Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zonealarm wouldn't update, SAS found trojan in it.


  • This topic is locked This topic is locked
8 replies to this topic

#1 mejohn

mejohn

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 03 February 2013 - 02:29 AM

Zonealarm free firewall+AV wouldn't update. It would fail with fatal error #1603. I also saw "error code 127" pop up which seems like it might be bait left by mallware to buy their fix, I'm not sure, as well as messages like "toolnit failed."

MBAM would also fail to update. Tried SAS which did update, ran it and found "Trojan.Agent/Gen-FraudPack" within the 'checkpoint launcher' for Zonealarm. Afterward MBAM could also update. Zonealarm still gave error 1603 when trying to install it's downloaded updates. I tried their forums and found instructions for fixing error 1603. After a few attempts at their method it too updated but nothing happens when I start a new virus scan in zonealarm. the scan box opens but nothing happens. Makes me doubt the firewall as well...

I can post that SAS log if needed. Thanks.

PS, my OS is Win7 home premium.

Edited by mejohn, 03 February 2013 - 02:31 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:27 AM

Posted 06 February 2013 - 02:10 PM

Hello, if SAS found more than cookies,post the log.


Reboot into Safe Mode with Networking
How to start Windows 7 in Safe Mode


Please download Rkill by Grinler and save it to your desktop.Link 1
Link 2
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer, you will need to run the application again.




Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.


Rerun MBAM now..


ADW Cleaner

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 mejohn

mejohn
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 07 February 2013 - 12:33 AM

OK, thanks. SAS did find more than cookies. I'll post the log. First I'll mention that my zonealarm AV kept blocking the Rkill download until I turned off real-time scanning (this was before rebooting into safemode though, in case that's relevant.)

Here's that original SAS log:



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/31/2013 at 10:22 PM

Application Version : 5.6.1014

Core Rules Database Version : 9955
Trace Rules Database Version: 7767

Scan type : Complete Scan
Total Scan Time : 00:43:15

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 583
Memory threats detected : 1
Registry items scanned : 70425
Registry threats detected : 0
File items scanned : 55661
File threats detected : 22

Trojan.Agent/Gen-FraudPack
C:\PROGRAM FILES (X86)\CHECKPOINT\INSTALL\LAUNCHER.EXE
C:\PROGRAM FILES (X86)\CHECKPOINT\INSTALL\LAUNCHER.EXE
C:\USERS\OHN\APPDATA\LOCAL\TEMP\{907A1104-E812-4B5C-959B-E4DAB37A96AB}\LAUNCHER.EXE

Adware.Tracking Cookie
cdn.complexmedianetwork.com [ C:\USERS\OHN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AXEUBRVF ]
cdn.tremormedia.com [ C:\USERS\OHN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AXEUBRVF ]
cdn.uc.atwola.com [ C:\USERS\OHN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AXEUBRVF ]
cdn1.static.pornhub.phncdn.com [ C:\USERS\OHN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AXEUBRVF ]
cdnx.tribalfusion.com [ C:\USERS\OHN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AXEUBRVF ]
core.insightexpressai.com [ C:\USERS\OHN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AXEUBRVF ]
core.saymedia.com [ C:\USERS\OHN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AXEUBRVF ]
ia.media-imdb.com [ C:\USERS\OHN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AXEUBRVF ]
media.movieweb.com [ C:\USERS\OHN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AXEUBRVF ]
media.mtvnservices.com [ C:\USERS\OHN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AXEUBRVF ]
media.oprah.com [ C:\USERS\OHN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AXEUBRVF ]
media.scanscout.com [ C:\USERS\OHN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AXEUBRVF ]
media.webcollage.net [ C:\USERS\OHN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AXEUBRVF ]
msnbcmedia.msn.com [ C:\USERS\OHN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AXEUBRVF ]
objects.tremormedia.com [ C:\USERS\OHN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AXEUBRVF ]
s0.2mdn.net [ C:\USERS\OHN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AXEUBRVF ]
secure-uk.imrworldwide.com [ C:\USERS\OHN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AXEUBRVF ]
secure-us.imrworldwide.com [ C:\USERS\OHN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AXEUBRVF ]
static.discoverymedia.com [ C:\USERS\OHN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AXEUBRVF ]
www.femalefirst.co.uk [ C:\USERS\OHN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AXEUBRVF ]

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:27 AM

Posted 07 February 2013 - 10:06 PM

zonealarm AV kept blocking

.. Normal  ...actully doing its job.. Rkill IS an intrusive app.. ZA just doesn't know it's a good guy.

 

I have to ask if your ZA is pirated as these ... are  ZoneAlarm Installer files

C:\PROGRAM FILES (X86)\CHECKPOINT\INSTALL\LAUNCHER.EXE
    C:\PROGRAM FILES (X86)\CHECKPOINT\INSTALL\LAUNCHER.EXE
    C:\USERS\OHN\APPDATA\LOCAL\TEMP\{907A1104-E812-4B5C-959B-E4DAB37A96AB}\LAUNCHER.EXE

 

 

PLEASE DO POST 2 NOW.


Edited by boopme, 07 February 2013 - 10:07 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 mejohn

mejohn
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 08 February 2013 - 08:35 PM

Hmm. That's a surprising question...No. I use the *free* version of ZA+AV from Download.com/cnet, as it does active threat detection even though it's free (it just won't do scheduled daily scans or use some other features with the free version.) ZA firewall used to be a headache when installing AVG as I'd need to turn it off or even uninstall before I could install new versions of AVG but I haven't had any trouble with it at all in two months with this free ZA+AV. No more AVG, no more headaches. Until now anyway. I've read that the ZA 'error 1603' issue seems to stem from a bad installer but that *checkpoint didn't know where it came from. Seems worrisome.

 

(*That's on their forum concerning error 1603, from December 2012.)

 

I'm pretty sure I even ran SAS a few times since going with ZA+AV, so if it's a conflict between ZA and SAS it must be a new one. In fact, this time I only ran SAS *after* my ZA and then MBAM failed to update...BTW, my ZA is refusing to update again. It had been but just wouldn't scan. Now it's just a firewall again. If I can trust it...

 

Sorry I took so long to respond. I tried to post early yesturday but the forum seemed to be down for mainainance. Also, all the scans seemed to come up clean. 

 

Here they are: (*MBAM didn't find anything so I'll ommit that one unless you still need it.)

......................................................................................

