fbi ransomeware/white screen

[travis]

My apologies but I Cannot access computer to run OTL LOG or ASWmbr log.

 

[kuttus]

Hi and welcome to the malwaretips.com forums!

I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:

• I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine!
• The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Refrain from running self fixes as this will hinder the malware removal process.
• It may prove beneficial if you print of the following instructions or save them to notepad as I post them.

Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
<hr />

Can you please try to run a scan with Farbar Recovery Scan Tool. You will need a USB (Flash) pendrive.

For x32 (x86) bit systems download Farbar Recovery Scan Tooland save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Click on Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

 

[travis]

Kuttus,
Thank you for your help.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by SYSTEM on MININT-JMNALUH on 08-11-2013 23:39:07
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [828960 2009-08-05] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1157640 2009-08-18] (Dritek System Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-24] (Symantec Corporation)
HKLM-x32\...\Run: [lxdvmon.exe] - C:\Program Files (x86) (x86)\Lexmark X5400 Series\lxdvmon.exe [455336 2007-11-02] ()
HKLM-x32\...\Run: [lxdvamon] - C:\Program Files (x86) (x86)\Lexmark X5400 Series\lxdvamon.exe [25256 2007-11-02] ()
HKLM-x32\...\Run: [Monitor] - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [443728 2009-11-10] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [AT&T Communication Manager] - C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe [883272 2009-10-09] (ATT)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SignIn] - C:\Program Files (x86)\Microsoft Online Services\Sign In\SignIn.exe [1742704 2011-03-16] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe [36800 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe [823224 2012-07-27] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [162336 2009-07-21] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [162336 2009-07-21] ()
HKU\Owner\...\Run: [MobiLink Lite] - C:\Program Files (x86)\Novatel Wireless\Mobilink\Lite.exe [401480 2008-01-11] (Novatel Wireless)
HKU\Owner\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\Owner\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\Owner\...\Run: [Akamai NetSession Interface] - C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-04] (Akamai Technologies, Inc.)
HKU\Owner\...\Run: [Artisan 710(Network)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFSA.EXE /FU "C:\Users\Owner\AppData\Local\Temp\E_S63B2.tmp" /EF "HKCU"
HKU\Owner\...\Run: [SearchProtection] - C:\Users\Owner\AppData\Roaming\Search Protection\SearchProtection.exe [740712 2013-05-22] (Spigot, Inc.)
HKU\Owner\...\Run: [Gateway Update] - regsvr32.exe C:\Users\Owner\AppData\Local\Gateway\fsqnagmrpeff.dll
HKU\Owner\...\Run: [Adobe CSS5.1 Manager] - C:\Users\Owner\AppData\Local\111a93b4-8dac-46e4-b299-213b24a3ccfcad\abdacebbaccfcad.exe [122880 2013-08-20] () <===== ATTENTION
HKU\Owner\...\Winlogon: [Shell] explorer.exe,C:\Users\Owner\AppData\Roaming\skype.dat [163840 2013-07-08] (SmartWall Software Int) <==== ATTENTION
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ncsfjwaeoaqcwsanlhg.lnk
ShortcutTarget: ncsfjwaeoaqcwsanlhg.lnk -> C:\Users\Owner\AppData\Local\Temp\ghlnaswcqaoeawjfscn.bfg ()

==================== Services (Whitelisted) =================

S2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
S3 ATTRcAppSvc; C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe [121416 2009-10-09] (SmithMicro Inc.)
S3 CAATT; C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [125512 2009-10-09] (SmithMicro Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 PCTINDIS5X64; C:\Windows\system32\PCTINDIS5X64.SYS [43032 2009-10-09] (Smith Micro Inc.)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 swmsflt; C:\Windows\System32\DRIVERS\swmsflt.sys [34304 2009-01-14] ()
S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [227840 2009-03-31] (Sierra Wireless Inc.)
S3 SWUMXA3; C:\Windows\System32\DRIVERS\swumxa3.sys [198528 2009-05-04] (Sierra Wireless Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-08 23:38 - 2013-11-08 23:38 - 00000000 ____D C:\FRST

==================== One Month Modified Files and Folders =======

2013-11-08 23:38 - 2013-11-08 23:38 - 00000000 ____D C:\FRST

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3567909126-1194767173-2892429766-1000\$58278a142a791e1a6e064c706832dbf7

Files to move or delete:
====================
C:\Users\Owner\AppData\Local\111a93b4-8dac-46e4-b299-213b24a3ccfcad\abdacebbaccfcad.exe
C:\Users\Owner\AppData\Roaming\skype.dat
C:\Users\Owner\AppData\Roaming\skype.ini
C:\Windows\svchost.exe
ATTENTION ====> Check for partition/boot infection.
C:\ProgramData\ncsfjwaeoaqcwsanlhg.reg
C:\Users\Owner\conhost.exe
C:\Users\Owner\rundll32.exe
C:\Users\Owner\vlcplayer.exe
C:\Users\Owner\windowsupdate.exe
C:\Users\Owner\winlogon.exe
C:\Windows\Tasks\{0F257AA3-27F2-46FA-B80D-C6F704F102E5}.job


Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\01365982607774.exe
C:\Users\Owner\AppData\Local\Temp\ghlnaswcqaoeawjfscn.bfg
C:\Users\Owner\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Owner\AppData\Local\Temp\ndhflthicuxjcddswoy.bfg
C:\Users\Owner\AppData\Local\Temp\notepad.exe
C:\Users\Owner\AppData\Local\Temp\RealPlayer_20130122.exe
C:\Users\Owner\AppData\Local\Temp\{EE93872D-50FA-48DB-B506-19D38602FFF2}-27.0.1453.116_27.0.1453.110_chrome_updater.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

16
Restore point made on: 2013-07-18 01:11:49
Restore point made on: 2013-07-19 07:55:12
Restore point made on: 2013-07-23 10:16:29
Restore point made on: 2013-07-24 00:00:38
Restore point made on: 2013-07-28 09:21:39
Restore point made on: 2013-07-29 21:50:41
Restore point made on: 2013-07-31 10:28:06
Restore point made on: 2013-08-04 10:32:48
Restore point made on: 2013-08-09 08:32:30
Restore point made on: 2013-08-12 23:07:00
Restore point made on: 2013-08-14 09:05:33
Restore point made on: 2013-08-15 09:10:58
Restore point made on: 2013-08-20 09:24:09
Restore point made on: 2013-08-20 09:42:19
Restore point made on: 2013-08-21 06:45:10
Restore point made on: 2013-08-21 15:36:42

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 4025.98 MB
Available physical RAM: 3360.89 MB
Total Pagefile: 4024.13 MB
Available Pagefile: 3364.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:453.66 GB) (Free:340.3 GB) NTFS
Drive e: (PQSERVICE) (Fixed) (Total:12 GB) (Free:3.24 GB) NTFS
Drive g: (RUTH KOC) (Removable) (Total:0.11 GB) (Free:0.11 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 0CC6A173)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=454 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 117 MB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=117 MB) - (Type=06)


LastRegBack: 2013-08-18 09:18

==================== End Of Log ============================

Hi and welcome to the malwaretips.com forums!

I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:

• I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine!
• The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Refrain from running self fixes as this will hinder the malware removal process.
• It may prove beneficial if you print of the following instructions or save them to notepad as I post them.

Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
<hr />

Can you please try to run a scan with Farbar Recovery Scan Tool. You will need a USB (Flash) pendrive.

For x32 (x86) bit systems download Farbar Recovery Scan Tooland save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Click on Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

 

[kuttus]

Now please download this file and save it to your Flash Drive.

[attachment=6188]

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log. Then attempt to boot to normal mode.

 

[travis]

Hi Kuttus,
I hope this is the correct log that you wanted. I opened up the command prompt window and ran g:/fixlist.exe I hope that was the correct process.
The following is the log generated from this action.
Regards,
Travis

HKU\Owner\...\Run: [SearchProtection] - C:\Users\Owner\AppData\Roaming\Search Protection\SearchProtection.exe [740712 2013-05-22] (Spigot, Inc.)
HKU\Owner\...\Run: [Gateway Update] - regsvr32.exe C:\Users\Owner\AppData\Local\Gateway\fsqnagmrpeff.dll
HKU\Owner\...\Run: [Adobe CSS5.1 Manager] - C:\Users\Owner\AppData\Local\111a93b4-8dac-46e4-b299-213b24a3ccfcad\abdacebbaccfcad.exe [122880 2013-08-20] () <===== ATTENTION
HKU\Owner\...\Winlogon: [Shell] explorer.exe,C:\Users\Owner\AppData\Roaming\skype.dat [163840 2013-07-08] (SmartWall Software Int) <==== ATTENTION
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ncsfjwaeoaqcwsanlhg.lnk
ShortcutTarget: ncsfjwaeoaqcwsanlhg.lnk -> C:\Users\Owner\AppData\Local\Temp\ghlnaswcqaoeawjfscn.bfg ()
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3567909126-1194767173-2892429766-1000\$58278a142a791e1a6e064c706832dbf7
C:\Users\Owner\AppData\Local\111a93b4-8dac-46e4-b299-213b24a3ccfcad\abdacebbaccfcad.exe
C:\Users\Owner\AppData\Roaming\skype.dat
C:\Users\Owner\AppData\Roaming\skype.ini
C:\Windows\svchost.exe
C:\Users\Owner\AppData\Local\Temp\01365982607774.exe
C:\Users\Owner\AppData\Local\Temp\ghlnaswcqaoeawjfscn.bfg
C:\Users\Owner\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Owner\AppData\Local\Temp\ndhflthicuxjcddswoy.bfg
C:\Users\Owner\AppData\Local\Temp\notepad.exe
C:\Users\Owner\AppData\Local\Temp\RealPlayer_20130122.exe
C:\Users\Owner\AppData\Local\Temp\{EE93872D-50FA-48DB-B506-19D38602FFF2}-27.0.1453.116_27.0.1453.110_chrome_updater.exe

Now please download this file and save it to your Flash Drive.



Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log. Then attempt to boot to normal mode.

 

[kuttus]

Are you able to start the computer in Normal mode now?

 

[travis]

Kuttus,
I was not able to boot from normal mode.
I went to the command prompt again this time I entered g:fixlist.txt then enter. This is the log that it posted:

HKU\Owner\...\Run: [SearchProtection] - C:\Users\Owner\AppData\Roaming\Search Protection\SearchProtection.exe [740712 2013-05-22] (Spigot, Inc.)
HKU\Owner\...\Run: [Gateway Update] - regsvr32.exe C:\Users\Owner\AppData\Local\Gateway\fsqnagmrpeff.dll
HKU\Owner\...\Run: [Adobe CSS5.1 Manager] - C:\Users\Owner\AppData\Local\111a93b4-8dac-46e4-b299-213b24a3ccfcad\abdacebbaccfcad.exe [122880 2013-08-20] () <===== ATTENTION
HKU\Owner\...\Winlogon: [Shell] explorer.exe,C:\Users\Owner\AppData\Roaming\skype.dat [163840 2013-07-08] (SmartWall Software Int) <==== ATTENTION
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ncsfjwaeoaqcwsanlhg.lnk
ShortcutTarget: ncsfjwaeoaqcwsanlhg.lnk -> C:\Users\Owner\AppData\Local\Temp\ghlnaswcqaoeawjfscn.bfg ()
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3567909126-1194767173-2892429766-1000\$58278a142a791e1a6e064c706832dbf7
C:\Users\Owner\AppData\Local\111a93b4-8dac-46e4-b299-213b24a3ccfcad\abdacebbaccfcad.exe
C:\Users\Owner\AppData\Roaming\skype.dat
C:\Users\Owner\AppData\Roaming\skype.ini
C:\Windows\svchost.exe
C:\Users\Owner\AppData\Local\Temp\01365982607774.exe
C:\Users\Owner\AppData\Local\Temp\ghlnaswcqaoeawjfscn.bfg
C:\Users\Owner\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Owner\AppData\Local\Temp\ndhflthicuxjcddswoy.bfg
C:\Users\Owner\AppData\Local\Temp\notepad.exe
C:\Users\Owner\AppData\Local\Temp\RealPlayer_20130122.exe
C:\Users\Owner\AppData\Local\Temp\{EE93872D-50FA-48DB-B506-19D38602FFF2}-27.0.1453.116_27.0.1453.110_chrome_updater.exe
quote='kuttus' pid='143795' dateline='1384256035']
Did I do this correctly?
Regards,
Travis
Are you able to start the computer in Normal mode now?
[/quote]

 

[kuttus]

This is not the Log File. This is the file I send to you...

Now please download this file and save it to your Flash Drive.

[attachment=6188]

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log. Then attempt to boot to normal mode.


You have to Press on FIX......... I think you miss that step...

 

[travis]

Kuttus,
I'm opening up to system recovery. Do i open up the FRST file through the command prompt window? I'm not sure that im doing this correctly.
Travis
quote='kuttus' pid='143901' dateline='1384317822']
This is not the Log File. This is the file I send to you...

Now please download this file and save it to your Flash Drive.

http://malwaretips.com/attachment.php?aid=6188

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log. Then attempt to boot to normal mode.


