Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RootKit Removal


  • This topic is locked This topic is locked
6 replies to this topic

#1 Mikeyb1

Mikeyb1

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 29 November 2012 - 06:25 PM

AVG detects a trojan horse. The PC seems to be working OK other than AVG warning me that it has a virus.

Edit: Moved topic from Vista to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:09 PM

Posted 29 November 2012 - 07:24 PM

Welcome Mikeyb1,Let's look at these logs and tell me how it is after.

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When the scan is complete, click OK, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).


>>>
Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.



>>>>
aswMBR
Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.


>>>>>>

ESET ONLINE


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Mikeyb1

Mikeyb1
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 29 November 2012 - 08:29 PM

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.29.11

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
user :: USER-PC [administrator]

11/29/2012 6:46:15 PM
mbam-log-2012-11-29 (18-46-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235216
Time elapsed: 3 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#4 Mikeyb1

Mikeyb1
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 29 November 2012 - 08:31 PM

19:06:48.0147 3528 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:06:48.0678 3528 ============================================================
19:06:48.0678 3528 Current date / time: 2012/11/29 19:06:48.0678
19:06:48.0678 3528 SystemInfo:
19:06:48.0679 3528
19:06:48.0679 3528 OS Version: 6.0.6002 ServicePack: 2.0
19:06:48.0679 3528 Product type: Workstation
19:06:48.0679 3528 ComputerName: USER-PC
19:06:48.0679 3528 UserName: user
19:06:48.0679 3528 Windows directory: C:\Windows
19:06:48.0679 3528 System windows directory: C:\Windows
19:06:48.0679 3528 Running under WOW64
19:06:48.0679 3528 Processor architecture: Intel x64
19:06:48.0679 3528 Number of processors: 2
19:06:48.0679 3528 Page size: 0x1000
19:06:48.0679 3528 Boot type: Normal boot
19:06:48.0679 3528 ============================================================
19:06:49.0842 3528 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
19:06:49.0857 3528 Drive \Device\Harddisk1\DR1 - Size: 0x3CB00000 (0.95 Gb), SectorSize: 0x200, Cylinders: 0x7B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:06:49.0872 3528 ============================================================
19:06:49.0872 3528 \Device\Harddisk0\DR0:
19:06:49.0872 3528 MBR partitions:
19:06:49.0872 3528 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x389589E1
19:06:49.0873 3528 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38958A20, BlocksNum 0x1A2BE70
19:06:49.0873 3528 \Device\Harddisk1\DR1:
19:06:49.0873 3528 MBR partitions:
19:06:49.0873 3528 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x81, BlocksNum 0x1DDE1F
19:06:49.0873 3528 ============================================================
19:06:49.0894 3528 C: <-> \Device\Harddisk0\DR0\Partition1
19:06:49.0943 3528 D: <-> \Device\Harddisk0\DR0\Partition2
19:06:49.0943 3528 ============================================================
19:06:49.0944 3528 Initialize success
19:06:49.0944 3528 ============================================================
19:07:09.0834 5012 ============================================================
19:07:09.0834 5012 Scan started
19:07:09.0834 5012 Mode: Manual; TDLFS;
19:07:09.0834 5012 ============================================================
19:07:10.0663 5012 ================ Scan system memory ========================
19:07:10.0663 5012 System memory - ok
19:07:10.0664 5012 ================ Scan services =============================
19:07:10.0812 5012 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
19:07:10.0820 5012 ACPI - ok
19:07:10.0981 5012 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:07:10.0982 5012 AdobeARMservice - ok
19:07:11.0107 5012 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:07:11.0115 5012 AdobeFlashPlayerUpdateSvc - ok
19:07:11.0165 5012 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:07:11.0214 5012 adp94xx - ok
19:07:11.0241 5012 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:07:11.0250 5012 adpahci - ok
19:07:11.0269 5012 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
19:07:11.0274 5012 adpu160m - ok
19:07:11.0295 5012 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:07:11.0301 5012 adpu320 - ok
19:07:11.0350 5012 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:07:11.0352 5012 AeLookupSvc - ok
19:07:11.0408 5012 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
19:07:11.0417 5012 AFD - ok
19:07:11.0438 5012 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:07:11.0441 5012 agp440 - ok
19:07:11.0464 5012 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:07:11.0469 5012 aic78xx - ok
19:07:11.0492 5012 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
19:07:11.0495 5012 ALG - ok
19:07:11.0526 5012 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
19:07:11.0529 5012 aliide - ok
19:07:11.0543 5012 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
19:07:11.0546 5012 amdide - ok
19:07:11.0578 5012 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:07:11.0580 5012 AmdK8 - ok
19:07:11.0615 5012 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
19:07:11.0617 5012 Appinfo - ok
19:07:11.0702 5012 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:07:11.0703 5012 Apple Mobile Device - ok
19:07:11.0728 5012 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
19:07:11.0732 5012 arc - ok
19:07:11.0755 5012 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:07:11.0759 5012 arcsas - ok
19:07:11.0779 5012 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:07:11.0781 5012 AsyncMac - ok
19:07:11.0820 5012 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
19:07:11.0821 5012 atapi - ok
19:07:11.0869 5012 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:07:11.0878 5012 AudioEndpointBuilder - ok
19:07:11.0895 5012 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:07:11.0900 5012 AudioSrv - ok
19:07:12.0132 5012 [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
19:07:12.0252 5012 AVGIDSAgent - ok
19:07:12.0287 5012 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
19:07:12.0293 5012 AVGIDSDriver - ok
19:07:12.0316 5012 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
19:07:12.0319 5012 AVGIDSHA - ok
19:07:12.0345 5012 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
