tictacs1234

FBI Moneypak virus, can't enter safe mode, please help

26 posts in this topic

Hi earlier today I got infected with a version of the FBI moneypak virus which displays a white screen asking for $200 via moneypak whenever I boot my computer. I've tried reading around for solutions and it seems that most people start with entering safemode and running antimalware from there. The problem is I cannot enter safemode or safemode with command prompt or networking so I can't run malwarebytes. The ransomware pops up each time. My computer is completely frozen and I am borrowing another computer to write this. I am using windows 7. PLEASE any help you can give me would be greatly appreciated.

-Thanks

Share this post


Link to post
Share on other sites

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

    [*]Please do not attach logs or use code boxes, just copy and paste the text.

    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

    [*]Please read every post completely before doing anything.

    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

    [*]Please provide feedback about your experience as we go.

    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flash-drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst64.exe and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.

[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe

[*]Click the Search button

[*]It will make a log (Search.txt)

I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo

Share this post


Link to post
Share on other sites

Gringo, thank you so much for your fast reply.

I downloaded frst64.exe from the link you provided. I was able to enter command prompt but when I ran the FRST64.exe file it wouldn't run and the following message appeared:

"This version of e:\FRST64.exe is not compatible with the version of windows you're running. Check your computer's system information to see whether you need a x86 (32-bit) or x64 (64-bit) version of the program, and then contact the software publisher."

Share this post


Link to post
Share on other sites

Hello

try this one - with you saying you had win 7 I took the chance that it was 64bit as most of them are

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flash drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.

[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe

[*]Click the Search button

[*]It will make a log (Search.txt)

I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo

Share this post


Link to post
Share on other sites

Thanks, that version of FRST.exe worked. The scan ran ok but when I ran the search for services.exe it made a log but the following 2 error messages also popped up:

The file or directory C:\users\t\AppData\Local\Microsoft\Feeds Cache is corrupt and unreadable. Please run the Chkdsk utility.

The file or directory C:\ProgramData\Microsoft\Windows\StartMenu\Programs\VideoLAN is corrupt and unreadable. Please run the Chkdsk utility.

This is the FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2012 02

Ran by SYSTEM at 10-11-2012 15:22:38

Running from E:\

Windows 7 Professional (X86) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [set] c:\programdata\SetWallpaper.cmd [x]

HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13789728 2009-07-01] (NVIDIA Corporation)

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]

HKLM\...\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)

HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)

HKU\t\...\Run: [dfeaeaaeaebafcdsacfsfdsf] "C:\ProgramData\dfeaeaaeaebafcdsacfsfdsf.exe" [91648 2012-09-30] ()

HKU\t\...\Winlogon: [shell] explorer.exe,C:\Users\t\AppData\Roaming\msconfig.dat [58880 2011-11-16] (ICQ, LLC.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Startup: C:\Users\t\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) ===================

2 AVGIDSAgent; "C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)

2 avgwd; "C:\Program Files\AVG\AVG10\avgwdsvc.exe" [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)

2 HFGService; C:\Windows\System32\HFGService.dll [413696 2009-12-21] (CSR, plc)

2 rpcnet; C:\Windows\system32\rpcnet.exe [58288 2011-03-27] (Absolute Software Corp.)

==================== Drivers (Whitelisted) ====================

3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [134480 2011-05-27] (AVG Technologies CZ, s.r.o. )

0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [22992 2011-02-22] (AVG Technologies CZ, s.r.o. )

3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [24144 2011-02-10] (AVG Technologies CZ, s.r.o. )

3 AVGIDSShim; C:\Windows\System32\DRIVERS\AVGIDSShim.Sys [21968 2011-02-10] (AVG Technologies CZ, s.r.o. )

1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [248656 2011-01-07] (AVG Technologies CZ, s.r.o.)

1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34896 2011-03-01] (AVG Technologies CZ, s.r.o.)

0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [32592 2011-03-16] (AVG Technologies CZ, s.r.o.)

1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [297168 2011-04-04] (AVG Technologies CZ, s.r.o.)

3 BthAudioHF; C:\Windows\System32\DRIVERS\BthAudioHF.sys [43008 2009-12-21] (CSR, plc)

3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [22528 2009-08-13] (CSR, plc)

3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-30] (ATK0100)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2012-11-10 15:22 - 2012-11-10 15:22 - 00000000 ____D C:\FRST

2012-11-09 19:49 - 2012-11-09 23:56 - 00000047 ____A C:\Users\t\AppData\Roaming\msconfig.ini

2012-10-29 22:02 - 2012-10-29 22:03 - 00000000 ____D C:\Users\t\AppData\Roaming\dvdcss

2012-10-27 09:01 - 2012-10-27 09:01 - 00001974 ____A C:\Users\t\Desktop\Usmleworld QBank.lnk

2012-10-27 08:59 - 2012-10-27 08:59 - 16979960 ____A (Sun Microsystems, Inc.) C:\Users\t\Downloads\jre-6u37-windows-i586.exe

2012-10-26 16:12 - 2012-10-26 16:12 - 00001474 ____A C:\Users\t\Desktop\qbankclient.jnlp

2012-10-26 15:22 - 2012-10-26 15:22 - 00000000 ____D C:\Program Files\Common Files\Java

2012-10-26 15:21 - 2012-10-26 15:20 - 00821736 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll

2012-10-26 15:21 - 2011-10-03 02:06 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe

2012-10-26 15:21 - 2011-10-03 02:06 - 00145184 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe

2012-10-26 15:21 - 2011-10-03 02:06 - 00145184 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe

2012-10-26 15:19 - 2012-10-26 15:19 - 00000000 ____D C:\Users\All Users\McAfee

2012-10-22 20:30 - 2012-10-22 20:30 - 00013726 ____A C:\Users\t\Downloads\And Sister Makes Three.htm

2012-10-22 20:30 - 2012-10-22 20:30 - 00000000 ____D C:\Users\t\Downloads\And Sister Makes Three_files

==================== One Month Modified Files and Folders ========

2012-11-09 23:57 - 2010-07-11 00:59 - 01971698 ____A C:\Windows\WindowsUpdate.log

2012-11-09 23:57 - 2009-07-13 20:34 - 00009600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-11-09 23:57 - 2009-07-13 20:34 - 00009600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-11-09 23:56 - 2012-11-09 19:49 - 00000047 ____A C:\Users\t\AppData\Roaming\msconfig.ini

2012-11-09 23:52 - 2010-07-11 05:56 - 00058288 ____A (Absolute Software Corp.) C:\Windows\System32\rpcnet.dll

2012-11-09 23:52 - 2010-07-11 00:54 - 00017408 ____A C:\Windows\System32\rpcnetp.dll

2012-11-09 23:52 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-11-09 23:52 - 2009-07-13 20:39 - 00076089 ____A C:\Windows\setupact.log

2012-11-09 23:51 - 2010-07-11 00:53 - 00017408 ____A C:\Windows\System32\rpcnetp.exe

2012-11-09 20:12 - 2009-08-18 13:15 - 00713888 ____A C:\Windows\System32\PerfStringBackup.INI

2012-11-08 20:32 - 2012-09-18 13:13 - 00000000 ____D C:\Users\t\Downloads\Jdownloader

2012-11-04 22:37 - 2010-07-11 10:18 - 00000000 ____D C:\Users\t\AppData\Roaming\vlc

2012-11-01 01:40 - 2011-08-19 18:50 - 00000000 ____D C:\Users\t\Desktop\New folder

2012-10-29 22:03 - 2012-10-29 22:02 - 00000000 ____D C:\Users\t\AppData\Roaming\dvdcss

2012-10-27 09:01 - 2012-10-27 09:01 - 00001974 ____A C:\Users\t\Desktop\Usmleworld QBank.lnk

2012-10-27 09:01 - 2011-08-23 10:17 - 00000000 ____D C:\Program Files\Java

2012-10-27 08:59 - 2012-10-27 08:59 - 16979960 ____A (Sun Microsystems, Inc.) C:\Users\t\Downloads\jre-6u37-windows-i586.exe

2012-10-26 16:12 - 2012-10-26 16:12 - 00001474 ____A C:\Users\t\Desktop\qbankclient.jnlp

