Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

virus? or system problem?


  • Please log in to reply
8 replies to this topic

#1 hopiken

hopiken

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 29 November 2012 - 03:44 AM

For the past week or so, my cpu has been maxed out at 100% causing applications to fail freeze and crash. checked my task manager, and the main offender is svchost.exe*32, with a description title of winrscmde. not a computer person, but have no idea whether that is a valid system process vital to windows or some sort of virus. more often than not, that one process accounts for between 400k and 900k of my memory and over 90% of the cpu. goes down once i shut down and restart computer and gradually builds itself back up. please point me in the right direction...

BC AdBot (Login to Remove)

 


#2 ryder

ryder

  • Security Colleague
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern Germany
  • Local time:10:03 PM

Posted 29 November 2012 - 05:16 AM

It can be but doesnt have to be malware. You can only be sure if you have someone your logfiles checked. I suggest you open a thread in http://www.bleepingcomputer.com/forums/forum22.html

#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:03 PM

Posted 29 November 2012 - 05:41 AM

You're infected

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#4 hopiken

hopiken
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 01 December 2012 - 02:05 AM

here are the first two logs i think you requested, the third one is taking some time, will post when complete.
thank you

22:30:30.0178 0404 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:30:31.0704 0404 ============================================================
22:30:31.0704 0404 Current date / time: 2012/11/30 22:30:31.0704
22:30:31.0704 0404 SystemInfo:
22:30:31.0705 0404
22:30:31.0705 0404 OS Version: 6.1.7601 ServicePack: 1.0
22:30:31.0705 0404 Product type: Workstation
22:30:31.0705 0404 ComputerName: FRANK-PC
22:30:31.0706 0404 UserName: SWAN
22:30:31.0706 0404 Windows directory: C:\Windows
22:30:31.0706 0404 System windows directory: C:\Windows
22:30:31.0706 0404 Running under WOW64
22:30:31.0706 0404 Processor architecture: Intel x64
22:30:31.0706 0404 Number of processors: 1
22:30:31.0706 0404 Page size: 0x1000
22:30:31.0706 0404 Boot type: Normal boot
22:30:31.0706 0404 ============================================================
22:30:34.0547 0404 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:30:34.0553 0404 ============================================================
22:30:34.0553 0404 \Device\Harddisk0\DR0:
22:30:34.0553 0404 MBR partitions:
22:30:34.0553 0404 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
22:30:34.0553 0404 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B8CC000
22:30:34.0553 0404 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1B930000, BlocksNum 0x1895000
22:30:34.0553 0404 ============================================================
22:30:34.0629 0404 C: <-> \Device\Harddisk0\DR0\Partition2
22:30:34.0996 0404 D: <-> \Device\Harddisk0\DR0\Partition3
22:30:35.0015 0404 ============================================================
22:30:35.0016 0404 Initialize success
22:30:35.0016 0404 ============================================================
22:30:49.0419 12148 ============================================================
22:30:49.0419 12148 Scan started
22:30:49.0419 12148 Mode: Manual; TDLFS;
22:30:49.0419 12148 ============================================================
22:30:52.0171 12148 ================ Scan system memory ========================
22:30:52.0171 12148 System memory - ok
22:30:52.0175 12148 ================ Scan services =============================
22:30:52.0487 12148 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
22:30:52.0512 12148 !SASCORE - ok
22:30:52.0668 12148 [ 171CD738F0F1AB8866DBADA27A873B4B ] .AVQWindowsMonitorService C:\Program Files (x86)\Avanquest\SystemSuite\AVQWinMonEngine.exe
22:30:52.0696 12148 .AVQWindowsMonitorService - ok
22:30:53.0129 12148 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:30:53.0169 12148 1394ohci - ok
22:30:53.0220 12148 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:30:53.0240 12148 ACPI - ok
22:30:53.0289 12148 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:30:53.0311 12148 AcpiPmi - ok
22:30:53.0499 12148 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:30:53.0549 12148 AdobeFlashPlayerUpdateSvc - ok
22:30:53.0633 12148 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:30:53.0664 12148 adp94xx - ok
22:30:53.0708 12148 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:30:53.0731 12148 adpahci - ok
22:30:53.0763 12148 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:30:53.0804 12148 adpu320 - ok
22:30:53.0843 12148 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:30:53.0853 12148 AeLookupSvc - ok
22:30:53.0936 12148 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:30:53.0974 12148 AFD - ok
22:30:54.0019 12148 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:30:54.0024 12148 agp440 - ok
22:30:54.0080 12148 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:30:54.0329 12148 ALG - ok
22:30:54.0354 12148 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:30:54.0358 12148 aliide - ok
22:30:54.0376 12148 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:30:54.0402 12148 amdide - ok
22:30:54.0429 12148 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:30:54.0437 12148 AmdK8 - ok
22:30:54.0456 12148 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:30:54.0505 12148 AmdPPM - ok
22:30:54.0535 12148 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:30:54.0593 12148 amdsata - ok
22:30:54.0656 12148 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:30:54.0688 12148 amdsbs - ok
22:30:54.0706 12148 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:30:54.0738 12148 amdxata - ok
22:30:54.0786 12148 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
22:30:54.0817 12148 androidusb - ok
22:30:54.0919 12148 [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
22:30:54.0958 12148 AppHostSvc - ok
22:30:55.0016 12148 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:30:55.0262 12148 AppID - ok
22:30:55.0315 12148 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:30:55.0329 12148 AppIDSvc - ok
22:30:55.0381 12148 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:30:55.0391 12148 Appinfo - ok
22:30:55.0491 12148 [ 849440B2BF92A58A43B7F906ED53A8AE ] AQFileRestore C:\Windows\syswow64\drivers\AQFileRestore.sys
22:30:55.0530 12148 AQFileRestore - ok
22:30:55.0627 12148 [ 6527DCCE5DDAEA933DC603A11BAD8ECC ] AQFileRestoreSrv C:\Program Files (x86)\Avanquest\SystemSuite\AQFileRestoreSrv.exe
22:30:55.0676 12148 AQFileRestoreSrv - ok
22:30:55.0738 12148 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:30:55.0742 12148 arc - ok
22:30:55.0761 12148 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:30:55.0765 12148 arcsas - ok
22:30:55.0947 12148 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:30:56.0293 12148 aspnet_state - ok
22:30:56.0342 12148 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:30:56.0361 12148 AsyncMac - ok
22:30:56.0396 12148 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:30:56.0397 12148 atapi - ok
22:30:56.0510 12148 [ 96ABF88241F90FF647E55C934C55C2F1 ] athr C:\Windows\system32\DRIVERS\athrx.sys
22:30:56.0602 12148 athr - ok
22:30:56.0701 12148 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:30:56.0766 12148 AudioEndpointBuilder - ok
22:30:56.0795 12148 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:30:56.0803 12148 AudioSrv - ok
22:30:56.0896 12148 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:30:56.0996 12148 AxInstSV - ok
22:30:57.0307 12148 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:30:57.0396 12148 b06bdrv - ok
22:30:57.0553 12148 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:30:57.0561 12148 b57nd60a - ok
22:30:57.0809 12148 [ 23D68A29D1E12E593E99A7CF8F5F1B95 ] BCMH43XX C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
22:30:57.0867 12148 BCMH43XX - ok
22:30:57.0902 12148 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:30:57.0953 12148 BDESVC - ok
22:30:57.0978 12148 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:30:58.0036 12148 Beep - ok
22:30:58.0303 12148 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:30:58.0354 12148 BFE - ok
22:30:58.0429 12148 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
22:30:58.0836 12148 BITS - ok
22:30:58.0898 12148 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:30:58.0923 12148 blbdrive - ok
22:30:58.0973 12148 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:30:59.0023 12148 bowser - ok
22:30:59.0054 12148 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:30:59.0112 12148 BrFiltLo - ok
22:30:59.0139 12148 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:30:59.0149 12148 BrFiltUp - ok
22:30:59.0408 12148 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:30:59.0415 12148 Browser - ok
22:30:59.0442 12148 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:30:59.0450 12148 Brserid - ok