19:07:12.0350 5012 Avgldx64 - ok
19:07:12.0368 5012 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
19:07:12.0375 5012 Avgloga - ok
19:07:12.0404 5012 [ 767B4A485FB22AA0FC0BF5EEF00572B9 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
19:07:12.0408 5012 Avgmfx64 - ok
19:07:12.0429 5012 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
19:07:12.0431 5012 Avgrkx64 - ok
19:07:12.0457 5012 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
19:07:12.0474 5012 Avgtdia - ok
19:07:12.0494 5012 [ BFD698CC6E1DE2E0D23155DECC513D2F ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
19:07:12.0496 5012 avgtp - ok
19:07:12.0559 5012 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
19:07:12.0561 5012 avgwd - ok
19:07:12.0650 5012 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
19:07:12.0660 5012 BFE - ok
19:07:12.0722 5012 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
19:07:12.0747 5012 BITS - ok
19:07:12.0787 5012 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
19:07:12.0789 5012 blbdrive - ok
19:07:12.0864 5012 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:07:12.0869 5012 Bonjour Service - ok
19:07:12.0924 5012 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:07:12.0927 5012 bowser - ok
19:07:12.0946 5012 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
19:07:12.0948 5012 BrFiltLo - ok
19:07:12.0969 5012 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
19:07:12.0972 5012 BrFiltUp - ok
19:07:13.0001 5012 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
19:07:13.0004 5012 Browser - ok
19:07:13.0028 5012 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
19:07:13.0031 5012 Brserid - ok
19:07:13.0049 5012 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
19:07:13.0052 5012 BrSerWdm - ok
19:07:13.0074 5012 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
19:07:13.0076 5012 BrUsbMdm - ok
19:07:13.0097 5012 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
19:07:13.0099 5012 BrUsbSer - ok
19:07:13.0117 5012 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:07:13.0120 5012 BTHMODEM - ok
19:07:13.0144 5012 bxparoad - ok
19:07:13.0262 5012 [ 13C9B0406156A65A07D4BF9469091ED7 ] CAXHWBS3 C:\Windows\system32\DRIVERS\CAXHWBS3.sys
19:07:13.0269 5012 CAXHWBS3 - ok
19:07:13.0287 5012 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:07:13.0291 5012 cdfs - ok
19:07:13.0338 5012 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:07:13.0341 5012 cdrom - ok
19:07:13.0385 5012 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
19:07:13.0387 5012 CertPropSvc - ok
19:07:13.0403 5012 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
19:07:13.0406 5012 circlass - ok
19:07:13.0454 5012 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
19:07:13.0463 5012 CLFS - ok
19:07:13.0530 5012 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:07:13.0533 5012 clr_optimization_v2.0.50727_32 - ok
19:07:13.0609 5012 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:07:13.0613 5012 clr_optimization_v2.0.50727_64 - ok
19:07:13.0690 5012 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:07:13.0694 5012 clr_optimization_v4.0.30319_32 - ok
19:07:13.0722 5012 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:07:13.0727 5012 clr_optimization_v4.0.30319_64 - ok
19:07:13.0744 5012 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:07:13.0746 5012 cmdide - ok
19:07:13.0765 5012 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
19:07:13.0767 5012 Compbatt - ok
19:07:13.0776 5012 COMSysApp - ok
19:07:13.0803 5012 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:07:13.0806 5012 crcdisk - ok
19:07:13.0862 5012 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:07:13.0867 5012 CryptSvc - ok
19:07:13.0938 5012 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
19:07:13.0964 5012 DcomLaunch - ok
19:07:14.0009 5012 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:07:14.0012 5012 DfsC - ok
19:07:14.0110 5012 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
19:07:14.0183 5012 DFSR - ok
19:07:14.0236 5012 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
19:07:14.0243 5012 Dhcp - ok
19:07:14.0282 5012 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
19:07:14.0285 5012 disk - ok
19:07:14.0329 5012 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:07:14.0332 5012 Dnscache - ok
19:07:14.0382 5012 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
19:07:14.0388 5012 dot3svc - ok
19:07:14.0418 5012 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
19:07:14.0423 5012 DPS - ok
19:07:14.0452 5012 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:07:14.0455 5012 drmkaud - ok
19:07:14.0512 5012 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:07:14.0534 5012 DXGKrnl - ok
19:07:14.0567 5012 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
19:07:14.0572 5012 E1G60 - ok
19:07:14.0595 5012 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
19:07:14.0598 5012 EapHost - ok
19:07:14.0654 5012 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
19:07:14.0658 5012 Ecache - ok
19:07:14.0704 5012 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:07:14.0712 5012 ehRecvr - ok
19:07:14.0732 5012 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
19:07:14.0737 5012 ehSched - ok
19:07:14.0754 5012 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
19:07:14.0757 5012 ehstart - ok
19:07:14.0785 5012 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:07:14.0794 5012 elxstor - ok
19:07:14.0846 5012 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
19:07:14.0856 5012 EMDMgmt - ok
19:07:14.0871 5012 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:07:14.0873 5012 ErrDev - ok
19:07:14.0922 5012 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
19:07:14.0931 5012 EventSystem - ok
19:07:14.0971 5012 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
19:07:14.0976 5012 exfat - ok
19:07:15.0002 5012 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:07:15.0008 5012 fastfat - ok
19:07:15.0043 5012 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:07:15.0045 5012 fdc - ok
19:07:15.0068 5012 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
19:07:15.0071 5012 fdPHost - ok
19:07:15.0088 5012 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
19:07:15.0091 5012 FDResPub - ok
19:07:15.0106 5012 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:07:15.0112 5012 FileInfo - ok
19:07:15.0136 5012 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:07:15.0139 5012 Filetrace - ok
19:07:15.0223 5012 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:07:15.0240 5012 FLEXnet Licensing Service - ok