TDSSKiller.2.8.15.0_07.02.2013_03.27.36_log

 

03:27:36.0168 1812  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
03:27:36.0542 1812  ============================================================
03:27:36.0542 1812  Current date / time: 2013/02/07 03:27:36.0542
03:27:36.0542 1812  SystemInfo:
03:27:36.0542 1812  
03:27:36.0542 1812  OS Version: 6.1.7601 ServicePack: 1.0
03:27:36.0542 1812  Product type: Workstation
03:27:36.0542 1812  ComputerName: OHN-PC
03:27:36.0542 1812  UserName: ohn
03:27:36.0542 1812  Windows directory: C:\Windows
03:27:36.0542 1812  System windows directory: C:\Windows
03:27:36.0542 1812  Running under WOW64
03:27:36.0542 1812  Processor architecture: Intel x64
03:27:36.0542 1812  Number of processors: 4
03:27:36.0542 1812  Page size: 0x1000
03:27:36.0542 1812  Boot type: Safe boot with network
03:27:36.0542 1812  ============================================================
03:27:37.0634 1812  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
03:27:37.0650 1812  ============================================================
03:27:37.0650 1812  \Device\Harddisk0\DR0:
03:27:37.0650 1812  MBR partitions:
03:27:37.0650 1812  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x1005B800
03:27:37.0650 1812  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1325C000, BlocksNum 0x121D2800
03:27:37.0650 1812  ============================================================
03:27:37.0666 1812  C: <-> \Device\Harddisk0\DR0\Partition1
03:27:37.0712 1812  D: <-> \Device\Harddisk0\DR0\Partition2
03:27:37.0712 1812  ============================================================
03:27:37.0712 1812  Initialize success
03:27:37.0712 1812  ============================================================
03:28:12.0500 1868  ============================================================
03:28:12.0500 1868  Scan started
03:28:12.0500 1868  Mode: Manual; TDLFS;
03:28:12.0500 1868  ============================================================
03:28:13.0140 1868  ================ Scan system memory ========================
03:28:13.0140 1868  System memory - ok
03:28:13.0140 1868  ================ Scan services =============================
03:28:13.0249 1868  [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
03:28:13.0249 1868  !SASCORE - ok
03:28:13.0452 1868  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
03:28:13.0452 1868  1394ohci - ok
03:28:13.0483 1868  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
03:28:13.0483 1868  ACPI - ok
03:28:13.0514 1868  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
03:28:13.0514 1868  AcpiPmi - ok
03:28:13.0608 1868  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
03:28:13.0624 1868  AdobeARMservice - ok
03:28:13.0733 1868  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
03:28:13.0733 1868  AdobeFlashPlayerUpdateSvc - ok
03:28:13.0780 1868  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
03:28:13.0795 1868  adp94xx - ok
03:28:13.0826 1868  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
03:28:13.0826 1868  adpahci - ok
03:28:13.0858 1868  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
03:28:13.0858 1868  adpu320 - ok
03:28:13.0889 1868  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
03:28:13.0904 1868  AeLookupSvc - ok
03:28:13.0936 1868  [ 69FD46FAC0D9C4A8ECD522AC6A7481F5 ] AFBAgent        C:\Windows\system32\FBAgent.exe
03:28:13.0967 1868  AFBAgent - ok
03:28:14.0014 1868  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
03:28:14.0014 1868  AFD - ok
03:28:14.0060 1868  [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
03:28:14.0107 1868  AgereSoftModem - ok
03:28:14.0123 1868  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
03:28:14.0138 1868  agp440 - ok
03:28:14.0170 1868  [ 16F6F6B7903B913AB41AB848C8BB5658 ] AiCharger       C:\Windows\system32\DRIVERS\AiCharger.sys
03:28:14.0170 1868  AiCharger - ok
03:28:14.0216 1868  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
03:28:14.0216 1868  ALG - ok
03:28:14.0248 1868  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
03:28:14.0263 1868  aliide - ok
03:28:14.0294 1868  [ A09FBEA815CAE862AA37D33959A57405 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
03:28:14.0294 1868  AMD External Events Utility - ok
03:28:14.0372 1868  AMD FUEL Service - ok
03:28:14.0388 1868  [ F1A84D67A03F7536EBDA9DB426EF0E00 ] amdhub30        C:\Windows\system32\DRIVERS\amdhub30.sys
03:28:14.0388 1868  amdhub30 - ok
03:28:14.0419 1868  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
03:28:14.0419 1868  amdide - ok
03:28:14.0435 1868  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
03:28:14.0435 1868  amdiox64 - ok
03:28:14.0450 1868  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
03:28:14.0466 1868  AmdK8 - ok
03:28:14.0684 1868  [ 20797BCA69DCCBAF6E87704C8C11CF1A ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
03:28:14.0903 1868  amdkmdag - ok
03:28:14.0950 1868  [ 331DF39C419BB3B6E31D6BFC85649022 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
03:28:14.0950 1868  amdkmdap - ok
03:28:14.0981 1868  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
03:28:14.0981 1868  AmdPPM - ok
03:28:14.0996 1868  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
03:28:15.0012 1868  amdsata - ok
03:28:15.0028 1868  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
03:28:15.0028 1868  amdsbs - ok
03:28:15.0043 1868  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
03:28:15.0043 1868  amdxata - ok
03:28:15.0074 1868  [ D8C25FF90E2E8FC7CBE26E2203EC4757 ] amdxhc          C:\Windows\system32\DRIVERS\amdxhc.sys
03:28:15.0074 1868  amdxhc - ok
03:28:15.0106 1868  [ 628EB24B46DAC369625883DCE82EEE26 ] amd_sata        C:\Windows\system32\DRIVERS\amd_sata.sys
03:28:15.0106 1868  amd_sata - ok
03:28:15.0137 1868  [ B9657CF8CB2A3FA53209A2638E8151B2 ] amd_xata        C:\Windows\system32\DRIVERS\amd_xata.sys
03:28:15.0152 1868  amd_xata - ok
03:28:15.0168 1868  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
03:28:15.0168 1868  AppID - ok
03:28:15.0199 1868  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
03:28:15.0215 1868  AppIDSvc - ok
03:28:15.0230 1868  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
03:28:15.0230 1868  Appinfo - ok
03:28:15.0246 1868  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
03:28:15.0246 1868  arc - ok
03:28:15.0277 1868  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
03:28:15.0277 1868  arcsas - ok
03:28:15.0355 1868  [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
03:28:15.0371 1868  ASLDRService - ok
03:28:15.0402 1868  [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
03:28:15.0418 1868  ASMMAP64 - ok
03:28:15.0496 1868  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
03:28:15.0542 1868  aspnet_state - ok
03:28:15.0574 1868  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
03:28:15.0574 1868  AsyncMac - ok
03:28:15.0605 1868  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
03:28:15.0605 1868  atapi - ok
03:28:15.0698 1868  [ B4174564AD5834A1680610572477878C ] athr            C:\Windows\system32\DRIVERS\athrx.sys
03:28:15.0776 1868  athr - ok
03:28:15.0808 1868  [ 230CF51113CD4B830B3BFD09B0D4C066 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
03:28:15.0808 1868  AtiHDAudioService - ok
03:28:15.0839 1868  atillk64 - ok
03:28:15.0870 1868  [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
03:28:15.0870 1868  ATKGFNEXSrv - ok
03:28:15.0932 1868  [ 41CEAFFCF3550785E59E3EC9BEE8D97A ] ATKWMIACPIIO    C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
03:28:15.0948 1868  ATKWMIACPIIO - ok
03:28:15.0995 1868  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
03:28:15.0995 1868  AudioEndpointBuilder - ok
03:28:16.0010 1868  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
03:28:16.0010 1868  AudioSrv - ok
03:28:16.0073 1868  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
03:28:16.0073 1868  AxInstSV - ok
03:28:16.0104 1868  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
03:28:16.0120 1868  b06bdrv - ok
03:28:16.0151 1868  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
03:28:16.0151 1868  b57nd60a - ok
03:28:16.0182 1868  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
03:28:16.0182 1868  BDESVC - ok
03:28:16.0198 1868  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
03:28:16.0198 1868  Beep - ok
