:48.0154 6628 SystemInfo:
19:04:48.0154 6628
19:04:48.0154 6628 OS Version: 6.1.7601 ServicePack: 1.0
19:04:48.0154 6628 Product type: Workstation
19:04:48.0154 6628 ComputerName: ICORE
19:04:48.0154 6628 UserName: Casey_2
19:04:48.0154 6628 Windows directory: C:\windows
19:04:48.0154 6628 System windows directory: C:\windows
19:04:48.0154 6628 Running under WOW64
19:04:48.0154 6628 Processor architecture: Intel x64
19:04:48.0154 6628 Number of processors: 8
19:04:48.0154 6628 Page size: 0x1000
19:04:48.0154 6628 Boot type: Normal boot
19:04:48.0154 6628 ============================================================
19:04:48.0472 6628 Drive \Device\Harddisk0\DR0 - Size: 0x2BAA1476000 (2794.52 Gb), SectorSize: 0x200, Cylinders: 0x59101, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:04:48.0479 6628 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0C00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:04:48.0931 6628 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:04:48.0942 6628 Drive \Device\Harddisk3\DR3 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:04:49.0108 6628 Drive \Device\Harddisk4\DR4 - Size: 0x1DEFFFE00 (7.48 Gb), SectorSize: 0x200, Cylinders: 0x3D1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:04:49.0110 6628 ============================================================
19:04:49.0110 6628 \Device\Harddisk0\DR0:
19:04:49.0110 6628 GPT partitions:
19:04:49.0111 6628 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {0302888E-0592-4413-8D61-9DDA73B8090D}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
19:04:49.0111 6628 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {646026AE-7D20-49B4-9CC1-C86D8134456D}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x5D4C9800
19:04:49.0111 6628 MBR partitions:
19:04:49.0111 6628 \Device\Harddisk1\DR1:
19:04:49.0111 6628 MBR partitions:
19:04:49.0112 6628 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:04:49.0112 6628 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
19:04:49.0112 6628 \Device\Harddisk2\DR2:
19:04:49.0112 6628 MBR partitions:
19:04:49.0112 6628 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
19:04:49.0112 6628 \Device\Harddisk3\DR3:
19:04:49.0112 6628 MBR partitions:
19:04:49.0112 6628 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x253FB800
19:04:49.0112 6628 \Device\Harddisk4\DR4:
19:04:49.0112 6628 MBR partitions:
19:04:49.0112 6628 \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xEF7000
19:04:49.0112 6628 ============================================================
19:04:49.0113 6628 C: <-> \Device\Harddisk1\DR1\Partition2
19:04:49.0145 6628 F: <-> \Device\Harddisk2\DR2\Partition1
19:04:49.0160 6628 G: <-> \Device\Harddisk3\DR3\Partition1
19:04:49.0194 6628 B: <-> \Device\Harddisk0\DR0\Partition2
19:04:49.0196 6628 D: <-> \Device\Harddisk1\DR1\Partition1
19:04:49.0196 6628 ============================================================
19:04:49.0196 6628 Initialize success
19:04:49.0196 6628 ============================================================
19:05:03.0235 9144 ============================================================
19:05:03.0235 9144 Scan started
19:05:03.0235 9144 Mode: Manual; TDLFS;
19:05:03.0235 9144 ============================================================
19:05:04.0497 9144 ================ Scan system memory ========================
19:05:04.0497 9144 System memory - ok
19:05:04.0498 9144 ================ Scan services =============================
19:05:04.0542 9144 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
19:05:04.0543 9144 1394ohci - ok
19:05:04.0549 9144 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
19:05:04.0551 9144 ACPI - ok
19:05:04.0554 9144 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
19:05:04.0554 9144 AcpiPmi - ok
19:05:04.0558 9144 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:05:04.0559 9144 AdobeARMservice - ok
19:05:04.0566 9144 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
19:05:04.0568 9144 adp94xx - ok
19:05:04.0574 9144 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
19:05:04.0576 9144 adpahci - ok
19:05:04.0580 9144 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
19:05:04.0581 9144 adpu320 - ok
19:05:04.0586 9144 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
19:05:04.0586 9144 AeLookupSvc - ok
19:05:04.0593 9144 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
19:05:04.0595 9144 AFD - ok
19:05:04.0598 9144 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
19:05:04.0599 9144 agp440 - ok
19:05:04.0602 9144 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
19:05:04.0602 9144 ALG - ok
19:05:04.0614 9144 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
19:05:04.0614 9144 aliide - ok
19:05:04.0681 9144 ALSysIO - ok
19:05:04.0685 9144 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
19:05:04.0685 9144 amdide - ok
19:05:04.0689 9144 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
19:05:04.0690 9144 AmdK8 - ok
19:05:04.0695 9144 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
19:05:04.0696 9144 AmdPPM - ok
19:05:04.0701 9144 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
19:05:04.0702 9144 amdsata - ok
19:05:04.0707 9144 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
19:05:04.0708 9144 amdsbs - ok
19:05:04.0710 9144 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
19:05:04.0711 9144 amdxata - ok
19:05:04.0713 9144 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
19:05:04.0714 9144 AppID - ok
19:05:04.0716 9144 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
19:05:04.0716 9144 AppIDSvc - ok
19:05:04.0719 9144 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
19:05:04.0719 9144 Appinfo - ok
19:05:04.0723 9144 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\windows\System32\appmgmts.dll
19:05:04.0724 9144 AppMgmt - ok
19:05:04.0726 9144 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
19:05:04.0727 9144 arc - ok
19:05:04.0729 9144 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
19:05:04.0729 9144 arcsas - ok
19:05:04.0740 9144 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:05:04.0741 9144 aspnet_state - ok
19:05:04.0743 9144 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
19:05:04.0743 9144 AsyncMac - ok
19:05:04.0745 9144 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
19:05:04.0746 9144 atapi - ok
19:05:04.0753 9144 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
19:05:04.0756 9144 AudioEndpointBuilder - ok
19:05:04.0763 9144 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
19:05:04.0765 9144 AudioSrv - ok
19:05:04.0769 9144 [ 7692F4B242E45870873CAF4CB85CF769 ] AxAutoMntSrv C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
19:05:04.0769 9144 AxAutoMntSrv - ok
19:05:04.0773 9144 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
19:05:04.0774 9144 AxInstSV - ok
19:05:04.0780 9144 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
19:05:04.0781 9144 b06bdrv - ok
19:05:04.0786 9144 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
19:05:04.0788 9144 b57nd60a - ok
19:05:04.0791 9144 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
19:05:04.0792 9144 BDESVC - ok
19:05:04.0794 9144 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
19:05:04.0794 9144 Beep - ok
19:05:04.0804 9144 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
19:05:04.0806 9144 BFE - ok
19:05:04.0816 9144 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
19:05:04.0819 9144 BITS - ok
19:05:04.0822 9144 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
19:05:04.0822 9144 blbdrive - ok
19:05:04.0825 9144 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
19:05:04.0826 9144 bowser - ok
19:05:04.0828 9144 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
19:05:04.0828 9144 BrFiltLo - ok
19:05:04.0830 9144 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
19:05:04.0830 9144 BrFiltUp - ok
19:05:04.0833 9144 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
19:05:04.0833 9144 BridgeMP - ok
19:05:04.0836 9144 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
19:05:04.0837 9144 Browser - ok