19:07:15.0260 5012 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:07:15.0262 5012 flpydisk - ok
19:07:15.0284 5012 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:07:15.0291 5012 FltMgr - ok
19:07:15.0356 5012 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
19:07:15.0389 5012 FontCache - ok
19:07:15.0445 5012 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:07:15.0447 5012 FontCache3.0.0.0 - ok
19:07:15.0475 5012 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:07:15.0477 5012 Fs_Rec - ok
19:07:15.0497 5012 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:07:15.0500 5012 gagp30kx - ok
19:07:15.0544 5012 [ 617DC2877015270914CA3C03873560D5 ] GameConsoleService C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
19:07:15.0546 5012 GameConsoleService - ok
19:07:15.0584 5012 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:07:15.0587 5012 GEARAspiWDM - ok
19:07:15.0648 5012 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
19:07:15.0665 5012 gpsvc - ok
19:07:15.0755 5012 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:07:15.0757 5012 gupdate - ok
19:07:15.0781 5012 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:07:15.0784 5012 gupdatem - ok
19:07:15.0837 5012 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:07:15.0840 5012 gusvc - ok
19:07:15.0904 5012 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:07:15.0930 5012 HDAudBus - ok
19:07:15.0965 5012 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:07:15.0967 5012 HidBth - ok
19:07:15.0983 5012 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
19:07:15.0985 5012 HidIr - ok
19:07:16.0048 5012 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll
19:07:16.0052 5012 hidserv - ok
19:07:16.0103 5012 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:07:16.0110 5012 HidUsb - ok
19:07:16.0144 5012 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
19:07:16.0153 5012 hkmsvc - ok
19:07:16.0208 5012 [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
19:07:16.0209 5012 HP Health Check Service - ok
19:07:16.0279 5012 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
19:07:16.0282 5012 HpCISSs - ok
19:07:16.0353 5012 [ AF2D47FCCA4B1502C564FDBCA163E495 ] HSF_DP C:\Windows\system32\DRIVERS\CAX_DP.sys
19:07:16.0387 5012 HSF_DP - ok
19:07:16.0443 5012 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:07:16.0460 5012 HTTP - ok
19:07:16.0474 5012 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
19:07:16.0476 5012 i2omp - ok
19:07:16.0507 5012 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:07:16.0509 5012 i8042prt - ok
19:07:16.0542 5012 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
19:07:16.0549 5012 iaStorV - ok
19:07:16.0620 5012 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:07:16.0644 5012 idsvc - ok
19:07:16.0669 5012 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:07:16.0672 5012 iirsp - ok
19:07:16.0727 5012 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
19:07:16.0744 5012 IKEEXT - ok
19:07:16.0816 5012 [ 1EDAB7F9B9DE4424BECCDEF950CE2FF0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:07:16.0858 5012 IntcAzAudAddService - ok
19:07:16.0875 5012 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
19:07:16.0877 5012 intelide - ok
19:07:16.0898 5012 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:07:16.0900 5012 intelppm - ok
19:07:16.0921 5012 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:07:16.0926 5012 IPBusEnum - ok
19:07:16.0972 5012 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:07:16.0975 5012 IpFilterDriver - ok
19:07:16.0983 5012 IpInIp - ok
19:07:17.0015 5012 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
19:07:17.0018 5012 IPMIDRV - ok
19:07:17.0047 5012 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
19:07:17.0051 5012 IPNAT - ok
19:07:17.0103 5012 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:07:17.0113 5012 iPod Service - ok
19:07:17.0135 5012 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:07:17.0140 5012 IRENUM - ok
19:07:17.0174 5012 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:07:17.0177 5012 isapnp - ok
19:07:17.0211 5012 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:07:17.0216 5012 iScsiPrt - ok
19:07:17.0234 5012 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
19:07:17.0236 5012 iteatapi - ok
19:07:17.0266 5012 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
19:07:17.0269 5012 iteraid - ok
19:07:17.0285 5012 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:07:17.0287 5012 kbdclass - ok
19:07:17.0310 5012 [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:07:17.0312 5012 kbdhid - ok
19:07:17.0343 5012 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
19:07:17.0345 5012 KeyIso - ok
19:07:17.0388 5012 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:07:17.0405 5012 KSecDD - ok
19:07:17.0414 5012 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:07:17.0416 5012 ksthunk - ok
19:07:17.0449 5012 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
19:07:17.0459 5012 KtmRm - ok
19:07:17.0506 5012 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll
19:07:17.0513 5012 LanmanServer - ok
19:07:17.0559 5012 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:07:17.0567 5012 LanmanWorkstation - ok
19:07:17.0607 5012 [ E75ADCFAFDEF3F4C3AF3332928D59926 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
19:07:17.0608 5012 LightScribeService - ok
19:07:17.0627 5012 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:07:17.0630 5012 lltdio - ok
19:07:17.0658 5012 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:07:17.0667 5012 lltdsvc - ok
19:07:17.0683 5012 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:07:17.0686 5012 lmhosts - ok
19:07:17.0721 5012 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:07:17.0725 5012 LSI_FC - ok
19:07:17.0747 5012 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:07:17.0751 5012 LSI_SAS - ok
19:07:17.0770 5012 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:07:17.0774 5012 LSI_SCSI - ok
19:07:17.0804 5012 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
19:07:17.0807 5012 luafv - ok
19:07:17.0904 5012 [ E6CB119EF2E148EAA1A247343550756E ] McciCMService C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
19:07:17.0908 5012 McciCMService - ok
19:07:17.0982 5012 [ BE3D584D7C021EB7D89166EECB83C341 ] McciCMService64 C:\Program Files\Common Files\Motive\McciCMService.exe
19:07:17.0988 5012 McciCMService64 - ok
19:07:18.0024 5012 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:07:18.0028 5012 Mcx2Svc - ok
19:07:18.0084 5012 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:07:18.0086 5012 mdmxsdk - ok