2012-10-26 15:22 - 2012-10-26 15:22 - 00000000 ____D C:\Program Files\Common Files\Java

2012-10-26 15:20 - 2012-10-26 15:21 - 00821736 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll

2012-10-26 15:20 - 2011-08-13 10:11 - 00746984 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll

2012-10-26 15:19 - 2012-10-26 15:19 - 00000000 ____D C:\Users\All Users\McAfee

2012-10-22 20:30 - 2012-10-22 20:30 - 00013726 ____A C:\Users\t\Downloads\And Sister Makes Three.htm

2012-10-22 20:30 - 2012-10-22 20:30 - 00000000 ____D C:\Users\t\Downloads\And Sister Makes Three_files

2012-10-18 09:00 - 2012-09-18 08:39 - 00001078 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-10-18 09:00 - 2011-06-22 13:36 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2012-10-17 15:56 - 2012-09-05 11:45 - 00000000 ____D C:\Users\t\Desktop\U WOLRD TESTS 2012

2012-10-13 01:40 - 2012-09-18 13:10 - 00000000 ____D C:\Program Files\JDownloader

ZeroAccess:

C:\$Recycle.Bin\S-1-5-21-1731318305-4162222822-1311247776-1001\$c5208d370fbedf63f44991c44da994e2

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 19%

Total physical RAM: 2047.3 MB

Available physical RAM: 1651.91 MB

Total Pagefile: 2047.3 MB

Available Pagefile: 1654 MB

Total Virtual: 2047.88 MB

Available Virtual: 1960.7 MB

==================== Partitions =============================

1 Drive c: (VistaOS) (Fixed) (Total:116.44 GB) (Free:1.32 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

2 Drive d: (DATA) (Fixed) (Total:104.73 GB) (Free:0.09 GB) NTFS

3 Drive e: () (Removable) (Total:3.78 GB) (Free:3.78 GB) FAT

4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 232 GB 1024 KB

Disk 1 Online 3875 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 11 GB 31 KB

Partition 2 Primary 116 GB 11 GB

Partition 0 Extended 104 GB 128 GB

Partition 3 Logical 104 GB 128 GB

=========================================================

Disk: 0

Partition 1

Type : 1C

Hidden: Yes

Active: No

There is no volume associated with this partition.

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 0 C VistaOS NTFS Partition 116 GB Healthy

=========================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 D DATA NTFS Partition 104 GB Healthy

=========================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 3874 MB 31 KB

=========================================================

Disk: 1

Partition 1

Type : 06

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 E FAT Removable 3874 MB Healthy

=========================================================

Last Boot: 2012-11-05 00:39

==================== End Of Log ============================

Here is the search log:

Farbar Recovery Scan Tool (x86) Version: 10-11-2012 02

Ran by SYSTEM at 2012-11-10 15:25:36

Running from E:\

================== Search: "services.exe" ===================

C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows.old\Windows\System32\services.exe

[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe

[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

=== End Of Search ===

Share this post


Link to post
Share on other sites

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt


HKU\t\...\Run: [dfeaeaaeaebafcdsacfsfdsf] "C:\ProgramData\dfeaeaaeaebafcdsacfsfdsf.exe" [91648 2012-09-30] ()
HKU\t\...\Winlogon: [Shell] explorer.exe,C:\Users\t\AppData\Roaming\msconfig.dat [58880 2011-11-16] (ICQ, LLC.)
C:\$Recycle.Bin\S-1-5-21-1731318305-4162222822-1311247776-1001\$c5208d370fbedf63f44991c44da994e2

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.

The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo

Share this post


Link to post
Share on other sites

Here is the fix log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-11-2012 02

Ran by SYSTEM at 2012-11-10 17:47:12 Run:1

Running from E:\

==============================================

HKEY_USERS\t\Software\Microsoft\Windows\CurrentVersion\Run\\dfeaeaaeaebafcdsacfsfdsf Value deleted successfully.

HKEY_USERS\t\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value deleted successfully.

C:\$Recycle.Bin\S-1-5-21-1731318305-4162222822-1311247776-1001\$c5208d370fbedf63f44991c44da994e2 moved successfully.

==== End of Fixlog ====

Share this post


Link to post
Share on other sites

Gringo, thank you the computer booted up fine. Are there any remnants of the virus left on the computer and should I run any other virus scans or malwarebytes?

Share this post


Link to post
Share on other sites

Hello

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-AdwCleaner-

  • Please download
AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+

Gringo

Share this post


Link to post
Share on other sites

Here are the reports from both programs. I use AVG as a virus scanner and it was trying to block both downloads as trojans so I had to disable AVG to run the programs. Does this mean that AVG could have been affected by the virus?

ADW CLEANER REPORT

# AdwCleaner v2.007 - Logfile created 11/11/2012 at 14:33:43

# Updated 06/11/2012 by Xplode

# Operating system : Windows 7 Professional (32 bits)

# User : t - T-PC

# Boot Mode : Normal

# Running from : C:\Users\t\Desktop\AdwCleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v9.0.1 (en-US)

Profile name : default

File : C:\Users\t\AppData\Roaming\Mozilla\Firefox\Profiles\9omv74xe.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [663 octets] - [11/11/2012 14:33:43]

########## EOF - C:\AdwCleaner[s1].txt - [722 octets] ##########

ROGUE KILLER REPORT

RogueKiller V8.2.3 [11/07/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 32 bits version

Started in : Normal mode

User : t [Admin rights]

Mode : Remove -- Date : 11/11/2012 14:48:41

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9250320AS ATA Device +++++

--- User ---

[MBR] c4589615ea4652d051547dabc2ab2677

[bSP] c83f6d3cdea8c218388548da794008b8 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 12001 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24579450 | Size: 119232 Mo

2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 268767450 | Size: 107238 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2]_D_11112012_02d1448.txt >>

RKreport[1]_S_11112012_02d1447.txt ; RKreport[2]_D_11112012_02d1448.txt

Share this post


Link to post
Share on other sites

Hello

just means AVG is being a pain in the......

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Share this post


Link to post
Share on other sites

Gringo,

below is the combofix logfile. The computer seems to be running fine right now, I can use the internet and windows without the virus locking me out again. I did have one problem with AVG again while running combofix. I thought I had disabled it prior to starting but in the middle of running combofix AVG tried to block it again. Other than that everything seemed to have run fine. There is a new folder on my desktop call "RK_qaurantine" with 3 registry files and a few dat and txt files in it. Should I delete those files?

ComboFix 12-11-12.03 - t 11/12/2012 13:08:31.1.2 - x86

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2047.1280 [GMT -5:00]

Running from: c:\users\t\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\dfeaeaaeaebafcdsacfsfdsf.exe

c:\users\t\AppData\Roaming\msconfig.dat

c:\users\t\AppData\Roaming\msconfig.ini

.

.

((((((((((((((((((((((((( Files Created from 2012-10-12 to 2012-11-12 )))))))))))))))))))))))))))))))

.

.

2012-11-12 18:25 . 2012-11-12 18:25 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-10 23:22 . 2012-11-10 23:22 -------- d-----w- C:\FRST

2012-10-30 06:02 . 2012-10-30 06:03 -------- d-----w- c:\users\t\AppData\Roaming\dvdcss

2012-10-26 23:22 . 2012-10-26 23:22 -------- d-----w- c:\program files\Common Files\Java

2012-10-26 23:21 . 2012-10-26 23:20 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-10-26 23:19 . 2012-10-26 23:19 -------- d-----w- c:\programdata\McAfee

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-11 19:37 . 2010-07-11 08:53 17408 ----a-w- c:\windows\system32\rpcnetp.exe

2012-11-11 19:37 . 2010-07-11 13:56 58288 ----a-w- c:\windows\system32\rpcnet.dll

2012-11-10 22:53 . 2010-07-11 08:54 17408 ----a-w- c:\windows\system32\rpcnetp.dll

2012-10-26 23:20 . 2011-08-13 18:11 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-09-29 23:54 . 2011-06-22 21:36 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-14 18:30 . 2012-10-09 23:18 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-04 18:30 . 2012-10-01 21:10 38912 ----a-w- c:\windows\system32\identprv.dll

2012-08-30 17:18 . 2012-10-09 23:17 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-08-30 17:18 . 2012-10-09 23:17 3902832 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-24 17:10 . 2012-10-09 23:17 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-08-24 06:59 . 2012-09-22 07:01 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 06:51 . 2012-09-22 07:01 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 06:51 . 2012-09-22 07:01 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 06:47 . 2012-09-22 07:01 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 06:47 . 2012-09-22 07:01 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 06:43 . 2012-09-22 07:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-12-21 07:24 . 2012-01-13 02:20 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-02 13789728]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-19 1697064]

"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

.

c:\users\t\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

R3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys [x]

R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [x]

S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [x]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - TRUESIGHT

*Deregistered* - TrueSight

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthaudiosvc REG_MULTI_SZ HFGService

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.asus.com

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\t\AppData\Roaming\Mozilla\Firefox\Profiles\9omv74xe.default\

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

HKLM-Run-set - c:\programdata\SetWallpaper.cmd

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-12 13:33:28

ComboFix-quarantined-files.txt 2012-11-12 18:33

.