03:28:16.0244 1868  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
03:28:16.0260 1868  BFE - ok
03:28:16.0307 1868  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
03:28:16.0338 1868  BITS - ok
03:28:16.0385 1868  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
03:28:16.0385 1868  blbdrive - ok
03:28:16.0400 1868  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
03:28:16.0400 1868  bowser - ok
03:28:16.0432 1868  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
03:28:16.0432 1868  BrFiltLo - ok
03:28:16.0432 1868  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
03:28:16.0432 1868  BrFiltUp - ok
03:28:16.0478 1868  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
03:28:16.0478 1868  Browser - ok
03:28:16.0494 1868  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
03:28:16.0494 1868  Brserid - ok
03:28:16.0510 1868  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
03:28:16.0510 1868  BrSerWdm - ok
03:28:16.0510 1868  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
03:28:16.0510 1868  BrUsbMdm - ok
03:28:16.0525 1868  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
03:28:16.0525 1868  BrUsbSer - ok
03:28:16.0572 1868  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
03:28:16.0572 1868  BthEnum - ok
03:28:16.0588 1868  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
03:28:16.0588 1868  BTHMODEM - ok
03:28:16.0603 1868  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
03:28:16.0603 1868  BthPan - ok
03:28:16.0650 1868  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
03:28:16.0650 1868  BTHPORT - ok
03:28:16.0681 1868  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
03:28:16.0681 1868  bthserv - ok
03:28:16.0712 1868  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
03:28:16.0712 1868  BTHUSB - ok
03:28:16.0759 1868  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
03:28:16.0759 1868  cdfs - ok
03:28:16.0790 1868  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
03:28:16.0790 1868  cdrom - ok
03:28:16.0837 1868  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
03:28:16.0837 1868  CertPropSvc - ok
03:28:16.0853 1868  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
03:28:16.0853 1868  circlass - ok
03:28:16.0884 1868  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
03:28:16.0884 1868  CLFS - ok
03:28:16.0962 1868  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:28:16.0978 1868  clr_optimization_v2.0.50727_32 - ok
03:28:17.0009 1868  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
03:28:17.0024 1868  clr_optimization_v2.0.50727_64 - ok
03:28:17.0071 1868  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:28:17.0180 1868  clr_optimization_v4.0.30319_32 - ok
03:28:17.0227 1868  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
03:28:17.0305 1868  clr_optimization_v4.0.30319_64 - ok
03:28:17.0321 1868  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
03:28:17.0321 1868  CmBatt - ok
03:28:17.0336 1868  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
03:28:17.0352 1868  cmdide - ok
03:28:17.0399 1868  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
03:28:17.0399 1868  CNG - ok
03:28:17.0430 1868  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
03:28:17.0430 1868  Compbatt - ok
03:28:17.0446 1868  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
03:28:17.0446 1868  CompositeBus - ok
03:28:17.0461 1868  COMSysApp - ok
03:28:17.0477 1868  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
03:28:17.0477 1868  crcdisk - ok
03:28:17.0524 1868  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
03:28:17.0524 1868  CryptSvc - ok
03:28:17.0555 1868  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
03:28:17.0555 1868  DcomLaunch - ok
03:28:17.0602 1868  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
03:28:17.0602 1868  defragsvc - ok
03:28:17.0633 1868  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
03:28:17.0633 1868  DfsC - ok
03:28:17.0664 1868  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
03:28:17.0664 1868  Dhcp - ok
03:28:17.0680 1868  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
03:28:17.0695 1868  discache - ok
03:28:17.0726 1868  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
03:28:17.0726 1868  Disk - ok
03:28:17.0742 1868  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
03:28:17.0758 1868  Dnscache - ok
03:28:17.0773 1868  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
03:28:17.0773 1868  dot3svc - ok
03:28:17.0789 1868  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
03:28:17.0789 1868  DPS - ok
03:28:17.0820 1868  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
03:28:17.0836 1868  drmkaud - ok
03:28:17.0867 1868  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
03:28:17.0898 1868  DXGKrnl - ok
03:28:17.0929 1868  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
03:28:17.0929 1868  EapHost - ok
03:28:18.0007 1868  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
03:28:18.0085 1868  ebdrv - ok
03:28:18.0116 1868  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
03:28:18.0116 1868  EFS - ok
03:28:18.0210 1868  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
03:28:18.0226 1868  ehRecvr - ok
03:28:18.0241 1868  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
03:28:18.0241 1868  ehSched - ok
03:28:18.0319 1868  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
03:28:18.0335 1868  elxstor - ok
03:28:18.0335 1868  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
03:28:18.0335 1868  ErrDev - ok
03:28:18.0397 1868  [ 4C120D2B2EA269EAE7A5744794EB6DB1 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
03:28:18.0397 1868  ETD - ok
03:28:18.0428 1868  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
03:28:18.0444 1868  EventSystem - ok
03:28:18.0475 1868  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
03:28:18.0475 1868  exfat - ok
03:28:18.0506 1868  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
03:28:18.0506 1868  fastfat - ok
03:28:18.0553 1868  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
03:28:18.0569 1868  Fax - ok
03:28:18.0584 1868  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
03:28:18.0584 1868  fdc - ok
03:28:18.0616 1868  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
03:28:18.0616 1868  fdPHost - ok
03:28:18.0631 1868  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
03:28:18.0631 1868  FDResPub - ok
03:28:18.0678 1868  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
03:28:18.0678 1868  FileInfo - ok
03:28:18.0678 1868  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
03:28:18.0694 1868  Filetrace - ok
03:28:18.0709 1868  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
03:28:18.0709 1868  flpydisk - ok
03:28:18.0725 1868  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
03:28:18.0725 1868  FltMgr - ok
03:28:18.0772 1868  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
03:28:18.0803 1868  FontCache - ok
03:28:18.0850 1868  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
03:28:18.0850 1868  FontCache3.0.0.0 - ok
03:28:18.0881 1868  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
03:28:18.0881 1868  FsDepends - ok
03:28:18.0928 1868  [ DC0DCE4EC2C5D2CF6472F9FD6AA9A7DC ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
03:28:18.0928 1868  fssfltr - ok
03:28:19.0006 1868  [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
03:28:19.0052 1868  fsssvc - ok
03:28:19.0084 1868  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
03:28:19.0084 1868  Fs_Rec - ok
03:28:19.0099 1868  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
03:28:19.0115 1868  fvevol - ok
03:28:19.0146 1868  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
03:28:19.0146 1868  gagp30kx - ok
03:28:19.0193 1868  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
03:28:19.0224 1868  gpsvc - ok
03:28:19.0255 1868  gupdate - ok
03:28:19.0271 1868  gupdatem - ok
03:28:19.0318 1868  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
03:28:19.0318 1868  hcw85cir - ok
03:28:19.0349 1868  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
03:28:19.0349 1868  HdAudAddService - ok
03:28:19.0380 1868  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
03:28:19.0380 1868  HDAudBus - ok
03:28:19.0396 1868  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