19:07:18.0118 5012 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
19:07:18.0120 5012 megasas - ok
19:07:18.0155 5012 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
19:07:18.0196 5012 MegaSR - ok
19:07:18.0225 5012 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
19:07:18.0228 5012 MMCSS - ok
19:07:18.0244 5012 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
19:07:18.0247 5012 Modem - ok
19:07:18.0276 5012 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:07:18.0278 5012 monitor - ok
19:07:18.0291 5012 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:07:18.0293 5012 mouclass - ok
19:07:18.0307 5012 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:07:18.0310 5012 mouhid - ok
19:07:18.0327 5012 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
19:07:18.0330 5012 MountMgr - ok
19:07:18.0335 5012 Mp3Rocket Toolbar Helper - ok
19:07:18.0362 5012 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
19:07:18.0367 5012 mpio - ok
19:07:18.0404 5012 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:07:18.0407 5012 mpsdrv - ok
19:07:18.0443 5012 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
19:07:18.0446 5012 Mraid35x - ok
19:07:18.0473 5012 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
19:07:18.0474 5012 MREMP50 - ok
19:07:18.0479 5012 MREMP50a64 - ok
19:07:18.0491 5012 MREMPR5 - ok
19:07:18.0499 5012 MRENDIS5 - ok
19:07:18.0523 5012 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
19:07:18.0524 5012 MRESP50 - ok
19:07:18.0531 5012 MRESP50a64 - ok
19:07:18.0573 5012 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:07:18.0577 5012 MRxDAV - ok
19:07:18.0626 5012 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:07:18.0630 5012 mrxsmb - ok
19:07:18.0675 5012 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:07:18.0682 5012 mrxsmb10 - ok
19:07:18.0698 5012 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:07:18.0702 5012 mrxsmb20 - ok
19:07:18.0717 5012 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
19:07:18.0719 5012 msahci - ok
19:07:18.0743 5012 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:07:18.0747 5012 msdsm - ok
19:07:18.0796 5012 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
19:07:18.0801 5012 MSDTC - ok
19:07:18.0834 5012 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:07:18.0836 5012 Msfs - ok
19:07:18.0858 5012 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:07:18.0861 5012 msisadrv - ok
19:07:18.0901 5012 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:07:18.0906 5012 MSiSCSI - ok
19:07:18.0913 5012 msiserver - ok
19:07:18.0937 5012 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:07:18.0939 5012 MSKSSRV - ok
19:07:18.0963 5012 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:07:18.0965 5012 MSPCLOCK - ok
19:07:18.0985 5012 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:07:18.0988 5012 MSPQM - ok
19:07:19.0033 5012 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:07:19.0041 5012 MsRPC - ok
19:07:19.0061 5012 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:07:19.0063 5012 mssmbios - ok
19:07:19.0078 5012 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:07:19.0081 5012 MSTEE - ok
19:07:19.0094 5012 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
19:07:19.0097 5012 Mup - ok
19:07:19.0120 5012 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
19:07:19.0137 5012 napagent - ok
19:07:19.0196 5012 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:07:19.0202 5012 NativeWifiP - ok
19:07:19.0257 5012 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:07:19.0274 5012 NDIS - ok
19:07:19.0290 5012 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:07:19.0293 5012 NdisTapi - ok
19:07:19.0303 5012 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:07:19.0305 5012 Ndisuio - ok
19:07:19.0352 5012 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:07:19.0357 5012 NdisWan - ok
19:07:19.0371 5012 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:07:19.0374 5012 NDProxy - ok
19:07:19.0388 5012 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:07:19.0391 5012 NetBIOS - ok
19:07:19.0413 5012 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
19:07:19.0419 5012 netbt - ok
19:07:19.0433 5012 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
19:07:19.0435 5012 Netlogon - ok
19:07:19.0467 5012 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
19:07:19.0476 5012 Netman - ok
19:07:19.0497 5012 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
19:07:19.0502 5012 netprofm - ok
19:07:19.0547 5012 [ B69D6BB680C85243AF0263B3E01D5E77 ] netr7364 C:\Windows\system32\DRIVERS\netr7364.sys
19:07:19.0564 5012 netr7364 - ok
19:07:19.0594 5012 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:07:19.0597 5012 NetTcpPortSharing - ok
19:07:19.0619 5012 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:07:19.0622 5012 nfrd960 - ok
19:07:19.0642 5012 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
19:07:19.0649 5012 NlaSvc - ok
19:07:19.0691 5012 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:07:19.0693 5012 Npfs - ok
19:07:19.0707 5012 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
19:07:19.0711 5012 nsi - ok
19:07:19.0719 5012 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:07:19.0722 5012 nsiproxy - ok
19:07:19.0798 5012 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:07:19.0832 5012 Ntfs - ok
19:07:19.0881 5012 [ D4012918D3A3847B44B888D56BC095D6 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
19:07:19.0883 5012 NuidFltr - ok
19:07:19.0904 5012 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
19:07:19.0906 5012 Null - ok
19:07:19.0969 5012 [ 98350606682594521D56ECCB5D01ECF7 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx64.sys
19:07:20.0003 5012 NVENETFD - ok
19:07:20.0233 5012 [ E57F802BA29010C557B549392F7E3CA1 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:07:20.0415 5012 nvlddmkm - ok
19:07:20.0444 5012 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:07:20.0448 5012 nvraid - ok
19:07:20.0470 5012 [ 16D36074B84DA72D160233C8D132DC89 ] nvsmu C:\Windows\system32\drivers\nvsmu.sys
19:07:20.0472 5012 nvsmu - ok
19:07:20.0498 5012 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:07:20.0503 5012 nvstor - ok
19:07:20.0540 5012 [ CC015D29C3BE698D14BD9B5E23E33C0D ] nvsvc C:\Windows\system32\nvvsvc.exe
19:07:20.0547 5012 nvsvc - ok
19:07:20.0572 5012 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:07:20.0576 5012 nv_agp - ok
19:07:20.0584 5012 NwlnkFlt - ok
19:07:20.0596 5012 NwlnkFwd - ok
19:07:20.0631 5012 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