22:30:59.0494 12148 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:30:59.0511 12148 BrSerWdm - ok
22:30:59.0525 12148 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:30:59.0568 12148 BrUsbMdm - ok
22:30:59.0582 12148 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:30:59.0597 12148 BrUsbSer - ok
22:30:59.0623 12148 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:30:59.0628 12148 BTHMODEM - ok
22:30:59.0672 12148 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:30:59.0780 12148 bthserv - ok
22:30:59.0848 12148 [ D1787E11C6A0078DDEAF8CF3EE2AB293 ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys
22:30:59.0856 12148 CAXHWAZL - ok
22:30:59.0870 12148 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:30:59.0874 12148 cdfs - ok
22:30:59.0946 12148 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:30:59.0987 12148 cdrom - ok
22:31:00.0056 12148 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:31:00.0304 12148 CertPropSvc - ok
22:31:00.0360 12148 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:31:00.0366 12148 circlass - ok
22:31:00.0409 12148 [ FF60401F1C659CA2ED4BAE85D3FD14DA ] CISVC C:\Windows\system32\CISVC.EXE
22:31:00.0426 12148 CISVC - ok
22:31:00.0480 12148 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:31:00.0593 12148 CLFS - ok
22:31:00.0657 12148 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:31:00.0723 12148 clr_optimization_v2.0.50727_32 - ok
22:31:00.0776 12148 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:31:00.0838 12148 clr_optimization_v2.0.50727_64 - ok
22:31:00.0928 12148 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:31:01.0442 12148 clr_optimization_v4.0.30319_32 - ok
22:31:01.0468 12148 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:31:01.0674 12148 clr_optimization_v4.0.30319_64 - ok
22:31:01.0730 12148 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:31:01.0755 12148 CmBatt - ok
22:31:01.0789 12148 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:31:01.0814 12148 cmdide - ok
22:31:01.0856 12148 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
22:31:01.0878 12148 CNG - ok
22:31:01.0956 12148 [ A44DFDB81DC62B11760881175E5B2266 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
22:31:02.0043 12148 CnxtHdAudService - ok
22:31:02.0429 12148 [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
22:31:02.0466 12148 Com4QLBEx - ok
22:31:02.0506 12148 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:31:02.0706 12148 Compbatt - ok
22:31:02.0767 12148 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:31:02.0817 12148 CompositeBus - ok
22:31:02.0844 12148 COMSysApp - ok
22:31:02.0882 12148 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:31:02.0923 12148 crcdisk - ok
22:31:02.0980 12148 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:31:03.0031 12148 CryptSvc - ok
22:31:03.0388 12148 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:31:03.0428 12148 cvhsvc - ok
22:31:03.0498 12148 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:31:03.0887 12148 DcomLaunch - ok
22:31:03.0926 12148 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:31:04.0006 12148 defragsvc - ok
22:31:04.0051 12148 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:31:04.0070 12148 DfsC - ok
22:31:04.0367 12148 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:31:04.0451 12148 Dhcp - ok
22:31:04.0496 12148 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:31:04.0546 12148 discache - ok
22:31:04.0601 12148 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:31:04.0634 12148 Disk - ok
22:31:04.0740 12148 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:31:04.0839 12148 Dnscache - ok
22:31:04.0888 12148 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:31:04.0944 12148 dot3svc - ok
22:31:04.0966 12148 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:31:05.0210 12148 DPS - ok
22:31:05.0259 12148 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:31:05.0321 12148 drmkaud - ok
22:31:05.0626 12148 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:31:05.0862 12148 DXGKrnl - ok
22:31:05.0962 12148 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:31:06.0121 12148 EapHost - ok
22:31:06.0255 12148 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:31:06.0637 12148 ebdrv - ok
22:31:06.0700 12148 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:31:07.0035 12148 EFS - ok
22:31:07.0204 12148 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:31:07.0314 12148 ehRecvr - ok
22:31:07.0344 12148 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:31:07.0349 12148 ehSched - ok
22:31:07.0475 12148 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:31:07.0689 12148 elxstor - ok
22:31:07.0938 12148 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:31:07.0988 12148 ErrDev - ok
22:31:08.0458 12148 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:31:08.0606 12148 EventSystem - ok
22:31:08.0657 12148 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:31:08.0741 12148 exfat - ok
22:31:08.0768 12148 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:31:08.0785 12148 fastfat - ok
22:31:08.0907 12148 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:31:09.0156 12148 Fax - ok
22:31:09.0208 12148 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:31:09.0251 12148 fdc - ok
22:31:09.0307 12148 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:31:09.0389 12148 fdPHost - ok
22:31:09.0423 12148 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:31:09.0684 12148 FDResPub - ok
22:31:09.0707 12148 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:31:09.0712 12148 FileInfo - ok
22:31:09.0734 12148 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:31:09.0969 12148 Filetrace - ok
22:31:10.0273 12148 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:31:10.0401 12148 flpydisk - ok
22:31:10.0532 12148 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:31:10.0578 12148 FltMgr - ok
22:31:10.0711 12148 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
22:31:10.0767 12148 FontCache - ok
22:31:11.0030 12148 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:31:11.0034 12148 FontCache3.0.0.0 - ok
22:31:11.0070 12148 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:31:11.0075 12148 FsDepends - ok
22:31:11.0115 12148 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:31:11.0121 12148 Fs_Rec - ok
22:31:11.0172 12148 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:31:11.0390 12148 fvevol - ok
22:31:11.0433 12148 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:31:11.0508 12148 gagp30kx - ok
22:31:11.0795 12148 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
22:31:11.0840 12148 GamesAppService - ok
22:31:12.0163 12148 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:31:12.0390 12148 gpsvc - ok
22:31:12.0997 12148 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:31:13.0039 12148 gupdate - ok
22:31:13.0113 12148 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:31:13.0122 12148 gupdatem - ok
22:31:13.0214 12148 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:31:13.0354 12148 hcw85cir - ok
22:31:13.0524 12148 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:31:13.0600 12148 HdAudAddService - ok
22:31:13.0640 12148 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:31:13.0647 12148 HDAudBus - ok
22:31:13.0696 12148 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:31:13.0705 12148 HidBatt - ok
22:31:13.0949 12148 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:31:14.0243 12148 HidBth - ok
22:31:14.0269 12148 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:31:14.0282 12148 HidIr - ok
22:31:14.0317 12148 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
22:31:14.0482 12148 hidserv - ok
22:31:14.0542 12148 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:31:14.0620 12148 HidUsb - ok
22:31:14.0682 12148 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:31:14.0714 12148 hkmsvc - ok
22:31:14.0781 12148 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:31:14.0821 12148 HomeGroupListener - ok
22:31:15.0382 12148 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:31:15.0858 12148 HomeGroupProvider - ok
22:31:16.0400 12148 [ 170233B8D743EFE35F462A5D516B93E3 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
22:31:16.0811 12148 HP Support Assistant Service - ok
22:31:16.0963 12148 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
22:31:17.0038 12148 HPDrvMntSvc.exe - ok
22:31:17.0149 12148 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
22:31:17.0164 12148 HpqKbFiltr - ok
22:31:17.0653 12148 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
22:31:17.0677 12148 hpqwmiex - ok
22:31:17.0777 12148 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:31:17.0808 12148 HpSAMD - ok
22:31:18.0083 12148 [ 447256D1C026654C5CD3CC17E7B20631 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll
22:31:18.0231 12148 HsfXAudioService - ok
22:31:18.0621 12148 [ 26C5D00321937E49B6BC91029947D094 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
22:31:18.0909 12148 HSF_DPV - ok