19:05:04.0841 9144 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
19:05:04.0843 9144 Brserid - ok
19:05:04.0845 9144 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
19:05:04.0845 9144 BrSerWdm - ok
19:05:04.0847 9144 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
19:05:04.0848 9144 BrUsbMdm - ok
19:05:04.0850 9144 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
19:05:04.0850 9144 BrUsbSer - ok
19:05:04.0852 9144 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
19:05:04.0853 9144 BTHMODEM - ok
19:05:04.0856 9144 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
19:05:04.0857 9144 bthserv - ok
19:05:04.0859 9144 catchme - ok
19:05:04.0862 9144 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
19:05:04.0863 9144 cdfs - ok
19:05:04.0866 9144 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
19:05:04.0867 9144 cdrom - ok
19:05:04.0870 9144 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
19:05:04.0871 9144 CertPropSvc - ok
19:05:04.0873 9144 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
19:05:04.0873 9144 circlass - ok
19:05:04.0879 9144 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
19:05:04.0880 9144 CLFS - ok
19:05:04.0884 9144 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:05:04.0884 9144 clr_optimization_v2.0.50727_32 - ok
19:05:04.0888 9144 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:05:04.0889 9144 clr_optimization_v2.0.50727_64 - ok
19:05:04.0894 9144 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:05:04.0895 9144 clr_optimization_v4.0.30319_32 - ok
19:05:04.0897 9144 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:05:04.0898 9144 clr_optimization_v4.0.30319_64 - ok
19:05:04.0900 9144 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
19:05:04.0901 9144 CmBatt - ok
19:05:04.0902 9144 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
19:05:04.0902 9144 cmdide - ok
19:05:04.0908 9144 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\windows\system32\Drivers\cng.sys
19:05:04.0910 9144 CNG - ok
19:05:04.0912 9144 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
19:05:04.0913 9144 Compbatt - ok
19:05:04.0915 9144 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
19:05:04.0915 9144 CompositeBus - ok
19:05:04.0917 9144 COMSysApp - ok
19:05:04.0942 9144 [ 78AF1C499BF02F9814DF959A04A4F9C9 ] cphs C:\windows\SysWow64\IntelCpHeciSvc.exe
19:05:04.0943 9144 cphs - ok
19:05:04.0946 9144 [ 75DBD5DB9892D7451D0429BEC1AABE1A ] cpuz135 C:\windows\system32\drivers\cpuz135_x64.sys
19:05:04.0946 9144 cpuz135 - ok
19:05:04.0948 9144 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
19:05:04.0949 9144 crcdisk - ok
19:05:04.0952 9144 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
19:05:04.0952 9144 Creative Audio Engine Licensing Service - ok
19:05:04.0971 9144 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
19:05:04.0972 9144 CryptSvc - ok
19:05:04.0978 9144 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\windows\system32\drivers\csc.sys
19:05:04.0980 9144 CSC - ok
19:05:04.0988 9144 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\windows\System32\cscsvc.dll
19:05:04.0991 9144 CscService - ok
19:05:04.0995 9144 [ 229E3B8F266ABDAFD54E4A372B9D5DDC ] CT20XUT C:\windows\system32\drivers\CT20XUT.SYS
19:05:04.0996 9144 CT20XUT - ok
19:05:05.0000 9144 [ 229E3B8F266ABDAFD54E4A372B9D5DDC ] CT20XUT.SYS C:\windows\System32\drivers\CT20XUT.SYS
19:05:05.0001 9144 CT20XUT.SYS - ok
19:05:05.0008 9144 [ EB3843A91A10150C9E05607CBCB44090 ] ctac32k C:\windows\system32\drivers\ctac32k.sys
19:05:05.0010 9144 ctac32k - ok
19:05:05.0019 9144 [ BC06EFB59A2316537765462DFE40F764 ] ctaud2k C:\windows\system32\drivers\ctaud2k.sys
19:05:05.0021 9144 ctaud2k - ok
19:05:05.0027 9144 [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
19:05:05.0060 9144 CTAudSvcService - ok
19:05:05.0075 9144 [ 63B2B6CE9D3EF182981FB64BD5433DA4 ] CTEXFIFX C:\windows\system32\drivers\CTEXFIFX.SYS
19:05:05.0080 9144 CTEXFIFX - ok
19:05:05.0094 9144 [ 63B2B6CE9D3EF182981FB64BD5433DA4 ] CTEXFIFX.SYS C:\windows\System32\drivers\CTEXFIFX.SYS
19:05:05.0099 9144 CTEXFIFX.SYS - ok
19:05:05.0102 9144 [ 6D115CC80873B85FD80DDA1C41F75A2C ] CTHWIUT C:\windows\system32\drivers\CTHWIUT.SYS
19:05:05.0103 9144 CTHWIUT - ok
19:05:05.0105 9144 [ 6D115CC80873B85FD80DDA1C41F75A2C ] CTHWIUT.SYS C:\windows\System32\drivers\CTHWIUT.SYS
19:05:05.0105 9144 CTHWIUT.SYS - ok
19:05:05.0107 9144 [ EBC9548EF5838CB5AA8F18B3AC28AF12 ] ctprxy2k C:\windows\system32\drivers\ctprxy2k.sys
19:05:05.0107 9144 ctprxy2k - ok
19:05:05.0111 9144 [ 459BEE1682121842285C162E2D98D81A ] ctsfm2k C:\windows\system32\drivers\ctsfm2k.sys
19:05:05.0112 9144 ctsfm2k - ok
19:05:05.0119 9144 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
19:05:05.0122 9144 DcomLaunch - ok
19:05:05.0127 9144 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
19:05:05.0128 9144 defragsvc - ok
19:05:05.0131 9144 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
19:05:05.0132 9144 DfsC - ok
19:05:05.0137 9144 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
19:05:05.0139 9144 Dhcp - ok
19:05:05.0141 9144 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
19:05:05.0142 9144 discache - ok
19:05:05.0144 9144 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
19:05:05.0145 9144 Disk - ok
19:05:05.0148 9144 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
19:05:05.0149 9144 Dnscache - ok
19:05:05.0153 9144 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
19:05:05.0154 9144 dot3svc - ok
19:05:05.0157 9144 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
19:05:05.0158 9144 DPS - ok
19:05:05.0160 9144 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
19:05:05.0161 9144 drmkaud - ok
19:05:05.0172 9144 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
19:05:05.0175 9144 DXGKrnl - ok
19:05:05.0178 9144 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
19:05:05.0179 9144 EapHost - ok
19:05:05.0235 9144 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
19:05:05.0252 9144 ebdrv - ok
19:05:05.0256 9144 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
19:05:05.0257 9144 EFS - ok
19:05:05.0265 9144 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
19:05:05.0268 9144 ehRecvr - ok
19:05:05.0271 9144 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
19:05:05.0271 9144 ehSched - ok
19:05:05.0278 9144 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
19:05:05.0280 9144 elxstor - ok
19:05:05.0283 9144 [ C26133B6165928FBD156C6FE570F9ED2 ] emupia C:\windows\system32\drivers\emupia2k.sys
19:05:05.0283 9144 emupia - ok
19:05:05.0285 9144 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
19:05:05.0286 9144 ErrDev - ok
19:05:05.0293 9144 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
19:05:05.0295 9144 EventSystem - ok
19:05:05.0298 9144 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
19:05:05.0299 9144 exfat - ok
19:05:05.0302 9144 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
19:05:05.0303 9144 fastfat - ok
19:05:05.0311 9144 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
19:05:05.0314 9144 Fax - ok
19:05:05.0316 9144 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
19:05:05.0317 9144 fdc - ok
19:05:05.0319 9144 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
19:05:05.0319 9144 fdPHost - ok
19:05:05.0321 9144 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
19:05:05.0322 9144 FDResPub - ok
19:05:05.0325 9144 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
19:05:05.0325 9144 FileInfo - ok
19:05:05.0327 9144 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
19:05:05.0327 9144 Filetrace - ok
19:05:05.0329 9144 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
19:05:05.0330 9144 flpydisk - ok
19:05:05.0334 9144 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
19:05:05.0335 9144 FltMgr - ok
19:05:05.0348 9144 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
19:05:05.0352 9144 FontCache - ok
19:05:05.0370 9144 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:05:05.0371 9144 FontCache3.0.0.0 - ok
19:05:05.0375 9144 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