Pre-Run: 592,199,680 bytes free

Post-Run: 806,453,248 bytes free

.

- - End Of File - - DE8027604F15E2658081BDB63034BA6D

Share this post


Link to post
Share on other sites

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Share this post


Link to post
Share on other sites

Gringo,

when I ran aswMBR.exe windows displayed an error saying "aswMBR.exe is a corrupt file, please run chckdisk" but the scan finished and below are the logs.

Share this post


Link to post
Share on other sites

14:07:42.0810 3840 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

14:07:43.0309 3840 ============================================================

14:07:43.0309 3840 Current date / time: 2012/11/12 14:07:43.0309

14:07:43.0309 3840 SystemInfo:

14:07:43.0309 3840

14:07:43.0309 3840 OS Version: 6.1.7600 ServicePack: 0.0

14:07:43.0309 3840 Product type: Workstation

14:07:43.0309 3840 ComputerName: T-PC

14:07:43.0309 3840 UserName: t

14:07:43.0309 3840 Windows directory: C:\Windows

14:07:43.0309 3840 System windows directory: C:\Windows

14:07:43.0309 3840 Processor architecture: Intel x86

14:07:43.0309 3840 Number of processors: 2

14:07:43.0309 3840 Page size: 0x1000

14:07:43.0309 3840 Boot type: Normal boot

14:07:43.0309 3840 ============================================================

14:07:45.0010 3840 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

14:07:45.0010 3840 ============================================================

14:07:45.0010 3840 \Device\Harddisk0\DR0:

14:07:45.0010 3840 MBR partitions:

14:07:45.0010 3840 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1770D7A, BlocksNum 0xE8E0360

14:07:45.0057 3840 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x10051119, BlocksNum 0xD173468

14:07:45.0057 3840 ============================================================

14:07:45.0119 3840 C: <-> \Device\Harddisk0\DR0\Partition1

14:07:45.0150 3840 D: <-> \Device\Harddisk0\DR0\Partition2

14:07:45.0150 3840 ============================================================

14:07:45.0150 3840 Initialize success

14:07:45.0150 3840 ============================================================

14:07:52.0248 3288 ============================================================

14:07:52.0248 3288 Scan started

14:07:52.0248 3288 Mode: Manual;

14:07:52.0248 3288 ============================================================

14:07:54.0167 3288 ================ Scan system memory ========================

14:07:54.0167 3288 System memory - ok

14:07:54.0167 3288 ================ Scan services =============================

14:07:54.0417 3288 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys

14:07:54.0432 3288 1394ohci - ok

14:07:54.0479 3288 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys

14:07:54.0479 3288 ACPI - ok

14:07:54.0495 3288 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys

14:07:54.0495 3288 AcpiPmi - ok

14:07:54.0635 3288 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

14:07:54.0635 3288 AdobeARMservice - ok

14:07:54.0682 3288 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

14:07:54.0697 3288 adp94xx - ok

14:07:54.0729 3288 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

14:07:54.0729 3288 adpahci - ok

14:07:54.0775 3288 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

14:07:54.0775 3288 adpu320 - ok

14:07:54.0822 3288 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

14:07:54.0838 3288 AeLookupSvc - ok

14:07:54.0885 3288 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys

14:07:54.0885 3288 AFD - ok

14:07:54.0916 3288 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys

14:07:54.0931 3288 agp440 - ok

14:07:54.0978 3288 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys

14:07:54.0978 3288 aic78xx - ok

14:07:55.0025 3288 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe

14:07:55.0072 3288 ALG - ok

14:07:55.0119 3288 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys

14:07:55.0119 3288 aliide - ok

14:07:55.0150 3288 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys

14:07:55.0150 3288 amdagp - ok

14:07:55.0181 3288 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys

14:07:55.0181 3288 amdide - ok

14:07:55.0197 3288 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

14:07:55.0197 3288 AmdK8 - ok

14:07:55.0228 3288 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

14:07:55.0228 3288 AmdPPM - ok

14:07:55.0259 3288 [ 2101A86C25C154F8314B24EF49D7FBC2 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys

14:07:55.0275 3288 amdsata - ok

14:07:55.0290 3288 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

14:07:55.0306 3288 amdsbs - ok

14:07:55.0321 3288 [ B81C2B5616F6420A9941EA093A92B150 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys

14:07:55.0321 3288 amdxata - ok

14:07:55.0368 3288 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys

14:07:55.0368 3288 AppID - ok

14:07:55.0415 3288 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll

14:07:55.0415 3288 AppIDSvc - ok

14:07:55.0446 3288 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll

14:07:55.0446 3288 Appinfo - ok

14:07:55.0477 3288 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll

14:07:55.0477 3288 AppMgmt - ok

14:07:55.0509 3288 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys

14:07:55.0509 3288 arc - ok

14:07:55.0524 3288 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

14:07:55.0540 3288 arcsas - ok

14:07:55.0555 3288 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

14:07:55.0571 3288 AsyncMac - ok

14:07:55.0587 3288 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys

14:07:55.0587 3288 atapi - ok

14:07:55.0665 3288 [ B01751CC563AECAC09BBE36AAA21FBEF ] athr C:\Windows\system32\DRIVERS\athr.sys

14:07:55.0711 3288 athr - ok

14:07:55.0789 3288 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

14:07:55.0789 3288 AudioEndpointBuilder - ok

14:07:55.0821 3288 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll

14:07:55.0821 3288 Audiosrv - ok

14:07:56.0211 3288 [ 7A0F6A3E0E41425B9BA54616B482668A ] AVGIDSAgent C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

14:07:56.0429 3288 AVGIDSAgent - ok

14:07:56.0507 3288 [ B9ACB889BA1E0561868C025F95D63E25 ] AVGIDSDriver C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

14:07:56.0523 3288 AVGIDSDriver - ok

14:07:56.0585 3288 [ 13256FC72FA5B3F6D6E8C5957E579B7C ] AVGIDSEH C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

14:07:56.0585 3288 AVGIDSEH - ok

14:07:56.0601 3288 [ FA0685CC51DE5CFD804E7DEAA6488E0E ] AVGIDSFilter C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

14:07:56.0601 3288 AVGIDSFilter - ok

14:07:56.0647 3288 [ F788B51100D0F40EA176798CCE954A1A ] AVGIDSShim C:\Windows\system32\DRIVERS\AVGIDSShim.Sys

14:07:56.0663 3288 AVGIDSShim - ok

14:07:56.0710 3288 [ 4E796D3D2C3182B13B3E3B5A2AD4EF0A ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys

14:07:56.0725 3288 Avgldx86 - ok

14:07:56.0757 3288 [ 5639DE66B37D02BD22DF4CF3155FBA60 ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys

14:07:56.0757 3288 Avgmfx86 - ok

14:07:56.0788 3288 [ D1BAF652EDA0AE70896276A1FB32C2D4 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys

14:07:56.0788 3288 Avgrkx86 - ok

14:07:56.0835 3288 [ AAF0EBCAD95F2164CFFB544E00392498 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys

14:07:56.0835 3288 Avgtdix - ok

14:07:56.0881 3288 [ FC2BC51120A945F7C70376495E4E7737 ] avgwd C:\Program Files\AVG\AVG10\avgwdsvc.exe

14:07:56.0881 3288 avgwd - ok

14:07:56.0944 3288 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll

14:07:56.0959 3288 AxInstSV - ok

14:07:57.0006 3288 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys

14:07:57.0022 3288 b06bdrv - ok

14:07:57.0240 3288 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys

14:07:57.0334 3288 b57nd60x - ok

14:07:57.0412 3288 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll

14:07:57.0412 3288 BDESVC - ok

14:07:57.0443 3288 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys

14:07:57.0443 3288 Beep - ok

14:07:57.0490 3288 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll

14:07:57.0490 3288 BFE - ok

14:07:57.0552 3288 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\system32\qmgr.dll

14:07:57.0568 3288 BITS - ok

14:07:57.0583 3288 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

14:07:57.0599 3288 blbdrive - ok

14:07:57.0630 3288 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

14:07:57.0630 3288 bowser - ok

14:07:57.0677 3288 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

14:07:57.0677 3288 BrFiltLo - ok

14:07:57.0693 3288 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

14:07:57.0693 3288 BrFiltUp - ok

14:07:57.0724 3288 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

14:07:57.0724 3288 BridgeMP - ok

14:07:57.0771 3288 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\Windows\System32\browser.dll

14:07:57.0771 3288 Browser - ok

14:07:57.0802 3288 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys

14:07:57.0817 3288 Brserid - ok

14:07:57.0833 3288 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

14:07:57.0833 3288 BrSerWdm - ok

14:07:57.0849 3288 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

14:07:57.0864 3288 BrUsbMdm - ok

14:07:57.0880 3288 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

14:07:57.0880 3288 BrUsbSer - ok

14:07:57.0927 3288 [ E7E57FFB1DCC91AF000E28AAEC98AD61 ] BthAudioHF C:\Windows\system32\DRIVERS\BthAudioHF.sys

14:07:57.0927 3288 BthAudioHF - ok

14:07:57.0989 3288 [ DB99076533FFB38CBEC8AC88E4535850 ] BthAvrcp C:\Windows\system32\DRIVERS\BthAvrcp.sys

14:07:57.0989 3288 BthAvrcp - ok

14:07:58.0067 3288 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys

14:07:58.0067 3288 BthEnum - ok

14:07:58.0083 3288 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

14:07:58.0098 3288 BTHMODEM - ok

14:07:58.0129 3288 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

14:07:58.0129 3288 BthPan - ok

14:07:58.0192 3288 [ 88059FF1DED4472ACD17EEBABD393069 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys

14:07:58.0207 3288 BTHPORT - ok

14:07:58.0254 3288 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll

14:07:58.0254 3288 bthserv - ok

14:07:58.0285 3288 [ 80E6384BEEC03B8BD45EDEA29802D657 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys

14:07:58.0301 3288 BTHUSB - ok

14:07:58.0504 3288 catchme - ok

14:07:58.0551 3288 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

14:07:58.0566 3288 cdfs - ok

14:07:58.0613 3288 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

14:07:58.0613 3288 cdrom - ok

14:07:58.0660 3288 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll

14:07:58.0660 3288 CertPropSvc - ok

14:07:58.0691 3288 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys

14:07:58.0691 3288 circlass - ok

14:07:58.0722 3288 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys

14:07:58.0738 3288 CLFS - ok

14:07:58.0816 3288 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

14:07:58.0816 3288 clr_optimization_v2.0.50727_32 - ok

14:07:58.0847 3288 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

14:07:58.0863 3288 CmBatt - ok

14:07:58.0878 3288 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys

14:07:58.0894 3288 cmdide - ok

14:07:58.0925 3288 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\Windows\system32\Drivers\cng.sys

14:07:58.0941 3288 CNG - ok

14:07:58.0972 3288 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

14:07:58.0987 3288 Compbatt - ok

14:07:59.0003 3288 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

14:07:59.0019 3288 CompositeBus - ok

14:07:59.0034 3288 COMSysApp - ok

14:07:59.0097 3288 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

14:07:59.0097 3288 crcdisk - ok

14:07:59.0159 3288 [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED ] CryptSvc C:\Windows\system32\cryptsvc.dll

14:07:59.0159 3288 CryptSvc - ok

14:07:59.0206 3288 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys

14:07:59.0221 3288 CSC - ok

14:07:59.0284 3288 [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService C:\Windows\System32\cscsvc.dll

14:07:59.0299 3288 CscService - ok

14:07:59.0362 3288 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll

14:07:59.0362 3288 DcomLaunch - ok

14:07:59.0409 3288 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll

14:07:59.0409 3288 defragsvc - ok

14:07:59.0471 3288 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

14:07:59.0471 3288 DfsC - ok

14:07:59.0518 3288 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll

14:07:59.0533 3288 Dhcp - ok

14:07:59.0580 3288 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys

14:07:59.0580 3288 discache - ok

14:07:59.0611 3288 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys

14:07:59.0611 3288 Disk - ok

14:07:59.0658 3288 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll

14:07:59.0658 3288 Dnscache - ok

14:07:59.0705 3288 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll

14:07:59.0721 3288 dot3svc - ok

14:07:59.0752 3288 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll

14:07:59.0752 3288 DPS - ok

14:07:59.0783 3288 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

14:07:59.0783 3288 drmkaud - ok

14:07:59.0830 3288 [ C94B6C3CC628179CB9B9061C19888B99 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

14:07:59.0861 3288 DXGKrnl - ok

14:07:59.0908 3288 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll

14:07:59.0908 3288 EapHost - ok

14:08:00.0033 3288 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys

14:08:00.0126 3288 ebdrv - ok

14:08:00.0173 3288 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe

14:08:00.0173 3288 EFS - ok

14:08:00.0251 3288 [ 0F1A73C91CFA379F307F86E38C8C41AB ] ehRecvr C:\Windows\ehome\ehRecvr.exe

14:08:00.0267 3288 ehRecvr - ok

14:08:00.0313 3288 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe

14:08:00.0313 3288 ehSched - ok

14:08:00.0376 3288 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

14:08:00.0391 3288 elxstor - ok

14:08:00.0423 3288 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys

14:08:00.0423 3288 ErrDev - ok

14:08:00.0485 3288 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll

14:08:00.0501 3288 EventSystem - ok

14:08:00.0516 3288 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys

14:08:00.0532 3288 exfat - ok

14:08:00.0563 3288 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys

14:08:00.0563 3288 fastfat - ok

14:08:00.0610 3288 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe

14:08:00.0641 3288 Fax - ok

14:08:00.0672 3288 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys

14:08:00.0672 3288 fdc - ok

14:08:00.0703 3288 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll

14:08:00.0703 3288 fdPHost - ok

14:08:00.0735 3288 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll

14:08:00.0735 3288 FDResPub - ok

14:08:00.0766 3288 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

14:08:00.0766 3288 FileInfo - ok

14:08:00.0781 3288 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

14:08:00.0781 3288 Filetrace - ok

14:08:00.0813 3288 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

14:08:00.0813 3288 flpydisk - ok

14:08:00.0859 3288 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

14:08:00.0859 3288 FltMgr - ok

14:08:00.0937 3288 [ 151258FC2EC8C48BDF8A53350AE0A676 ] FontCache C:\Windows\system32\FntCache.dll

14:08:00.0969 3288 FontCache - ok

14:08:01.0047 3288 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

14:08:01.0062 3288 FontCache3.0.0.0 - ok

14:08:01.0093 3288 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

14:08:01.0093 3288 FsDepends - ok

14:08:01.0140 3288 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

14:08:01.0140 3288 Fs_Rec - ok

14:08:01.0218 3288 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

14:08:01.0218 3288 fvevol - ok

14:08:01.0265 3288 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

14:08:01.0265 3288 gagp30kx - ok

14:08:01.0312 3288 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll

14:08:01.0343 3288 gpsvc - ok

14:08:01.0359 3288 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

14:08:01.0374 3288 hcw85cir - ok

14:08:01.0405 3288 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

14:08:01.0421 3288 HdAudAddService - ok

14:08:01.0452 3288 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

14:08:01.0452 3288 HDAudBus - ok

14:08:01.0499 3288 [ B588EC54049DDC4B810FA83852232A44 ] HFGService C:\Windows\System32\HFGService.dll