03:28:19.0396 1868  HidBatt - ok
03:28:19.0411 1868  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
03:28:19.0411 1868  HidBth - ok
03:28:19.0427 1868  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
03:28:19.0442 1868  HidIr - ok
03:28:19.0458 1868  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
03:28:19.0474 1868  hidserv - ok
03:28:19.0489 1868  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
03:28:19.0489 1868  HidUsb - ok
03:28:19.0505 1868  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
03:28:19.0505 1868  hkmsvc - ok
03:28:19.0536 1868  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
03:28:19.0536 1868  HomeGroupListener - ok
03:28:19.0567 1868  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
03:28:19.0567 1868  HomeGroupProvider - ok
03:28:19.0598 1868  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
03:28:19.0598 1868  HpSAMD - ok
03:28:19.0630 1868  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
03:28:19.0645 1868  HTTP - ok
03:28:19.0645 1868  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
03:28:19.0645 1868  hwpolicy - ok
03:28:19.0692 1868  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
03:28:19.0692 1868  i8042prt - ok
03:28:19.0708 1868  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
03:28:19.0723 1868  iaStorV - ok
03:28:19.0770 1868  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
03:28:19.0786 1868  idsvc - ok
03:28:19.0801 1868  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
03:28:19.0801 1868  iirsp - ok
03:28:19.0848 1868  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
03:28:19.0864 1868  IKEEXT - ok
03:28:19.0973 1868  [ F2744FD54BE1580BE05916D1C755C92A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
03:28:20.0051 1868  IntcAzAudAddService - ok
03:28:20.0082 1868  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
03:28:20.0082 1868  intelide - ok
03:28:20.0113 1868  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
03:28:20.0113 1868  intelppm - ok
03:28:20.0160 1868  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
03:28:20.0160 1868  IPBusEnum - ok
03:28:20.0160 1868  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
03:28:20.0160 1868  IpFilterDriver - ok
03:28:20.0222 1868  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
03:28:20.0222 1868  iphlpsvc - ok
03:28:20.0285 1868  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
03:28:20.0285 1868  IPMIDRV - ok
03:28:20.0285 1868  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
03:28:20.0285 1868  IPNAT - ok
03:28:20.0300 1868  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
03:28:20.0300 1868  IRENUM - ok
03:28:20.0300 1868  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
03:28:20.0300 1868  isapnp - ok
03:28:20.0332 1868  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
03:28:20.0332 1868  iScsiPrt - ok
03:28:20.0363 1868  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
03:28:20.0363 1868  kbdclass - ok
03:28:20.0394 1868  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
03:28:20.0394 1868  kbdhid - ok
03:28:20.0410 1868  [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
03:28:20.0410 1868  kbfiltr - ok
03:28:20.0425 1868  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
03:28:20.0425 1868  KeyIso - ok
03:28:20.0503 1868  [ BDCDA87DD466867A8A7C405D52DD9260 ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
03:28:20.0519 1868  KLIF - ok
03:28:20.0550 1868  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
03:28:20.0550 1868  KSecDD - ok
03:28:20.0550 1868  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
03:28:20.0566 1868  KSecPkg - ok
03:28:20.0581 1868  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
03:28:20.0581 1868  ksthunk - ok
03:28:20.0612 1868  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
03:28:20.0628 1868  KtmRm - ok
03:28:20.0675 1868  [ 033B4AED2C5519072C0D81E00804D003 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
03:28:20.0690 1868  L1C - ok
03:28:20.0737 1868  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
03:28:20.0737 1868  LanmanServer - ok
03:28:20.0768 1868  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
03:28:20.0768 1868  LanmanWorkstation - ok
03:28:20.0815 1868  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
03:28:20.0815 1868  lltdio - ok
03:28:20.0846 1868  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
03:28:20.0846 1868  lltdsvc - ok
03:28:20.0862 1868  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
03:28:20.0862 1868  lmhosts - ok
03:28:20.0893 1868  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
03:28:20.0893 1868  LSI_FC - ok
03:28:20.0940 1868  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
03:28:20.0940 1868  LSI_SAS - ok
03:28:20.0956 1868  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
03:28:20.0956 1868  LSI_SAS2 - ok
03:28:20.0971 1868  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
03:28:20.0971 1868  LSI_SCSI - ok
03:28:20.0987 1868  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
03:28:20.0987 1868  luafv - ok
03:28:21.0049 1868  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
03:28:21.0049 1868  MBAMProtector - ok
03:28:21.0080 1868  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
03:28:21.0096 1868  MBAMScheduler - ok
03:28:21.0112 1868  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
03:28:21.0127 1868  MBAMService - ok
03:28:21.0174 1868  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
03:28:21.0174 1868  Mcx2Svc - ok
03:28:21.0190 1868  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
03:28:21.0190 1868  megasas - ok
03:28:21.0236 1868  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
03:28:21.0236 1868  MegaSR - ok
03:28:21.0252 1868  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
03:28:21.0268 1868  MMCSS - ok
03:28:21.0268 1868  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
03:28:21.0268 1868  Modem - ok
03:28:21.0283 1868  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
03:28:21.0299 1868  monitor - ok
03:28:21.0314 1868  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
03:28:21.0314 1868  mouclass - ok
03:28:21.0330 1868  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
03:28:21.0330 1868  mouhid - ok
03:28:21.0361 1868  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
03:28:21.0361 1868  mountmgr - ok
03:28:21.0424 1868  [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
03:28:21.0424 1868  MozillaMaintenance - ok
03:28:21.0439 1868  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
03:28:21.0439 1868  mpio - ok
03:28:21.0455 1868  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
03:28:21.0470 1868  mpsdrv - ok
03:28:21.0502 1868  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
03:28:21.0517 1868  MpsSvc - ok
03:28:21.0548 1868  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
03:28:21.0548 1868  MRxDAV - ok
03:28:21.0564 1868  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
03:28:21.0564 1868  mrxsmb - ok
03:28:21.0595 1868  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
03:28:21.0595 1868  mrxsmb10 - ok
03:28:21.0642 1868  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
03:28:21.0642 1868  mrxsmb20 - ok
03:28:21.0658 1868  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
03:28:21.0658 1868  msahci - ok
03:28:21.0673 1868  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
03:28:21.0673 1868  msdsm - ok
03:28:21.0704 1868  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
03:28:21.0720 1868  MSDTC - ok
03:28:21.0751 1868  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
03:28:21.0751 1868  Msfs - ok
03:28:21.0767 1868  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
03:28:21.0767 1868  mshidkmdf - ok
03:28:21.0782 1868  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
03:28:21.0782 1868  msisadrv - ok
03:28:21.0829 1868  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
03:28:21.0829 1868  MSiSCSI - ok
03:28:21.0829 1868  msiserver - ok
03:28:21.0845 1868  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
03:28:21.0845 1868  MSKSSRV - ok
03:28:21.0860 1868  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
03:28:21.0860 1868  MSPCLOCK - ok
03:28:21.0860 1868  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
03:28:21.0860 1868  MSPQM - ok