19:05:05.0375 9144 FsDepends - ok
19:05:05.0377 9144 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
19:05:05.0378 9144 Fs_Rec - ok
19:05:05.0382 9144 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
19:05:05.0383 9144 fvevol - ok
19:05:05.0385 9144 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
19:05:05.0386 9144 gagp30kx - ok
19:05:05.0394 9144 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
19:05:05.0398 9144 gpsvc - ok
19:05:05.0414 9144 [ A3F010D5DBFB589A3B3288C05C2EA3F9 ] ha20x2k C:\windows\system32\drivers\ha20x2k.sys
19:05:05.0419 9144 ha20x2k - ok
19:05:05.0422 9144 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\windows\system32\DRIVERS\hamachi.sys
19:05:05.0422 9144 hamachi - ok
19:05:05.0465 9144 [ F10C3F2E002100BF8B797DCF283FEA7D ] Hamachi2Svc C:\tools\LogMeIn Hamachi\hamachi-2.exe
19:05:05.0473 9144 Hamachi2Svc - ok
19:05:05.0477 9144 [ D5FA01185A7D5A65724FD87B34E53F5B ] hcmon C:\windows\system32\drivers\hcmon.sys
19:05:05.0477 9144 hcmon - ok
19:05:05.0480 9144 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
19:05:05.0480 9144 hcw85cir - ok
19:05:05.0485 9144 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
19:05:05.0487 9144 HdAudAddService - ok
19:05:05.0490 9144 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
19:05:05.0490 9144 HDAudBus - ok
19:05:05.0492 9144 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
19:05:05.0493 9144 HidBatt - ok
19:05:05.0495 9144 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
19:05:05.0496 9144 HidBth - ok
19:05:05.0498 9144 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
19:05:05.0498 9144 HidIr - ok
19:05:05.0501 9144 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
19:05:05.0502 9144 hidserv - ok
19:05:05.0504 9144 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
19:05:05.0504 9144 HidUsb - ok
19:05:05.0508 9144 [ 5350AEF38CA2D8885F47D4455E7EF4EE ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
19:05:05.0513 9144 HiPatchService - ok
19:05:05.0516 9144 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
19:05:05.0517 9144 hkmsvc - ok
19:05:05.0521 9144 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
19:05:05.0523 9144 HomeGroupListener - ok
19:05:05.0527 9144 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
19:05:05.0528 9144 HomeGroupProvider - ok
19:05:05.0539 9144 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
19:05:05.0539 9144 HpSAMD - ok
19:05:05.0548 9144 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
19:05:05.0550 9144 HTTP - ok
19:05:05.0553 9144 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
19:05:05.0553 9144 hwpolicy - ok
19:05:05.0556 9144 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
19:05:05.0556 9144 i8042prt - ok
19:05:05.0564 9144 [ 8180A2392E732E8871589B54FAB6991F ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
19:05:05.0566 9144 iaStor - ok
19:05:05.0570 9144 [ 17125B7D2F56B4B35441561C780C2CCB ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
19:05:05.0570 9144 IAStorDataMgrSvc - ok
19:05:05.0576 9144 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
19:05:05.0577 9144 iaStorV - ok
19:05:05.0587 9144 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:05:05.0590 9144 idsvc - ok
19:05:05.0637 9144 [ A1CF07D24EDCDC6870535471654D957C ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
19:05:05.0655 9144 igfx - ok
19:05:05.0659 9144 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
19:05:05.0659 9144 iirsp - ok
19:05:05.0669 9144 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
19:05:05.0672 9144 IKEEXT - ok
19:05:05.0716 9144 [ ACACD1B925D448558C1C9D0258749451 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
19:05:05.0732 9144 IntcAzAudAddService - ok
19:05:05.0738 9144 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
19:05:05.0739 9144 IntcDAud - ok
19:05:05.0747 9144 [ 0043EC20C06FD9FE339B5D37474B731E ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
19:05:06.0342 9144 Intel® Capability Licensing Service Interface - ok
19:05:06.0345 9144 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
19:05:06.0345 9144 intelide - ok
19:05:06.0348 9144 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
19:05:06.0348 9144 intelppm - ok
19:05:06.0351 9144 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
19:05:06.0352 9144 IPBusEnum - ok
19:05:06.0354 9144 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
19:05:06.0355 9144 IpFilterDriver - ok
19:05:06.0362 9144 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
19:05:06.0364 9144 iphlpsvc - ok
19:05:06.0367 9144 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
19:05:06.0367 9144 IPMIDRV - ok
19:05:06.0370 9144 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
19:05:06.0371 9144 IPNAT - ok
19:05:06.0373 9144 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
19:05:06.0373 9144 IRENUM - ok
19:05:06.0375 9144 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
19:05:06.0376 9144 isapnp - ok
19:05:06.0380 9144 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
19:05:06.0381 9144 iScsiPrt - ok
19:05:06.0385 9144 [ 9DC104E50037EEB2B2A429F86E0678B8 ] jhi_service C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
19:05:06.0386 9144 jhi_service - ok
19:05:06.0388 9144 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
19:05:06.0388 9144 kbdclass - ok
19:05:06.0390 9144 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
19:05:06.0391 9144 kbdhid - ok
19:05:06.0393 9144 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
19:05:06.0394 9144 KeyIso - ok
19:05:06.0396 9144 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
19:05:06.0397 9144 KSecDD - ok
19:05:06.0400 9144 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
19:05:06.0401 9144 KSecPkg - ok
19:05:06.0403 9144 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
19:05:06.0403 9144 ksthunk - ok
19:05:06.0409 9144 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
19:05:06.0410 9144 KtmRm - ok
19:05:06.0415 9144 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
19:05:06.0416 9144 LanmanServer - ok
19:05:06.0419 9144 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
19:05:06.0421 9144 LanmanWorkstation - ok
19:05:06.0427 9144 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
19:05:06.0428 9144 LBTServ - ok
19:05:06.0432 9144 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\windows\system32\DRIVERS\LHidFilt.Sys
19:05:06.0433 9144 LHidFilt - ok
19:05:06.0435 9144 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
19:05:06.0435 9144 lltdio - ok
19:05:06.0440 9144 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
19:05:06.0441 9144 lltdsvc - ok
19:05:06.0443 9144 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
19:05:06.0444 9144 lmhosts - ok
19:05:06.0447 9144 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\windows\system32\DRIVERS\LMouFilt.Sys
19:05:06.0447 9144 LMouFilt - ok
19:05:06.0452 9144 [ 076E80BCDC0A973114D43216AC28F795 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
19:05:06.0453 9144 LMS - ok
19:05:06.0457 9144 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
19:05:06.0457 9144 LSI_FC - ok
19:05:06.0460 9144 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
19:05:06.0460 9144 LSI_SAS - ok
19:05:06.0463 9144 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
19:05:06.0463 9144 LSI_SAS2 - ok
19:05:06.0466 9144 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
19:05:06.0466 9144 LSI_SCSI - ok
19:05:06.0469 9144 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
19:05:06.0470 9144 luafv - ok
19:05:06.0472 9144 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
19:05:06.0473 9144 MBAMProtector - ok
19:05:06.0479 9144 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:05:06.0480 9144 MBAMScheduler - ok
19:05:06.0488 9144 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:05:06.0490 9144 MBAMService - ok
19:05:06.0493 9144 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
19:05:06.0494 9144 Mcx2Svc - ok
19:05:06.0496 9144 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
19:05:06.0497 9144 megasas - ok
19:05:06.0501 9144 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