14:08:01.0499 3288 HFGService - ok

14:08:01.0530 3288 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

14:08:01.0530 3288 HidBatt - ok

14:08:01.0546 3288 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

14:08:01.0561 3288 HidBth - ok

14:08:01.0577 3288 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

14:08:01.0577 3288 HidIr - ok

14:08:01.0608 3288 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll

14:08:01.0624 3288 hidserv - ok

14:08:01.0655 3288 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

14:08:01.0655 3288 HidUsb - ok

14:08:01.0702 3288 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll

14:08:01.0702 3288 hkmsvc - ok

14:08:01.0733 3288 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

14:08:01.0749 3288 HomeGroupListener - ok

14:08:01.0795 3288 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

14:08:01.0811 3288 HomeGroupProvider - ok

14:08:01.0827 3288 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys

14:08:01.0827 3288 HpSAMD - ok

14:08:01.0873 3288 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys

14:08:01.0889 3288 HTTP - ok

14:08:01.0920 3288 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

14:08:01.0920 3288 hwpolicy - ok

14:08:01.0967 3288 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

14:08:01.0967 3288 i8042prt - ok

14:08:01.0998 3288 [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys

14:08:02.0014 3288 iaStorV - ok

14:08:02.0076 3288 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

14:08:02.0107 3288 idsvc - ok

14:08:02.0295 3288 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys

14:08:02.0435 3288 igfx - ok

14:08:02.0482 3288 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

14:08:02.0497 3288 iirsp - ok

14:08:02.0560 3288 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll

14:08:02.0591 3288 IKEEXT - ok

14:08:02.0622 3288 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys

14:08:02.0622 3288 intelide - ok

14:08:02.0653 3288 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

14:08:02.0653 3288 intelppm - ok

14:08:02.0669 3288 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

14:08:02.0685 3288 IPBusEnum - ok

14:08:02.0700 3288 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:08:02.0716 3288 IpFilterDriver - ok

14:08:02.0763 3288 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

14:08:02.0778 3288 iphlpsvc - ok

14:08:02.0794 3288 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys

14:08:02.0794 3288 IPMIDRV - ok

14:08:02.0841 3288 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys

14:08:02.0841 3288 IPNAT - ok

14:08:02.0872 3288 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys

14:08:02.0872 3288 IRENUM - ok

14:08:02.0903 3288 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys

14:08:02.0903 3288 isapnp - ok

14:08:02.0934 3288 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

14:08:02.0934 3288 iScsiPrt - ok

14:08:02.0965 3288 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

14:08:02.0965 3288 kbdclass - ok

14:08:02.0997 3288 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

14:08:02.0997 3288 kbdhid - ok

14:08:03.0012 3288 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe

14:08:03.0012 3288 KeyIso - ok

14:08:03.0059 3288 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

14:08:03.0059 3288 KSecDD - ok

14:08:03.0106 3288 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

14:08:03.0106 3288 KSecPkg - ok

14:08:03.0153 3288 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll

14:08:03.0168 3288 KtmRm - ok

14:08:03.0215 3288 [ 6C32BFEAB708915D6BBF4B20D4F3EF7B ] L1C C:\Windows\system32\DRIVERS\L1C62x86.sys

14:08:03.0215 3288 L1C - ok

14:08:03.0262 3288 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\System32\srvsvc.dll

14:08:03.0277 3288 LanmanServer - ok

14:08:03.0324 3288 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

14:08:03.0324 3288 LanmanWorkstation - ok

14:08:03.0371 3288 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

14:08:03.0371 3288 lltdio - ok

14:08:03.0402 3288 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll

14:08:03.0418 3288 lltdsvc - ok

14:08:03.0449 3288 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll

14:08:03.0449 3288 lmhosts - ok

14:08:03.0496 3288 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

14:08:03.0511 3288 LSI_FC - ok

14:08:03.0527 3288 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

14:08:03.0527 3288 LSI_SAS - ok

14:08:03.0558 3288 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

14:08:03.0558 3288 LSI_SAS2 - ok

14:08:03.0574 3288 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

14:08:03.0574 3288 LSI_SCSI - ok

14:08:03.0605 3288 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys

14:08:03.0605 3288 luafv - ok

14:08:03.0636 3288 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

14:08:03.0636 3288 Mcx2Svc - ok

14:08:03.0667 3288 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

14:08:03.0667 3288 megasas - ok

14:08:03.0699 3288 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

14:08:03.0699 3288 MegaSR - ok

14:08:03.0730 3288 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll

14:08:03.0745 3288 MMCSS - ok

14:08:03.0761 3288 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys

14:08:03.0777 3288 Modem - ok

14:08:03.0792 3288 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

14:08:03.0792 3288 monitor - ok

14:08:03.0855 3288 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

14:08:03.0855 3288 mouclass - ok

14:08:03.0886 3288 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

14:08:03.0886 3288 mouhid - ok

14:08:03.0901 3288 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

14:08:03.0901 3288 mountmgr - ok

14:08:03.0933 3288 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys

14:08:03.0933 3288 mpio - ok

14:08:03.0964 3288 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

14:08:03.0964 3288 mpsdrv - ok

14:08:04.0011 3288 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll

14:08:04.0042 3288 MpsSvc - ok

14:08:04.0057 3288 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

14:08:04.0057 3288 MRxDAV - ok

14:08:04.0104 3288 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

14:08:04.0120 3288 mrxsmb - ok

14:08:04.0182 3288 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:08:04.0198 3288 mrxsmb10 - ok

14:08:04.0229 3288 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:08:04.0229 3288 mrxsmb20 - ok

14:08:04.0260 3288 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys

14:08:04.0260 3288 msahci - ok

14:08:04.0291 3288 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys

14:08:04.0291 3288 msdsm - ok

14:08:04.0307 3288 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe

14:08:04.0323 3288 MSDTC - ok

14:08:04.0354 3288 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys

14:08:04.0354 3288 Msfs - ok

14:08:04.0385 3288 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

14:08:04.0385 3288 mshidkmdf - ok

14:08:04.0416 3288 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys

14:08:04.0416 3288 msisadrv - ok

14:08:04.0463 3288 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

14:08:04.0463 3288 MSiSCSI - ok

14:08:04.0479 3288 msiserver - ok

14:08:04.0525 3288 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

14:08:04.0525 3288 MSKSSRV - ok

14:08:04.0541 3288 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

14:08:04.0541 3288 MSPCLOCK - ok

14:08:04.0557 3288 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

14:08:04.0557 3288 MSPQM - ok

14:08:04.0603 3288 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

14:08:04.0603 3288 MsRPC - ok

14:08:04.0635 3288 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

14:08:04.0635 3288 mssmbios - ok

14:08:04.0666 3288 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

14:08:04.0666 3288 MSTEE - ok

14:08:04.0681 3288 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

14:08:04.0681 3288 MTConfig - ok

14:08:04.0744 3288 [ 97AFFA9D95FFE20EEE6229BC6BE166CF ] MTsensor C:\Windows\system32\DRIVERS\ATKACPI.sys