03:28:21.0892 1868  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
03:28:21.0892 1868  MsRPC - ok
03:28:21.0907 1868  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
03:28:21.0907 1868  mssmbios - ok
03:28:21.0923 1868  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
03:28:21.0923 1868  MSTEE - ok
03:28:21.0923 1868  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
03:28:21.0923 1868  MTConfig - ok
03:28:21.0938 1868  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
03:28:21.0938 1868  Mup - ok
03:28:21.0970 1868  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
03:28:21.0985 1868  napagent - ok
03:28:22.0016 1868  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
03:28:22.0016 1868  NativeWifiP - ok
03:28:22.0079 1868  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
03:28:22.0079 1868  NDIS - ok
03:28:22.0126 1868  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
03:28:22.0126 1868  NdisCap - ok
03:28:22.0141 1868  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
03:28:22.0141 1868  NdisTapi - ok
03:28:22.0172 1868  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
03:28:22.0172 1868  Ndisuio - ok
03:28:22.0188 1868  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
03:28:22.0188 1868  NdisWan - ok
03:28:22.0204 1868  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
03:28:22.0204 1868  NDProxy - ok
03:28:22.0204 1868  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
03:28:22.0204 1868  NetBIOS - ok
03:28:22.0235 1868  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
03:28:22.0235 1868  NetBT - ok
03:28:22.0266 1868  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
03:28:22.0266 1868  Netlogon - ok
03:28:22.0297 1868  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
03:28:22.0313 1868  Netman - ok
03:28:22.0360 1868  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:28:22.0406 1868  NetMsmqActivator - ok
03:28:22.0422 1868  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:28:22.0422 1868  NetPipeActivator - ok
03:28:22.0453 1868  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
03:28:22.0453 1868  netprofm - ok
03:28:22.0469 1868  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:28:22.0469 1868  NetTcpActivator - ok
03:28:22.0484 1868  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:28:22.0484 1868  NetTcpPortSharing - ok
03:28:22.0516 1868  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
03:28:22.0516 1868  nfrd960 - ok
03:28:22.0547 1868  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
03:28:22.0562 1868  NlaSvc - ok
03:28:22.0578 1868  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
03:28:22.0578 1868  Npfs - ok
03:28:22.0609 1868  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
03:28:22.0609 1868  nsi - ok
03:28:22.0609 1868  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
03:28:22.0609 1868  nsiproxy - ok
03:28:22.0672 1868  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
03:28:22.0687 1868  Ntfs - ok
03:28:22.0703 1868  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
03:28:22.0703 1868  Null - ok
03:28:22.0718 1868  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
03:28:22.0718 1868  nvraid - ok
03:28:22.0750 1868  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
03:28:22.0765 1868  nvstor - ok
03:28:22.0765 1868  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
03:28:22.0765 1868  nv_agp - ok
03:28:22.0781 1868  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
03:28:22.0796 1868  ohci1394 - ok
03:28:22.0828 1868  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
03:28:22.0828 1868  p2pimsvc - ok
03:28:22.0859 1868  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
03:28:22.0859 1868  p2psvc - ok
03:28:22.0874 1868  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
03:28:22.0874 1868  Parport - ok
03:28:22.0906 1868  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
03:28:22.0906 1868  partmgr - ok
03:28:22.0921 1868  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
03:28:22.0921 1868  PcaSvc - ok
03:28:22.0937 1868  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
03:28:22.0937 1868  pci - ok
03:28:22.0952 1868  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
03:28:22.0952 1868  pciide - ok
03:28:22.0968 1868  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
03:28:22.0968 1868  pcmcia - ok
03:28:22.0984 1868  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
03:28:22.0984 1868  pcw - ok
03:28:23.0015 1868  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
03:28:23.0015 1868  PEAUTH - ok
03:28:23.0093 1868  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
03:28:23.0140 1868  PerfHost - ok
03:28:23.0186 1868  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
03:28:23.0233 1868  pla - ok
03:28:23.0280 1868  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
03:28:23.0280 1868  PlugPlay - ok
03:28:23.0296 1868  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
03:28:23.0296 1868  PNRPAutoReg - ok
03:28:23.0311 1868  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
03:28:23.0327 1868  PNRPsvc - ok
03:28:23.0342 1868  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
03:28:23.0358 1868  PolicyAgent - ok
03:28:23.0389 1868  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
03:28:23.0389 1868  Power - ok
03:28:23.0420 1868  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
03:28:23.0420 1868  PptpMiniport - ok
03:28:23.0436 1868  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
03:28:23.0452 1868  Processor - ok
03:28:23.0483 1868  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
03:28:23.0483 1868  ProfSvc - ok
03:28:23.0498 1868  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
03:28:23.0498 1868  ProtectedStorage - ok
03:28:23.0514 1868  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
03:28:23.0514 1868  Psched - ok
03:28:23.0561 1868  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
03:28:23.0608 1868  ql2300 - ok
03:28:23.0623 1868  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
03:28:23.0623 1868  ql40xx - ok
03:28:23.0654 1868  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
03:28:23.0654 1868  QWAVE - ok
03:28:23.0686 1868  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
03:28:23.0686 1868  QWAVEdrv - ok
03:28:23.0686 1868  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
03:28:23.0686 1868  RasAcd - ok
03:28:23.0795 1868  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
03:28:23.0795 1868  RasAgileVpn - ok
03:28:23.0810 1868  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
03:28:23.0810 1868  RasAuto - ok
03:28:23.0842 1868  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
03:28:23.0842 1868  Rasl2tp - ok
03:28:23.0873 1868  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
03:28:23.0873 1868  RasMan - ok
03:28:23.0904 1868  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
03:28:23.0904 1868  RasPppoe - ok
03:28:23.0920 1868  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
03:28:23.0920 1868  RasSstp - ok
03:28:23.0951 1868  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
03:28:23.0951 1868  rdbss - ok
03:28:23.0966 1868  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
03:28:23.0966 1868  rdpbus - ok
03:28:23.0998 1868  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
03:28:23.0998 1868  RDPCDD - ok
03:28:24.0013 1868  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
03:28:24.0013 1868  RDPENCDD - ok
03:28:24.0029 1868  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
03:28:24.0029 1868  RDPREFMP - ok
03:28:24.0060 1868  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
03:28:24.0060 1868  RDPWD - ok
03:28:24.0076 1868  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
03:28:24.0091 1868  rdyboost - ok
03:28:24.0107 1868  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
03:28:24.0107 1868  RemoteAccess - ok
03:28:24.0138 1868  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
03:28:24.0154 1868  RemoteRegistry - ok
03:28:24.0185 1868  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
03:28:24.0185 1868  RFCOMM - ok
03:28:24.0216 1868  [ CAF88D6573D21CD2AA27001DDBFDC74D ] RMCAST          C:\Windows\system32\DRIVERS\RMCAST.sys
03:28:24.0216 1868  RMCAST - ok
03:28:24.0232 1868  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