19:05:06.0502 9144 MegaSR - ok
19:05:06.0505 9144 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
19:05:06.0505 9144 MEIx64 - ok
19:05:06.0508 9144 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
19:05:06.0508 9144 MMCSS - ok
19:05:06.0510 9144 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
19:05:06.0511 9144 Modem - ok
19:05:06.0513 9144 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
19:05:06.0513 9144 monitor - ok
19:05:06.0516 9144 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
19:05:06.0516 9144 mouclass - ok
19:05:06.0518 9144 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
19:05:06.0518 9144 mouhid - ok
19:05:06.0521 9144 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
19:05:06.0521 9144 mountmgr - ok
19:05:06.0526 9144 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
19:05:06.0527 9144 MpFilter - ok
19:05:06.0530 9144 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
19:05:06.0531 9144 mpio - ok
19:05:06.0534 9144 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
19:05:06.0534 9144 mpsdrv - ok
19:05:06.0543 9144 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
19:05:06.0547 9144 MpsSvc - ok
19:05:06.0550 9144 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
19:05:06.0551 9144 MRxDAV - ok
19:05:06.0554 9144 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
19:05:06.0555 9144 mrxsmb - ok
19:05:06.0559 9144 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
19:05:06.0560 9144 mrxsmb10 - ok
19:05:06.0563 9144 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
19:05:06.0564 9144 mrxsmb20 - ok
19:05:06.0566 9144 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
19:05:06.0566 9144 msahci - ok
19:05:06.0569 9144 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
19:05:06.0570 9144 msdsm - ok
19:05:06.0573 9144 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
19:05:06.0574 9144 MSDTC - ok
19:05:06.0578 9144 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
19:05:06.0578 9144 Msfs - ok
19:05:06.0580 9144 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
19:05:06.0580 9144 mshidkmdf - ok
19:05:06.0582 9144 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
19:05:06.0583 9144 msisadrv - ok
19:05:06.0586 9144 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
19:05:06.0587 9144 MSiSCSI - ok
19:05:06.0589 9144 msiserver - ok
19:05:06.0591 9144 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
19:05:06.0592 9144 MSKSSRV - ok
19:05:06.0595 9144 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
19:05:06.0595 9144 MsMpSvc - ok
19:05:06.0597 9144 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
19:05:06.0597 9144 MSPCLOCK - ok
19:05:06.0599 9144 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
19:05:06.0599 9144 MSPQM - ok
19:05:06.0604 9144 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
19:05:06.0606 9144 MsRPC - ok
19:05:06.0609 9144 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
19:05:06.0609 9144 mssmbios - ok
19:05:06.0612 9144 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
19:05:06.0612 9144 MSTEE - ok
19:05:06.0614 9144 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
19:05:06.0614 9144 MTConfig - ok
19:05:06.0616 9144 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
19:05:06.0617 9144 Mup - ok
19:05:06.0623 9144 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
19:05:06.0625 9144 napagent - ok
19:05:06.0630 9144 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
19:05:06.0631 9144 NativeWifiP - ok
19:05:06.0641 9144 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
19:05:06.0644 9144 NDIS - ok
19:05:06.0647 9144 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
19:05:06.0647 9144 NdisCap - ok
19:05:06.0650 9144 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
19:05:06.0650 9144 NdisTapi - ok
19:05:06.0652 9144 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
19:05:06.0653 9144 Ndisuio - ok
19:05:06.0655 9144 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
19:05:06.0656 9144 NdisWan - ok
19:05:06.0658 9144 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
19:05:06.0659 9144 NDProxy - ok
19:05:06.0661 9144 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
19:05:06.0662 9144 NetBIOS - ok
19:05:06.0666 9144 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
19:05:06.0667 9144 NetBT - ok
19:05:06.0669 9144 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
19:05:06.0670 9144 Netlogon - ok
19:05:06.0675 9144 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
19:05:06.0676 9144 Netman - ok
19:05:06.0684 9144 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:05:06.0685 9144 NetMsmqActivator - ok
19:05:06.0687 9144 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:05:06.0688 9144 NetPipeActivator - ok
19:05:06.0694 9144 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
19:05:06.0696 9144 netprofm - ok
19:05:06.0698 9144 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:05:06.0699 9144 NetTcpActivator - ok
19:05:06.0701 9144 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:05:06.0702 9144 NetTcpPortSharing - ok
19:05:06.0704 9144 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
19:05:06.0705 9144 nfrd960 - ok
19:05:06.0708 9144 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
19:05:06.0709 9144 NisDrv - ok
19:05:06.0714 9144 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
19:05:06.0716 9144 NisSrv - ok
19:05:06.0721 9144 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
19:05:06.0722 9144 NlaSvc - ok
19:05:06.0727 9144 [ F554C5FD7BD1EFA4DA5CFE2EED86391F ] nm3 C:\windows\system32\DRIVERS\nm3.sys
19:05:06.0727 9144 nm3 - ok
19:05:06.0730 9144 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
19:05:06.0730 9144 Npfs - ok
19:05:06.0732 9144 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
19:05:06.0733 9144 nsi - ok
19:05:06.0735 9144 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
19:05:06.0735 9144 nsiproxy - ok
19:05:06.0752 9144 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
19:05:06.0758 9144 Ntfs - ok
19:05:06.0760 9144 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
19:05:06.0761 9144 Null - ok
19:05:06.0765 9144 [ 8D4AAC74B571FC356560E5B308955E93 ] NVHDA C:\windows\system32\drivers\nvhda64v.sys
19:05:06.0765 9144 NVHDA - ok
19:05:06.0887 9144 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
19:05:06.0931 9144 nvlddmkm - ok
19:05:06.0936 9144 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
19:05:06.0937 9144 nvraid - ok
19:05:06.0940 9144 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
19:05:06.0941 9144 nvstor - ok
19:05:06.0950 9144 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
19:05:06.0954 9144 nvsvc - ok
19:05:06.0967 9144 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:05:06.0971 9144 nvUpdatusService - ok
19:05:06.0975 9144 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
19:05:06.0975 9144 nv_agp - ok
19:05:06.0978 9144 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
19:05:06.0978 9144 ohci1394 - ok
19:05:06.0981 9144 [ 0E2DE427EBE106E7E5B52869D5C99F68 ] ossrv C:\windows\system32\drivers\ctoss2k.sys
19:05:06.0982 9144 ossrv - ok
19:05:06.0987 9144 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
19:05:06.0989 9144 p2pimsvc - ok
19:05:06.0995 9144 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
19:05:06.0997 9144 p2psvc - ok
19:05:07.0000 9144 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
19:05:07.0000 9144 Parport - ok
19:05:07.0003 9144 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
19:05:07.0004 9144 partmgr - ok
19:05:07.0007 9144 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
19:05:07.0009 9144 PcaSvc - ok
19:05:07.0012 9144 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
19:05:07.0013 9144 pci - ok
19:05:07.0015 9144 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
19:05:07.0015 9144 pciide - ok
19:05:07.0019 9144 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
19:05:07.0020 9144 pcmcia - ok
19:05:07.0022 9144 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
19:05:07.0022 9144 pcw - ok