22:31:18.0967 12148 [ 7C7C986776D00E575BFBDE5DCBDC615D ] HtcUsbMdmV64 C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys
22:31:18.0976 12148 HtcUsbMdmV64 - ok
22:31:19.0012 12148 [ 7C7C986776D00E575BFBDE5DCBDC615D ] HtcVCom32 C:\Windows\system32\DRIVERS\HtcVComV64.sys
22:31:19.0071 12148 HtcVCom32 - ok
22:31:19.0159 12148 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:31:19.0222 12148 HTTP - ok
22:31:19.0269 12148 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:31:19.0294 12148 hwpolicy - ok
22:31:19.0348 12148 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:31:19.0353 12148 i8042prt - ok
22:31:19.0728 12148 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:31:20.0126 12148 iaStorV - ok
22:31:20.0183 12148 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:31:20.0355 12148 idsvc - ok
22:31:21.0358 12148 [ 37A65E3D89F6BBF5719FF9585F99EB7D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
22:31:21.0615 12148 igfx - ok
22:31:21.0690 12148 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:31:21.0760 12148 iirsp - ok
22:31:21.0915 12148 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:31:22.0242 12148 IKEEXT - ok
22:31:22.0283 12148 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:31:22.0429 12148 intelide - ok
22:31:22.0531 12148 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:31:23.0006 12148 intelppm - ok
22:31:23.0067 12148 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:31:23.0335 12148 IPBusEnum - ok
22:31:23.0399 12148 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:31:23.0433 12148 IpFilterDriver - ok
22:31:23.0830 12148 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:31:25.0127 12148 iphlpsvc - ok
22:31:25.0200 12148 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:31:25.0259 12148 IPMIDRV - ok
22:31:25.0291 12148 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:31:25.0530 12148 IPNAT - ok
22:31:25.0607 12148 [ 11FE7637A49B67D9B1F895B2AD4D982F ] iprip C:\Windows\System32\iprip.dll
22:31:26.0150 12148 iprip - ok
22:31:26.0199 12148 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:31:26.0306 12148 IRENUM - ok
22:31:26.0344 12148 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:31:26.0394 12148 isapnp - ok
22:31:26.0462 12148 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:31:26.0499 12148 iScsiPrt - ok
22:31:26.0565 12148 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:31:26.0880 12148 kbdclass - ok
22:31:26.0969 12148 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:31:27.0109 12148 kbdhid - ok
22:31:27.0132 12148 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:31:27.0616 12148 KeyIso - ok
22:31:27.0668 12148 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:31:27.0959 12148 KSecDD - ok
22:31:28.0017 12148 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:31:28.0040 12148 KSecPkg - ok
22:31:28.0129 12148 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:31:28.0269 12148 ksthunk - ok
22:31:28.0433 12148 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:31:28.0613 12148 KtmRm - ok
22:31:28.0916 12148 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:31:29.0160 12148 LanmanServer - ok
22:31:29.0207 12148 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:31:29.0313 12148 LanmanWorkstation - ok
22:31:29.0381 12148 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:31:29.0455 12148 lltdio - ok
22:31:29.0530 12148 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:31:29.0777 12148 lltdsvc - ok
22:31:29.0805 12148 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:31:30.0326 12148 lmhosts - ok
22:31:30.0414 12148 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:31:30.0499 12148 LSI_FC - ok
22:31:30.0515 12148 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:31:30.0664 12148 LSI_SAS - ok
22:31:30.0682 12148 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:31:31.0223 12148 LSI_SAS2 - ok
22:31:31.0240 12148 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:31:31.0267 12148 LSI_SCSI - ok
22:31:31.0284 12148 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:31:31.0296 12148 luafv - ok
22:31:31.0368 12148 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:31:31.0549 12148 Mcx2Svc - ok
22:31:31.0851 12148 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
22:31:31.0907 12148 mdmxsdk - ok
22:31:31.0931 12148 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:31:31.0954 12148 megasas - ok
22:31:31.0987 12148 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:31:32.0168 12148 MegaSR - ok
22:31:32.0230 12148 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:31:32.0288 12148 MMCSS - ok
22:31:32.0309 12148 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:31:32.0318 12148 Modem - ok
22:31:32.0383 12148 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:31:32.0516 12148 monitor - ok
22:31:32.0608 12148 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:31:32.0618 12148 mouclass - ok
22:31:32.0966 12148 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:31:33.0217 12148 mouhid - ok
22:31:33.0254 12148 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:31:33.0260 12148 mountmgr - ok
22:31:33.0373 12148 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:31:33.0430 12148 MozillaMaintenance - ok
22:31:33.0464 12148 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:31:33.0473 12148 mpio - ok
22:31:33.0792 12148 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:31:34.0056 12148 mpsdrv - ok
22:31:34.0128 12148 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:31:34.0523 12148 MpsSvc - ok
22:31:34.0625 12148 [ CD22D2563039DDA6793F7624719363A7 ] MQAC C:\Windows\system32\drivers\mqac.sys
22:31:34.0672 12148 MQAC - ok
22:31:34.0814 12148 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:31:35.0070 12148 MRxDAV - ok
22:31:35.0492 12148 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:31:35.0729 12148 mrxsmb - ok
22:31:35.0793 12148 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:31:35.0824 12148 mrxsmb10 - ok
22:31:35.0844 12148 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:31:35.0934 12148 mrxsmb20 - ok
22:31:36.0008 12148 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:31:36.0056 12148 msahci - ok
22:31:36.0120 12148 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:31:36.0167 12148 msdsm - ok
22:31:36.0435 12148 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:31:36.0779 12148 MSDTC - ok
22:31:36.0869 12148 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:31:36.0922 12148 Msfs - ok
22:31:36.0988 12148 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:31:37.0000 12148 mshidkmdf - ok
22:31:37.0019 12148 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:31:37.0044 12148 msisadrv - ok
22:31:37.0107 12148 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:31:37.0266 12148 MSiSCSI - ok
22:31:37.0288 12148 msiserver - ok
22:31:37.0331 12148 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:31:37.0340 12148 MSKSSRV - ok
22:31:37.0425 12148 [ FAAEAEF99E53561BEEE58F946CA56F0D ] MSMQ C:\Windows\system32\mqsvc.exe
22:31:37.0737 12148 MSMQ - ok
22:31:37.0770 12148 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:31:37.0814 12148 MSPCLOCK - ok
22:31:37.0885 12148 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:31:37.0954 12148 MSPQM - ok
22:31:38.0050 12148 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:31:38.0263 12148 MsRPC - ok
22:31:38.0336 12148 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:31:38.0419 12148 mssmbios - ok
22:31:38.0467 12148 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:31:38.0810 12148 MSTEE - ok
22:31:38.0872 12148 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:31:38.0963 12148 MTConfig - ok
22:31:39.0010 12148 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:31:39.0135 12148 Mup - ok
22:31:39.0224 12148 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:31:39.0526 12148 napagent - ok
22:31:39.0597 12148 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:31:39.0700 12148 NativeWifiP - ok
22:31:40.0198 12148 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:31:40.0307 12148 NDIS - ok
22:31:40.0372 12148 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:31:40.0443 12148 NdisCap - ok
22:31:40.0506 12148 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:31:40.0534 12148 NdisTapi - ok
22:31:40.0667 12148 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:31:40.0996 12148 Ndisuio - ok
22:31:41.0074 12148 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:31:41.0274 12148 NdisWan - ok
22:31:41.0356 12148 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:31:41.0472 12148 NDProxy - ok
22:31:41.0508 12148 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:31:41.0547 12148 NetBIOS - ok
22:31:41.0572 12148 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:31:41.0648 12148 NetBT - ok
22:31:41.0672 12148 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:31:41.0935 12148 Netlogon - ok
22:31:42.0015 12148 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:31:42.0367 12148 Netman - ok