You have to Press on FIX......... I think you miss that step...
[/quote]

 

[travis]

OK I think I did it correctly this time.
Regards,
Travis.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013
Ran by SYSTEM at 2013-11-13 00:30:41 Run:1
Running from G:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKU\Owner\...\Run: [SearchProtection] - C:\Users\Owner\AppData\Roaming\Search Protection\SearchProtection.exe [740712 2013-05-22] (Spigot, Inc.)
HKU\Owner\...\Run: [Gateway Update] - regsvr32.exe C:\Users\Owner\AppData\Local\Gateway\fsqnagmrpeff.dll
HKU\Owner\...\Run: [Adobe CSS5.1 Manager] - C:\Users\Owner\AppData\Local\111a93b4-8dac-46e4-b299-213b24a3ccfcad\abdacebbaccfcad.exe [122880 2013-08-20] () <===== ATTENTION
HKU\Owner\...\Winlogon: [Shell] explorer.exe,C:\Users\Owner\AppData\Roaming\skype.dat [163840 2013-07-08] (SmartWall Software Int) <==== ATTENTION
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ncsfjwaeoaqcwsanlhg.lnk
ShortcutTarget: ncsfjwaeoaqcwsanlhg.lnk -> C:\Users\Owner\AppData\Local\Temp\ghlnaswcqaoeawjfscn.bfg ()
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3567909126-1194767173-2892429766-1000\$58278a142a791e1a6e064c706832dbf7
C:\Users\Owner\AppData\Local\111a93b4-8dac-46e4-b299-213b24a3ccfcad\abdacebbaccfcad.exe
C:\Users\Owner\AppData\Roaming\skype.dat
C:\Users\Owner\AppData\Roaming\skype.ini
C:\Windows\svchost.exe
C:\Users\Owner\AppData\Local\Temp\01365982607774.exe
C:\Users\Owner\AppData\Local\Temp\ghlnaswcqaoeawjfscn.bfg
C:\Users\Owner\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Owner\AppData\Local\Temp\ndhflthicuxjcddswoy.bfg
C:\Users\Owner\AppData\Local\Temp\notepad.exe
C:\Users\Owner\AppData\Local\Temp\RealPlayer_20130122.exe
C:\Users\Owner\AppData\Local\Temp\{EE93872D-50FA-48DB-B506-19D38602FFF2}-27.0.1453.116_27.0.1453.110_chrome_updater.exe

*****************

HKU\Owner\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtection => Value deleted successfully.
HKU\Owner\Software\Microsoft\Windows\CurrentVersion\Run\\Gateway Update => Value deleted successfully.
HKU\Owner\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe CSS5.1 Manager => Value deleted successfully.
HKU\Owner\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ncsfjwaeoaqcwsanlhg.lnk => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\ghlnaswcqaoeawjfscn.bfg => Moved successfully.
C:\$Recycle.Bin\S-1-5-21-3567909126-1194767173-2892429766-1000\$58278a142a791e1a6e064c706832dbf7 => Moved successfully.
C:\Users\Owner\AppData\Local\111a93b4-8dac-46e4-b299-213b24a3ccfcad\abdacebbaccfcad.exe => Moved successfully.
C:\Users\Owner\AppData\Roaming\skype.dat => Moved successfully.
C:\Users\Owner\AppData\Roaming\skype.ini => Moved successfully.
C:\Windows\svchost.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\01365982607774.exe => Moved successfully.
"C:\Users\Owner\AppData\Local\Temp\ghlnaswcqaoeawjfscn.bfg" => File/Directory not found.
C:\Users\Owner\AppData\Local\Temp\InstallFlashPlayer.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\ndhflthicuxjcddswoy.bfg => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\notepad.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\RealPlayer_20130122.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\{EE93872D-50FA-48DB-B506-19D38602FFF2}-27.0.1453.116_27.0.1453.110_chrome_updater.exe => Moved successfully.

==== End of Fixlog ====

Kuttus,
I'm opening up to system recovery. Do i open up the FRST file through the command prompt window? I'm not sure that im doing this correctly.
Travis
quote='kuttus' pid='143901' dateline='1384317822']
This is not the Log File. This is the file I send to you...

Now please download this file and save it to your Flash Drive.

http://malwaretips.com/attachment.php?aid=6188

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log. Then attempt to boot to normal mode.


You have to Press on FIX......... I think you miss that step...

[/quote]

 

[travis]

Kuttus,
I was able to open the computer through the normal mode. Once I opened it

OK I think I did it correctly this time.
Regards,
Travis.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013
Ran by SYSTEM at 2013-11-13 00:30:41 Run:1
Running from G:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKU\Owner\...\Run: [SearchProtection] - C:\Users\Owner\AppData\Roaming\Search Protection\SearchProtection.exe [740712 2013-05-22] (Spigot, Inc.)
HKU\Owner\...\Run: [Gateway Update] - regsvr32.exe C:\Users\Owner\AppData\Local\Gateway\fsqnagmrpeff.dll
HKU\Owner\...\Run: [Adobe CSS5.1 Manager] - C:\Users\Owner\AppData\Local\111a93b4-8dac-46e4-b299-213b24a3ccfcad\abdacebbaccfcad.exe [122880 2013-08-20] () <===== ATTENTION
HKU\Owner\...\Winlogon: [Shell] explorer.exe,C:\Users\Owner\AppData\Roaming\skype.dat [163840 2013-07-08] (SmartWall Software Int) <==== ATTENTION
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ncsfjwaeoaqcwsanlhg.lnk
ShortcutTarget: ncsfjwaeoaqcwsanlhg.lnk -> C:\Users\Owner\AppData\Local\Temp\ghlnaswcqaoeawjfscn.bfg ()
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3567909126-1194767173-2892429766-1000\$58278a142a791e1a6e064c706832dbf7
C:\Users\Owner\AppData\Local\111a93b4-8dac-46e4-b299-213b24a3ccfcad\abdacebbaccfcad.exe
C:\Users\Owner\AppData\Roaming\skype.dat
C:\Users\Owner\AppData\Roaming\skype.ini
C:\Windows\svchost.exe
C:\Users\Owner\AppData\Local\Temp\01365982607774.exe
C:\Users\Owner\AppData\Local\Temp\ghlnaswcqaoeawjfscn.bfg
C:\Users\Owner\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Owner\AppData\Local\Temp\ndhflthicuxjcddswoy.bfg
C:\Users\Owner\AppData\Local\Temp\notepad.exe
C:\Users\Owner\AppData\Local\Temp\RealPlayer_20130122.exe
C:\Users\Owner\AppData\Local\Temp\{EE93872D-50FA-48DB-B506-19D38602FFF2}-27.0.1453.116_27.0.1453.110_chrome_updater.exe

*****************

HKU\Owner\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtection => Value deleted successfully.
HKU\Owner\Software\Microsoft\Windows\CurrentVersion\Run\\Gateway Update => Value deleted successfully.
HKU\Owner\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe CSS5.1 Manager => Value deleted successfully.
HKU\Owner\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ncsfjwaeoaqcwsanlhg.lnk => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\ghlnaswcqaoeawjfscn.bfg => Moved successfully.
C:\$Recycle.Bin\S-1-5-21-3567909126-1194767173-2892429766-1000\$58278a142a791e1a6e064c706832dbf7 => Moved successfully.
C:\Users\Owner\AppData\Local\111a93b4-8dac-46e4-b299-213b24a3ccfcad\abdacebbaccfcad.exe => Moved successfully.
C:\Users\Owner\AppData\Roaming\skype.dat => Moved successfully.
C:\Users\Owner\AppData\Roaming\skype.ini => Moved successfully.
C:\Windows\svchost.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\01365982607774.exe => Moved successfully.
"C:\Users\Owner\AppData\Local\Temp\ghlnaswcqaoeawjfscn.bfg" => File/Directory not found.
C:\Users\Owner\AppData\Local\Temp\InstallFlashPlayer.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\ndhflthicuxjcddswoy.bfg => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\notepad.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\RealPlayer_20130122.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\{EE93872D-50FA-48DB-B506-19D38602FFF2}-27.0.1453.116_27.0.1453.110_chrome_updater.exe => Moved successfully.

==== End of Fixlog ====

Kuttus,
I'm opening up to system recovery. Do i open up the FRST file through the command prompt window? I'm not sure that im doing this correctly.
Travis
quote='kuttus' pid='143901' dateline='1384317822']
This is not the Log File. This is the file I send to you...

Now please download this file and save it to your Flash Drive.

http://malwaretips.com/attachment.php?aid=6188

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log. Then attempt to boot to normal mode.


You have to Press on FIX......... I think you miss that step...

[/quote]

 

[travis]

Kuttus,
I was able to open the computer through the normal mode. Once I opened it I downloaded Hitman pro and ran a scan. Hitman picked up several malware problems, two trojans and the ransomware. it was named conhost.exe and also I had windowsupdate.exe one of the trojans. I want to make sure that I isolate everything what should I do next.
Regards,
Travis

OK I think I did it correctly this time.
Regards,
Travis.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013
Ran by SYSTEM at 2013-11-13 00:30:41 Run:1
Running from G:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKU\Owner\...\Run: [SearchProtection] - C:\Users\Owner\AppData\Roaming\Search Protection\SearchProtection.exe [740712 2013-05-22] (Spigot, Inc.)
HKU\Owner\...\Run: [Gateway Update] - regsvr32.exe C:\Users\Owner\AppData\Local\Gateway\fsqnagmrpeff.dll
HKU\Owner\...\Run: [Adobe CSS5.1 Manager] - C:\Users\Owner\AppData\Local\111a93b4-8dac-46e4-b299-213b24a3ccfcad\abdacebbaccfcad.exe [122880 2013-08-20] () <===== ATTENTION
HKU\Owner\...\Winlogon: [Shell] explorer.exe,C:\Users\Owner\AppData\Roaming\skype.dat [163840 2013-07-08] (SmartWall Software Int) <==== ATTENTION
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ncsfjwaeoaqcwsanlhg.lnk
ShortcutTarget: ncsfjwaeoaqcwsanlhg.lnk -> C:\Users\Owner\AppData\Local\Temp\ghlnaswcqaoeawjfscn.bfg ()
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3567909126-1194767173-2892429766-1000\$58278a142a791e1a6e064c706832dbf7
C:\Users\Owner\AppData\Local\111a93b4-8dac-46e4-b299-213b24a3ccfcad\abdacebbaccfcad.exe
C:\Users\Owner\AppData\Roaming\skype.dat
C:\Users\Owner\AppData\Roaming\skype.ini
C:\Windows\svchost.exe
C:\Users\Owner\AppData\Local\Temp\01365982607774.exe
C:\Users\Owner\AppData\Local\Temp\ghlnaswcqaoeawjfscn.bfg
C:\Users\Owner\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Owner\AppData\Local\Temp\ndhflthicuxjcddswoy.bfg
C:\Users\Owner\AppData\Local\Temp\notepad.exe
C:\Users\Owner\AppData\Local\Temp\RealPlayer_20130122.exe
C:\Users\Owner\AppData\Local\Temp\{EE93872D-50FA-48DB-B506-19D38602FFF2}-27.0.1453.116_27.0.1453.110_chrome_updater.exe

*****************

HKU\Owner\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtection => Value deleted successfully.
HKU\Owner\Software\Microsoft\Windows\CurrentVersion\Run\\Gateway Update => Value deleted successfully.
HKU\Owner\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe CSS5.1 Manager => Value deleted successfully.
HKU\Owner\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ncsfjwaeoaqcwsanlhg.lnk => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\ghlnaswcqaoeawjfscn.bfg => Moved successfully.
C:\$Recycle.Bin\S-1-5-21-3567909126-1194767173-2892429766-1000\$58278a142a791e1a6e064c706832dbf7 => Moved successfully.
C:\Users\Owner\AppData\Local\111a93b4-8dac-46e4-b299-213b24a3ccfcad\abdacebbaccfcad.exe => Moved successfully.
C:\Users\Owner\AppData\Roaming\skype.dat => Moved successfully.
C:\Users\Owner\AppData\Roaming\skype.ini => Moved successfully.
C:\Windows\svchost.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\01365982607774.exe => Moved successfully.
"C:\Users\Owner\AppData\Local\Temp\ghlnaswcqaoeawjfscn.bfg" => File/Directory not found.
C:\Users\Owner\AppData\Local\Temp\InstallFlashPlayer.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\ndhflthicuxjcddswoy.bfg => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\notepad.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\RealPlayer_20130122.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\{EE93872D-50FA-48DB-B506-19D38602FFF2}-27.0.1453.116_27.0.1453.110_chrome_updater.exe => Moved successfully.

==== End of Fixlog ====

Kuttus,
I'm opening up to system recovery. Do i open up the FRST file through the command prompt window? I'm not sure that im doing this correctly.
Travis
quote='kuttus' pid='143901' dateline='1384317822']
This is not the Log File. This is the file I send to you...

Now please download this file and save it to your Flash Drive.

http://malwaretips.com/attachment.php?aid=6188

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log. Then attempt to boot to normal mode.


You have to Press on FIX......... I think you miss that step...

[/quote]

 

[travis]

Kuttus,
After I ran hitman I downloaded TDSSKILLER.exe and malwarebytes anti-rootkit. I have run the TDSSKILLER.exe and I am running the MBAR now. I will update you when I am done.
Regards,
Travis

Kuttus,
I was able to open the computer through the normal mode. Once I opened it I downloaded Hitman pro and ran a scan. Hitman picked up several malware problems, two trojans and the ransomware. it was named conhost.exe and also I had windowsupdate.exe one of the trojans. I want to make sure that I isolate everything what should I do next.
Regards,
Travis

OK I think I did it correctly this time.
Regards,
Travis.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013
Ran by SYSTEM at 2013-11-13 00:30:41 Run:1
Running from G:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKU\Owner\...\Run: [SearchProtection] - C:\Users\Owner\AppData\Roaming\Search Protection\SearchProtection.exe [740712 2013-05-22] (Spigot, Inc.)
HKU\Owner\...\Run: [Gateway Update] - regsvr32.exe C:\Users\Owner\AppData\Local\Gateway\fsqnagmrpeff.dll
HKU\Owner\...\Run: [Adobe CSS5.1 Manager] - C:\Users\Owner\AppData\Local\111a93b4-8dac-46e4-b299-213b24a3ccfcad\abdacebbaccfcad.exe [122880 2013-08-20] () <===== ATTENTION
HKU\Owner\...\Winlogon: [Shell] explorer.exe,C:\Users\Owner\AppData\Roaming\skype.dat [163840 2013-07-08] (SmartWall Software Int) <==== ATTENTION
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ncsfjwaeoaqcwsanlhg.lnk
ShortcutTarget: ncsfjwaeoaqcwsanlhg.lnk -> C:\Users\Owner\AppData\Local\Temp\ghlnaswcqaoeawjfscn.bfg ()
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3567909126-1194767173-2892429766-1000\$58278a142a791e1a6e064c706832dbf7
C:\Users\Owner\AppData\Local\111a93b4-8dac-46e4-b299-213b24a3ccfcad\abdacebbaccfcad.exe
C:\Users\Owner\AppData\Roaming\skype.dat
C:\Users\Owner\AppData\Roaming\skype.ini
C:\Windows\svchost.exe
C:\Users\Owner\AppData\Local\Temp\01365982607774.exe
C:\Users\Owner\AppData\Local\Temp\ghlnaswcqaoeawjfscn.bfg
C:\Users\Owner\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Owner\AppData\Local\Temp\ndhflthicuxjcddswoy.bfg
C:\Users\Owner\AppData\Local\Temp\notepad.exe
C:\Users\Owner\AppData\Local\Temp\RealPlayer_20130122.exe
C:\Users\Owner\AppData\Local\Temp\{EE93872D-50FA-48DB-B506-19D38602FFF2}-27.0.1453.116_27.0.1453.110_chrome_updater.exe

*****************

HKU\Owner\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtection => Value deleted successfully.
HKU\Owner\Software\Microsoft\Windows\CurrentVersion\Run\\Gateway Update => Value deleted successfully.
HKU\Owner\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe CSS5.1 Manager => Value deleted successfully.
HKU\Owner\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ncsfjwaeoaqcwsanlhg.lnk => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\ghlnaswcqaoeawjfscn.bfg => Moved successfully.
C:\$Recycle.Bin\S-1-5-21-3567909126-1194767173-2892429766-1000\$58278a142a791e1a6e064c706832dbf7 => Moved successfully.
C:\Users\Owner\AppData\Local\111a93b4-8dac-46e4-b299-213b24a3ccfcad\abdacebbaccfcad.exe => Moved successfully.
C:\Users\Owner\AppData\Roaming\skype.dat => Moved successfully.
C:\Users\Owner\AppData\Roaming\skype.ini => Moved successfully.
C:\Windows\svchost.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\01365982607774.exe => Moved successfully.
"C:\Users\Owner\AppData\Local\Temp\ghlnaswcqaoeawjfscn.bfg" => File/Directory not found.
C:\Users\Owner\AppData\Local\Temp\InstallFlashPlayer.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\ndhflthicuxjcddswoy.bfg => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\notepad.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\RealPlayer_20130122.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\{EE93872D-50FA-48DB-B506-19D38602FFF2}-27.0.1453.116_27.0.1453.110_chrome_updater.exe => Moved successfully.