19:05:07.0030 9144 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
19:05:07.0032 9144 PEAUTH - ok
19:05:07.0045 9144 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\windows\system32\peerdistsvc.dll
19:05:07.0051 9144 PeerDistSvc - ok
19:05:07.0073 9144 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
19:05:07.0073 9144 PerfHost - ok
19:05:07.0079 9144 [ 25367AFF274D7DF637B7D5336246773E ] PhoneMyPC_Helper C:\tools\PhoneMyPC\PhoneMyPC_Helper.exe
19:05:07.0087 9144 PhoneMyPC_Helper - ok
19:05:07.0102 9144 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
19:05:07.0107 9144 pla - ok
19:05:07.0114 9144 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
19:05:07.0116 9144 PlugPlay - ok
19:05:07.0120 9144 PnkBstrA - ok
19:05:07.0122 9144 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
19:05:07.0123 9144 PNRPAutoReg - ok
19:05:07.0128 9144 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
19:05:07.0130 9144 PNRPsvc - ok
19:05:07.0136 9144 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
19:05:07.0138 9144 PolicyAgent - ok
19:05:07.0143 9144 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
19:05:07.0144 9144 Power - ok
19:05:07.0147 9144 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
19:05:07.0147 9144 PptpMiniport - ok
19:05:07.0150 9144 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
19:05:07.0150 9144 Processor - ok
19:05:07.0154 9144 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
19:05:07.0156 9144 ProfSvc - ok
19:05:07.0158 9144 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
19:05:07.0159 9144 ProtectedStorage - ok
19:05:07.0163 9144 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
19:05:07.0163 9144 Psched - ok
19:05:07.0179 9144 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
19:05:07.0184 9144 ql2300 - ok
19:05:07.0187 9144 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
19:05:07.0188 9144 ql40xx - ok
19:05:07.0192 9144 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
19:05:07.0194 9144 QWAVE - ok
19:05:07.0196 9144 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
19:05:07.0196 9144 QWAVEdrv - ok
19:05:07.0198 9144 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
19:05:07.0199 9144 RasAcd - ok
19:05:07.0201 9144 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
19:05:07.0202 9144 RasAgileVpn - ok
19:05:07.0204 9144 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
19:05:07.0206 9144 RasAuto - ok
19:05:07.0209 9144 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
19:05:07.0209 9144 Rasl2tp - ok
19:05:07.0214 9144 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
19:05:07.0216 9144 RasMan - ok
19:05:07.0219 9144 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
19:05:07.0219 9144 RasPppoe - ok
19:05:07.0222 9144 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
19:05:07.0222 9144 RasSstp - ok
19:05:07.0227 9144 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
19:05:07.0228 9144 rdbss - ok
19:05:07.0231 9144 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
19:05:07.0231 9144 rdpbus - ok
19:05:07.0233 9144 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
19:05:07.0233 9144 RDPCDD - ok
19:05:07.0237 9144 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\windows\system32\drivers\rdpdr.sys
19:05:07.0238 9144 RDPDR - ok
19:05:07.0240 9144 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
19:05:07.0240 9144 RDPENCDD - ok
19:05:07.0243 9144 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
19:05:07.0243 9144 RDPREFMP - ok
19:05:07.0246 9144 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
19:05:07.0246 9144 RdpVideoMiniport - ok
19:05:07.0250 9144 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
19:05:07.0251 9144 RDPWD - ok
19:05:07.0255 9144 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
19:05:07.0255 9144 rdyboost - ok
19:05:07.0258 9144 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
19:05:07.0259 9144 RemoteAccess - ok
19:05:07.0263 9144 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
19:05:07.0264 9144 RemoteRegistry - ok
19:05:07.0267 9144 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
19:05:07.0268 9144 RpcEptMapper - ok
19:05:07.0270 9144 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
19:05:07.0271 9144 RpcLocator - ok
19:05:07.0277 9144 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
19:05:07.0280 9144 RpcSs - ok
19:05:07.0282 9144 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
19:05:07.0283 9144 rspndr - ok
19:05:07.0291 9144 [ 7F4F11527AF5A7E4526CB6A146B3E40C ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
19:05:07.0293 9144 RTL8167 - ok
19:05:07.0295 9144 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\windows\system32\drivers\vms3cap.sys
19:05:07.0296 9144 s3cap - ok
19:05:07.0301 9144 [ D546957C2B954D5763614EA203ADD125 ] SaiK0CD7 C:\windows\system32\DRIVERS\SaiK0CD7.sys
19:05:07.0330 9144 SaiK0CD7 - ok
19:05:07.0333 9144 [ E124BCFB55ADCD4AA273E73C3D666F9F ] SaiMini C:\windows\system32\DRIVERS\SaiMini.sys
19:05:07.0339 9144 SaiMini - ok
19:05:07.0342 9144 [ 94AB59E2D3F301DC2B6EA97A027CEBFA ] SaiNtBus C:\windows\system32\drivers\SaiBus.sys
19:05:07.0350 9144 SaiNtBus - ok
19:05:07.0353 9144 [ 5B0C3962CC3EED5F831C5E1046595B50 ] SaiU0CD7 C:\windows\system32\DRIVERS\SaiU0CD7.sys
19:05:07.0371 9144 SaiU0CD7 - ok
19:05:07.0374 9144 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
19:05:07.0374 9144 SamSs - ok
19:05:07.0377 9144 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
19:05:07.0378 9144 sbp2port - ok
19:05:07.0381 9144 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
19:05:07.0383 9144 SCardSvr - ok
19:05:07.0385 9144 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
19:05:07.0386 9144 scfilter - ok
19:05:07.0398 9144 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
19:05:07.0403 9144 Schedule - ok
19:05:07.0406 9144 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
19:05:07.0406 9144 SCPolicySvc - ok
19:05:07.0409 9144 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
19:05:07.0411 9144 SDRSVC - ok
19:05:07.0413 9144 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
19:05:07.0413 9144 secdrv - ok
19:05:07.0416 9144 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
19:05:07.0417 9144 seclogon - ok
19:05:07.0419 9144 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
19:05:07.0421 9144 SENS - ok
19:05:07.0423 9144 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
19:05:07.0424 9144 SensrSvc - ok
19:05:07.0426 9144 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
19:05:07.0427 9144 Serenum - ok
19:05:07.0429 9144 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
19:05:07.0430 9144 Serial - ok
19:05:07.0431 9144 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
19:05:07.0432 9144 sermouse - ok
19:05:07.0437 9144 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
19:05:07.0438 9144 SessionEnv - ok
19:05:07.0441 9144 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
19:05:07.0441 9144 sffdisk - ok
19:05:07.0443 9144 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
19:05:07.0443 9144 sffp_mmc - ok
19:05:07.0445 9144 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
19:05:07.0445 9144 sffp_sd - ok
19:05:07.0447 9144 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
19:05:07.0448 9144 sfloppy - ok
19:05:07.0453 9144 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
19:05:07.0455 9144 SharedAccess - ok
19:05:07.0460 9144 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
19:05:07.0463 9144 ShellHWDetection - ok
19:05:07.0465 9144 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
19:05:07.0466 9144 SiSRaid2 - ok
19:05:07.0468 9144 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
19:05:07.0469 9144 SiSRaid4 - ok
19:05:07.0482 9144 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:05:07.0482 9144 SkypeUpdate - ok
19:05:07.0485 9144 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
19:05:07.0486 9144 Smb - ok
19:05:07.0490 9144 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
19:05:07.0491 9144 SNMPTRAP - ok