14:08:04.0744 3288 MTsensor - ok

14:08:04.0759 3288 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys

14:08:04.0759 3288 Mup - ok

14:08:04.0806 3288 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll

14:08:04.0822 3288 napagent - ok

14:08:04.0869 3288 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

14:08:04.0869 3288 NativeWifiP - ok

14:08:04.0915 3288 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys

14:08:04.0931 3288 NDIS - ok

14:08:04.0962 3288 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

14:08:04.0962 3288 NdisCap - ok

14:08:04.0993 3288 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

14:08:04.0993 3288 NdisTapi - ok

14:08:05.0025 3288 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

14:08:05.0025 3288 Ndisuio - ok

14:08:05.0056 3288 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

14:08:05.0056 3288 NdisWan - ok

14:08:05.0103 3288 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

14:08:05.0103 3288 NDProxy - ok

14:08:05.0118 3288 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

14:08:05.0118 3288 NetBIOS - ok

14:08:05.0149 3288 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

14:08:05.0149 3288 NetBT - ok

14:08:05.0196 3288 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe

14:08:05.0196 3288 Netlogon - ok

14:08:05.0243 3288 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll

14:08:05.0259 3288 Netman - ok

14:08:05.0290 3288 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll

14:08:05.0290 3288 netprofm - ok

14:08:05.0337 3288 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

14:08:05.0337 3288 NetTcpPortSharing - ok

14:08:05.0368 3288 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

14:08:05.0383 3288 nfrd960 - ok

14:08:05.0415 3288 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll

14:08:05.0415 3288 NlaSvc - ok

14:08:05.0446 3288 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys

14:08:05.0446 3288 Npfs - ok

14:08:05.0493 3288 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll

14:08:05.0493 3288 nsi - ok

14:08:05.0524 3288 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

14:08:05.0524 3288 nsiproxy - ok

14:08:05.0586 3288 [ 3795DCD21F740EE799FB7223234215AF ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

14:08:05.0633 3288 Ntfs - ok

14:08:05.0664 3288 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys

14:08:05.0664 3288 Null - ok

14:08:05.0929 3288 [ 5CE5B23855262ACABAECCE156F48DD88 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

14:08:06.0179 3288 nvlddmkm - ok

14:08:06.0210 3288 [ 3F3D04B1D08D43C16EA7963954EC768D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys

14:08:06.0226 3288 nvraid - ok

14:08:06.0241 3288 [ C99F251A5DE63C6F129CF71933ACED0F ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys

14:08:06.0241 3288 nvstor - ok

14:08:06.0288 3288 [ 6DF4CC671CD9704840C5522627F3ED43 ] nvsvc C:\Windows\system32\nvvsvc.exe

14:08:06.0288 3288 nvsvc - ok

14:08:06.0319 3288 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys

14:08:06.0319 3288 nv_agp - ok

14:08:06.0351 3288 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys

14:08:06.0351 3288 ohci1394 - ok

14:08:06.0382 3288 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

14:08:06.0397 3288 p2pimsvc - ok

14:08:06.0444 3288 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll

14:08:06.0475 3288 p2psvc - ok

14:08:06.0507 3288 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys

14:08:06.0522 3288 Parport - ok

14:08:06.0569 3288 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys

14:08:06.0569 3288 partmgr - ok

14:08:06.0600 3288 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys

14:08:06.0616 3288 Parvdm - ok

14:08:06.0631 3288 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll

14:08:06.0631 3288 PcaSvc - ok

14:08:06.0663 3288 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys

14:08:06.0663 3288 pci - ok

14:08:06.0694 3288 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys

14:08:06.0694 3288 pciide - ok

14:08:06.0725 3288 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

14:08:06.0725 3288 pcmcia - ok

14:08:06.0741 3288 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys

14:08:06.0756 3288 pcw - ok

14:08:06.0803 3288 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys

14:08:06.0819 3288 PEAUTH - ok

14:08:06.0897 3288 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

14:08:06.0928 3288 PeerDistSvc - ok

14:08:07.0021 3288 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll

14:08:07.0115 3288 pla - ok

14:08:07.0177 3288 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

14:08:07.0193 3288 PlugPlay - ok

14:08:07.0224 3288 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

14:08:07.0224 3288 PNRPAutoReg - ok

14:08:07.0255 3288 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

14:08:07.0271 3288 PNRPsvc - ok

14:08:07.0318 3288 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

14:08:07.0365 3288 PolicyAgent - ok

14:08:07.0443 3288 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll

14:08:07.0443 3288 Power - ok

14:08:07.0505 3288 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

14:08:07.0505 3288 PptpMiniport - ok

14:08:07.0552 3288 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys

14:08:07.0552 3288 Processor - ok

14:08:07.0599 3288 [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc C:\Windows\system32\profsvc.dll

14:08:07.0614 3288 ProfSvc - ok

14:08:07.0630 3288 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe

14:08:07.0630 3288 ProtectedStorage - ok

14:08:07.0677 3288 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys

14:08:07.0677 3288 Psched - ok

14:08:07.0739 3288 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

14:08:07.0786 3288 ql2300 - ok

14:08:07.0801 3288 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

14:08:07.0801 3288 ql40xx - ok

14:08:07.0848 3288 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll

14:08:07.0848 3288 QWAVE - ok

14:08:07.0879 3288 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

14:08:07.0879 3288 QWAVEdrv - ok

14:08:07.0895 3288 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

14:08:07.0895 3288 RasAcd - ok

14:08:07.0926 3288 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

14:08:07.0942 3288 RasAgileVpn - ok

14:08:07.0973 3288 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll

14:08:07.0973 3288 RasAuto - ok

14:08:08.0004 3288 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

14:08:08.0020 3288 Rasl2tp - ok

14:08:08.0051 3288 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll

14:08:08.0067 3288 RasMan - ok

14:08:08.0098 3288 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

14:08:08.0098 3288 RasPppoe - ok

14:08:08.0145 3288 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

14:08:08.0160 3288 RasSstp - ok

14:08:08.0191 3288 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

14:08:08.0207 3288 rdbss - ok

14:08:08.0238 3288 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

14:08:08.0238 3288 rdpbus - ok

14:08:08.0301 3288 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

14:08:08.0301 3288 RDPCDD - ok

14:08:08.0332 3288 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

14:08:08.0347 3288 RDPDR - ok

14:08:08.0379 3288 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

14:08:08.0379 3288 RDPENCDD - ok

14:08:08.0394 3288 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

14:08:08.0410 3288 RDPREFMP - ok

14:08:08.0472 3288 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

14:08:08.0472 3288 RDPWD - ok

14:08:08.0535 3288 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

14:08:08.0550 3288 rdyboost - ok

14:08:08.0581 3288 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll

14:08:08.0581 3288 RemoteAccess - ok

14:08:08.0628 3288 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll

14:08:08.0628 3288 RemoteRegistry - ok

14:08:08.0706 3288 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

14:08:08.0706 3288 RFCOMM - ok

14:08:08.0753 3288 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

14:08:08.0753 3288 RpcEptMapper - ok

14:08:08.0800 3288 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe

14:08:08.0800 3288 RpcLocator - ok

14:08:08.0862 3288 [ 3297445BB9FD3E8363E7559010ED2AE7 ] rpcnet C:\Windows\system32\rpcnet.exe

14:08:08.0862 3288 rpcnet - ok

14:08:08.0909 3288 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll

14:08:08.0925 3288 RpcSs - ok

14:08:08.0971 3288 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

14:08:08.0987 3288 rspndr - ok

14:08:09.0065 3288 [ BCEBD5D1AABCE4EFB7597635E347C44B ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys

14:08:09.0081 3288 RTL8167 - ok

14:08:09.0096 3288 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys

14:08:09.0112 3288 s3cap - ok

14:08:09.0127 3288 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe

14:08:09.0143 3288 SamSs - ok

14:08:09.0174 3288 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys

14:08:09.0174 3288 sbp2port - ok

14:08:09.0221 3288 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll

14:08:09.0237 3288 SCardSvr - ok

14:08:09.0268 3288 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

14:08:09.0268 3288 scfilter - ok

14:08:09.0346 3288 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll

14:08:09.0377 3288 Schedule - ok

14:08:09.0408 3288 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll

14:08:09.0408 3288 SCPolicySvc - ok

14:08:09.0439 3288 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll

14:08:09.0439 3288 SDRSVC - ok

14:08:09.0486 3288 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys

14:08:09.0486 3288 secdrv - ok

14:08:09.0517 3288 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll

14:08:09.0533 3288 seclogon - ok

14:08:09.0564 3288 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll

14:08:09.0564 3288 SENS - ok

14:08:09.0595 3288 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll

14:08:09.0611 3288 SensrSvc - ok

14:08:09.0642 3288 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

14:08:09.0642 3288 Serenum - ok

14:08:09.0658 3288 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys

14:08:09.0673 3288 Serial - ok

14:08:09.0673 3288 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

14:08:09.0689 3288 sermouse - ok

14:08:09.0751 3288 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll

14:08:09.0751 3288 SessionEnv - ok

14:08:09.0767 3288 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys

14:08:09.0783 3288 sffdisk - ok

14:08:09.0814 3288 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys

14:08:09.0814 3288 sffp_mmc - ok

14:08:09.0829 3288 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys

14:08:09.0829 3288 sffp_sd - ok

14:08:09.0845 3288 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

14:08:09.0861 3288 sfloppy - ok

14:08:09.0907 3288 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll

14:08:09.0923 3288 SharedAccess - ok

14:08:09.0954 3288 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

14:08:09.0970 3288 ShellHWDetection - ok

14:08:09.0985 3288 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys

14:08:09.0985 3288 sisagp - ok

14:08:10.0032 3288 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

14:08:10.0032 3288 SiSRaid2 - ok

14:08:10.0063 3288 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

14:08:10.0063 3288 SiSRaid4 - ok

14:08:10.0110 3288 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys

14:08:10.0110 3288 Smb - ok

14:08:10.0173 3288 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

14:08:10.0173 3288 SNMPTRAP - ok

14:08:10.0204 3288 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys

14:08:10.0204 3288 spldr - ok

14:08:10.0251 3288 [ D1BB750EB51694DE183E08B9C33BE5B2 ] Spooler C:\Windows\System32\spoolsv.exe

14:08:10.0266 3288 Spooler - ok

14:08:10.0407 3288 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe

14:08:10.0500 3288 sppsvc - ok

14:08:10.0516 3288 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll

14:08:10.0531 3288 sppuinotify - ok

14:08:10.0578 3288 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys

14:08:10.0594 3288 srv - ok

14:08:10.0625 3288 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

14:08:10.0625 3288 srv2 - ok

14:08:10.0656 3288 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

14:08:10.0672 3288 srvnet - ok

14:08:10.0703 3288 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

14:08:10.0719 3288 SSDPSRV - ok

14:08:10.0734 3288 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll

14:08:10.0734 3288 SstpSvc - ok

14:08:10.0765 3288 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

14:08:10.0781 3288 stexstor - ok

14:08:10.0828 3288 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll

14:08:10.0859 3288 StiSvc - ok

14:08:10.0875 3288 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys

14:08:10.0890 3288 storflt - ok

14:08:10.0906 3288 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll

14:08:10.0921 3288 StorSvc - ok

14:08:10.0953 3288 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys

14:08:10.0953 3288 storvsc - ok

14:08:10.0984 3288 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

14:08:10.0984 3288 swenum - ok

14:08:11.0015 3288 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll

14:08:11.0031 3288 swprv - ok

14:08:11.0124 3288 [ 90EE01890C857BBB7DFAAD2D99F73D85 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

14:08:11.0124 3288 SynTP - ok

14:08:11.0187 3288 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll

14:08:11.0233 3288 SysMain - ok

14:08:11.0265 3288 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll

14:08:11.0280 3288 TabletInputService - ok

14:08:11.0311 3288 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll

14:08:11.0311 3288 TapiSrv - ok

14:08:11.0343 3288 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll

14:08:11.0358 3288 TBS - ok

14:08:11.0467 3288 [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip C:\Windows\system32\drivers\tcpip.sys

14:08:11.0514 3288 Tcpip - ok

14:08:11.0577 3288 [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

14:08:11.0577 3288 TCPIP6 - ok

14:08:11.0639 3288 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

14:08:11.0639 3288 tcpipreg - ok

14:08:11.0670 3288 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

14:08:11.0670 3288 TDPIPE - ok

14:08:11.0717 3288 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

14:08:11.0717 3288 TDTCP - ok

14:08:11.0748 3288 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

14:08:11.0764 3288 tdx - ok

14:08:11.0779 3288 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

14:08:11.0795 3288 TermDD - ok

14:08:11.0842 3288 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll

14:08:11.0873 3288 TermService - ok

14:08:11.0904 3288 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll

14:08:11.0920 3288 Themes - ok

14:08:11.0935 3288 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll

14:08:11.0951 3288 THREADORDER - ok

14:08:11.0967 3288 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll

14:08:11.0982 3288 TrkWks - ok

14:08:12.0045 3288 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

14:08:12.0045 3288 TrustedInstaller - ok

14:08:12.0091 3288 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

14:08:12.0091 3288 tssecsrv - ok

14:08:12.0123 3288 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

14:08:12.0138 3288 tunnel - ok

14:08:12.0154 3288 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

14:08:12.0169 3288 uagp35 - ok

14:08:12.0201 3288 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys

14:08:12.0201 3288 udfs - ok

14:08:12.0263 3288 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe

14:08:12.0279 3288 UI0Detect - ok

14:08:12.0310 3288 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys

14:08:12.0310 3288 uliagpkx - ok

14:08:12.0341 3288 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys

14:08:12.0341 3288 umbus - ok

14:08:12.0372 3288 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

14:08:12.0372 3288 UmPass - ok

14:08:12.0403 3288 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:\Windows\System32\umrdp.dll

14:08:12.0419 3288 UmRdpService - ok

14:08:12.0450 3288 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll

14:08:12.0466 3288 upnphost - ok

14:08:12.0481 3288 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

14:08:12.0497 3288 usbccgp - ok

14:08:12.0513 3288 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys

14:08:12.0528 3288 usbcir - ok

14:08:12.0544 3288 [ 1C333BFD60F2FED2C7AD5DAF533CB742 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

14:08:12.0559 3288 usbehci - ok

14:08:12.0591 3288 [ EE6EF93CCFA94FAE8C6AB298273D8AE2 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

14:08:12.0591 3288 usbhub - ok

14:08:12.0622 3288 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

14:08:12.0622 3288 usbohci - ok

14:08:12.0653 3288 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

14:08:12.0653 3288 usbprint - ok

14:08:12.0700 3288 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

14:08:12.0700 3288 usbscan - ok

14:08:12.0747 3288 [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:08:12.0747 3288 USBSTOR - ok

14:08:12.0778 3288 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

14:08:12.0778 3288 usbuhci - ok

14:08:12.0825 3288 [ F642A7E4BF78CFA359CCA0A3557C28D7 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

14:08:12.0825 3288 usbvideo - ok

14:08:12.0871 3288 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll

14:08:12.0887 3288 UxSms - ok

14:08:12.0903 3288 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe

14:08:12.0903 3288 VaultSvc - ok

14:08:12.0949 3288 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys

14:08:12.0949 3288 vdrvroot - ok

14:08:12.0981 3288 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe

14:08:13.0012 3288 vds - ok

14:08:13.0043 3288 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

14:08:13.0059 3288 vga - ok

14:08:13.0090 3288 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys

14:08:13.0090 3288 VgaSave - ok

14:08:13.0105 3288 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys

14:08:13.0105 3288 vhdmp - ok

14:08:13.0152 3288 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys

14:08:13.0152 3288 viaagp - ok

14:08:13.0183 3288 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys

14:08:13.0183 3288 ViaC7 - ok

14:08:13.0215 3288 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys

14:08:13.0215 3288 viaide - ok

14:08:13.0246 3288 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys

14:08:13.0246 3288 vmbus - ok

14:08:13.0261 3288 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys

14:08:13.0261 3288 VMBusHID - ok

14:08:13.0293 3288 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys

14:08:13.0293 3288 volmgr - ok

14:08:13.0324 3288 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

14:08:13.0339 3288 volmgrx - ok

14:08:13.0355 3288 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys

14:08:13.0371 3288 volsnap - ok

14:08:13.0402 3288 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

14:08:13.0402 3288 vsmraid - ok

14:08:13.0464 3288 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe

14:08:13.0511 3288 VSS - ok

14:08:13.0542 3288 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

14:08:13.0542 3288 vwifibus - ok

14:08:13.0573 3288 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

14:08:13.0573 3288 vwififlt - ok

14:08:13.0605 3288 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

14:08:13.0620 3288 vwifimp - ok

14:08:13.0636 3288 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll

14:08:13.0651 3288 W32Time - ok

14:08:13.0683 3288 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

14:08:13.0683 3288 WacomPen - ok

14:08:13.0729 3288 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

14:08:13.0729 3288 WANARP - ok

14:08:13.0745 3288 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

14:08:13.0745 3288 Wanarpv6 - ok

14:08:13.0823 3288 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

14:08:13.0870 3288 WatAdminSvc - ok

14:08:13.0932 3288 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe

14:08:13.0979 3288 wbengine - ok

14:08:14.0026 3288 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

14:08:14.0041 3288 WbioSrvc - ok

14:08:14.0057 3288 [ D0F88AA11EE1A62BCC6D6A8A7783CA11 ] wcncsvc C:\Windows\System32\wcncsvc.dll