19:07:20.0634 5012 ohci1394 - ok
19:07:20.0690 5012 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
19:07:20.0715 5012 p2pimsvc - ok
19:07:20.0740 5012 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
19:07:20.0751 5012 p2psvc - ok
19:07:20.0778 5012 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
19:07:20.0782 5012 Parport - ok
19:07:20.0806 5012 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:07:20.0810 5012 partmgr - ok
19:07:20.0839 5012 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
19:07:20.0843 5012 PcaSvc - ok
19:07:20.0918 5012 [ 7204F835A4355D1AB2853E57C9FF177C ] PCD5SRVC{8AAF211B-043E02A9-05040000} C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms
19:07:20.0957 5012 PCD5SRVC{8AAF211B-043E02A9-05040000} - ok
19:07:21.0002 5012 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
19:07:21.0007 5012 pci - ok
19:07:21.0056 5012 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
19:07:21.0058 5012 pciide - ok
19:07:21.0088 5012 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:07:21.0094 5012 pcmcia - ok
19:07:21.0136 5012 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:07:21.0163 5012 PEAUTH - ok
19:07:21.0293 5012 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:07:21.0295 5012 PerfHost - ok
19:07:21.0376 5012 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
19:07:21.0409 5012 pla - ok
19:07:21.0457 5012 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:07:21.0467 5012 PlugPlay - ok
19:07:21.0523 5012 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
19:07:21.0533 5012 PNRPAutoReg - ok
19:07:21.0565 5012 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
19:07:21.0575 5012 PNRPsvc - ok
19:07:21.0633 5012 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:07:21.0649 5012 PolicyAgent - ok
19:07:21.0697 5012 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:07:21.0700 5012 PptpMiniport - ok
19:07:21.0728 5012 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
19:07:21.0731 5012 Processor - ok
19:07:21.0770 5012 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
19:07:21.0776 5012 ProfSvc - ok
19:07:21.0807 5012 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
19:07:21.0809 5012 ProtectedStorage - ok
19:07:21.0838 5012 [ 1D0A3F565397D08707F3D75B88586645 ] Ps2 C:\Windows\system32\DRIVERS\PS2.sys
19:07:21.0840 5012 Ps2 - ok
19:07:21.0885 5012 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
19:07:21.0889 5012 PSched - ok
19:07:21.0960 5012 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:07:21.0993 5012 ql2300 - ok
19:07:22.0021 5012 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:07:22.0025 5012 ql40xx - ok
19:07:22.0057 5012 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
19:07:22.0066 5012 QWAVE - ok
19:07:22.0078 5012 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:07:22.0081 5012 QWAVEdrv - ok
19:07:22.0089 5012 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:07:22.0093 5012 RasAcd - ok
19:07:22.0113 5012 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
19:07:22.0119 5012 RasAuto - ok
19:07:22.0140 5012 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:07:22.0145 5012 Rasl2tp - ok
19:07:22.0166 5012 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
19:07:22.0175 5012 RasMan - ok
19:07:22.0217 5012 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:07:22.0219 5012 RasPppoe - ok
19:07:22.0266 5012 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:07:22.0269 5012 RasSstp - ok
19:07:22.0320 5012 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:07:22.0327 5012 rdbss - ok
19:07:22.0345 5012 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:07:22.0347 5012 RDPCDD - ok
19:07:22.0389 5012 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
19:07:22.0397 5012 rdpdr - ok
19:07:22.0424 5012 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:07:22.0426 5012 RDPENCDD - ok
19:07:22.0465 5012 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:07:22.0470 5012 RDPWD - ok
19:07:22.0502 5012 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:07:22.0507 5012 RemoteAccess - ok
19:07:22.0554 5012 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:07:22.0561 5012 RemoteRegistry - ok
19:07:22.0601 5012 [ 9C3AC71A9934B884FAC567A8807E9C4D ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys
19:07:22.0603 5012 Revoflt - ok
19:07:22.0631 5012 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
19:07:22.0634 5012 RpcLocator - ok
19:07:22.0692 5012 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
19:07:22.0701 5012 RpcSs - ok
19:07:22.0719 5012 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:07:22.0723 5012 rspndr - ok
19:07:22.0740 5012 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
19:07:22.0742 5012 SamSs - ok
19:07:22.0762 5012 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:07:22.0766 5012 sbp2port - ok
19:07:22.0810 5012 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:07:22.0816 5012 SCardSvr - ok
19:07:22.0873 5012 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
19:07:22.0898 5012 Schedule - ok
19:07:22.0938 5012 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
19:07:22.0940 5012 SCPolicySvc - ok
19:07:22.0964 5012 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:07:22.0970 5012 SDRSVC - ok
19:07:23.0003 5012 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:07:23.0005 5012 secdrv - ok
19:07:23.0040 5012 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
19:07:23.0044 5012 seclogon - ok
19:07:23.0057 5012 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
19:07:23.0062 5012 SENS - ok
19:07:23.0081 5012 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
19:07:23.0083 5012 Serenum - ok
19:07:23.0106 5012 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
19:07:23.0110 5012 Serial - ok
19:07:23.0133 5012 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:07:23.0135 5012 sermouse - ok
19:07:23.0171 5012 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
19:07:23.0176 5012 SessionEnv - ok
19:07:23.0222 5012 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:07:23.0226 5012 sffdisk - ok
19:07:23.0244 5012 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:07:23.0247 5012 sffp_mmc - ok
19:07:23.0261 5012 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:07:23.0264 5012 sffp_sd - ok
19:07:23.0279 5012 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:07:23.0282 5012 sfloppy - ok
19:07:23.0336 5012 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:07:23.0345 5012 ShellHWDetection - ok
19:07:23.0361 5012 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
19:07:23.0364 5012 SiSRaid2 - ok