03:28:24.0232 1868  RpcEptMapper - ok
03:28:24.0263 1868  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
03:28:24.0263 1868  RpcLocator - ok
03:28:24.0294 1868  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
03:28:24.0294 1868  RpcSs - ok
03:28:24.0325 1868  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
03:28:24.0325 1868  rspndr - ok
03:28:24.0356 1868  [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
03:28:24.0356 1868  RSUSBSTOR - ok
03:28:24.0403 1868  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
03:28:24.0403 1868  RTL8167 - ok
03:28:24.0434 1868  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
03:28:24.0434 1868  SamSs - ok
03:28:24.0512 1868  [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
03:28:24.0512 1868  SASDIFSV - ok
03:28:24.0512 1868  [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
03:28:24.0512 1868  SASKUTIL - ok
03:28:24.0528 1868  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
03:28:24.0544 1868  sbp2port - ok
03:28:24.0575 1868  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
03:28:24.0575 1868  SCardSvr - ok
03:28:24.0590 1868  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
03:28:24.0590 1868  scfilter - ok
03:28:24.0622 1868  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
03:28:24.0637 1868  Schedule - ok
03:28:24.0668 1868  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
03:28:24.0668 1868  SCPolicySvc - ok
03:28:24.0700 1868  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
03:28:24.0700 1868  sdbus - ok
03:28:24.0715 1868  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
03:28:24.0715 1868  SDRSVC - ok
03:28:24.0746 1868  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
03:28:24.0746 1868  secdrv - ok
03:28:24.0762 1868  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
03:28:24.0762 1868  seclogon - ok
03:28:24.0793 1868  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
03:28:24.0793 1868  SENS - ok
03:28:24.0809 1868  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
03:28:24.0809 1868  SensrSvc - ok
03:28:24.0824 1868  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
03:28:24.0824 1868  Serenum - ok
03:28:24.0856 1868  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
03:28:24.0856 1868  Serial - ok
03:28:24.0887 1868  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
03:28:24.0887 1868  sermouse - ok
03:28:24.0918 1868  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
03:28:24.0918 1868  SessionEnv - ok
03:28:24.0918 1868  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
03:28:24.0918 1868  sffdisk - ok
03:28:24.0934 1868  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
03:28:24.0934 1868  sffp_mmc - ok
03:28:24.0934 1868  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
03:28:24.0934 1868  sffp_sd - ok
03:28:24.0934 1868  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
03:28:24.0934 1868  sfloppy - ok
03:28:25.0012 1868  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
03:28:25.0027 1868  SharedAccess - ok
03:28:25.0043 1868  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
03:28:25.0043 1868  ShellHWDetection - ok
03:28:25.0058 1868  [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSG664.sys
03:28:25.0074 1868  SiSGbeLH - ok
03:28:25.0105 1868  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
03:28:25.0105 1868  SiSRaid2 - ok
03:28:25.0105 1868  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
03:28:25.0105 1868  SiSRaid4 - ok
03:28:25.0121 1868  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
03:28:25.0136 1868  Smb - ok
03:28:25.0168 1868  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
03:28:25.0183 1868  SNMPTRAP - ok
03:28:25.0183 1868  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
03:28:25.0183 1868  spldr - ok
03:28:25.0230 1868  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
03:28:25.0230 1868  Spooler - ok
03:28:25.0308 1868  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
03:28:25.0402 1868  sppsvc - ok
03:28:25.0433 1868  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
03:28:25.0448 1868  sppuinotify - ok
03:28:25.0464 1868  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
03:28:25.0480 1868  srv - ok
03:28:25.0495 1868  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
03:28:25.0511 1868  srv2 - ok
03:28:25.0526 1868  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
03:28:25.0526 1868  srvnet - ok
03:28:25.0542 1868  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
03:28:25.0542 1868  SSDPSRV - ok
03:28:25.0558 1868  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
03:28:25.0558 1868  SstpSvc - ok
03:28:25.0589 1868  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
03:28:25.0589 1868  stexstor - ok
03:28:25.0636 1868  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
03:28:25.0636 1868  stisvc - ok
03:28:25.0667 1868  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
03:28:25.0667 1868  swenum - ok
03:28:25.0698 1868  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
03:28:25.0698 1868  swprv - ok
03:28:25.0745 1868  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
03:28:25.0792 1868  SysMain - ok
03:28:25.0807 1868  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
03:28:25.0807 1868  TabletInputService - ok
03:28:25.0823 1868  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
03:28:25.0838 1868  TapiSrv - ok
03:28:25.0854 1868  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
03:28:25.0854 1868  TBS - ok
03:28:25.0916 1868  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
03:28:25.0932 1868  Tcpip - ok
03:28:25.0979 1868  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
03:28:25.0994 1868  TCPIP6 - ok
03:28:26.0026 1868  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
03:28:26.0026 1868  tcpipreg - ok
03:28:26.0057 1868  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
03:28:26.0057 1868  TDPIPE - ok
03:28:26.0088 1868  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
03:28:26.0088 1868  TDTCP - ok
03:28:26.0104 1868  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
03:28:26.0104 1868  tdx - ok
03:28:26.0135 1868  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
03:28:26.0135 1868  TermDD - ok
03:28:26.0166 1868  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
03:28:26.0182 1868  TermService - ok
03:28:26.0197 1868  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
03:28:26.0197 1868  Themes - ok
03:28:26.0213 1868  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
03:28:26.0213 1868  THREADORDER - ok
03:28:26.0244 1868  [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM             C:\Windows\system32\drivers\tpm.sys
03:28:26.0244 1868  TPM - ok
03:28:26.0260 1868  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
03:28:26.0260 1868  TrkWks - ok
03:28:26.0306 1868  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
03:28:26.0322 1868  TrustedInstaller - ok
03:28:26.0338 1868  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
03:28:26.0338 1868  tssecsrv - ok
03:28:26.0353 1868  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
03:28:26.0353 1868  TsUsbFlt - ok
03:28:26.0353 1868  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
03:28:26.0369 1868  TsUsbGD - ok
03:28:26.0384 1868  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
03:28:26.0384 1868  tunnel - ok
03:28:26.0400 1868  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
03:28:26.0400 1868  uagp35 - ok
03:28:26.0431 1868  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
03:28:26.0431 1868  udfs - ok
03:28:26.0462 1868  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
03:28:26.0462 1868  UI0Detect - ok
03:28:26.0478 1868  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
03:28:26.0494 1868  uliagpkx - ok
03:28:26.0525 1868  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
03:28:26.0525 1868  umbus - ok
03:28:26.0540 1868  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
03:28:26.0540 1868  UmPass - ok
03:28:26.0556 1868  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
03:28:26.0556 1868  upnphost - ok
03:28:26.0587 1868  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
03:28:26.0587 1868  usbccgp - ok
03:28:26.0603 1868  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
03:28:26.0603 1868  usbcir - ok