19:05:07.0493 9144 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
19:05:07.0493 9144 spldr - ok
19:05:07.0501 9144 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
19:05:07.0503 9144 Spooler - ok
19:05:07.0538 9144 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
19:05:07.0550 9144 sppsvc - ok
19:05:07.0553 9144 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
19:05:07.0554 9144 sppuinotify - ok
19:05:07.0557 9144 sptd - ok
19:05:07.0563 9144 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
19:05:07.0565 9144 srv - ok
19:05:07.0571 9144 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
19:05:07.0572 9144 srv2 - ok
19:05:07.0576 9144 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
19:05:07.0577 9144 srvnet - ok
19:05:07.0581 9144 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
19:05:07.0582 9144 SSDPSRV - ok
19:05:07.0585 9144 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
19:05:07.0586 9144 SstpSvc - ok
19:05:07.0594 9144 [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
19:05:07.0595 9144 StarWindServiceAE - ok
19:05:07.0598 9144 Steam Client Service - ok
19:05:07.0603 9144 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:05:07.0605 9144 Stereo Service - ok
19:05:07.0607 9144 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
19:05:07.0608 9144 stexstor - ok
19:05:07.0615 9144 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
19:05:07.0618 9144 stisvc - ok
19:05:07.0621 9144 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\windows\system32\drivers\vmstorfl.sys
19:05:07.0622 9144 storflt - ok
19:05:07.0624 9144 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\windows\system32\drivers\storvsc.sys
19:05:07.0624 9144 storvsc - ok
19:05:07.0626 9144 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
19:05:07.0627 9144 swenum - ok
19:05:07.0633 9144 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
19:05:07.0636 9144 swprv - ok
19:05:07.0638 9144 Synth3dVsc - ok
19:05:07.0656 9144 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
19:05:07.0662 9144 SysMain - ok
19:05:07.0666 9144 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
19:05:07.0667 9144 TabletInputService - ok
19:05:07.0672 9144 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
19:05:07.0674 9144 TapiSrv - ok
19:05:07.0677 9144 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
19:05:07.0678 9144 TBS - ok
19:05:07.0697 9144 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
19:05:07.0704 9144 Tcpip - ok
19:05:07.0724 9144 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
19:05:07.0730 9144 TCPIP6 - ok
19:05:07.0734 9144 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
19:05:07.0734 9144 tcpipreg - ok
19:05:07.0737 9144 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
19:05:07.0738 9144 TDPIPE - ok
19:05:07.0740 9144 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
19:05:07.0740 9144 TDTCP - ok
19:05:07.0743 9144 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
19:05:07.0744 9144 tdx - ok
19:05:07.0746 9144 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
19:05:07.0747 9144 TermDD - ok
19:05:07.0756 9144 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
19:05:07.0759 9144 TermService - ok
19:05:07.0762 9144 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
19:05:07.0763 9144 Themes - ok
19:05:07.0766 9144 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
19:05:07.0767 9144 THREADORDER - ok
19:05:07.0770 9144 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
19:05:07.0771 9144 TrkWks - ok
19:05:07.0775 9144 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
19:05:07.0776 9144 TrustedInstaller - ok
19:05:07.0779 9144 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
19:05:07.0780 9144 tssecsrv - ok
19:05:07.0793 9144 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
19:05:07.0793 9144 TsUsbFlt - ok
19:05:07.0795 9144 tsusbhub - ok
19:05:07.0799 9144 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
19:05:07.0799 9144 tunnel - ok
19:05:07.0802 9144 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
19:05:07.0802 9144 uagp35 - ok
19:05:07.0807 9144 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
19:05:07.0809 9144 udfs - ok
19:05:07.0827 9144 [ 215462AE7E6A897D675E84DD1E3B3B56 ] ufad-ws60 C:\tools\VMware View\Client\Local Mode\vmware-ufad.exe
19:05:07.0828 9144 ufad-ws60 - ok
19:05:07.0832 9144 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
19:05:07.0833 9144 UI0Detect - ok
19:05:07.0835 9144 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
19:05:07.0836 9144 uliagpkx - ok
19:05:07.0839 9144 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
19:05:07.0839 9144 umbus - ok
19:05:07.0841 9144 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
19:05:07.0842 9144 UmPass - ok
19:05:07.0845 9144 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\windows\System32\umrdp.dll
19:05:07.0847 9144 UmRdpService - ok
19:05:07.0854 9144 [ E1F943481E4C126FDE6C3A8D1443232F ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
19:05:07.0855 9144 UNS - ok
19:05:07.0860 9144 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
19:05:07.0863 9144 upnphost - ok
19:05:07.0866 9144 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\windows\system32\drivers\usbaudio.sys
19:05:07.0867 9144 usbaudio - ok
19:05:07.0870 9144 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
19:05:07.0870 9144 usbccgp - ok
19:05:07.0873 9144 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
19:05:07.0874 9144 usbcir - ok
19:05:07.0876 9144 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
19:05:07.0876 9144 usbehci - ok
19:05:07.0882 9144 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
19:05:07.0883 9144 usbhub - ok
19:05:07.0885 9144 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
19:05:07.0886 9144 usbohci - ok
19:05:07.0888 9144 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
19:05:07.0888 9144 usbprint - ok
19:05:07.0891 9144 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\drivers\USBSTOR.SYS
19:05:07.0891 9144 USBSTOR - ok
19:05:07.0893 9144 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
19:05:07.0893 9144 usbuhci - ok
19:05:07.0896 9144 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
19:05:07.0897 9144 UxSms - ok
19:05:07.0899 9144 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
19:05:07.0900 9144 VaultSvc - ok
19:05:07.0903 9144 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
19:05:07.0903 9144 vdrvroot - ok
19:05:07.0909 9144 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
19:05:07.0912 9144 vds - ok
19:05:07.0915 9144 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
19:05:07.0915 9144 vga - ok
19:05:07.0917 9144 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
19:05:07.0918 9144 VgaSave - ok
19:05:07.0919 9144 VGPU - ok
19:05:07.0923 9144 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
19:05:07.0924 9144 vhdmp - ok
19:05:07.0926 9144 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
19:05:07.0927 9144 viaide - ok
19:05:07.0929 9144 [ C430CB0A667ACBA89EE79862BFC9FE2D ] VMAuthdService C:\tools\VMware View\Client\Local Mode\vmware-authd.exe
19:05:07.0930 9144 VMAuthdService - ok
19:05:07.0934 9144 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\windows\system32\drivers\vmbus.sys
19:05:07.0935 9144 vmbus - ok
19:05:07.0937 9144 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\windows\system32\drivers\VMBusHID.sys
19:05:07.0937 9144 VMBusHID - ok
19:05:07.0940 9144 [ 8C469FA55EA0F38EA8930D6D7B9B6052 ] vmci C:\windows\system32\drivers\vmci.sys
19:05:07.0941 9144 vmci - ok
19:05:07.0943 9144 [ FFC30CAEEB2FC5FEE8568CFF74EDEAED ] vmkbd C:\windows\system32\drivers\VMkbd.sys
19:05:07.0943 9144 vmkbd - ok
19:05:07.0946 9144 [ 9D54F1339E78C95BF3D9939EBCB66378 ] VMnetAdapter C:\windows\system32\DRIVERS\vmnetadapter.sys
19:05:07.0946 9144 VMnetAdapter - ok
19:05:07.0950 9144 [ FB54EF3AA613D2832FD3812E7CB2FC75 ] VMnetBridge C:\windows\system32\DRIVERS\vmnetbridge.sys
19:05:07.0950 9144 VMnetBridge - ok
19:05:07.0952 9144 VMnetDHCP - ok
19:05:07.0955 9144 [ E7136FA90437D598DE66F2C1DB12911F ] VMnetuserif C:\windows\system32\drivers\vmnetuserif.sys