22:31:42.0557 12148 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:31:42.0767 12148 NetMsmqActivator - ok
22:31:42.0778 12148 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:31:42.0811 12148 NetPipeActivator - ok
22:31:42.0956 12148 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:31:43.0049 12148 netprofm - ok
22:31:43.0089 12148 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:31:43.0094 12148 NetTcpActivator - ok
22:31:43.0335 12148 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:31:43.0378 12148 NetTcpPortSharing - ok
22:31:43.0647 12148 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
22:31:43.0845 12148 netw5v64 - ok
22:31:43.0904 12148 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:31:43.0936 12148 nfrd960 - ok
22:31:44.0021 12148 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:31:44.0070 12148 NlaSvc - ok
22:31:44.0362 12148 [ C31FA031335EFF434B2D94278E74BCCE ] NPF C:\Windows\system32\DRIVERS\npf.sys
22:31:44.0397 12148 NPF - ok
22:31:44.0428 12148 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:31:44.0481 12148 Npfs - ok
22:31:44.0616 12148 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:31:44.0778 12148 nsi - ok
22:31:44.0805 12148 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:31:44.0967 12148 nsiproxy - ok
22:31:45.0385 12148 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:31:45.0646 12148 Ntfs - ok
22:31:45.0699 12148 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:31:45.0773 12148 Null - ok
22:31:45.0940 12148 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:31:46.0339 12148 nvraid - ok
22:31:46.0387 12148 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:31:46.0509 12148 nvstor - ok
22:31:46.0858 12148 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:31:47.0323 12148 nv_agp - ok
22:31:47.0575 12148 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:31:47.0595 12148 odserv - ok
22:31:47.0692 12148 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:31:47.0833 12148 ohci1394 - ok
22:31:47.0901 12148 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:31:47.0960 12148 ose - ok
22:31:48.0871 12148 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:31:49.0013 12148 osppsvc - ok
22:31:49.0102 12148 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:31:49.0365 12148 p2pimsvc - ok
22:31:49.0438 12148 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:31:49.0730 12148 p2psvc - ok
22:31:49.0764 12148 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:31:49.0773 12148 Parport - ok
22:31:49.0842 12148 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:31:50.0010 12148 partmgr - ok
22:31:50.0300 12148 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:31:50.0580 12148 PcaSvc - ok
22:31:50.0671 12148 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:31:50.0983 12148 pci - ok
22:31:51.0005 12148 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:31:51.0011 12148 pciide - ok
22:31:51.0057 12148 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:31:51.0131 12148 pcmcia - ok
22:31:51.0158 12148 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:31:51.0405 12148 pcw - ok
22:31:51.0435 12148 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:31:51.0860 12148 PEAUTH - ok
22:31:51.0920 12148 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:31:52.0240 12148 PerfHost - ok
22:31:52.0774 12148 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:31:53.0386 12148 pla - ok
22:31:54.0102 12148 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:31:55.0008 12148 PlugPlay - ok
22:31:55.0036 12148 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:31:55.0260 12148 PNRPAutoReg - ok
22:31:55.0292 12148 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:31:55.0399 12148 PNRPsvc - ok
22:31:55.0584 12148 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:31:55.0761 12148 PolicyAgent - ok
22:31:55.0795 12148 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:31:55.0927 12148 Power - ok
22:31:55.0990 12148 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:31:56.0002 12148 PptpMiniport - ok
22:31:56.0075 12148 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:31:56.0291 12148 Processor - ok
22:31:56.0616 12148 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:31:56.0929 12148 ProfSvc - ok
22:31:56.0973 12148 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:31:57.0135 12148 ProtectedStorage - ok
22:31:57.0463 12148 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:31:57.0493 12148 Psched - ok
22:31:57.0566 12148 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:31:57.0704 12148 ql2300 - ok
22:31:57.0729 12148 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:31:57.0823 12148 ql40xx - ok
22:31:57.0885 12148 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:31:58.0035 12148 QWAVE - ok
22:31:58.0068 12148 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:31:58.0082 12148 QWAVEdrv - ok
22:31:58.0120 12148 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:31:58.0190 12148 RasAcd - ok
22:31:58.0269 12148 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:31:58.0306 12148 RasAgileVpn - ok
22:31:58.0330 12148 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:31:58.0627 12148 RasAuto - ok
22:31:58.0780 12148 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:31:58.0903 12148 Rasl2tp - ok
22:31:58.0963 12148 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:31:59.0202 12148 RasMan - ok
22:31:59.0291 12148 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:31:59.0330 12148 RasPppoe - ok
22:31:59.0623 12148 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:31:59.0834 12148 RasSstp - ok
22:31:59.0890 12148 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:31:59.0931 12148 rdbss - ok
22:31:59.0991 12148 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:32:00.0016 12148 rdpbus - ok
22:32:00.0068 12148 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:32:00.0148 12148 RDPCDD - ok
22:32:00.0236 12148 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:32:00.0444 12148 RDPENCDD - ok
22:32:00.0487 12148 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:32:00.0531 12148 RDPREFMP - ok
22:32:00.0643 12148 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:32:00.0938 12148 RDPWD - ok
22:32:00.0991 12148 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:32:00.0999 12148 rdyboost - ok
22:32:01.0063 12148 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:32:01.0208 12148 RemoteAccess - ok
22:32:01.0265 12148 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:32:01.0553 12148 RemoteRegistry - ok
22:32:01.0790 12148 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
22:32:01.0825 12148 RichVideo - ok
22:32:01.0884 12148 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:32:02.0053 12148 RpcEptMapper - ok
22:32:02.0085 12148 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:32:02.0192 12148 RpcLocator - ok
22:32:02.0296 12148 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
22:32:02.0356 12148 RpcSs - ok
22:32:02.0697 12148 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:32:02.0906 12148 rspndr - ok
22:32:02.0933 12148 RSUSBSTOR - ok
22:32:03.0015 12148 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
22:32:03.0125 12148 RTL8167 - ok
22:32:03.0567 12148 [ C897D07E2C2E89BA638A1B9419660460 ] RTL8192cu C:\Windows\system32\DRIVERS\WNA1000M.sys
22:32:03.0632 12148 RTL8192cu - ok
22:32:03.0668 12148 RtsUIR - ok
22:32:03.0699 12148 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:32:03.0886 12148 SamSs - ok
22:32:03.0973 12148 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
22:32:03.0990 12148 SASDIFSV - ok
22:32:04.0031 12148 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
22:32:04.0062 12148 SASKUTIL - ok
22:32:04.0112 12148 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:32:04.0118 12148 sbp2port - ok
22:32:04.0166 12148 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:32:04.0456 12148 SCardSvr - ok
22:32:04.0503 12148 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:32:04.0510 12148 scfilter - ok
22:32:04.0806 12148 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:32:04.0986 12148 Schedule - ok
22:32:05.0035 12148 [ 6011CDF54BB6F4C69F38FACCDAD73D7E ] SCMNdisP C:\Windows\system32\DRIVERS\scmndisp.sys
22:32:05.0088 12148 SCMNdisP - ok
22:32:05.0209 12148 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:32:05.0217 12148 SCPolicySvc - ok
22:32:05.0623 12148 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
22:32:05.0832 12148 sdbus - ok
22:32:05.0865 12148 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:32:05.0956 12148 SDRSVC - ok
22:32:06.0046 12148 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:32:06.0113 12148 secdrv - ok
22:32:06.0161 12148 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:32:06.0362 12148 seclogon - ok
22:32:06.0416 12148 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
22:32:06.0537 12148 SENS - ok
22:32:06.0575 12148 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:32:06.0944 12148 SensrSvc - ok
22:32:06.0965 12148 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:32:07.0007 12148 Serenum - ok