03:28:26.0618 1868  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
03:28:26.0618 1868  usbehci - ok
03:28:26.0665 1868  [ B7037444DC5138FC7D3D3968B4DE5C4B ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
03:28:26.0665 1868  usbfilter - ok
03:28:26.0696 1868  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
03:28:26.0696 1868  usbhub - ok
03:28:26.0712 1868  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
03:28:26.0712 1868  usbohci - ok
03:28:26.0728 1868  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
03:28:26.0728 1868  usbprint - ok
03:28:26.0743 1868  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
03:28:26.0743 1868  USBSTOR - ok
03:28:26.0759 1868  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
03:28:26.0759 1868  usbuhci - ok
03:28:26.0790 1868  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
03:28:26.0790 1868  usbvideo - ok
03:28:26.0821 1868  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
03:28:26.0821 1868  UxSms - ok
03:28:26.0837 1868  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
03:28:26.0837 1868  VaultSvc - ok
03:28:26.0868 1868  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
03:28:26.0868 1868  vdrvroot - ok
03:28:26.0899 1868  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
03:28:26.0899 1868  vds - ok
03:28:26.0915 1868  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
03:28:26.0915 1868  vga - ok
03:28:26.0930 1868  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
03:28:26.0930 1868  VgaSave - ok
03:28:26.0946 1868  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
03:28:26.0946 1868  vhdmp - ok
03:28:26.0962 1868  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
03:28:26.0962 1868  viaide - ok
03:28:26.0977 1868  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
03:28:26.0977 1868  volmgr - ok
03:28:26.0993 1868  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
03:28:27.0008 1868  volmgrx - ok
03:28:27.0024 1868  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap         C:\Windows\system32\drivers\volsnap.sys
03:28:27.0024 1868  volsnap - ok
03:28:27.0086 1868  [ 1065A957523ED51AAFFF737CC63010A6 ] Vsdatant        C:\Windows\system32\DRIVERS\vsdatant.sys
03:28:27.0086 1868  Vsdatant - ok
03:28:27.0149 1868  vsmon - ok
03:28:27.0180 1868  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
03:28:27.0180 1868  vsmraid - ok
03:28:27.0242 1868  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
03:28:27.0274 1868  VSS - ok
03:28:27.0289 1868  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
03:28:27.0289 1868  vwifibus - ok
03:28:27.0305 1868  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
03:28:27.0305 1868  vwififlt - ok
03:28:27.0336 1868  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
03:28:27.0336 1868  vwifimp - ok
03:28:27.0352 1868  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
03:28:27.0367 1868  W32Time - ok
03:28:27.0398 1868  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
03:28:27.0398 1868  WacomPen - ok
03:28:27.0414 1868  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
03:28:27.0414 1868  WANARP - ok
03:28:27.0430 1868  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
03:28:27.0430 1868  Wanarpv6 - ok
03:28:27.0492 1868  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
03:28:27.0523 1868  WatAdminSvc - ok
03:28:27.0586 1868  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
03:28:27.0617 1868  wbengine - ok
03:28:27.0632 1868  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
03:28:27.0632 1868  WbioSrvc - ok
03:28:27.0648 1868  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
03:28:27.0664 1868  wcncsvc - ok
03:28:27.0664 1868  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
03:28:27.0679 1868  WcsPlugInService - ok
03:28:27.0679 1868  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
03:28:27.0679 1868  Wd - ok
03:28:27.0726 1868  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
03:28:27.0757 1868  Wdf01000 - ok
03:28:27.0773 1868  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
03:28:27.0773 1868  WdiServiceHost - ok
03:28:27.0773 1868  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
03:28:27.0773 1868  WdiSystemHost - ok
03:28:27.0804 1868  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
03:28:27.0820 1868  WebClient - ok
03:28:27.0835 1868  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
03:28:27.0835 1868  Wecsvc - ok
03:28:27.0866 1868  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
03:28:27.0866 1868  wercplsupport - ok
03:28:27.0882 1868  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
03:28:27.0898 1868  WerSvc - ok
03:28:27.0929 1868  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
03:28:27.0929 1868  WfpLwf - ok
03:28:27.0960 1868  [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
03:28:27.0960 1868  WimFltr - ok
03:28:27.0976 1868  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
03:28:27.0976 1868  WIMMount - ok
03:28:28.0007 1868  WinDefend - ok
03:28:28.0007 1868  WinHttpAutoProxySvc - ok
03:28:28.0069 1868  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
03:28:28.0085 1868  Winmgmt - ok
03:28:28.0132 1868  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
03:28:28.0178 1868  WinRM - ok
03:28:28.0225 1868  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
03:28:28.0225 1868  WinUsb - ok
03:28:28.0272 1868  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
03:28:28.0288 1868  Wlansvc - ok
03:28:28.0334 1868  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
03:28:28.0334 1868  wlcrasvc - ok
03:28:28.0428 1868  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
03:28:28.0475 1868  wlidsvc - ok
03:28:28.0506 1868  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
03:28:28.0506 1868  WmiAcpi - ok
03:28:28.0537 1868  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
03:28:28.0537 1868  wmiApSrv - ok
03:28:28.0568 1868  WMPNetworkSvc - ok
03:28:28.0600 1868  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
03:28:28.0600 1868  WPCSvc - ok
03:28:28.0615 1868  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
03:28:28.0615 1868  WPDBusEnum - ok
03:28:28.0646 1868  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
03:28:28.0646 1868  ws2ifsl - ok
03:28:28.0662 1868  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
03:28:28.0678 1868  wscsvc - ok
03:28:28.0678 1868  WSearch - ok
03:28:28.0740 1868  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
03:28:28.0802 1868  wuauserv - ok
03:28:28.0818 1868  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
03:28:28.0818 1868  WudfPf - ok
03:28:28.0849 1868  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
03:28:28.0849 1868  WUDFRd - ok
03:28:28.0880 1868  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
03:28:28.0880 1868  wudfsvc - ok
03:28:28.0912 1868  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
03:28:28.0912 1868  WwanSvc - ok
03:28:28.0943 1868  ================ Scan global ===============================
03:28:28.0974 1868  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
03:28:28.0990 1868  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
03:28:29.0005 1868  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
03:28:29.0021 1868  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
03:28:29.0052 1868  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
03:28:29.0052 1868  [Global] - ok
03:28:29.0052 1868  ================ Scan MBR ==================================
03:28:29.0068 1868  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
03:28:29.0582 1868  \Device\Harddisk0\DR0 - ok
03:28:29.0582 1868  ================ Scan VBR ==================================
03:28:29.0598 1868  [ E3FB1ACECF94DB9653EAF5DA5D1EAB49 ] \Device\Harddisk0\DR0\Partition1
03:28:29.0598 1868  \Device\Harddisk0\DR0\Partition1 - ok
03:28:29.0629 1868  [ 5EBBC4DC073BC06BF7AC7539AED4EEDA ] \Device\Harddisk0\DR0\Partition2
03:28:29.0629 1868  \Device\Harddisk0\DR0\Partition2 - ok
03:28:29.0629 1868  ============================================================
03:28:29.0629 1868  Scan finished
03:28:29.0629 1868  ============================================================
03:28:29.0645 2044  Detected object count: 0
03:28:29.0645 2044  Actual detected object count: 0
03:28:37.0211 1888  Deinitialize success
 