19:05:07.0955 9144 VMnetuserif - ok
19:05:07.0962 9144 [ 19368F7C4DC6EF444B826249FC8A0E30 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
19:05:07.0964 9144 VMUSBArbService - ok
19:05:07.0966 9144 VMware NAT Service - ok
19:05:07.0970 9144 [ F9D116EF357C1026B4F6BF670541426A ] vmwvusb C:\windows\system32\Drivers\vmwvusb.sys
19:05:07.0971 9144 vmwvusb - ok
19:05:07.0973 9144 [ 1ECB52275F05912175CF333F7D33836D ] vmx86 C:\windows\system32\drivers\vmx86.sys
19:05:07.0974 9144 vmx86 - ok
19:05:07.0976 9144 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
19:05:07.0977 9144 volmgr - ok
19:05:07.0982 9144 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
19:05:07.0983 9144 volmgrx - ok
19:05:07.0988 9144 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
19:05:07.0989 9144 volsnap - ok
19:05:07.0993 9144 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
19:05:07.0993 9144 vsmraid - ok
19:05:08.0010 9144 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
19:05:08.0016 9144 VSS - ok
19:05:08.0020 9144 [ E61C910E2DDF4797C1B1F9239636E894 ] vstor2-ws60 C:\tools\VMware View\Client\Local Mode\vstor2-ws60.sys
19:05:08.0021 9144 vstor2-ws60 - ok
19:05:08.0023 9144 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\System32\drivers\vwifibus.sys
19:05:08.0023 9144 vwifibus - ok
19:05:08.0029 9144 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
19:05:08.0031 9144 W32Time - ok
19:05:08.0034 9144 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
19:05:08.0034 9144 WacomPen - ok
19:05:08.0037 9144 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
19:05:08.0038 9144 WANARP - ok
19:05:08.0040 9144 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
19:05:08.0040 9144 Wanarpv6 - ok
19:05:08.0053 9144 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
19:05:08.0057 9144 WatAdminSvc - ok
19:05:08.0073 9144 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
19:05:08.0079 9144 wbengine - ok
19:05:08.0084 9144 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
19:05:08.0085 9144 WbioSrvc - ok
19:05:08.0091 9144 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
19:05:08.0093 9144 wcncsvc - ok
19:05:08.0096 9144 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
19:05:08.0097 9144 WcsPlugInService - ok
19:05:08.0099 9144 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
19:05:08.0100 9144 Wd - ok
19:05:08.0107 9144 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
19:05:08.0109 9144 Wdf01000 - ok
19:05:08.0112 9144 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
19:05:08.0113 9144 WdiServiceHost - ok
19:05:08.0115 9144 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
19:05:08.0117 9144 WdiSystemHost - ok
19:05:08.0121 9144 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
19:05:08.0123 9144 WebClient - ok
19:05:08.0127 9144 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
19:05:08.0129 9144 Wecsvc - ok
19:05:08.0132 9144 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
19:05:08.0133 9144 wercplsupport - ok
19:05:08.0136 9144 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
19:05:08.0138 9144 WerSvc - ok
19:05:08.0141 9144 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
19:05:08.0141 9144 WfpLwf - ok
19:05:08.0144 9144 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
19:05:08.0144 9144 WIMMount - ok
19:05:08.0146 9144 WinDefend - ok
19:05:08.0150 9144 WinHttpAutoProxySvc - ok
19:05:08.0155 9144 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
19:05:08.0156 9144 Winmgmt - ok
19:05:08.0176 9144 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
19:05:08.0183 9144 WinRM - ok
19:05:08.0196 9144 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
19:05:08.0200 9144 Wlansvc - ok
19:05:08.0222 9144 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:05:08.0230 9144 wlidsvc - ok
19:05:08.0233 9144 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
19:05:08.0233 9144 WmiAcpi - ok
19:05:08.0238 9144 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
19:05:08.0239 9144 wmiApSrv - ok
19:05:08.0241 9144 wmicucltsvc - ok
19:05:08.0243 9144 WMPNetworkSvc - ok
19:05:08.0245 9144 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
19:05:08.0246 9144 WPCSvc - ok
19:05:08.0249 9144 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
19:05:08.0251 9144 WPDBusEnum - ok
19:05:08.0253 9144 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
19:05:08.0253 9144 ws2ifsl - ok
19:05:08.0256 9144 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
19:05:08.0258 9144 wscsvc - ok
19:05:08.0259 9144 WSearch - ok
19:05:08.0268 9144 [ 2E736661AC0363DC2F661AB33D2510C1 ] wsnm C:\tools\VMware View\Client\bin\wsnm.exe
19:05:08.0270 9144 wsnm - ok
19:05:08.0282 9144 [ 69FF0D8973EB46A0D302E7F157297FD7 ] wsnm_usbctrl C:\tools\VMware View\Client\bin\wsnm_usbctrl.exe
19:05:08.0286 9144 wsnm_usbctrl - ok
19:05:08.0310 9144 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
19:05:08.0319 9144 wuauserv - ok
19:05:08.0322 9144 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
19:05:08.0323 9144 WudfPf - ok
19:05:08.0327 9144 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
19:05:08.0327 9144 WUDFRd - ok
19:05:08.0330 9144 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
19:05:08.0331 9144 wudfsvc - ok
19:05:08.0336 9144 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
19:05:08.0338 9144 WwanSvc - ok
19:05:08.0342 9144 [ 2C6BC21B2D5B58D8B1D638C1704CB494 ] xusb21 C:\windows\system32\DRIVERS\xusb21.sys
19:05:08.0342 9144 xusb21 - ok
19:05:08.0346 9144 ================ Scan global ===============================
19:05:08.0348 9144 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
19:05:08.0360 9144 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
19:05:08.0365 9144 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
19:05:08.0368 9144 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
19:05:08.0374 9144 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
19:05:08.0376 9144 [Global] - ok
19:05:08.0376 9144 ================ Scan MBR ==================================
19:05:08.0377 9144 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:05:08.0452 9144 \Device\Harddisk0\DR0 - ok
19:05:08.0460 9144 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
19:05:08.0593 9144 \Device\Harddisk1\DR1 - ok
19:05:08.0608 9144 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
19:05:08.0669 9144 \Device\Harddisk2\DR2 - ok
19:05:08.0683 9144 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk3\DR3
19:05:08.0823 9144 \Device\Harddisk3\DR3 - ok
19:05:08.0827 9144 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk4\DR4
19:05:09.0338 9144 \Device\Harddisk4\DR4 - ok
19:05:09.0338 9144 ================ Scan VBR ==================================
19:05:09.0340 9144 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition1
19:05:09.0340 9144 \Device\Harddisk0\DR0\Partition1 - ok
19:05:09.0343 9144 [ 105D1E1E807A5672F81B57036E3F891C ] \Device\Harddisk0\DR0\Partition2
19:05:09.0344 9144 \Device\Harddisk0\DR0\Partition2 - ok
19:05:09.0347 9144 [ 351C19E7D2A839BA93D5C8222467F38A ] \Device\Harddisk1\DR1\Partition1
19:05:09.0348 9144 \Device\Harddisk1\DR1\Partition1 - ok
19:05:09.0351 9144 [ FDB1D1BE11D663765CE73D11D1080BD1 ] \Device\Harddisk1\DR1\Partition2
19:05:09.0352 9144 \Device\Harddisk1\DR1\Partition2 - ok
19:05:09.0380 9144 [ 6FC0AEA563D0C095D796E0C60A17AE30 ] \Device\Harddisk2\DR2\Partition1
19:05:09.0382 9144 \Device\Harddisk2\DR2\Partition1 - ok
19:05:09.0384 9144 [ D724A585169266A22966CBA1274E611E ] \Device\Harddisk3\DR3\Partition1
19:05:09.0385 9144 \Device\Harddisk3\DR3\Partition1 - ok
19:05:09.0388 9144 [ D075FB3DF9B8B8892CA2DB6E40B9B1A0 ] \Device\Harddisk4\DR4\Partition1
19:05:09.0391 9144 \Device\Harddisk4\DR4\Partition1 - ok
19:05:09.0392 9144 ============================================================
19:05:09.0392 9144 Scan finished
19:05:09.0392 9144 ============================================================
19:05:09.0403 6404 Detected object count: 0
19:05:09.0403 6404 Actual detected object count: 0
19:05:21.0780 8756 Deinitialize success