19:07:23.0385 5012 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:07:23.0389 5012 SiSRaid4 - ok
19:07:23.0478 5012 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
19:07:23.0535 5012 slsvc - ok
19:07:23.0578 5012 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
19:07:23.0583 5012 SLUINotify - ok
19:07:23.0625 5012 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:07:23.0629 5012 Smb - ok
19:07:23.0656 5012 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:07:23.0661 5012 SNMPTRAP - ok
19:07:23.0699 5012 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
19:07:23.0701 5012 spldr - ok
19:07:23.0749 5012 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
19:07:23.0757 5012 Spooler - ok
19:07:23.0801 5012 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
19:07:23.0811 5012 srv - ok
19:07:23.0854 5012 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:07:23.0859 5012 srv2 - ok
19:07:23.0906 5012 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:07:23.0911 5012 srvnet - ok
19:07:23.0924 5012 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:07:23.0932 5012 SSDPSRV - ok
19:07:23.0973 5012 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:07:23.0980 5012 SstpSvc - ok
19:07:24.0014 5012 [ 14B4DB4381E4A55F570D8BB699B791D6 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
19:07:24.0016 5012 StillCam - ok
19:07:24.0071 5012 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
19:07:24.0095 5012 stisvc - ok
19:07:24.0116 5012 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:07:24.0118 5012 swenum - ok
19:07:24.0176 5012 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
19:07:24.0235 5012 swprv - ok
19:07:24.0262 5012 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
19:07:24.0266 5012 Symc8xx - ok
19:07:24.0280 5012 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
19:07:24.0283 5012 Sym_hi - ok
19:07:24.0302 5012 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
19:07:24.0305 5012 Sym_u3 - ok
19:07:24.0365 5012 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
19:07:24.0390 5012 SysMain - ok
19:07:24.0410 5012 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:07:24.0416 5012 TabletInputService - ok
19:07:24.0461 5012 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:07:24.0470 5012 TapiSrv - ok
19:07:24.0490 5012 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
19:07:24.0495 5012 TBS - ok
19:07:24.0564 5012 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:07:24.0597 5012 Tcpip - ok
19:07:24.0639 5012 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
19:07:24.0653 5012 Tcpip6 - ok
19:07:24.0704 5012 [ FD8FDE859E38E40A20085EBB0C22B416 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:07:24.0706 5012 tcpipreg - ok
19:07:24.0729 5012 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:07:24.0731 5012 TDPIPE - ok
19:07:24.0750 5012 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:07:24.0753 5012 TDTCP - ok
19:07:24.0794 5012 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:07:24.0797 5012 tdx - ok
19:07:24.0813 5012 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:07:24.0816 5012 TermDD - ok
19:07:24.0854 5012 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
19:07:24.0866 5012 TermService - ok
19:07:24.0902 5012 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
19:07:24.0907 5012 Themes - ok
19:07:24.0930 5012 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
19:07:24.0932 5012 THREADORDER - ok
19:07:24.0962 5012 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
19:07:24.0967 5012 TrkWks - ok
19:07:25.0026 5012 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:07:25.0027 5012 TrustedInstaller - ok
19:07:25.0054 5012 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:07:25.0056 5012 tssecsrv - ok
19:07:25.0079 5012 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
19:07:25.0081 5012 tunmp - ok
19:07:25.0132 5012 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:07:25.0134 5012 tunnel - ok
19:07:25.0157 5012 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:07:25.0216 5012 uagp35 - ok
19:07:25.0246 5012 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:07:25.0254 5012 udfs - ok
19:07:25.0290 5012 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:07:25.0295 5012 UI0Detect - ok
19:07:25.0324 5012 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:07:25.0328 5012 uliagpkx - ok
19:07:25.0345 5012 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
19:07:25.0353 5012 uliahci - ok
19:07:25.0383 5012 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
19:07:25.0388 5012 UlSata - ok
19:07:25.0416 5012 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
19:07:25.0421 5012 ulsata2 - ok
19:07:25.0458 5012 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:07:25.0460 5012 umbus - ok
19:07:25.0478 5012 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
19:07:25.0488 5012 upnphost - ok
19:07:25.0530 5012 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:07:25.0533 5012 USBAAPL64 - ok
19:07:25.0576 5012 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:07:25.0580 5012 usbccgp - ok
19:07:25.0606 5012 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:07:25.0610 5012 usbcir - ok
19:07:25.0677 5012 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:07:25.0680 5012 usbehci - ok
19:07:25.0727 5012 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:07:25.0733 5012 usbhub - ok
19:07:25.0753 5012 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:07:25.0755 5012 usbohci - ok
19:07:25.0790 5012 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:07:25.0793 5012 usbprint - ok
19:07:25.0847 5012 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:07:25.0850 5012 usbscan - ok
19:07:25.0883 5012 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:07:25.0886 5012 USBSTOR - ok
19:07:25.0911 5012 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:07:25.0914 5012 usbuhci - ok
19:07:25.0948 5012 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
19:07:25.0951 5012 UxSms - ok
19:07:26.0006 5012 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
19:07:26.0024 5012 vds - ok
19:07:26.0046 5012 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:07:26.0049 5012 vga - ok
19:07:26.0079 5012 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:07:26.0082 5012 VgaSave - ok
19:07:26.0106 5012 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
19:07:26.0108 5012 viaide - ok
19:07:26.0132 5012 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:07:26.0136 5012 volmgr - ok
19:07:26.0185 5012 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:07:26.0210 5012 volmgrx - ok