==== End of Fixlog ====

Kuttus,
I'm opening up to system recovery. Do i open up the FRST file through the command prompt window? I'm not sure that im doing this correctly.
Travis
quote='kuttus' pid='143901' dateline='1384317822']
This is not the Log File. This is the file I send to you...

Now please download this file and save it to your Flash Drive.

http://malwaretips.com/attachment.php?aid=6188

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log. Then attempt to boot to normal mode.


You have to Press on FIX......... I think you miss that step...

[/quote]

 

[kuttus]

Send me the Log files of both...

 

[travis]

Kuttus,
attached is the MBAR file. I was not able to copy the TSDD when it finished. If you can direct me where I can access that file I will try to retrieve it and copy you with it.
Regards,
Travis
Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org

Database version: v2013.10.02.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Owner :: OWNER-PC [administrator]

11/13/2013 2:11:13 AM
mbar-log-2013-11-13 (02-11-13).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 248591
Time elapsed: 25 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Replace on reboot.

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Owner\AppData\Local\Gateway\fsqnagmrpeff.dll (VirTool.Vbcrypt) -> Delete on reboot.
C:\Users\Owner\rundll32.exe (Trojan.Dropper) -> Delete on reboot.
C:\Users\Owner\winlogon.exe (Trojan.Downloader) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Send me the Log files of both...

 

[kuttus]

STEP 2 : Run a scan with Kaspersky TDSSKiller
<ol>
<li>Download Kaspersky TDSKiller from the below link.
<><a title="External link" href="http://support.kaspersky.com/downloads/utils/tdsskiller.exe" rel="external">KASPERKSY TDSSKILLER DOWNLOAD LINK</a></> <em>(This link will automatically download Kaspersky TDSSKiller on your computer)</em>
</li>
<li>Double-click on <>TDSSKiller.exe</> to run the application.
<img src="http://img4.imageshack.us/img4/1907/tdss1.png" alt="Posted Image" /></li>
<li>Click <>Change parameters</>
<img src="http://img593.imageshack.us/img593/288/tdss2.png" alt="Posted Image" /></li>
<li>Check the boxes next to <>Verify Driver Digital Signature</> and <>Detect TDLFS file system</>, then click <>OK</>
<img src="http://img521.imageshack.us/img521/1456/tdss3.png" alt="Posted Image" /></li>
<li>Click on the <>Start Scan</> button to begin the scan and wait for it to finish.
<>NOTE:</> Do not use the computer during the scan!</li>
<li>During the scan it will look similar to the image below:
<img src="http://img6.imageshack.us/img6/9136/tdss4.jpg" alt="Posted Image" /></li>
<li>When it finishes, you will either see a report that no threats were found like below:
<img src="http://img696.imageshack.us/img696/9898/tdss5.jpg" alt="Posted Image" />
If no threats are found at this point, just click the <>Report</> selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.</li>
<li>If any infection or suspected items are found, you will see a window similar to below:
<img src="http://img854.imageshack.us/img854/905/tdss7.jpg" alt="Posted Image" />
<ul>
<li>If you have files that are shown to fail <em>signature check</em> do not take any action on these. Make sure you select <>Skip</>. I will tell you what to do with these later. They may not be issues at all.</li>
<li>If <em>Suspicious objects</em> are detected, the default action will be Skip. Leave the default set to Skip.</li>
<li>If <em>Malicious objects</em> are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
Make sure that <>Cure</> is selected. <>VERY IMPORTANT!</> - If <em>Cure</em> is not available, please choose <>Skip</> instead. DO NOT choose Delete unless instructed to do so.</li>
</ul>
</li>
<li>Click <>Continue</> to apply selected actions.</li>
<li>A reboot may be required to complete disinfection. A window like the below will appear:
<img src="http://img828.imageshack.us/img828/4812/tdss6.jpg" alt="Posted Image" />
Reboot immediately if TDSSKiller states that one is needed.</li>
<li>Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like <>TDSSKiller.2.1.1_2.12.2012_14.17.04_log.txt</> which is based on the program version # and date and time run.</li>
<li>Attach this log to your next reply.</li>
</ol>
<hr />

 

[travis]

Kuttus,
I found this in my c drive I believe it is the log for the TDSSKILLER scan I did initially. At the bottom it shows what was quarantined.
Regards,
Travis

STEP 2 : Run a scan with Kaspersky TDSSKiller
<ol>
<li>Download Kaspersky TDSKiller from the below link.
<><a title="External link" href="http://support.kaspersky.com/downloads/utils/tdsskiller.exe" rel="external">KASPERKSY TDSSKILLER DOWNLOAD LINK</a></> <em>(This link will automatically download Kaspersky TDSSKiller on your computer)</em>
</li>
<li>Double-click on <>TDSSKiller.exe</> to run the application.
<img src="http://img4.imageshack.us/img4/1907/tdss1.png" alt="Posted Image" /></li>
<li>Click <>Change parameters</>
<img src="http://img593.imageshack.us/img593/288/tdss2.png" alt="Posted Image" /></li>
<li>Check the boxes next to <>Verify Driver Digital Signature</> and <>Detect TDLFS file system</>, then click <>OK</>
<img src="http://img521.imageshack.us/img521/1456/tdss3.png" alt="Posted Image" /></li>
<li>Click on the <>Start Scan</> button to begin the scan and wait for it to finish.
<>NOTE:</> Do not use the computer during the scan!</li>
<li>During the scan it will look similar to the image below:
<img src="http://img6.imageshack.us/img6/9136/tdss4.jpg" alt="Posted Image" /></li>
<li>When it finishes, you will either see a report that no threats were found like below:
<img src="http://img696.imageshack.us/img696/9898/tdss5.jpg" alt="Posted Image" />
If no threats are found at this point, just click the <>Report</> selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.</li>
<li>If any infection or suspected items are found, you will see a window similar to below:
<img src="http://img854.imageshack.us/img854/905/tdss7.jpg" alt="Posted Image" />
<ul>
<li>If you have files that are shown to fail <em>signature check</em> do not take any action on these. Make sure you select <>Skip</>. I will tell you what to do with these later. They may not be issues at all.</li>
<li>If <em>Suspicious objects</em> are detected, the default action will be Skip. Leave the default set to Skip.</li>
<li>If <em>Malicious objects</em> are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
Make sure that <>Cure</> is selected. <>VERY IMPORTANT!</> - If <em>Cure</em> is not available, please choose <>Skip</> instead. DO NOT choose Delete unless instructed to do so.</li>
</ul>
</li>
<li>Click <>Continue</> to apply selected actions.</li>
<li>A reboot may be required to complete disinfection. A window like the below will appear:
<img src="http://img828.imageshack.us/img828/4812/tdss6.jpg" alt="Posted Image" />
Reboot immediately if TDSSKiller states that one is needed.</li>
<li>Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like <>TDSSKiller.2.1.1_2.12.2012_14.17.04_log.txt</> which is based on the program version # and date and time run.</li>
<li>Attach this log to your next reply.</li>
</ol>
<hr />

 

[kuttus]

Please send me the Log files..

 

[travis]