Attached Files



#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:39 AM

Posted 30 October 2012 - 07:16 PM

Please run the following:

Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 HothMonster

HothMonster
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 30 October 2012 - 07:47 PM

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.30.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Casey_2 :: ICORE [administrator]

10/30/2012 7:23:48 PM
mbam-log-2012-10-30 (19-23-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 303781
Time elapsed: 1 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Eset is gonna be awhile I have lots of gbs.

Attached Files



#10 HothMonster

HothMonster
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 31 October 2012 - 05:04 PM

Eset was clean.

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:39 AM

Posted 31 October 2012 - 05:06 PM

that's good news

you can remove this outdated Java via programs and Features as you already have the latest version of Java installed:

Java™ 6 Update 32


How is the computer running now? Are there any outstanding issues?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 HothMonster

HothMonster
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 31 October 2012 - 05:23 PM

Feels alright.

You see anything particularly fishy or was this all just SOP?

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:39 AM

Posted 31 October 2012 - 05:27 PM

combofix removed some entries, but the rest of the logs look ok now

we just have some housekeeping to do now

please do the following:


You can delete the DDS, Farbar, RogueKiller and TDSSKiller logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


NEXT

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    PC Safety and Security--What Do I Need?.
  • Simple and easy ways to keep your computer safe and secure on the Internet

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 HothMonster

HothMonster
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 31 October 2012 - 05:43 PM

Thanks a million. This link should give you a copy of Hotline Miami. If it doesn't work PM me an email address and I'll send it proper.

Edited by CatByte, 31 October 2012 - 07:05 PM.
removed link


#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:39 AM

Posted 31 October 2012 - 07:05 PM

you are welcome

stay safe

~CB

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users