19:07:26.0272 5012 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:07:26.0289 5012 volsnap - ok
19:07:26.0341 5012 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:07:26.0346 5012 vsmraid - ok
19:07:26.0403 5012 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
19:07:26.0437 5012 VSS - ok
19:07:26.0521 5012 [ 7DB85B78309C05C9F06F469ED976DC9E ] vToolbarUpdater13.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
19:07:26.0529 5012 vToolbarUpdater13.2.0 - ok
19:07:26.0575 5012 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
19:07:26.0592 5012 W32Time - ok
19:07:26.0619 5012 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:07:26.0622 5012 WacomPen - ok
19:07:26.0679 5012 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
19:07:26.0683 5012 Wanarp - ok
19:07:26.0690 5012 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:07:26.0691 5012 Wanarpv6 - ok
19:07:26.0723 5012 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:07:26.0740 5012 wcncsvc - ok
19:07:26.0769 5012 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:07:26.0773 5012 WcsPlugInService - ok
19:07:26.0793 5012 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
19:07:26.0795 5012 Wd - ok
19:07:26.0832 5012 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:07:26.0857 5012 Wdf01000 - ok
19:07:26.0871 5012 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:07:26.0877 5012 WdiServiceHost - ok
19:07:26.0886 5012 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:07:26.0890 5012 WdiSystemHost - ok
19:07:26.0909 5012 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
19:07:26.0918 5012 WebClient - ok
19:07:26.0951 5012 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:07:26.0959 5012 Wecsvc - ok
19:07:26.0972 5012 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:07:26.0978 5012 wercplsupport - ok
19:07:27.0001 5012 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
19:07:27.0007 5012 WerSvc - ok
19:07:27.0049 5012 [ 8A22B0C097336AACE9BBCEB81EC6FD63 ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
19:07:27.0075 5012 winachsf - ok
19:07:27.0092 5012 WinDefend - ok
19:07:27.0104 5012 WinHttpAutoProxySvc - ok
19:07:27.0183 5012 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:07:27.0189 5012 Winmgmt - ok
19:07:27.0267 5012 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
19:07:27.0318 5012 WinRM - ok
19:07:27.0385 5012 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:07:27.0411 5012 Wlansvc - ok
19:07:27.0431 5012 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
19:07:27.0434 5012 WmiAcpi - ok
19:07:27.0492 5012 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:07:27.0497 5012 wmiApSrv - ok
19:07:27.0517 5012 WMPNetworkSvc - ok
19:07:27.0541 5012 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:07:27.0548 5012 WPCSvc - ok
19:07:27.0585 5012 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:07:27.0590 5012 WPDBusEnum - ok
19:07:27.0635 5012 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
19:07:27.0637 5012 WpdUsb - ok
19:07:27.0785 5012 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:07:27.0810 5012 WPFFontCache_v0400 - ok
19:07:27.0831 5012 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:07:27.0833 5012 ws2ifsl - ok
19:07:27.0872 5012 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\system32\wscsvc.dll
19:07:27.0877 5012 wscsvc - ok
19:07:27.0884 5012 WSearch - ok
19:07:27.0987 5012 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:07:28.0045 5012 wuauserv - ok
19:07:28.0100 5012 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:07:28.0103 5012 WUDFRd - ok
19:07:28.0131 5012 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:07:28.0137 5012 wudfsvc - ok
19:07:28.0165 5012 [ 1912006552F36FE7E61AEED34BBDDAE8 ] XAudio C:\Windows\system32\DRIVERS\xaudio64.sys
19:07:28.0173 5012 XAudio - ok
19:07:28.0184 5012 XAudioService - ok
19:07:28.0238 5012 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
19:07:28.0244 5012 YahooAUService - ok
19:07:28.0317 5012 [ 15CC7077D2DC28776CD430ECABBFFD66 ] {55662437-DA8C-40c0-AADA-2C816A897A49} c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
19:07:28.0317 5012 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
19:07:28.0323 5012 ================ Scan global ===============================
19:07:28.0367 5012 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
19:07:28.0421 5012 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
19:07:28.0455 5012 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
19:07:28.0508 5012 [ B8844F93D2C5F1DCDB179AAA9AF134B7 ] C:\Windows\system32\services.exe
19:07:28.0514 5012 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
19:07:28.0514 5012 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
19:07:28.0515 5012 ================ Scan MBR ==================================
19:07:28.0531 5012 [ 81CD5EC01DB0CE57EDD853F82462EF27 ] \Device\Harddisk0\DR0
19:07:29.0111 5012 \Device\Harddisk0\DR0 - ok
19:07:29.0120 5012 [ 06449E7C4AF0550B77E260798769AA40 ] \Device\Harddisk1\DR1
19:07:29.0216 5012 \Device\Harddisk1\DR1 - ok
19:07:29.0216 5012 ================ Scan VBR ==================================
19:07:29.0221 5012 [ 8D1CA09794DE86BB4E86104F3635F48E ] \Device\Harddisk0\DR0\Partition1
19:07:29.0224 5012 \Device\Harddisk0\DR0\Partition1 - ok
19:07:29.0233 5012 [ A70F436686F2696A404D9C327A9DC9C6 ] \Device\Harddisk0\DR0\Partition2
19:07:29.0236 5012 \Device\Harddisk0\DR0\Partition2 - ok
19:07:29.0244 5012 [ 3231D22F1F01B6C565EC1B89077EE06B ] \Device\Harddisk1\DR1\Partition1
19:07:29.0246 5012 \Device\Harddisk1\DR1\Partition1 - ok
19:07:29.0249 5012 ============================================================
19:07:29.0249 5012 Scan finished
19:07:29.0249 5012 ============================================================
19:07:29.0268 2804 Detected object count: 1
19:07:29.0268 2804 Actual detected object count: 1
19:07:48.0107 2804 C:\Windows\system32\services.exe - copied to quarantine
19:07:49.0655 2804 C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine
19:07:49.0665 2804 C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine
19:07:49.0700 2804 C:\Users\user\AppData\Local\{59661dd9-d784-c997-6fcb-04efdd7204ce}\@ - copied to quarantine
19:07:49.0711 2804 C:\Users\user\AppData\Local\{59661dd9-d784-c997-6fcb-04efdd7204ce}\U\00000001.@ - copied to quarantine
19:09:19.0177 2804 Backup copy not found, trying to cure infected file..
19:09:19.0178 2804 C:\Windows\system32\services.exe - Cure failed (FFFFFFFF)
19:09:19.0178 2804 C:\Windows\system32\services.exe - processing error
19:09:19.0178 2804 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Cure