 

 

 

AdwCleaner[S2].txt

 

# AdwCleaner v2.111 - Logfile created 02/07/2013 at 12:01:39
# Updated 05/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : ohn - OHN-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\ohn\Desktop\AdwCleaner(4).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Users\ohn\AppData\Local\Temp\Uninstall.exe

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Users\ohn\AppData\Roaming\Mozilla\Firefox\Profiles\62n9qazt.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1223 octets] - [14/10/2012 20:32:01]
AdwCleaner[R2].txt - [1154 octets] - [07/02/2013 12:00:40]
AdwCleaner[S1].txt - [1291 octets] - [14/10/2012 20:32:57]
AdwCleaner[S2].txt - [1094 octets] - [07/02/2013 12:01:39]

########## EOF - C:\AdwCleaner[S2].txt - [1154 octets] ##########
 



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:27 AM

Posted 08 February 2013 - 09:30 PM

It wasn't a personal question ..I was trying to determine how a legit app can have a malware application.

 

It most likely is the CNET downloader.. I am seeing it places a Launcher.

The launcher.exe process may watch you as you are surfing the internet and report any information that it discovers to an online database. It will also create and display targeted advertisements.

 

launcher.exe is considered to be a security risk, not only because spyware removal programs flag Launcher as spyware, but also because a number of users have complained about its performance.

http://www.auditmypc.com/launcher.asp

 

So did removing ZA eliminate it showing up?


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 mejohn

mejohn
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 09 February 2013 - 02:07 AM

I was just surprised by the question and by thought it is or might be 'poisened' in some way.

 

"So did removing ZA eliminate it showing up?"

 

Not sure I understand the question. The trojan only showed up the first time I ran SAS. I removed ZA two or three times trying to resolve my initial issue with it not updating. In contrast, MBAM updated 1st time I tried after SAS found the trojan. So it kind of seems too coincidental.

 

Auditmypc says my firewall is doing it's job but what worries me is all the coincidence.

 

1) This (or something else) somehow kept BOTH my ZA/AV *and* MBAM from succesfully updating...

2) I couldn't get the link to a clean ZA download to work (in checkpoint's error-fix thread.)

3) Even though SAS both updated and found that Trojan, it took me several tries to get ZA to update.

4) ZA has *NEVER* scaned since this began. The staus box opened but nothing happened.

 

5) Now ZA has stopped updating again- almost like something is still in my laptop, messing with ZA...

 

 

Also, initially there was a second error message that I thought might belong to some ransomeware: "Error Code 127."



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:27 AM

Posted 09 February 2013 - 08:21 PM

Let's get a deeper look and see if there is a protected ,alware on here..

 

Please follow this Preparation Guide and post in a new topic.

Let me know if all went well.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:27 AM

Posted 14 February 2013 - 11:48 AM

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 2 days and ALL logs are answered.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users