14:08:14.0073 3288 wcncsvc - ok

14:08:14.0088 3288 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

14:08:14.0104 3288 WcsPlugInService - ok

14:08:14.0151 3288 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys

14:08:14.0151 3288 Wd - ok

14:08:14.0182 3288 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam.sys

14:08:14.0182 3288 WDC_SAM - ok

14:08:14.0229 3288 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

14:08:14.0229 3288 Wdf01000 - ok

14:08:14.0260 3288 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll

14:08:14.0275 3288 WdiServiceHost - ok

14:08:14.0291 3288 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll

14:08:14.0291 3288 WdiSystemHost - ok

14:08:14.0338 3288 [ D87C7D2C517F82A5AB7A73E203063D9E ] WebClient C:\Windows\System32\webclnt.dll

14:08:14.0338 3288 WebClient - ok

14:08:14.0369 3288 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll

14:08:14.0385 3288 Wecsvc - ok

14:08:14.0416 3288 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll

14:08:14.0431 3288 wercplsupport - ok

14:08:14.0463 3288 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll

14:08:14.0478 3288 WerSvc - ok

14:08:14.0509 3288 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

14:08:14.0525 3288 WfpLwf - ok

14:08:14.0541 3288 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys

14:08:14.0556 3288 WIMMount - ok

14:08:14.0665 3288 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll

14:08:14.0697 3288 WinDefend - ok

14:08:14.0712 3288 WinHttpAutoProxySvc - ok

14:08:14.0790 3288 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

14:08:14.0790 3288 Winmgmt - ok

14:08:14.0868 3288 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll

14:08:14.0915 3288 WinRM - ok

14:08:14.0993 3288 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys

14:08:14.0993 3288 WinUsb - ok

14:08:15.0040 3288 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll

14:08:15.0087 3288 Wlansvc - ok

14:08:15.0133 3288 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

14:08:15.0133 3288 WmiAcpi - ok

14:08:15.0180 3288 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

14:08:15.0196 3288 wmiApSrv - ok

14:08:15.0289 3288 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

14:08:15.0321 3288 WMPNetworkSvc - ok

14:08:15.0367 3288 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll

14:08:15.0367 3288 WPCSvc - ok

14:08:15.0399 3288 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

14:08:15.0414 3288 WPDBusEnum - ok

14:08:15.0445 3288 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

14:08:15.0445 3288 ws2ifsl - ok

14:08:15.0477 3288 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll

14:08:15.0492 3288 wscsvc - ok

14:08:15.0508 3288 WSearch - ok

14:08:15.0617 3288 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll

14:08:15.0679 3288 wuauserv - ok

14:08:15.0726 3288 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

14:08:15.0726 3288 WudfPf - ok

14:08:15.0757 3288 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

14:08:15.0773 3288 WUDFRd - ok

14:08:15.0804 3288 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

14:08:15.0804 3288 wudfsvc - ok

14:08:15.0835 3288 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll

14:08:15.0851 3288 WwanSvc - ok

14:08:15.0929 3288 ================ Scan global ===============================

14:08:15.0960 3288 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll

14:08:16.0007 3288 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll

14:08:16.0023 3288 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll

14:08:16.0085 3288 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll

14:08:16.0116 3288 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe

14:08:16.0132 3288 [Global] - ok

14:08:16.0132 3288 ================ Scan MBR ==================================

14:08:16.0163 3288 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

14:08:16.0459 3288 \Device\Harddisk0\DR0 - ok

14:08:16.0459 3288 ================ Scan VBR ==================================

14:08:16.0475 3288 [ 753C4CB5C358965F17B0F22AA84AA4B2 ] \Device\Harddisk0\DR0\Partition1

14:08:16.0475 3288 \Device\Harddisk0\DR0\Partition1 - ok

14:08:16.0506 3288 [ 5366972D81BF6AAC5144ED1629C4BB48 ] \Device\Harddisk0\DR0\Partition2

14:08:16.0506 3288 \Device\Harddisk0\DR0\Partition2 - ok

14:08:16.0506 3288 ============================================================

14:08:16.0506 3288 Scan finished

14:08:16.0506 3288 ============================================================

14:08:16.0537 0372 Detected object count: 0

14:08:16.0537 0372 Actual detected object count: 0

Share this post


Link to post
Share on other sites

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2012-11-12 14:11:57

-----------------------------

14:11:57.977 OS Version: Windows 6.1.7600

14:11:57.977 Number of processors: 2 586 0x1C02

14:11:57.977 ComputerName: T-PC UserName: t

14:11:59.631 Initialize success

14:13:32.509 AVAST engine defs: 12111200

14:13:52.368 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

14:13:52.368 Disk 0 Vendor: ST9250320AS 0303 Size: 238475MB BusType: 11

14:13:52.696 Disk 0 MBR read successfully

14:13:52.711 Disk 0 MBR scan

14:13:52.727 Disk 0 Windows 7 default MBR code

14:13:52.727 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 12001 MB offset 63

14:13:52.758 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 119232 MB offset 24579450

14:13:52.774 Disk 0 Partition - 00 0F Extended LBA 107238 MB offset 268767450

14:13:52.805 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 107238 MB offset 268767513

14:13:52.867 Disk 0 scanning sectors +488392065

14:13:53.008 Disk 0 scanning C:\Windows\system32\drivers

14:14:11.353 Service scanning

14:14:54.722 Modules scanning

14:15:02.912 Disk 0 trace - called modules:

14:15:02.974 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys

14:15:03.005 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84a785f8]

14:15:03.021 3 CLASSPNP.SYS[883ac59e] -> nt!IofCallDriver -> [0x84999918]

14:15:03.052 5 ACPI.sys[87ebf3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84995030]

14:15:04.487 AVAST engine scan C:\Windows

14:15:08.637 AVAST engine scan C:\Windows\system32

14:20:12.744 AVAST engine scan C:\Windows\system32\drivers

14:20:37.626 AVAST engine scan C:\Users\t

14:32:51.935 Disk 0 MBR has been saved successfully to "C:\Users\t\Desktop\MBR.dat"

14:32:51.950 The log file has been saved successfully to "C:\Users\t\Desktop\aswMBR.txt"

Share this post


Link to post
Share on other sites

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

 ClearJavaCache:: 

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  1. report from Combofix
  2. let me know of any problems you may have had
  3. How is the computer doing now after running the script?

Gringo

Share this post


Link to post
Share on other sites

Hello Gringo,

I just got the FBI virus as well today and I log into safe mode with networking but I could not get past the virus window to do anythig and I was reading forum with tictacs1234 I downloaded the frst.exe and put it on a jump drive and re started computer then went command prompt open notepad found my jump drive and entered k:\frst.exe and I get this message "The subsystem needed to support the image type is not supported". Are you able to help me? Thank you.. Dave

Share this post


Link to post
Share on other sites

Greetings

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools

Gringo

Share this post


Link to post
Share on other sites

Gringo,

I apologize for not getting back to you sooner, my power adapter for the laptop died and I had to order a new one. FEDEX says it will be here tomorrow so I can finish fixing the computer then. I appreciate your patience and I REALLY appreciate your help.

Thanks,

TICTACS

Share this post


Link to post
Share on other sites

Greetings

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools

Gringo

Share this post


Link to post
Share on other sites

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.