Kuttus,
Here is the TDSSKILLER LOG i FOUND IN THE C: drive.
01:59:52.0107 0392 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
01:59:52.0497 0392 ============================================================
01:59:52.0497 0392 Current date / time: 2013/11/13 01:59:52.0497
01:59:52.0497 0392 SystemInfo:
01:59:52.0497 0392
01:59:52.0497 0392 OS Version: 6.1.7601 ServicePack: 1.0
01:59:52.0497 0392 Product type: Workstation
01:59:52.0497 0392 ComputerName: OWNER-PC
01:59:52.0497 0392 UserName: Owner
01:59:52.0497 0392 Windows directory: C:\Windows
01:59:52.0497 0392 System windows directory: C:\Windows
01:59:52.0497 0392 Running under WOW64
01:59:52.0497 0392 Processor architecture: Intel x64
01:59:52.0497 0392 Number of processors: 2
01:59:52.0497 0392 Page size: 0x1000
01:59:52.0497 0392 Boot type: Normal boot
01:59:52.0497 0392 ============================================================
02:02:21.0456 0392 BG loaded
02:02:32.0844 0392 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:02:32.0859 0392 Drive \Device\Harddisk1\DR1 - Size: 0x7520000 (0.11 Gb), SectorSize: 0x200, Cylinders: 0xE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
02:02:32.0859 0392 ============================================================
02:02:32.0859 0392 \Device\Harddisk0\DR0:
02:02:32.0859 0392 MBR partitions:
02:02:32.0859 0392 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD
02:02:32.0859 0392 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x38B50904
02:02:32.0859 0392 \Device\Harddisk1\DR1:
02:02:32.0859 0392 MBR partitions:
02:02:32.0859 0392 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x2, BlocksNum 0x3A8FD
02:02:32.0859 0392 ============================================================
02:02:33.0156 0392 C: <-> \Device\Harddisk0\DR0\Partition2
02:02:33.0156 0392 ============================================================
02:02:33.0156 0392 Initialize success
02:02:33.0156 0392 ============================================================
02:02:55.0183 4940 ============================================================
02:02:55.0183 4940 Scan started
02:02:55.0183 4940 Mode: Manual; SigCheck; TDLFS;
02:02:55.0183 4940 ============================================================
02:02:56.0946 4940 ================ Scan system memory ========================
02:02:56.0946 4940 System memory - ok
02:02:56.0946 4940 ================ Scan services =============================
02:02:57.0336 4940 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
02:02:57.0554 4940 1394ohci - ok
02:02:57.0788 4940 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
02:02:57.0819 4940 ACPI - ok
02:02:57.0913 4940 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
02:02:58.0100 4940 AcpiPmi - ok
02:02:58.0319 4940 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
02:02:58.0350 4940 AdobeARMservice - ok
02:02:58.0615 4940 [ A283108E14F3970432C21AF4C0CB1BCE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
02:02:59.0021 4940 AdobeFlashPlayerUpdateSvc - ok
02:02:59.0130 4940 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
02:02:59.0208 4940 adp94xx - ok
02:02:59.0255 4940 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
02:02:59.0317 4940 adpahci - ok
02:02:59.0348 4940 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
02:02:59.0473 4940 adpu320 - ok
02:02:59.0645 4940 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
02:02:59.0769 4940 AeLookupSvc - ok
02:02:59.0910 4940 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
02:03:00.0003 4940 AFD - ok
02:03:00.0159 4940 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
02:03:00.0191 4940 agp440 - ok
02:03:00.0487 4940 [ BBE9054FDADC8D49D29C5DA4FB84A803 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll
02:03:00.0503 4940 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll. md5: BBE9054FDADC8D49D29C5DA4FB84A803
02:03:00.0503 4940 Akamai ( HiddenFile.Multi.Generic ) - warning
02:03:00.0503 4940 Akamai - detected HiddenFile.Multi.Generic (1)
02:03:00.0549 4940 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
02:03:00.0690 4940 ALG - ok
02:03:00.0768 4940 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
02:03:00.0799 4940 aliide - ok
02:03:00.0830 4940 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
02:03:00.0861 4940 amdide - ok
02:03:00.0893 4940 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
02:03:01.0095 4940 AmdK8 - ok
02:03:01.0173 4940 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
02:03:01.0267 4940 AmdPPM - ok
02:03:01.0361 4940 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
02:03:01.0407 4940 amdsata - ok
02:03:01.0563 4940 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
02:03:01.0626 4940 amdsbs - ok
02:03:01.0673 4940 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
02:03:01.0688 4940 amdxata - ok
02:03:01.0751 4940 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
02:03:01.0985 4940 AppID - ok
02:03:02.0031 4940 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
02:03:02.0156 4940 AppIDSvc - ok
02:03:02.0219 4940 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
02:03:02.0343 4940 Appinfo - ok
02:03:02.0390 4940 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
02:03:02.0437 4940 arc - ok
02:03:02.0453 4940 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
02:03:02.0499 4940 arcsas - ok
02:03:02.0531 4940 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
02:03:02.0765 4940 AsyncMac - ok
02:03:02.0858 4940 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
02:03:02.0874 4940 atapi - ok
02:03:03.0092 4940 [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag C:\Windows\system32\drivers\atikmdag.sys
02:03:03.0888 4940 atikmdag - ok
02:03:04.0137 4940 [ F50B40AC2E465A245733306EBF8EBC8B ] ATTRcAppSvc C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe
02:03:04.0169 4940 ATTRcAppSvc - ok
02:03:04.0215 4940 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
02:03:04.0356 4940 AudioEndpointBuilder - ok
02:03:04.0403 4940 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
02:03:04.0465 4940 AudioSrv - ok
02:03:04.0527 4940 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
02:03:04.0621 4940 AxInstSV - ok
02:03:04.0715 4940 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
02:03:04.0824 4940 b06bdrv - ok
02:03:04.0855 4940 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
02:03:04.0980 4940 b57nd60a - ok
02:03:05.0011 4940 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
02:03:05.0401 4940 BDESVC - ok
02:03:05.0557 4940 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
02:03:05.0760 4940 Beep - ok
02:03:05.0822 4940 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
02:03:05.0916 4940 BFE - ok
02:03:06.0025 4940 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
02:03:06.0197 4940 BITS - ok
02:03:06.0399 4940 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
02:03:06.0493 4940 blbdrive - ok
02:03:06.0602 4940 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
02:03:06.0649 4940 bowser - ok
02:03:06.0665 4940 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:03:06.0758 4940 BrFiltLo - ok
02:03:06.0774 4940 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:03:06.0821 4940 BrFiltUp - ok
02:03:06.0867 4940 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
02:03:06.0961 4940 Browser - ok
02:03:06.0992 4940 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
02:03:07.0195 4940 Brserid - ok
02:03:07.0226 4940 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
02:03:07.0273 4940 BrSerWdm - ok
02:03:07.0289 4940 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
02:03:07.0382 4940 BrUsbMdm - ok
02:03:07.0398 4940 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
02:03:07.0460 4940 BrUsbSer - ok
02:03:07.0476 4940 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
02:03:07.0616 4940 BTHMODEM - ok
02:03:07.0679 4940 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
02:03:07.0803 4940 bthserv - ok
02:03:07.0819 4940 [ C8387002ED85939A4FA403032136EE3C ] CAATT C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe
02:03:07.0850 4940 CAATT - ok
02:03:07.0897 4940 [ D1787E11C6A0078DDEAF8CF3EE2AB293 ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys
02:03:08.0162 4940 CAXHWAZL - ok
02:03:08.0256 4940 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
02:03:08.0365 4940 cdfs - ok
02:03:08.0521 4940 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
02:03:08.0630 4940 cdrom - ok
02:03:08.0771 4940 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
02:03:08.0880 4940 CertPropSvc - ok
02:03:08.0958 4940 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
02:03:09.0051 4940 circlass - ok
02:03:09.0129 4940 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
02:03:09.0161 4940 CLFS - ok
02:03:09.0363 4940 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:03:09.0457 4940 clr_optimization_v2.0.50727_32 - ok
02:03:09.0691 4940 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:03:09.0769 4940 clr_optimization_v2.0.50727_64 - ok
02:03:09.0972 4940 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:03:10.0050 4940 clr_optimization_v4.0.30319_32 - ok
02:03:10.0206 4940 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:03:10.0221 4940 clr_optimization_v4.0.30319_64 - ok
02:03:10.0331 4940 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
02:03:10.0502 4940 CmBatt - ok
02:03:10.0689 4940 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
02:03:10.0721 4940 cmdide - ok
02:03:10.0939 4940 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
02:03:10.0986 4940 CNG - ok
02:03:11.0204 4940 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
02:03:11.0220 4940 Compbatt - ok
02:03:11.0298 4940 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
02:03:11.0407 4940 CompositeBus - ok
02:03:11.0407 4940 COMSysApp - ok
02:03:11.0485 4940 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
02:03:11.0516 4940 crcdisk - ok
02:03:11.0563 4940 [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc C:\Windows\system32\cryptsvc.dll
02:03:11.0625 4940 CryptSvc - ok
02:03:11.0719 4940 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
02:03:11.0875 4940 DcomLaunch - ok
02:03:11.0969 4940 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
02:03:12.0203 4940 defragsvc - ok
02:03:12.0343 4940 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
02:03:12.0452 4940 DfsC - ok
02:03:12.0530 4940 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
02:03:12.0639 4940 Dhcp - ok
02:03:12.0717 4940 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
02:03:12.0858 4940 discache - ok
02:03:12.0920 4940 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
02:03:12.0967 4940 Disk - ok
02:03:13.0232 4940 [ D5BCB77BE83CF99F508943945D46343D ] DKbFltr C:\Windows\SysWOW64\Drivers\DKbFltr.sys
02:03:13.0263 4940 DKbFltr - ok
02:03:13.0373 4940 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
02:03:13.0513 4940 Dnscache - ok
02:03:13.0622 4940 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
02:03:13.0794 4940 dot3svc - ok
02:03:13.0919 4940 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
02:03:14.0075 4940 DPS - ok
02:03:14.0371 4940 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
02:03:14.0496 4940 drmkaud - ok
02:03:14.0683 4940 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
02:03:14.0730 4940 DXGKrnl - ok
02:03:14.0777 4940 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
02:03:14.0917 4940 EapHost - ok
02:03:15.0042 4940 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
02:03:15.0354 4940 ebdrv - ok
02:03:15.0432 4940 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
02:03:15.0525 4940 EFS - ok
02:03:15.0650 4940 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
02:03:15.0853 4940 ehRecvr - ok
02:03:15.0900 4940 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
02:03:15.0993 4940 ehSched - ok
02:03:16.0040 4940 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
02:03:16.0165 4940 elxstor - ok
02:03:16.0274 4940 [ 7C35C6865957289D9EFE6CC73F4AB2E1 ] ePowerSvc C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
02:03:16.0321 4940 ePowerSvc - ok
02:03:16.0602 4940 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
02:03:16.0727 4940 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
02:03:16.0727 4940 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
02:03:16.0773 4940 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
02:03:16.0820 4940 ErrDev - ok
02:03:16.0914 4940 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
02:03:17.0023 4940 EventSystem - ok
02:03:17.0070 4940 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
02:03:17.0210 4940 exfat - ok
02:03:17.0241 4940 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
02:03:17.0335 4940 fastfat - ok
02:03:17.0429 4940 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
02:03:17.0522 4940 Fax - ok
02:03:17.0585 4940 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
02:03:17.0663 4940 fdc - ok
02:03:17.0725 4940 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
02:03:17.0803 4940 fdPHost - ok
02:03:17.0850 4940 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
02:03:17.0959 4940 FDResPub - ok
02:03:18.0037 4940 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
02:03:18.0068 4940 FileInfo - ok
02:03:18.0162 4940 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
02:03:18.0318 4940 Filetrace - ok
02:03:18.0489 4940 [ A4297244D4F817278A6AE45B1899CA9C ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
02:03:18.0583 4940 FLEXnet Licensing Service 64 - ok
02:03:18.0599 4940 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
02:03:18.0645 4940 flpydisk - ok
02:03:18.0692 4940 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
02:03:18.0723 4940 FltMgr - ok
02:03:18.0848 4940 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
02:03:18.0942 4940 FontCache - ok
02:03:19.0051 4940 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:03:19.0067 4940 FontCache3.0.0.0 - ok
02:03:19.0098 4940 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
02:03:19.0176 4940 FsDepends - ok
02:03:19.0269 4940 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
02:03:19.0285 4940 Fs_Rec - ok
02:03:19.0488 4940 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
02:03:19.0535 4940 fvevol - ok
02:03:19.0581 4940 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
02:03:19.0613 4940 gagp30kx - ok
02:03:19.0769 4940 [ 551D463E4CCEB5240234DA6718C93A44 ] GameConsoleService C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
02:03:19.0800 4940 GameConsoleService - ok
02:03:19.0878 4940 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
02:03:19.0893 4940 GamesAppService - ok
02:03:19.0940 4940 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
02:03:20.0049 4940 gpsvc - ok
02:03:20.0143 4940 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
02:03:20.0205 4940 Greg_Service - ok
02:03:20.0346 4940 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:03:20.0361 4940 gupdate - ok
02:03:20.0424 4940 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:03:20.0439 4940 gupdatem - ok
02:03:20.0502 4940 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
02:03:20.0642 4940 gusvc - ok
02:03:20.0658 4940 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
02:03:20.0892 4940 hcw85cir - ok
02:03:21.0017 4940 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
02:03:21.0126 4940 HdAudAddService - ok
02:03:21.0297 4940 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
02:03:21.0391 4940 HDAudBus - ok
02:03:21.0469 4940 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
02:03:21.0516 4940 HidBatt - ok
02:03:21.0547 4940 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
02:03:21.0656 4940 HidBth - ok
02:03:21.0656 4940 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
02:03:21.0734 4940 HidIr - ok
02:03:21.0781 4940 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
02:03:22.0015 4940 hidserv - ok
02:03:22.0093 4940 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
02:03:22.0171 4940 HidUsb - ok
02:03:22.0358 4940 [ AACD31D9B4129F05ECDE27DE98E6D96A ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe
02:03:22.0374 4940 HitmanProScheduler - ok
02:03:22.0483 4940 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
02:03:22.0826 4940 hkmsvc - ok
02:03:22.0889 4940 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
02:03:22.0982 4940 HomeGroupListener - ok
02:03:23.0060 4940 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
02:03:23.0076 4940 HomeGroupProvider - ok
02:03:23.0169 4940 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
02:03:23.0216 4940 HpSAMD - ok
02:03:23.0263 4940 [ 447256D1C026654C5CD3CC17E7B20631 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll
02:03:23.0435 4940 HsfXAudioService - ok
02:03:23.0513 4940 [ 26C5D00321937E49B6BC91029947D094 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
02:03:23.0684 4940 HSF_DPV - ok
02:03:23.0825 4940 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
02:03:23.0949 4940 HTTP - ok
02:03:24.0105 4940 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
02:03:24.0137 4940 hwpolicy - ok
02:03:24.0168 4940 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
02:03:24.0261 4940 i8042prt - ok
02:03:24.0371 4940 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
02:03:24.0480 4940 iaStorV - ok
02:03:24.0558 4940 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:03:24.0651 4940 idsvc - ok
02:03:25.0073 4940 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
02:03:25.0463 4940 igfx - ok
02:03:25.0509 4940 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
02:03:25.0541 4940 iirsp - ok
02:03:25.0619 4940 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
02:03:25.0884 4940 IKEEXT - ok
02:03:25.0962 4940 [ 0C3CF4B3BAE28E121A1689E3538F8712 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
02:03:26.0024 4940 IntcAzAudAddService - ok
02:03:26.0071 4940 [ D485D3BD3E2179AA86853A182F70699F ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
02:03:26.0165 4940 IntcHdmiAddService - ok
02:03:26.0196 4940 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
02:03:26.0243 4940 intelide - ok
02:03:26.0352 4940 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
02:03:26.0383 4940 intelppm - ok
02:03:26.0461 4940 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
02:03:26.0570 4940 IPBusEnum - ok
02:03:26.0633 4940 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:03:26.0789 4940 IpFilterDriver - ok
02:03:26.0898 4940 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
02:03:26.0929 4940 iphlpsvc - ok
02:03:27.0085 4940 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
02:03:27.0163 4940 IPMIDRV - ok
02:03:27.0194 4940 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
02:03:27.0335 4940 IPNAT - ok
02:03:27.0366 4940 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
02:03:27.0506 4940 IRENUM - ok
02:03:27.0600 4940 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
02:03:27.0693 4940 isapnp - ok
02:03:27.0756 4940 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
02:03:27.0943 4940 iScsiPrt - ok
02:03:28.0068 4940 [ 08DD34F74D65E1C8F238565570952630 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
02:03:28.0099 4940 k57nd60a - ok
02:03:28.0193 4940 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
02:03:28.0302 4940 kbdclass - ok
02:03:28.0395 4940 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
02:03:28.0489 4940 kbdhid - ok
02:03:28.0520 4940 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
02:03:28.0551 4940 KeyIso - ok
02:03:28.0614 4940 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
02:03:28.0629 4940 KSecDD - ok
02:03:28.0676 4940 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
02:03:28.0707 4940 KSecPkg - ok
02:03:28.0770 4940 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
02:03:28.0910 4940 ksthunk - ok
02:03:28.0941 4940 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
02:03:29.0082 4940 KtmRm - ok
02:03:29.0285 4940 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
02:03:29.0409 4940 LanmanServer - ok
02:03:29.0519 4940 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
02:03:29.0815 4940 LanmanWorkstation - ok
02:03:30.0065 4940 [ 549B88970B3CFD211A354A016EDF766E ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
02:03:30.0111 4940 LeapFrog Connect Device Service - ok
02:03:30.0127 4940 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
02:03:30.0283 4940 lltdio - ok
02:03:30.0408 4940 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
02:03:30.0829 4940 lltdsvc - ok
02:03:30.0860 4940 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
02:03:30.0954 4940 lmhosts - ok
02:03:31.0001 4940 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
02:03:31.0032 4940 LSI_FC - ok
02:03:31.0079 4940 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
02:03:31.0188 4940 LSI_SAS - ok
02:03:31.0219 4940 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:03:31.0266 4940 LSI_SAS2 - ok
02:03:31.0313 4940 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:03:31.0359 4940 LSI_SCSI - ok
02:03:31.0406 4940 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
02:03:31.0515 4940 luafv - ok
02:03:31.0562 4940 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
02:03:31.0640 4940 Mcx2Svc - ok
02:03:31.0687 4940 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
02:03:31.0827 4940 mdmxsdk - ok
02:03:31.0859 4940 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
02:03:31.0952 4940 megasas - ok
02:03:31.0983 4940 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
02:03:32.0077 4940 MegaSR - ok
02:03:32.0124 4940 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
02:03:32.0249 4940 MMCSS - ok
02:03:32.0311 4940 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
02:03:32.0483 4940 Modem - ok
02:03:32.0561 4940 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
02:03:32.0607 4940 monitor - ok
02:03:32.0639 4940 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
02:03:32.0685 4940 mouclass - ok
02:03:32.0748 4940 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
02:03:32.0888 4940 mouhid - ok
02:03:32.0919 4940 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
02:03:32.0966 4940 mountmgr - ok
02:03:33.0075 4940 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
02:03:33.0107 4940 MpFilter - ok
02:03:33.0247 4940 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
02:03:33.0325 4940 mpio - ok
02:03:33.0372 4940 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
02:03:33.0465 4940 mpsdrv - ok
02:03:33.0543 4940 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
02:03:33.0668 4940 MpsSvc - ok
02:03:33.0715 4940 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
02:03:33.0871 4940 MRxDAV - ok
02:03:33.0965 4940 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
02:03:34.0027 4940 mrxsmb - ok
02:03:34.0089 4940 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:03:34.0136 4940 mrxsmb10 - ok
02:03:34.0167 4940 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:03:34.0199 4940 mrxsmb20 - ok
02:03:34.0308 4940 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
02:03:34.0323 4940 msahci - ok
02:03:34.0386 4940 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
02:03:34.0448 4940 msdsm - ok
02:03:34.0495 4940 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
02:03:34.0589 4940 MSDTC - ok
02:03:34.0651 4940 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
02:03:34.0729 4940 Msfs - ok
02:03:34.0745 4940 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
02:03:34.0823 4940 mshidkmdf - ok
02:03:34.0963 4940 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
02:03:34.0979 4940 msisadrv - ok
02:03:35.0025 4940 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
02:03:35.0213 4940 MSiSCSI - ok
02:03:35.0213 4940 msiserver - ok
02:03:35.0244 4940 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
02:03:35.0337 4940 MSKSSRV - ok
02:03:35.0509 4940 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
02:03:35.0525 4940 MsMpSvc - ok
02:03:35.0556 4940 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
02:03:35.0681 4940 MSPCLOCK - ok
02:03:35.0727 4940 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
02:03:35.0821 4940 MSPQM - ok
02:03:35.0868 4940 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
02:03:35.0899 4940 MsRPC - ok
02:03:36.0086 4940 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
02:03:36.0117 4940 mssmbios - ok
02:03:36.0149 4940 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
02:03:36.0258 4940 MSTEE - ok
02:03:36.0289 4940 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
02:03:36.0336 4940 MTConfig - ok
02:03:36.0367 4940 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
02:03:36.0383 4940 Mup - ok
02:03:36.0445 4940 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
02:03:36.0570 4940 napagent - ok
02:03:36.0617 4940 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
02:03:36.0710 4940 NativeWifiP - ok
02:03:36.0804 4940 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
02:03:36.0882 4940 NDIS - ok
02:03:36.0944 4940 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
02:03:37.0069 4940 NdisCap - ok
02:03:37.0116 4940 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
02:03:37.0209 4940 NdisTapi - ok
02:03:37.0256 4940 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
02:03:37.0381 4940 Ndisuio - ok
02:03:37.0443 4940 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
02:03:37.0537 4940 NdisWan - ok
02:03:37.0677 4940 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
02:03:37.0833 4940 NDProxy - ok
02:03:37.0989 4940 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
02:03:38.0114 4940 NetBIOS - ok
02:03:38.0255 4940 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
02:03:38.0364 4940 NetBT - ok
02:03:38.0426 4940 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
02:03:38.0457 4940 Netlogon - ok
02:03:38.0551 4940 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
02:03:38.0629 4940 Netman - ok
02:03:38.0676 4940 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
02:03:38.0785 4940 netprofm - ok
02:03:38.0816 4940 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:03:38.0941 4940 NetTcpPortSharing - ok
02:03:39.0331 4940 [ 39EDE676D17F37AF4573C2B33EC28ACA ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
02:03:39.0627 4940 NETw5s64 - ok
02:03:39.0908 4940 [ 705283C02177809CA9FA7CC58A4F1E77 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
02:03:40.0454 4940 netw5v64 - ok
02:03:40.0517 4940 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
02:03:40.0548 4940 nfrd960 - ok
02:03:40.0610 4940 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
02:03:40.0641 4940 NisDrv - ok
02:03:40.0782 4940 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
02:03:40.0813 4940 NisSrv - ok
02:03:40.0844 4940 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
02:03:40.0938 4940 NlaSvc - ok
02:03:40.0969 4940 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
02:03:41.0047 4940 Npfs - ok
02:03:41.0125 4940 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
02:03:41.0219 4940 nsi - ok
02:03:41.0234 4940 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
02:03:41.0312 4940 nsiproxy - ok
02:03:41.0499 4940 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
02:03:41.0624 4940 Ntfs - ok
02:03:41.0796 4940 [ 70E3EB0CEF795D348F05E5A9B115F491 ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
02:03:41.0811 4940 NTI IScheduleSvc - ok
02:03:41.0905 4940 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
02:03:41.0921 4940 NTIDrvr - ok
02:03:42.0045 4940 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
02:03:42.0155 4940 Null - ok
02:03:42.0233 4940 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
02:03:42.0435 4940 nvraid - ok
02:03:42.0498 4940 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
02:03:42.0576 4940 nvstor - ok
02:03:42.0654 4940 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
02:03:42.0701 4940 nv_agp - ok
02:03:42.0888 4940 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:03:42.0919 4940 odserv - ok
02:03:42.0950 4940 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
02:03:42.0997 4940 ohci1394 - ok
02:03:43.0106 4940 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:03:43.0137 4940 ose - ok
02:03:43.0387 4940 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
02:03:45.0072 4940 osppsvc - ok
02:03:45.0165 4940 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
02:03:45.0197 4940 p2pimsvc - ok
02:03:45.0228 4940 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
02:03:45.0321 4940 p2psvc - ok
02:03:45.0353 4940 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
02:03:45.0399 4940 Parport - ok
02:03:45.0446 4940 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
02:03:45.0477 4940 partmgr - ok
02:03:45.0711 4940 [ 9665402B7FA59302D520AD845DDFC026 ] Partner Service C:\ProgramData\Partner\Partner.exe
02:03:45.0727 4940 Partner Service - ok
02:03:45.0774 4940 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
02:03:45.0852 4940 PcaSvc - ok
02:03:45.0930 4940 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
02:03:45.0961 4940 pci - ok
02:03:46.0008 4940 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
02:03:46.0164 4940 pciide - ok
02:03:46.0257 4940 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
02:03:46.0320 4940 pcmcia - ok
02:03:46.0460 4940 [ B5D3C24E4EA8E6D4850E83DAD8C510D4 ] PCTINDIS5X64 C:\Windows\system32\PCTINDIS5X64.SYS
02:03:46.0491 4940 PCTINDIS5X64 - ok
02:03:46.0538 4940 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
02:03:46.0569 4940 pcw - ok
02:03:46.0601 4940 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
02:03:46.0694 4940 PEAUTH - ok
02:03:46.0897 4940 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
02:03:46.0991 4940 PerfHost - ok
02:03:47.0100 4940 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
02:03:47.0318 4940 pla - ok
02:03:47.0349 4940 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
02:03:47.0396 4940 PlugPlay - ok
02:03:47.0459 4940 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
02:03:47.0552 4940 PNRPAutoReg - ok
02:03:47.0615 4940 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
02:03:47.0646 4940 PNRPsvc - ok
02:03:47.0693 4940 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
02:03:47.0849 4940 PolicyAgent - ok
02:03:47.0911 4940 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
02:03:48.0051 4940 Power - ok
02:03:48.0145 4940 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
02:03:48.0363 4940 PptpMiniport - ok
02:03:48.0395 4940 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
02:03:48.0441 4940 Processor - ok
02:03:48.0488 4940 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
02:03:48.0597 4940 ProfSvc - ok
02:03:48.0613 4940 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
02:03:48.0644 4940 ProtectedStorage - ok
02:03:48.0707 4940 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
02:03:48.0785 4940 Psched - ok
02:03:48.0878 4940 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
02:03:49.0050 4940 ql2300 - ok
02:03:49.0081 4940 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
02:03:49.0175 4940 ql40xx - ok
02:03:49.0221 4940 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
02:03:49.0362 4940 QWAVE - ok
02:03:49.0393 4940 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
02:03:49.0455 4940 QWAVEdrv - ok
02:03:49.0518 4940 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
02:03:49.0611 4940 RasAcd - ok
02:03:49.0658 4940 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
02:03:49.0752 4940 RasAgileVpn - ok
02:03:49.0767 4940 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
02:03:49.0892 4940 RasAuto - ok
02:03:49.0970 4940 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
02:03:50.0111 4940 Rasl2tp - ok
02:03:50.0173 4940 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
02:03:50.0423 4940 RasMan - ok
02:03:50.0532 4940 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
02:03:50.0625 4940 RasPppoe - ok
02:03:50.0688 4940 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
02:03:50.0813 4940 RasSstp - ok
02:03:50.0875 4940 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
02:03:51.0015 4940 rdbss - ok