#5 Mikeyb1

Mikeyb1
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 29 November 2012 - 08:32 PM

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-29 19:09:43
-----------------------------
19:09:43.566 OS Version: Windows x64 6.0.6002 Service Pack 2
19:09:43.567 Number of processors: 2 586 0x1706
19:09:43.568 ComputerName: USER-PC UserName: user
19:09:46.022 Initialize success
19:12:40.918 AVAST engine defs: 12112901
19:13:55.110 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
19:13:55.114 Disk 0 Vendor: ST3500620AS HP26 Size: 476940MB BusType: 3
19:13:55.117 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000061
19:13:55.120 Disk 1 Vendor: Size: 476940MB BusType: 0
19:13:55.145 Disk 0 MBR read successfully
19:13:55.149 Disk 0 MBR scan
19:13:55.155 Disk 0 unknown MBR code
19:13:55.160 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 463537 MB offset 63
19:13:55.200 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 13399 MB offset 949324320
19:13:55.247 Disk 0 scanning C:\Windows\system32\drivers
19:14:08.450 Service scanning
19:14:32.728 Modules scanning
19:14:32.738 Disk 0 trace - called modules:
19:14:33.099 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
19:14:33.106 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800493b5b0]
19:14:33.113 3 CLASSPNP.SYS[fffffa6000b97c33] -> nt!IofCallDriver -> [0xfffffa8003dde930]
19:14:33.120 5 acpi.sys[fffffa60008f3fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa8004875060]
19:14:35.560 AVAST engine scan C:\Windows
19:14:40.383 AVAST engine scan C:\Windows\system32
19:17:26.037 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
19:17:28.994 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
19:19:49.328 AVAST engine scan C:\Windows\system32\drivers
19:20:09.643 AVAST engine scan C:\Users\user
19:22:05.349 File: C:\Users\user\AppData\Local\{59661dd9-d784-c997-6fcb-04efdd7204ce}\U\00000001.@ **INFECTED** Win32:Malware-gen
19:24:09.736 File: C:\Users\user\AppData\Roaming\rpcnc.dll **INFECTED** Win32:Medfos [Trj]
19:25:35.844 Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
19:25:35.846 The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:09 PM

Posted 29 November 2012 - 08:41 PM

Hi Mike we are going tohave to repost as we cannot cure all these here. We need to use stronger tools and get a deeper look. Please follow this Preparation Guide and post in a new topic.

Let me know if all went well.

Include this link back to here...

http://www.bleepingcomputer.com/forums/topic476907.html/page__pid__2908964#top

Edited by boopme, 29 November 2012 - 08:42 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:09 PM

Posted 30 November 2012 - 02:42 PM

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 2 days and ALL logs are answered.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users