22:32:07.0032 12148 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:32:07.0038 12148 Serial - ok
22:32:07.0084 12148 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:32:07.0116 12148 sermouse - ok
22:32:07.0373 12148 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:32:07.0639 12148 SessionEnv - ok
22:32:07.0737 12148 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:32:07.0768 12148 sffdisk - ok
22:32:07.0794 12148 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:32:07.0801 12148 sffp_mmc - ok
22:32:07.0864 12148 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:32:07.0918 12148 sffp_sd - ok
22:32:07.0953 12148 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:32:07.0994 12148 sfloppy - ok
22:32:08.0080 12148 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
22:32:08.0158 12148 Sftfs - ok
22:32:08.0587 12148 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:32:08.0623 12148 sftlist - ok
22:32:08.0801 12148 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
22:32:08.0952 12148 Sftplay - ok
22:32:08.0980 12148 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
22:32:09.0067 12148 Sftredir - ok
22:32:09.0153 12148 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
22:32:09.0193 12148 Sftvol - ok
22:32:09.0255 12148 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:32:09.0265 12148 sftvsa - ok
22:32:09.0385 12148 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:32:09.0528 12148 SharedAccess - ok
22:32:09.0610 12148 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:32:09.0694 12148 ShellHWDetection - ok
22:32:10.0040 12148 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:32:10.0135 12148 SiSRaid2 - ok
22:32:10.0400 12148 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:32:10.0421 12148 SiSRaid4 - ok
22:32:10.0751 12148 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:32:10.0870 12148 SkypeUpdate - ok
22:32:11.0251 12148 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:32:11.0733 12148 Smb - ok
22:32:11.0798 12148 [ CA62AE004E98374BF7F082CD765EEA02 ] SNMP C:\Windows\System32\snmp.exe
22:32:12.0473 12148 SNMP - ok
22:32:12.0622 12148 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:32:12.0758 12148 SNMPTRAP - ok
22:32:12.0814 12148 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:32:13.0110 12148 spldr - ok
22:32:13.0462 12148 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:32:13.0789 12148 Spooler - ok
22:32:15.0697 12148 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:32:17.0475 12148 sppsvc - ok
22:32:17.0529 12148 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:32:19.0435 12148 sppuinotify - ok
22:32:19.0494 12148 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:32:19.0936 12148 srv - ok
22:32:19.0964 12148 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:32:20.0697 12148 srv2 - ok
22:32:20.0805 12148 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
22:32:20.0823 12148 SrvHsfHDA - ok
22:32:21.0005 12148 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
22:32:21.0275 12148 SrvHsfV92 - ok
22:32:21.0497 12148 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
22:32:21.0583 12148 SrvHsfWinac - ok
22:32:21.0655 12148 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:32:21.0728 12148 srvnet - ok
22:32:21.0825 12148 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
22:32:21.0848 12148 ssadbus - ok
22:32:22.0153 12148 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
22:32:22.0373 12148 ssadmdfl - ok
22:32:22.0415 12148 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
22:32:22.0507 12148 ssadmdm - ok
22:32:22.0589 12148 [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
22:32:22.0616 12148 ssadserd - ok
22:32:22.0680 12148 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:32:22.0802 12148 SSDPSRV - ok
22:32:23.0093 12148 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:32:23.0173 12148 SstpSvc - ok
22:32:23.0219 12148 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:32:23.0489 12148 stexstor - ok
22:32:23.0575 12148 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:32:24.0045 12148 stisvc - ok
22:32:24.0087 12148 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
22:32:24.0097 12148 swenum - ok
22:32:24.0167 12148 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:32:24.0533 12148 swprv - ok
22:32:24.0675 12148 [ BCF305959B53B200CEB2AD25AD22F8A7 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
22:32:24.0785 12148 SynTP - ok
22:32:24.0990 12148 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:32:25.0255 12148 SysMain - ok
22:32:25.0391 12148 SystemSuite Task Manager - ok
22:32:25.0715 12148 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:32:25.0974 12148 TabletInputService - ok
22:32:26.0068 12148 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:32:26.0399 12148 TapiSrv - ok
22:32:26.0460 12148 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:32:26.0821 12148 TBS - ok
22:32:27.0076 12148 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:32:27.0231 12148 Tcpip - ok
22:32:27.0353 12148 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:32:27.0399 12148 TCPIP6 - ok
22:32:27.0449 12148 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:32:27.0457 12148 tcpipreg - ok
22:32:27.0571 12148 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:32:27.0594 12148 TDPIPE - ok
22:32:27.0657 12148 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:32:27.0900 12148 TDTCP - ok
22:32:27.0965 12148 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:32:28.0022 12148 tdx - ok
22:32:28.0108 12148 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:32:28.0200 12148 TermDD - ok
22:32:28.0244 12148 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:32:28.0452 12148 TermService - ok
22:32:28.0493 12148 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:32:28.0764 12148 Themes - ok
22:32:28.0800 12148 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:32:28.0849 12148 THREADORDER - ok
22:32:28.0870 12148 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:32:29.0159 12148 TrkWks - ok
22:32:29.0355 12148 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:32:29.0447 12148 TrustedInstaller - ok
22:32:29.0500 12148 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:32:29.0514 12148 tssecsrv - ok
22:32:29.0869 12148 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:32:30.0049 12148 TsUsbFlt - ok
22:32:30.0126 12148 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:32:30.0216 12148 tunnel - ok
22:32:30.0269 12148 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:32:30.0360 12148 uagp35 - ok
22:32:30.0446 12148 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:32:30.0499 12148 udfs - ok
22:32:30.0550 12148 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:32:30.0908 12148 UI0Detect - ok
22:32:30.0963 12148 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:32:31.0047 12148 uliagpkx - ok
22:32:31.0105 12148 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
22:32:31.0281 12148 umbus - ok
22:32:31.0388 12148 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:32:31.0507 12148 UmPass - ok
22:32:31.0786 12148 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:32:31.0895 12148 upnphost - ok
22:32:32.0002 12148 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:32:32.0101 12148 usbaudio - ok
22:32:32.0179 12148 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:32:32.0258 12148 usbccgp - ok
22:32:32.0272 12148 USBCCID - ok
22:32:32.0330 12148 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:32:32.0369 12148 usbcir - ok
22:32:32.0412 12148 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
22:32:32.0483 12148 usbehci - ok
22:32:32.0560 12148 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:32:32.0650 12148 usbhub - ok
22:32:32.0727 12148 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:32:33.0061 12148 usbohci - ok
22:32:33.0260 12148 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:32:33.0359 12148 usbprint - ok
22:32:33.0467 12148 [ 54EAFFD31C377C8C1055D33E6B6B4B27 ] usbrndis6 C:\Windows\system32\drivers\usb80236.sys
22:32:33.0500 12148 usbrndis6 - ok
22:32:33.0569 12148 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:32:33.0582 12148 usbscan - ok
22:32:33.0865 12148 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:32:33.0898 12148 USBSTOR - ok
22:32:33.0946 12148 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:32:33.0955 12148 usbuhci - ok
22:32:33.0984 12148 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:32:34.0149 12148 UxSms - ok
22:32:34.0170 12148 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:32:34.0375 12148 VaultSvc - ok
22:32:34.0444 12148 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:32:34.0506 12148 vdrvroot - ok
22:32:34.0624 12148 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:32:34.0713 12148 vds - ok
22:32:35.0098 12148 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:32:35.0139 12148 vga - ok
22:32:35.0195 12148 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:32:35.0283 12148 VgaSave - ok