02:03:51.0047 4940 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
02:03:51.0109 4940 rdpbus - ok
02:03:51.0125 4940 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
02:03:51.0234 4940 RDPCDD - ok
02:03:51.0249 4940 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
02:03:51.0343 4940 RDPENCDD - ok
02:03:51.0437 4940 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
02:03:51.0515 4940 RDPREFMP - ok
02:03:51.0561 4940 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
02:03:51.0702 4940 RDPWD - ok
02:03:51.0827 4940 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
02:03:51.0858 4940 rdyboost - ok
02:03:51.0905 4940 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
02:03:52.0045 4940 RemoteAccess - ok
02:03:52.0076 4940 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
02:03:52.0248 4940 RemoteRegistry - ok
02:03:52.0357 4940 [ C903D49655B4AAE46673F0AAA6BE0F58 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
02:03:52.0451 4940 RimVSerPort - ok
02:03:52.0529 4940 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
02:03:52.0622 4940 ROOTMODEM - ok
02:03:52.0653 4940 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
02:03:52.0841 4940 RpcEptMapper - ok
02:03:52.0856 4940 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
02:03:52.0934 4940 RpcLocator - ok
02:03:52.0981 4940 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
02:03:53.0059 4940 RpcSs - ok
02:03:53.0153 4940 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
02:03:53.0262 4940 rspndr - ok
02:03:53.0387 4940 [ FB39AF63D6617F028BA0EBC21B83360D ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
02:03:53.0480 4940 RSUSBSTOR - ok
02:03:53.0558 4940 [ 7421A35C45484B95E83B5E9E107CEFC2 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
02:03:53.0589 4940 RTHDMIAzAudService - ok
02:03:53.0652 4940 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
02:03:53.0667 4940 SamSs - ok
02:03:53.0714 4940 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
02:03:53.0761 4940 sbp2port - ok
02:03:53.0792 4940 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
02:03:53.0979 4940 SCardSvr - ok
02:03:54.0011 4940 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
02:03:54.0135 4940 scfilter - ok
02:03:54.0182 4940 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
02:03:54.0369 4940 Schedule - ok
02:03:54.0416 4940 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
02:03:54.0479 4940 SCPolicySvc - ok
02:03:54.0510 4940 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
02:03:54.0650 4940 SDRSVC - ok
02:03:54.0666 4940 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
02:03:54.0759 4940 secdrv - ok
02:03:54.0837 4940 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
02:03:54.0931 4940 seclogon - ok
02:03:55.0071 4940 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
02:03:55.0165 4940 SENS - ok
02:03:55.0212 4940 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
02:03:55.0290 4940 SensrSvc - ok
02:03:55.0305 4940 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
02:03:55.0368 4940 Serenum - ok
02:03:55.0399 4940 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
02:03:55.0446 4940 Serial - ok
02:03:55.0508 4940 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
02:03:55.0571 4940 sermouse - ok
02:03:55.0649 4940 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
02:03:55.0758 4940 SessionEnv - ok
02:03:55.0805 4940 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
02:03:55.0867 4940 sffdisk - ok
02:03:55.0914 4940 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
02:03:55.0976 4940 sffp_mmc - ok
02:03:56.0023 4940 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
02:03:56.0148 4940 sffp_sd - ok
02:03:56.0179 4940 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
02:03:56.0210 4940 sfloppy - ok
02:03:56.0288 4940 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
02:03:56.0538 4940 SharedAccess - ok
02:03:56.0616 4940 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
02:03:56.0803 4940 ShellHWDetection - ok
02:03:56.0897 4940 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:03:56.0943 4940 SiSRaid2 - ok
02:03:56.0990 4940 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
02:03:57.0037 4940 SiSRaid4 - ok
02:03:57.0162 4940 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
02:03:57.0177 4940 SkypeUpdate - ok
02:03:57.0240 4940 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
02:03:57.0349 4940 Smb - ok
02:03:57.0489 4940 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
02:03:57.0552 4940 SNMPTRAP - ok
02:03:57.0583 4940 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
02:03:57.0599 4940 spldr - ok
02:03:57.0692 4940 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
02:03:57.0770 4940 Spooler - ok
02:03:57.0957 4940 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
02:03:58.0082 4940 sppsvc - ok
02:03:58.0129 4940 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
02:03:58.0269 4940 sppuinotify - ok
02:03:58.0425 4940 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
02:03:58.0488 4940 srv - ok
02:03:58.0628 4940 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
02:03:58.0675 4940 srv2 - ok
02:03:58.0769 4940 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
02:03:58.0893 4940 SrvHsfHDA - ok
02:03:58.0956 4940 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
02:03:59.0174 4940 SrvHsfV92 - ok
02:03:59.0268 4940 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
02:03:59.0517 4940 SrvHsfWinac - ok
02:03:59.0595 4940 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
02:03:59.0658 4940 srvnet - ok
02:03:59.0720 4940 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
02:03:59.0814 4940 SSDPSRV - ok
02:03:59.0845 4940 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
02:03:59.0939 4940 SstpSvc - ok
02:03:59.0985 4940 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
02:04:00.0032 4940 stexstor - ok
02:04:00.0095 4940 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
02:04:00.0204 4940 stisvc - ok
02:04:00.0329 4940 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
02:04:00.0375 4940 swenum - ok
02:04:00.0578 4940 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
02:04:00.0609 4940 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
02:04:00.0609 4940 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
02:04:00.0750 4940 [ C03779EC476F8F30A9CFCDE046BA6B28 ] swmsflt C:\Windows\system32\DRIVERS\swmsflt.sys
02:04:00.0765 4940 swmsflt - ok
02:04:00.0906 4940 [ 808CB62212DD7A934074ED65D3106948 ] SWNC8UA3 C:\Windows\system32\DRIVERS\swnc8ua3.sys
02:04:01.0031 4940 SWNC8UA3 - ok
02:04:01.0093 4940 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
02:04:01.0389 4940 swprv - ok
02:04:01.0623 4940 [ DF3F437A890A77CCE5E3FD7B7BB93585 ] SWUMXA3 C:\Windows\system32\DRIVERS\swumxa3.sys
02:04:01.0779 4940 SWUMXA3 - ok
02:04:01.0842 4940 [ BCF305959B53B200CEB2AD25AD22F8A7 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
02:04:01.0873 4940 SynTP - ok
02:04:01.0982 4940 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
02:04:02.0216 4940 SysMain - ok
02:04:02.0310 4940 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
02:04:02.0388 4940 TabletInputService - ok
02:04:02.0466 4940 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
02:04:02.0669 4940 TapiSrv - ok
02:04:02.0700 4940 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
02:04:02.0793 4940 TBS - ok
02:04:03.0012 4940 [ DB74544B75566C974815E79A62433F29 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
02:04:03.0137 4940 Tcpip - ok
02:04:03.0261 4940 [ DB74544B75566C974815E79A62433F29 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
02:04:03.0324 4940 TCPIP6 - ok
02:04:03.0417 4940 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
02:04:03.0464 4940 tcpipreg - ok
02:04:03.0558 4940 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
02:04:03.0636 4940 TDPIPE - ok
02:04:03.0714 4940 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
02:04:03.0745 4940 TDTCP - ok
02:04:03.0823 4940 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
02:04:03.0979 4940 tdx - ok
02:04:04.0104 4940 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
02:04:04.0182 4940 TermDD - ok
02:04:04.0260 4940 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
02:04:04.0525 4940 TermService - ok
02:04:04.0572 4940 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
02:04:04.0650 4940 Themes - ok
02:04:04.0697 4940 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
02:04:04.0759 4940 THREADORDER - ok
02:04:04.0806 4940 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
02:04:04.0899 4940 TrkWks - ok
02:04:05.0102 4940 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
02:04:05.0243 4940 TrustedInstaller - ok
02:04:05.0399 4940 [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
02:04:05.0633 4940 tssecsrv - ok
02:04:05.0804 4940 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
02:04:05.0882 4940 TsUsbFlt - ok
02:04:05.0960 4940 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
02:04:06.0054 4940 tunnel - ok
02:04:06.0147 4940 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
02:04:06.0194 4940 uagp35 - ok
02:04:06.0257 4940 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
02:04:06.0272 4940 UBHelper - ok
02:04:06.0350 4940 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
02:04:06.0553 4940 udfs - ok
02:04:06.0600 4940 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
02:04:06.0647 4940 UI0Detect - ok
02:04:06.0709 4940 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
02:04:06.0787 4940 uliagpkx - ok
02:04:06.0865 4940 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
02:04:06.0912 4940 umbus - ok
02:04:06.0943 4940 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
02:04:07.0005 4940 UmPass - ok
02:04:07.0115 4940 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
02:04:07.0146 4940 Updater Service - ok
02:04:07.0208 4940 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
02:04:07.0395 4940 upnphost - ok
02:04:07.0505 4940 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
02:04:07.0567 4940 usbccgp - ok
02:04:07.0614 4940 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
02:04:07.0661 4940 usbcir - ok
02:04:07.0723 4940 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
02:04:07.0754 4940 usbehci - ok
02:04:07.0832 4940 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
02:04:07.0895 4940 usbhub - ok
02:04:07.0973 4940 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
02:04:08.0144 4940 usbohci - ok
02:04:08.0238 4940 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
02:04:08.0300 4940 usbprint - ok
02:04:08.0363 4940 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
02:04:08.0425 4940 usbscan - ok
02:04:08.0565 4940 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:04:08.0815 4940 USBSTOR - ok
02:04:08.0955 4940 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
02:04:09.0548 4940 usbuhci - ok
02:04:09.0657 4940 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
02:04:09.0704 4940 usbvideo - ok
02:04:09.0735 4940 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
02:04:09.0969 4940 UxSms - ok
02:04:10.0016 4940 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
02:04:10.0032 4940 VaultSvc - ok
02:04:10.0094 4940 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
02:04:10.0110 4940 vdrvroot - ok
02:04:10.0188 4940 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
02:04:10.0328 4940 vds - ok
02:04:10.0406 4940 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
02:04:10.0437 4940 vga - ok
02:04:10.0484 4940 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
02:04:10.0625 4940 VgaSave - ok
02:04:10.0671 4940 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
02:04:10.0781 4940 vhdmp - ok
02:04:10.0968 4940 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
02:04:11.0217 4940 viaide - ok
02:04:11.0327 4940 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
02:04:11.0358 4940 volmgr - ok
02:04:11.0561 4940 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
02:04:11.0592 4940 volmgrx - ok
02:04:11.0701 4940 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
02:04:11.0748 4940 volsnap - ok
02:04:11.0779 4940 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
02:04:11.0841 4940 vsmraid - ok
02:04:11.0982 4940 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
02:04:12.0341 4940 VSS - ok
02:04:12.0419 4940 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
02:04:12.0590 4940 vwifibus - ok
02:04:12.0606 4940 [ 6A3D66263414FF0D6FA754C646612F3F ] VWiFiFlt C:\Windows\system32\DRIVERS\vwififlt.sys
02:04:12.0715 4940 VWiFiFlt - ok
02:04:12.0762 4940 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
02:04:12.0918 4940 W32Time - ok
02:04:12.0996 4940 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
02:04:13.0027 4940 WacomPen - ok
02:04:13.0105 4940 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
02:04:13.0245 4940 WANARP - ok
02:04:13.0245 4940 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
02:04:13.0308 4940 Wanarpv6 - ok
02:04:13.0511 4940 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
02:04:13.0589 4940 WatAdminSvc - ok
02:04:13.0698 4940 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
02:04:14.0135 4940 wbengine - ok
02:04:14.0181 4940 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
02:04:14.0384 4940 WbioSrvc - ok
02:04:14.0493 4940 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
02:04:14.0681 4940 wcncsvc - ok
02:04:14.0712 4940 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
02:04:14.0790 4940 WcsPlugInService - ok
02:04:14.0883 4940 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
02:04:14.0915 4940 Wd - ok
02:04:15.0024 4940 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
02:04:15.0086 4940 Wdf01000 - ok
02:04:15.0117 4940 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
02:04:15.0211 4940 WdiServiceHost - ok
02:04:15.0211 4940 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
02:04:15.0242 4940 WdiSystemHost - ok
02:04:15.0305 4940 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
02:04:15.0429 4940 WebClient - ok
02:04:15.0476 4940 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
02:04:15.0819 4940 Wecsvc - ok
02:04:15.0851 4940 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
02:04:15.0944 4940 wercplsupport - ok
02:04:15.0975 4940 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
02:04:16.0038 4940 WerSvc - ok
02:04:16.0131 4940 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
02:04:16.0256 4940 WfpLwf - ok
02:04:16.0303 4940 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
02:04:16.0350 4940 WIMMount - ok
02:04:16.0475 4940 [ A6EA7A3FC4B00F48535B506DB1E86EFD ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
02:04:16.0537 4940 winachsf - ok
02:04:16.0631 4940 WinDefend - ok
02:04:16.0631 4940 WinHttpAutoProxySvc - ok
02:04:16.0724 4940 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
02:04:16.0865 4940 Winmgmt - ok
02:04:17.0005 4940 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
02:04:17.0379 4940 WinRM - ok
02:04:17.0473 4940 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
02:04:17.0567 4940 WinUsb - ok
02:04:17.0707 4940 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
02:04:17.0879 4940 Wlansvc - ok
02:04:18.0113 4940 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:04:18.0175 4940 wlidsvc - ok
02:04:18.0222 4940 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
02:04:18.0237 4940 WmiAcpi - ok
02:04:18.0284 4940 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
02:04:18.0487 4940 wmiApSrv - ok
02:04:18.0565 4940 WMPNetworkSvc - ok
02:04:18.0581 4940 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
02:04:18.0627 4940 WPCSvc - ok
02:04:18.0690 4940 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
02:04:18.0752 4940 WPDBusEnum - ok
02:04:18.0799 4940 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
02:04:18.0877 4940 ws2ifsl - ok
02:04:18.0955 4940 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
02:04:19.0002 4940 wscsvc - ok
02:04:19.0127 4940 [ 8D918B1DB190A4D9B1