22:32:35.0347 12148 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:32:35.0388 12148 vhdmp - ok
22:32:35.0411 12148 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:32:35.0419 12148 viaide - ok
22:32:35.0466 12148 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:32:35.0538 12148 volmgr - ok
22:32:35.0644 12148 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:32:35.0725 12148 volmgrx - ok
22:32:35.0996 12148 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:32:36.0016 12148 volsnap - ok
22:32:36.0070 12148 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:32:36.0184 12148 vsmraid - ok
22:32:36.0301 12148 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:32:36.0577 12148 VSS - ok
22:32:36.0609 12148 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:32:36.0741 12148 vwifibus - ok
22:32:36.0840 12148 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:32:37.0073 12148 vwififlt - ok
22:32:37.0158 12148 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:32:37.0350 12148 vwifimp - ok
22:32:37.0405 12148 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:32:37.0622 12148 W32Time - ok
22:32:38.0003 12148 [ B32009DB1972E7F2C227499289C4384A ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
22:32:38.0024 12148 W3SVC - ok
22:32:38.0090 12148 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:32:38.0185 12148 WacomPen - ok
22:32:38.0246 12148 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:32:38.0278 12148 WANARP - ok
22:32:38.0326 12148 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:32:38.0334 12148 Wanarpv6 - ok
22:32:38.0399 12148 [ B32009DB1972E7F2C227499289C4384A ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
22:32:38.0404 12148 WAS - ok
22:32:38.0613 12148 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:32:38.0653 12148 WatAdminSvc - ok
22:32:39.0038 12148 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:32:39.0223 12148 wbengine - ok
22:32:39.0305 12148 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:32:39.0548 12148 WbioSrvc - ok
22:32:39.0646 12148 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:32:39.0951 12148 wcncsvc - ok
22:32:40.0022 12148 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:32:41.0954 12148 WcsPlugInService - ok
22:32:41.0986 12148 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:32:42.0712 12148 Wd - ok
22:32:42.0770 12148 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:32:42.0895 12148 Wdf01000 - ok
22:32:42.0926 12148 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:32:43.0243 12148 WdiServiceHost - ok
22:32:43.0265 12148 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:32:43.0329 12148 WdiSystemHost - ok
22:32:43.0634 12148 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:32:43.0937 12148 WebClient - ok
22:32:43.0977 12148 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:32:44.0051 12148 Wecsvc - ok
22:32:44.0079 12148 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:32:44.0219 12148 wercplsupport - ok
22:32:44.0272 12148 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:32:44.0325 12148 WerSvc - ok
22:32:44.0402 12148 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:32:44.0415 12148 WfpLwf - ok
22:32:44.0719 12148 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:32:44.0962 12148 WIMMount - ok
22:32:45.0031 12148 [ A6EA7A3FC4B00F48535B506DB1E86EFD ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
22:32:45.0271 12148 winachsf - ok
22:32:45.0304 12148 WinDefend - ok
22:32:45.0349 12148 WinHttpAutoProxySvc - ok
22:32:45.0435 12148 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:32:45.0521 12148 Winmgmt - ok
22:32:46.0175 12148 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:32:46.0889 12148 WinRM - ok
22:32:47.0262 12148 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:32:47.0481 12148 WinUsb - ok
22:32:47.0682 12148 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:32:47.0950 12148 Wlansvc - ok
22:32:48.0328 12148 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:32:48.0401 12148 wlidsvc - ok
22:32:48.0506 12148 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:32:48.0609 12148 WmiAcpi - ok
22:32:48.0659 12148 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:32:48.0697 12148 wmiApSrv - ok
22:32:48.0763 12148 WMPNetworkSvc - ok
22:32:48.0802 12148 [ B5BD872122A2CE82D196ABF2D5D8D80A ] WMSVC C:\Windows\system32\inetsrv\wmsvc.exe
22:32:48.0805 12148 WMSVC - ok
22:32:48.0852 12148 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:32:49.0005 12148 WPCSvc - ok
22:32:49.0069 12148 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:32:49.0315 12148 WPDBusEnum - ok
22:32:49.0355 12148 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:32:49.0426 12148 ws2ifsl - ok
22:32:49.0476 12148 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
22:32:49.0702 12148 wscsvc - ok
22:32:49.0714 12148 WSearch - ok
22:32:49.0844 12148 [ A2C4DC335656FB7A5A3AC076282534CB ] WSWNDA3100 C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
22:32:49.0852 12148 WSWNDA3100 - ok
22:32:50.0254 12148 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:32:50.0462 12148 wuauserv - ok
22:32:50.0511 12148 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:32:50.0554 12148 WudfPf - ok
22:32:50.0625 12148 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:32:50.0650 12148 WUDFRd - ok
22:32:50.0693 12148 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:32:51.0022 12148 wudfsvc - ok
22:32:51.0067 12148 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:32:51.0142 12148 WwanSvc - ok
22:32:51.0258 12148 [ C6B289A70A2D36242A2CCAA2715E1747 ] X5XSEx_Pr143 C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys
22:32:51.0262 12148 X5XSEx_Pr143 - ok
22:32:51.0367 12148 [ E8F3FA126A06F8E7088F63757112A186 ] XAudio C:\Windows\system32\DRIVERS\XAudio64.sys
22:32:51.0593 12148 XAudio - ok
22:32:51.0685 12148 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
22:32:51.0797 12148 yukonw7 - ok
22:32:52.0137 12148 ================ Scan global ===============================
22:32:52.0168 12148 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:32:52.0229 12148 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
22:32:52.0451 12148 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
22:32:52.0739 12148 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:32:52.0915 12148 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:32:53.0291 12148 [Global] - ok
22:32:53.0296 12148 ================ Scan MBR ==================================
22:32:53.0301 12148 [ AEE357D355D7F06DFEC420A755C0B947 ] \Device\Harddisk0\DR0
22:32:53.0301 12148 Suspicious mbr (Forged): \Device\Harddisk0\DR0
22:32:53.0385 12148 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
22:32:53.0385 12148 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
22:32:54.0729 12148 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:32:54.0729 12148 \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:32:54.0734 12148 ================ Scan VBR ==================================
22:32:54.0740 12148 [ C12352C7494313115ED6CF301521D252 ] \Device\Harddisk0\DR0\Partition1
22:32:54.0753 12148 \Device\Harddisk0\DR0\Partition1 - ok
22:32:54.0770 12148 [ 82072D82203592185D57D3F0B54EEA45 ] \Device\Harddisk0\DR0\Partition2
22:32:54.0773 12148 \Device\Harddisk0\DR0\Partition2 - ok
22:32:54.0872 12148 [ 38635424FE8BA4303A7B555CAE3AFE83 ] \Device\Harddisk0\DR0\Partition3
22:32:54.0910 12148 \Device\Harddisk0\DR0\Partition3 - ok
22:32:54.0915 12148 ============================================================
22:32:54.0915 12148 Scan finished
22:32:54.0915 12148 ============================================================
22:32:54.0935 11580 Detected object count: 2
22:32:54.0935 11580 Actual detected object count: 2
22:35:03.0123 11580 \Device\Harddisk0\DR0\# - copied to quarantine
22:35:03.0125 11580 \Device\Harddisk0\DR0 - copied to quarantine
22:35:03.0296 11580 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
22:35:03.0315 11580 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
22:35:03.0364 11580 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
22:35:03.0401 11580 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
22:35:03.0403 11580 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
22:35:03.0405 11580 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
22:35:03.0409 11580 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
22:35:03.0418 11580 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
22:35:03.0424 11580 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
22:35:03.0427 11580 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
22:35:03.0430 11580 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
22:35:03.0432 11580 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
22:35:03.0753 11580 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
22:35:03.0755 11580 \Device\Harddisk0\DR0 - ok
22:35:08.0311 11580 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
22:35:08.0316 11580 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
22:35:08.0316 11580 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip



aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-30 22:32:40
-----------------------------
22:32:40.019 OS Version: Windows x64 6.1.7601 Service Pack 1
22:32:40.020 Number of processors: 1 586 0x170A
22:32:40.021 ComputerName: FRANK-PC UserName: SWAN
22:32:56.246 Initialize success
22:35:12.283 AVAST engine defs: 12113001
22:38:46.606 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:38:46.609 Disk 0 Vendor: Size: 0MB BusType: 0
22:38:46.612 Device \Driver\atapi -> MajorFunction fffffa8002cca5e8
22:38:46.616 Disk 0 MBR read successfully
22:38:46.619 Disk 0 MBR scan
22:38:46.682 Disk 0 unknown MBR code
22:38:46.686 Disk 0 MBR hidden
22:38:46.699 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
22:38:46.712 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 225688 MB offset 409600
22:38:46.755 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12586 MB offset 462618624
22:38:46.877 Disk 0 scanning C:\Windows\system32\drivers
22:39:10.097 Service scanning
22:39:12.943 Service 24150509 C:\Windows\system32\drivers\39655884.sys **HIDDEN**
22:40:08.308 Modules scanning
22:40:08.322 Disk 0 trace - called modules:
22:40:08.332 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80037d1f50]<<13207612.sys >>UNKNOWN [0xfffffa8002cca5e8]<<
22:40:08.338 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002740700]
22:40:08.345 3 CLASSPNP.SYS[fffff8800117443f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002294060]
22:40:08.353 \Driver\atapi[0xfffffa8002c9a060] -> IRP_MJ_CREATE -> 0xfffffa8002cca5e8
22:40:13.882 AVAST engine scan C:\Windows
22:40:17.637 AVAST engine scan C:\Windows\system32
22:50:27.303 AVAST engine scan C:\Windows\system32\drivers
22:51:11.727 AVAST engine scan C:\Users\SWAN
22:59:41.612 Disk 0 MBR has been saved successfully to "C:\Users\SWAN\Desktop\MBR.dat"
22:59:41.649 The log file has been saved successfully to "C:\Users\SWAN\Desktop\aswMBR.txt"