 

[travis]

Kuttus,
I'm pasting in the TSDDKILLER log from the C: drive again to make sure all of it is there.

01:59:52.0107 0392 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
01:59:52.0497 0392 ============================================================
01:59:52.0497 0392 Current date / time: 2013/11/13 01:59:52.0497
01:59:52.0497 0392 SystemInfo:
01:59:52.0497 0392
01:59:52.0497 0392 OS Version: 6.1.7601 ServicePack: 1.0
01:59:52.0497 0392 Product type: Workstation
01:59:52.0497 0392 ComputerName: OWNER-PC
01:59:52.0497 0392 UserName: Owner
01:59:52.0497 0392 Windows directory: C:\Windows
01:59:52.0497 0392 System windows directory: C:\Windows
01:59:52.0497 0392 Running under WOW64
01:59:52.0497 0392 Processor architecture: Intel x64
01:59:52.0497 0392 Number of processors: 2
01:59:52.0497 0392 Page size: 0x1000
01:59:52.0497 0392 Boot type: Normal boot
01:59:52.0497 0392 ============================================================
02:02:21.0456 0392 BG loaded
02:02:32.0844 0392 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:02:32.0859 0392 Drive \Device\Harddisk1\DR1 - Size: 0x7520000 (0.11 Gb), SectorSize: 0x200, Cylinders: 0xE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
02:02:32.0859 0392 ============================================================
02:02:32.0859 0392 \Device\Harddisk0\DR0:
02:02:32.0859 0392 MBR partitions:
02:02:32.0859 0392 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD
02:02:32.0859 0392 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x38B50904
02:02:32.0859 0392 \Device\Harddisk1\DR1:
02:02:32.0859 0392 MBR partitions:
02:02:32.0859 0392 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x2, BlocksNum 0x3A8FD
02:02:32.0859 0392 ============================================================
02:02:33.0156 0392 C: <-> \Device\Harddisk0\DR0\Partition2
02:02:33.0156 0392 ============================================================
02:02:33.0156 0392 Initialize success
02:02:33.0156 0392 ============================================================
02:02:55.0183 4940 ============================================================
02:02:55.0183 4940 Scan started
02:02:55.0183 4940 Mode: Manual; SigCheck; TDLFS;
02:02:55.0183 4940 ============================================================
02:02:56.0946 4940 ================ Scan system memory ========================
02:02:56.0946 4940 System memory - ok
02:02:56.0946 4940 ================ Scan services =============================
02:02:57.0336 4940 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
02:02:57.0554 4940 1394ohci - ok
02:02:57.0788 4940 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
02:02:57.0819 4940 ACPI - ok
02:02:57.0913 4940 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
02:02:58.0100 4940 AcpiPmi - ok
02:02:58.0319 4940 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
02:02:58.0350 4940 AdobeARMservice - ok
02:02:58.0615 4940 [ A283108E14F3970432C21AF4C0CB1BCE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
02:02:59.0021 4940 AdobeFlashPlayerUpdateSvc - ok
02:02:59.0130 4940 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
02:02:59.0208 4940 adp94xx - ok
02:02:59.0255 4940 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
02:02:59.0317 4940 adpahci - ok
02:02:59.0348 4940 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
02:02:59.0473 4940 adpu320 - ok
02:02:59.0645 4940 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
02:02:59.0769 4940 AeLookupSvc - ok
02:02:59.0910 4940 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
02:03:00.0003 4940 AFD - ok
02:03:00.0159 4940 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
02:03:00.0191 4940 agp440 - ok
02:03:00.0487 4940 [ BBE9054FDADC8D49D29C5DA4FB84A803 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll
02:03:00.0503 4940 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll. md5: BBE9054FDADC8D49D29C5DA4FB84A803
02:03:00.0503 4940 Akamai ( HiddenFile.Multi.Generic ) - warning
02:03:00.0503 4940 Akamai - detected HiddenFile.Multi.Generic (1)
02:03:00.0549 4940 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
02:03:00.0690 4940 ALG - ok
02:03:00.0768 4940 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
02:03:00.0799 4940 aliide - ok
02:03:00.0830 4940 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
02:03:00.0861 4940 amdide - ok
02:03:00.0893 4940 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
02:03:01.0095 4940 AmdK8 - ok
02:03:01.0173 4940 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
02:03:01.0267 4940 AmdPPM - ok
02:03:01.0361 4940 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
02:03:01.0407 4940 amdsata - ok
02:03:01.0563 4940 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
02:03:01.0626 4940 amdsbs - ok
02:03:01.0673 4940 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
02:03:01.0688 4940 amdxata - ok
02:03:01.0751 4940 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
02:03:01.0985 4940 AppID - ok
02:03:02.0031 4940 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
02:03:02.0156 4940 AppIDSvc - ok
02:03:02.0219 4940 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
02:03:02.0343 4940 Appinfo - ok
02:03:02.0390 4940 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
02:03:02.0437 4940 arc - ok
02:03:02.0453 4940 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
02:03:02.0499 4940 arcsas - ok
02:03:02.0531 4940 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
02:03:02.0765 4940 AsyncMac - ok
02:03:02.0858 4940 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
02:03:02.0874 4940 atapi - ok
02:03:03.0092 4940 [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag C:\Windows\system32\drivers\atikmdag.sys
02:03:03.0888 4940 atikmdag - ok
02:03:04.0137 4940 [ F50B40AC2E465A245733306EBF8EBC8B ] ATTRcAppSvc C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe
02:03:04.0169 4940 ATTRcAppSvc - ok
02:03:04.0215 4940 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
02:03:04.0356 4940 AudioEndpointBuilder - ok
02:03:04.0403 4940 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
02:03:04.0465 4940 AudioSrv - ok
02:03:04.0527 4940 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
02:03:04.0621 4940 AxInstSV - ok
02:03:04.0715 4940 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
02:03:04.0824 4940 b06bdrv - ok
02:03:04.0855 4940 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
02:03:04.0980 4940 b57nd60a - ok
02:03:05.0011 4940 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
02:03:05.0401 4940 BDESVC - ok
02:03:05.0557 4940 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
02:03:05.0760 4940 Beep - ok
02:03:05.0822 4940 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
02:03:05.0916 4940 BFE - ok
02:03:06.0025 4940 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
02:03:06.0197 4940 BITS - ok
02:03:06.0399 4940 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
02:03:06.0493 4940 blbdrive - ok
02:03:06.0602 4940 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
02:03:06.0649 4940 bowser - ok
02:03:06.0665 4940 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:03:06.0758 4940 BrFiltLo - ok
02:03:06.0774 4940 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:03:06.0821 4940 BrFiltUp - ok
02:03:06.0867 4940 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
02:03:06.0961 4940 Browser - ok
02:03:06.0992 4940 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
02:03:07.0195 4940 Brserid - ok
02:03:07.0226 4940 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
02:03:07.0273 4940 BrSerWdm - ok
02:03:07.0289 4940 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
02:03:07.0382 4940 BrUsbMdm - ok
02:03:07.0398 4940 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
02:03:07.0460 4940 BrUsbSer - ok
02:03:07.0476 4940 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
02:03:07.0616 4940 BTHMODEM - ok
02:03:07.0679 4940 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
02:03:07.0803 4940 bthserv - ok
02:03:07.0819 4940 [ C8387002ED85939A4FA403032136EE3C ] CAATT C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe
02:03:07.0850 4940 CAATT - ok
02:03:07.0897 4940 [ D1787E11C6A0078DDEAF8CF3EE2AB293 ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys
02:03:08.0162 4940 CAXHWAZL - ok
02:03:08.0256 4940 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
02:03:08.0365 4940 cdfs - ok
02:03:08.0521 4940 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
02:03:08.0630 4940 cdrom - ok
02:03:08.0771 4940 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
02:03:08.0880 4940 CertPropSvc - ok
02:03:08.0958 4940 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
02:03:09.0051 4940 circlass - ok
02:03:09.0129 4940 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
02:03:09.0161 4940 CLFS - ok
02:03:09.0363 4940 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:03:09.0457 4940 clr_optimization_v2.0.50727_32 - ok
02:03:09.0691 4940 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:03:09.0769 4940 clr_optimization_v2.0.50727_64 - ok
02:03:09.0972 4940 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:03:10.0050 4940 clr_optimization_v4.0.30319_32 - ok
02:03:10.0206 4940 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:03:10.0221 4940 clr_optimization_v4.0.30319_64 - ok
02:03:10.0331 4940 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
02:03:10.0502 4940 CmBatt - ok
02:03:10.0689 4940 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
02:03:10.0721 4940 cmdide - ok
02:03:10.0939 4940 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
02:03:10.0986 4940 CNG - ok
02:03:11.0204 4940 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
02:03:11.0220 4940 Compbatt - ok
02:03:11.0298 4940 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
02:03:11.0407 4940 CompositeBus - ok
02:03:11.0407 4940 COMSysApp - ok
02:03:11.0485 4940 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
02:03:11.0516 4940 crcdisk - ok
02:03:11.0563 4940 [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc C:\Windows\system32\cryptsvc.dll
02:03:11.0625 4940 CryptSvc - ok
02:03:11.0719 4940 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
02:03:11.0875 4940 DcomLaunch - ok
02:03:11.0969 4940 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
02:03:12.0203 4940 defragsvc - ok
02:03:12.0343 4940 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
02:03:12.0452 4940 DfsC - ok
02:03:12.0530 4940 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
02:03:12.0639 4940 Dhcp - ok
02:03:12.0717 4940 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
02:03:12.0858 4940 discache - ok
02:03:12.0920 4940 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
02:03:12.0967 4940 Disk - ok
02:03:13.0232 4940 [ D5BCB77BE83CF99F508943945D46343D ] DKbFltr C:\Windows\SysWOW64\Drivers\DKbFltr.sys
02:03:13.0263 4940 DKbFltr - ok
02:03:13.0373 4940 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
02:03:13.0513 4940 Dnscache - ok
02:03:13.0622 4940 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
02:03:13.0794 4940 dot3svc - ok
02:03:13.0919 4940 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
02:03:14.0075 4940 DPS - ok
02:03:14.0371 4940 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
02:03:14.0496 4940 drmkaud - ok
02:03:14.0683 4940 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
02:03:14.0730 4940 DXGKrnl - ok
02:03:14.0777 4940 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
02:03:14.0917 4940 EapHost - ok
02:03:15.0042 4940 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
02:03:15.0354 4940 ebdrv - ok
02:03:15.0432 4940 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
02:03:15.0525 4940 EFS - ok
02:03:15.0650 4940 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
02:03:15.0853 4940 ehRecvr - ok
02:03:15.0900 4940 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
02:03:15.0993 4940 ehSched - ok
02:03:16.0040 4940 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
02:03:16.0165 4940 elxstor - ok
02:03:16.0274 4940 [ 7C35C6865957289D9EFE6CC73F4AB2E1 ] ePowerSvc C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
02:03:16.0321 4940 ePowerSvc - ok
02:03:16.0602 4940 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
02:03:16.0727 4940 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
02:03:16.0727 4940 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
02:03:16.0773 4940 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
02:03:16.0820 4940 ErrDev - ok
02:03:16.0914 4940 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
02:03:17.0023 4940 EventSystem - ok
02:03:17.0070 4940 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
02:03:17.0210 4940 exfat - ok
02:03:17.0241 4940 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
02:03:17.0335 4940 fastfat - ok
02:03:17.0429 4940 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
02:03:17.0522 4940 Fax - ok
02:03:17.0585 4940 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
02:03:17.0663 4940 fdc - ok
02:03:17.0725 4940 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
02:03:17.0803 4940 fdPHost - ok
02:03:17.0850 4940 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
02:03:17.0959 4940 FDResPub - ok
02:03:18.0037 4940 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
02:03:18.0068 4940 FileInfo - ok
02:03:18.0162 4940 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
02:03:18.0318 4940 Filetrace - ok
02:03:18.0489 4940 [ A4297244D4F817278A6AE45B1899CA9C ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
02:03:18.0583 4940 FLEXnet Licensing Service 64 - ok
02:03:18.0599 4940 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
02:03:18.0645 4940 flpydisk - ok
02:03:18.0692 4940 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
02:03:18.0723 4940 FltMgr - ok
02:03:18.0848 4940 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
02:03:18.0942 4940 FontCache - ok
02:03:19.0051 4940 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:03:19.0067 4940 FontCache3.0.0.0 - ok
02:03:19.0098 4940 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
02:03:19.0176 4940 FsDepends - ok
02:03:19.0269 4940 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
02:03:19.0285 4940 Fs_Rec - ok
02:03:19.0488 4940 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
02:03:19.0535 4940 fvevol - ok
02:03:19.0581 4940 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
02:03:19.0613 4940 gagp30kx - ok
02:03:19.0769 4940 [ 551D463E4CCEB5240234DA6718C93A44 ] GameConsoleService C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
02:03:19.0800 4940 GameConsoleService - ok
02:03:19.0878 4940 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
02:03:19.0893 4940 GamesAppService - ok
02:03:19.0940 4940 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
02:03:20.0049 4940 gpsvc - ok
02:03:20.0143 4940 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
02:03:20.0205 4940 Greg_Service - ok
02:03:20.0346 4940 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:03:20.0361 4940 gupdate - ok
02:03:20.0424 4940 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:03:20.0439 4940 gupdatem - ok
02:03:20.0502 4940 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
02:03:20.0642 4940 gusvc - ok
02:03:20.0658 4940 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
02:03:20.0892 4940 hcw85cir - ok
02:03:21.0017 4940 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
02:03:21.0126 4940 HdAudAddService - ok
02:03:21.0297 4940 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
02:03:21.0391 4940 HDAudBus - ok
02:03:21.0469 4940 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
02:03:21.0516 4940 HidBatt - ok
02:03:21.0547 4940 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
02:03:21.0656 4940 HidBth - ok
02:03:21.0656 4940 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
02:03:21.0734 4940 HidIr - ok
02:03:21.0781 4940 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
02:03:22.0015 4940 hidserv - ok
02:03:22.0093 4940 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
02:03:22.0171 4940 HidUsb - ok
02:03:22.0358 4940 [ AACD31D9B4129F05ECDE27DE98E6D96A ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe
02:03:22.0374 4940 HitmanProScheduler - ok
02:03:22.0483 4940 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
02:03:22.0826 4940 hkmsvc - ok
02:03:22.0889 4940 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
02:03:22.0982 4940 HomeGroupListener - ok
02:03:23.0060 4940 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
02:03:23.0076 4940 HomeGroupProvider - ok
02:03:23.0169 4940 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
02:03:23.0216 4940 HpSAMD - ok
02:03:23.0263 4940 [ 447256D1C026654C5CD3CC17E7B20631 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll
02:03:23.0435 4940 HsfXAudioService - ok
02:03:23.0513 4940 [ 26C5D00321937E49B6BC91029947D094 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
02:03:23.0684 4940 HSF_DPV - ok
02:03:23.0825 4940 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
02:03:23.0949 4940 HTTP - ok
02:03:24.0105 4940 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
02:03:24.0137 4940 hwpolicy - ok
02:03:24.0168 4940 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
02:03:24.0261 4940 i8042prt - ok
02:03:24.0371 4940 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
02:03:24.0480 4940 iaStorV - ok
02:03:24.0558 4940 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:03:24.0651 4940 idsvc - ok
02:03:25.0073 4940 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
02:03:25.0463 4940 igfx - ok
02:03:25.0509 4940 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
02:03:25.0541 4940 iirsp - ok
02:03:25.0619 4940 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
02:03:25.0884 4940 IKEEXT - ok
02:03:25.0962 4940 [ 0C3CF4B3BAE28E121A1689E3538F8712 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
02:03:26.0024 4940 IntcAzAudAddService - ok
02:03:26.0071 4940 [ D485D3BD3E2179AA86853A182F70699F ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
02:03:26.0165 4940 IntcHdmiAddService - ok
02:03:26.0196 4940 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
02:03:26.0243 4940 intelide - ok
02:03:26.0352 4940 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
02:03:26.0383 4940 intelppm - ok
02:03:26.0461 4940 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
02:03:26.0570 4940 IPBusEnum - ok
02:03:26.0633 4940 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:03:26.0789 4940 IpFilterDriver - ok
02:03:26.0898 4940 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
02:03:26.0929 4940 iphlpsvc - ok
02:03:27.0085 4940 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
02:03:27.0163 4940 IPMIDRV - ok
02:03:27.0194 4940 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
02:03:27.0335 4940 IPNAT - ok
02:03:27.0366 4940 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
02:03:27.0506 4940 IRENUM - ok
02:03:27.0600 4940 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
02:03:27.0693 4940 isapnp - ok
02:03:27.0756 4940 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
02:03:27.0943 4940 iScsiPrt - ok
02:03:28.0068 4940 [ 08DD34F74D65E1C8F238565570952630 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
02:03:28.0099 4940 k57nd60a - ok
02:03:28.0193 4940 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
02:03:28.0302 4940 kbdclass - ok
02:03:28.0395 4940 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
02:03:28.0489 4940 kbdhid - ok
02:03:28.0520 4940 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
02:03:28.0551 4940 KeyIso - ok
02:03:28.0614 4940 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
02:03:28.0629 4940 KSecDD - ok
02:03:28.0676 4940 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
02:03:28.0707 4940 KSecPkg - ok
02:03:28.0770 4940 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
02:03:28.0910 4940 ksthunk - ok
02:03:28.0941 4940 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
02:03:29.0082 4940 KtmRm - ok
02:03:29.0285 4940 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
02:03:29.0409 4940 LanmanServer - ok
02:03:29.0519 4940 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
02:03:29.0815 4940 LanmanWorkstation - ok
02:03:30.0065 4940 [ 549B88970B3CFD211A354A016EDF766E ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
02:03:30.0111 4940 LeapFrog Connect Device Service - ok
02:03:30.0127 4940 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
02:03:30.0283 4940 lltdio - ok
02:03:30.0408 4940 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
02:03:30.0829 4940 lltdsvc - ok
02:03:30.0860 4940 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
02:03:30.0954 4940 lmhosts - ok
02:03:31.0001 4940 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
02:03:31.0032 4940 LSI_FC - ok
02:03:31.0079 4940 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
02:03:31.0188 4940 LSI_SAS - ok
02:03:31.0219 4940 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:03:31.0266 4940 LSI_SAS2 - ok