#5 hopiken

hopiken
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 01 December 2012 - 04:31 AM

ALMOST THREE HOURS LATER...

C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\datamngr.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\DnsBHO.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\IEBHO.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\RadioRage_4jEI\Installr\1.bin\4jEIPlug.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files (x86)\RadioRage_4jEI\Installr\1.bin\4jEZSETP.dll Win32/Toolbar.MyWebSearch.Q application cleaned by deleting - quarantined
C:\Program Files (x86)\RadioRage_4jEI\Installr\1.bin\NP4jEISb.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\30.11.2012_22.30.31\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\30.11.2012_22.30.31\mbr0000\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\30.11.2012_22.30.31\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\30.11.2012_22.30.31\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\30.11.2012_22.30.31\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\30.11.2012_22.30.31\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\Users\frank\AppData\Local\Google\Chrome\User Data\Default\Default\aadadjdfdedhdagbgggcdadhdegbgbgf\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\frank\AppData\Local\Google\Chrome\User Data\Default\Default\aadadjdfdedhdagbgggcdadhdegbgbgf\ContentScript.js Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\SWAN\AppData\Local\Google\Chrome\User Data\backup default\Default\aadadjdfdedhdagbgggcdadhdegbgbgf\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\SWAN\AppData\Local\Google\Chrome\User Data\backup default\Default\aadadjdfdedhdagbgggcdadhdegbgbgf\ContentScript.js Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\SWAN\Downloads\7zip_installer_d793026.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined

#6 hopiken

hopiken
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 01 December 2012 - 04:32 AM

ALMOST THREE HOURS LATER...

C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\datamngr.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\DnsBHO.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\IEBHO.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\RadioRage_4jEI\Installr\1.bin\4jEIPlug.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files (x86)\RadioRage_4jEI\Installr\1.bin\4jEZSETP.dll Win32/Toolbar.MyWebSearch.Q application cleaned by deleting - quarantined
C:\Program Files (x86)\RadioRage_4jEI\Installr\1.bin\NP4jEISb.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\30.11.2012_22.30.31\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\30.11.2012_22.30.31\mbr0000\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\30.11.2012_22.30.31\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\30.11.2012_22.30.31\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\30.11.2012_22.30.31\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\30.11.2012_22.30.31\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\Users\frank\AppData\Local\Google\Chrome\User Data\Default\Default\aadadjdfdedhdagbgggcdadhdegbgbgf\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\frank\AppData\Local\Google\Chrome\User Data\Default\Default\aadadjdfdedhdagbgggcdadhdegbgbgf\ContentScript.js Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\SWAN\AppData\Local\Google\Chrome\User Data\backup default\Default\aadadjdfdedhdagbgggcdadhdegbgbgf\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\SWAN\AppData\Local\Google\Chrome\User Data\backup default\Default\aadadjdfdedhdagbgggcdadhdegbgbgf\ContentScript.js Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\SWAN\Downloads\7zip_installer_d793026.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:03 PM

Posted 01 December 2012 - 07:34 AM

Run TDSSkiller again and post the new log

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#8 Sonic98

Sonic98

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 20 December 2012 - 12:39 PM

Do I need to start my own thread to get my issue with winrscmde resolved?

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:03 PM

Posted 21 December 2012 - 03:33 AM

Yes :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users