02:03:31.0313 4940 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:03:31.0359 4940 LSI_SCSI - ok
02:03:31.0406 4940 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
02:03:31.0515 4940 luafv - ok
02:03:31.0562 4940 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
02:03:31.0640 4940 Mcx2Svc - ok
02:03:31.0687 4940 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
02:03:31.0827 4940 mdmxsdk - ok
02:03:31.0859 4940 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
02:03:31.0952 4940 megasas - ok
02:03:31.0983 4940 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
02:03:32.0077 4940 MegaSR - ok
02:03:32.0124 4940 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
02:03:32.0249 4940 MMCSS - ok
02:03:32.0311 4940 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
02:03:32.0483 4940 Modem - ok
02:03:32.0561 4940 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
02:03:32.0607 4940 monitor - ok
02:03:32.0639 4940 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
02:03:32.0685 4940 mouclass - ok
02:03:32.0748 4940 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
02:03:32.0888 4940 mouhid - ok
02:03:32.0919 4940 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
02:03:32.0966 4940 mountmgr - ok
02:03:33.0075 4940 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
02:03:33.0107 4940 MpFilter - ok
02:03:33.0247 4940 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
02:03:33.0325 4940 mpio - ok
02:03:33.0372 4940 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
02:03:33.0465 4940 mpsdrv - ok
02:03:33.0543 4940 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
02:03:33.0668 4940 MpsSvc - ok
02:03:33.0715 4940 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
02:03:33.0871 4940 MRxDAV - ok
02:03:33.0965 4940 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
02:03:34.0027 4940 mrxsmb - ok
02:03:34.0089 4940 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:03:34.0136 4940 mrxsmb10 - ok
02:03:34.0167 4940 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:03:34.0199 4940 mrxsmb20 - ok
02:03:34.0308 4940 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
02:03:34.0323 4940 msahci - ok
02:03:34.0386 4940 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
02:03:34.0448 4940 msdsm - ok
02:03:34.0495 4940 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
02:03:34.0589 4940 MSDTC - ok
02:03:34.0651 4940 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
02:03:34.0729 4940 Msfs - ok
02:03:34.0745 4940 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
02:03:34.0823 4940 mshidkmdf - ok
02:03:34.0963 4940 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
02:03:34.0979 4940 msisadrv - ok
02:03:35.0025 4940 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
02:03:35.0213 4940 MSiSCSI - ok
02:03:35.0213 4940 msiserver - ok
02:03:35.0244 4940 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
02:03:35.0337 4940 MSKSSRV - ok
02:03:35.0509 4940 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
02:03:35.0525 4940 MsMpSvc - ok
02:03:35.0556 4940 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
02:03:35.0681 4940 MSPCLOCK - ok
02:03:35.0727 4940 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
02:03:35.0821 4940 MSPQM - ok
02:03:35.0868 4940 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
02:03:35.0899 4940 MsRPC - ok
02:03:36.0086 4940 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
02:03:36.0117 4940 mssmbios - ok
02:03:36.0149 4940 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
02:03:36.0258 4940 MSTEE - ok
02:03:36.0289 4940 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
02:03:36.0336 4940 MTConfig - ok
02:03:36.0367 4940 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
02:03:36.0383 4940 Mup - ok
02:03:36.0445 4940 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
02:03:36.0570 4940 napagent - ok
02:03:36.0617 4940 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
02:03:36.0710 4940 NativeWifiP - ok
02:03:36.0804 4940 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
02:03:36.0882 4940 NDIS - ok
02:03:36.0944 4940 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
02:03:37.0069 4940 NdisCap - ok
02:03:37.0116 4940 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
02:03:37.0209 4940 NdisTapi - ok
02:03:37.0256 4940 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
02:03:37.0381 4940 Ndisuio - ok
02:03:37.0443 4940 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
02:03:37.0537 4940 NdisWan - ok
02:03:37.0677 4940 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
02:03:37.0833 4940 NDProxy - ok
02:03:37.0989 4940 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
02:03:38.0114 4940 NetBIOS - ok
02:03:38.0255 4940 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
02:03:38.0364 4940 NetBT - ok
02:03:38.0426 4940 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
02:03:38.0457 4940 Netlogon - ok
02:03:38.0551 4940 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
02:03:38.0629 4940 Netman - ok
02:03:38.0676 4940 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
02:03:38.0785 4940 netprofm - ok
02:03:38.0816 4940 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:03:38.0941 4940 NetTcpPortSharing - ok
02:03:39.0331 4940 [ 39EDE676D17F37AF4573C2B33EC28ACA ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
02:03:39.0627 4940 NETw5s64 - ok
02:03:39.0908 4940 [ 705283C02177809CA9FA7CC58A4F1E77 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
02:03:40.0454 4940 netw5v64 - ok
02:03:40.0517 4940 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
02:03:40.0548 4940 nfrd960 - ok
02:03:40.0610 4940 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
02:03:40.0641 4940 NisDrv - ok
02:03:40.0782 4940 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
02:03:40.0813 4940 NisSrv - ok
02:03:40.0844 4940 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
02:03:40.0938 4940 NlaSvc - ok
02:03:40.0969 4940 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
02:03:41.0047 4940 Npfs - ok
02:03:41.0125 4940 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
02:03:41.0219 4940 nsi - ok
02:03:41.0234 4940 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
02:03:41.0312 4940 nsiproxy - ok
02:03:41.0499 4940 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
02:03:41.0624 4940 Ntfs - ok
02:03:41.0796 4940 [ 70E3EB0CEF795D348F05E5A9B115F491 ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
02:03:41.0811 4940 NTI IScheduleSvc - ok
02:03:41.0905 4940 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
02:03:41.0921 4940 NTIDrvr - ok
02:03:42.0045 4940 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
02:03:42.0155 4940 Null - ok
02:03:42.0233 4940 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
02:03:42.0435 4940 nvraid - ok
02:03:42.0498 4940 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
02:03:42.0576 4940 nvstor - ok
02:03:42.0654 4940 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
02:03:42.0701 4940 nv_agp - ok
02:03:42.0888 4940 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:03:42.0919 4940 odserv - ok
02:03:42.0950 4940 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
02:03:42.0997 4940 ohci1394 - ok
02:03:43.0106 4940 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:03:43.0137 4940 ose - ok
02:03:43.0387 4940 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
02:03:45.0072 4940 osppsvc - ok
02:03:45.0165 4940 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
02:03:45.0197 4940 p2pimsvc - ok
02:03:45.0228 4940 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
02:03:45.0321 4940 p2psvc - ok
02:03:45.0353 4940 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
02:03:45.0399 4940 Parport - ok
02:03:45.0446 4940 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
02:03:45.0477 4940 partmgr - ok
02:03:45.0711 4940 [ 9665402B7FA59302D520AD845DDFC026 ] Partner Service C:\ProgramData\Partner\Partner.exe
02:03:45.0727 4940 Partner Service - ok
02:03:45.0774 4940 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
02:03:45.0852 4940 PcaSvc - ok
02:03:45.0930 4940 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
02:03:45.0961 4940 pci - ok
02:03:46.0008 4940 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
02:03:46.0164 4940 pciide - ok
02:03:46.0257 4940 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
02:03:46.0320 4940 pcmcia - ok
02:03:46.0460 4940 [ B5D3C24E4EA8E6D4850E83DAD8C510D4 ] PCTINDIS5X64 C:\Windows\system32\PCTINDIS5X64.SYS
02:03:46.0491 4940 PCTINDIS5X64 - ok
02:03:46.0538 4940 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
02:03:46.0569 4940 pcw - ok
02:03:46.0601 4940 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
02:03:46.0694 4940 PEAUTH - ok
02:03:46.0897 4940 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
02:03:46.0991 4940 PerfHost - ok
02:03:47.0100 4940 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
02:03:47.0318 4940 pla - ok
02:03:47.0349 4940 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
02:03:47.0396 4940 PlugPlay - ok
02:03:47.0459 4940 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
02:03:47.0552 4940 PNRPAutoReg - ok
02:03:47.0615 4940 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
02:03:47.0646 4940 PNRPsvc - ok
02:03:47.0693 4940 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
02:03:47.0849 4940 PolicyAgent - ok
02:03:47.0911 4940 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
02:03:48.0051 4940 Power - ok
02:03:48.0145 4940 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
02:03:48.0363 4940 PptpMiniport - ok
02:03:48.0395 4940 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
02:03:48.0441 4940 Processor - ok
02:03:48.0488 4940 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
02:03:48.0597 4940 ProfSvc - ok
02:03:48.0613 4940 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
02:03:48.0644 4940 ProtectedStorage - ok
02:03:48.0707 4940 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
02:03:48.0785 4940 Psched - ok
02:03:48.0878 4940 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
02:03:49.0050 4940 ql2300 - ok
02:03:49.0081 4940 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
02:03:49.0175 4940 ql40xx - ok
02:03:49.0221 4940 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
02:03:49.0362 4940 QWAVE - ok
02:03:49.0393 4940 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
02:03:49.0455 4940 QWAVEdrv - ok
02:03:49.0518 4940 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
02:03:49.0611 4940 RasAcd - ok
02:03:49.0658 4940 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
02:03:49.0752 4940 RasAgileVpn - ok
02:03:49.0767 4940 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
02:03:49.0892 4940 RasAuto - ok
02:03:49.0970 4940 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
02:03:50.0111 4940 Rasl2tp - ok
02:03:50.0173 4940 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
02:03:50.0423 4940 RasMan - ok
02:03:50.0532 4940 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
02:03:50.0625 4940 RasPppoe - ok
02:03:50.0688 4940 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
02:03:50.0813 4940 RasSstp - ok
02:03:50.0875 4940 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
02:03:51.0015 4940 rdbss - ok
02:03:51.0047 4940 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
02:03:51.0109 4940 rdpbus - ok
02:03:51.0125 4940 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
02:03:51.0234 4940 RDPCDD - ok
02:03:51.0249 4940 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
02:03:51.0343 4940 RDPENCDD - ok
02:03:51.0437 4940 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
02:03:51.0515 4940 RDPREFMP - ok
02:03:51.0561 4940 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
02:03:51.0702 4940 RDPWD - ok
02:03:51.0827 4940 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
02:03:51.0858 4940 rdyboost - ok
02:03:51.0905 4940 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
02:03:52.0045 4940 RemoteAccess - ok
02:03:52.0076 4940 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
02:03:52.0248 4940 RemoteRegistry - ok
02:03:52.0357 4940 [ C903D49655B4AAE46673F0AAA6BE0F58 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
02:03:52.0451 4940 RimVSerPort - ok
02:03:52.0529 4940 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
02:03:52.0622 4940 ROOTMODEM - ok
02:03:52.0653 4940 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
02:03:52.0841 4940 RpcEptMapper - ok
02:03:52.0856 4940 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
02:03:52.0934 4940 RpcLocator - ok
02:03:52.0981 4940 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
02:03:53.0059 4940 RpcSs - ok
02:03:53.0153 4940 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
02:03:53.0262 4940 rspndr - ok
02:03:53.0387 4940 [ FB39AF63D6617F028BA0EBC21B83360D ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
02:03:53.0480 4940 RSUSBSTOR - ok
02:03:53.0558 4940 [ 7421A35C45484B95E83B5E9E107CEFC2 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
02:03:53.0589 4940 RTHDMIAzAudService - ok
02:03:53.0652 4940 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
02:03:53.0667 4940 SamSs - ok
02:03:53.0714 4940 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
02:03:53.0761 4940 sbp2port - ok
02:03:53.0792 4940 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
02:03:53.0979 4940 SCardSvr - ok
02:03:54.0011 4940 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
02:03:54.0135 4940 scfilter - ok
02:03:54.0182 4940 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
02:03:54.0369 4940 Schedule - ok
02:03:54.0416 4940 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
02:03:54.0479 4940 SCPolicySvc - ok
02:03:54.0510 4940 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
02:03:54.0650 4940 SDRSVC - ok
02:03:54.0666 4940 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
02:03:54.0759 4940 secdrv - ok
02:03:54.0837 4940 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
02:03:54.0931 4940 seclogon - ok
02:03:55.0071 4940 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
02:03:55.0165 4940 SENS - ok
02:03:55.0212 4940 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
02:03:55.0290 4940 SensrSvc - ok
02:03:55.0305 4940 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
02:03:55.0368 4940 Serenum - ok
02:03:55.0399 4940 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
02:03:55.0446 4940 Serial - ok
02:03:55.0508 4940 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
02:03:55.0571 4940 sermouse - ok
02:03:55.0649 4940 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
02:03:55.0758 4940 SessionEnv - ok
02:03:55.0805 4940 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
02:03:55.0867 4940 sffdisk - ok
02:03:55.0914 4940 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
02:03:55.0976 4940 sffp_mmc - ok
02:03:56.0023 4940 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
02:03:56.0148 4940 sffp_sd - ok
02:03:56.0179 4940 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
02:03:56.0210 4940 sfloppy - ok
02:03:56.0288 4940 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
02:03:56.0538 4940 SharedAccess - ok
02:03:56.0616 4940 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
02:03:56.0803 4940 ShellHWDetection - ok
02:03:56.0897 4940 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:03:56.0943 4940 SiSRaid2 - ok
02:03:56.0990 4940 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
02:03:57.0037 4940 SiSRaid4 - ok
02:03:57.0162 4940 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
02:03:57.0177 4940 SkypeUpdate - ok
02:03:57.0240 4940 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
02:03:57.0349 4940 Smb - ok
02:03:57.0489 4940 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
02:03:57.0552 4940 SNMPTRAP - ok
02:03:57.0583 4940 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
02:03:57.0599 4940 spldr - ok
02:03:57.0692 4940 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
02:03:57.0770 4940 Spooler - ok
02:03:57.0957 4940 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
02:03:58.0082 4940 sppsvc - ok
02:03:58.0129 4940 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
02:03:58.0269 4940 sppuinotify - ok
02:03:58.0425 4940 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
02:03:58.0488 4940 srv - ok
02:03:58.0628 4940 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
02:03:58.0675 4940 srv2 - ok
02:03:58.0769 4940 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
02:03:58.0893 4940 SrvHsfHDA - ok
02:03:58.0956 4940 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
02:03:59.0174 4940 SrvHsfV92 - ok
02:03:59.0268 4940 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
02:03:59.0517 4940 SrvHsfWinac - ok
02:03:59.0595 4940 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
02:03:59.0658 4940 srvnet - ok
02:03:59.0720 4940 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
02:03:59.0814 4940 SSDPSRV - ok
02:03:59.0845 4940 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
02:03:59.0939 4940 SstpSvc - ok
02:03:59.0985 4940 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
02:04:00.0032 4940 stexstor - ok
02:04:00.0095 4940 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
02:04:00.0204 4940 stisvc - ok
02:04:00.0329 4940 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
02:04:00.0375 4940 swenum - ok
02:04:00.0578 4940 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
02:04:00.0609 4940 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
02:04:00.0609 4940 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
02:04:00.0750 4940 [ C03779EC476F8F30A9CFCDE046BA6B28 ] swmsflt C:\Windows\system32\DRIVERS\swmsflt.sys
02:04:00.0765 4940 swmsflt - ok
02:04:00.0906 4940 [ 808CB62212DD7A934074ED65D3106948 ] SWNC8UA3 C:\Windows\system32\DRIVERS\swnc8ua3.sys
02:04:01.0031 4940 SWNC8UA3 - ok
02:04:01.0093 4940 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
02:04:01.0389 4940 swprv - ok
02:04:01.0623 4940 [ DF3F437A890A77CCE5E3FD7B7BB93585 ] SWUMXA3 C:\Windows\system32\DRIVERS\swumxa3.sys
02:04:01.0779 4940 SWUMXA3 - ok
02:04:01.0842 4940 [ BCF305959B53B200CEB2AD25AD22F8A7 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
02:04:01.0873 4940 SynTP - ok
02:04:01.0982 4940 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
02:04:02.0216 4940 SysMain - ok
02:04:02.0310 4940 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
02:04:02.0388 4940 TabletInputService - ok
02:04:02.0466 4940 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
02:04:02.0669 4940 TapiSrv - ok
02:04:02.0700 4940 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
02:04:02.0793 4940 TBS - ok
02:04:03.0012 4940 [ DB74544B75566C974815E79A62433F29 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
02:04:03.0137 4940 Tcpip - ok
02:04:03.0261 4940 [ DB74544B75566C974815E79A62433F29 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
02:04:03.0324 4940 TCPIP6 - ok
02:04:03.0417 4940 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
02:04:03.0464 4940 tcpipreg - ok
02:04:03.0558 4940 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
02:04:03.0636 4940 TDPIPE - ok
02:04:03.0714 4940 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
02:04:03.0745 4940 TDTCP - ok
02:04:03.0823 4940 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
02:04:03.0979 4940 tdx - ok
02:04:04.0104 4940 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
02:04:04.0182 4940 TermDD - ok
02:04:04.0260 4940 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
02:04:04.0525 4940 TermService - ok
02:04:04.0572 4940 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
02:04:04.0650 4940 Themes - ok
02:04:04.0697 4940 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
02:04:04.0759 4940 THREADORDER - ok
02:04:04.0806 4940 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
02:04:04.0899 4940 TrkWks - ok
02:04:05.0102 4940 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
02:04:05.0243 4940 TrustedInstaller - ok
02:04:05.0399 4940 [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
02:04:05.0633 4940 tssecsrv - ok
02:04:05.0804 4940 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
02:04:05.0882 4940 TsUsbFlt - ok
02:04:05.0960 4940 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
02:04:06.0054 4940 tunnel - ok
02:04:06.0147 4940 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
02:04:06.0194 4940 uagp35 - ok
02:04:06.0257 4940 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
02:04:06.0272 4940 UBHelper - ok
02:04:06.0350 4940 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
02:04:06.0553 4940 udfs - ok
02:04:06.0600 4940 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
02:04:06.0647 4940 UI0Detect - ok
02:04:06.0709 4940 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
02:04:06.0787 4940 uliagpkx - ok
02:04:06.0865 4940 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
02:04:06.0912 4940 umbus - ok
02:04:06.0943 4940 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
02:04:07.0005 4940 UmPass - ok
02:04:07.0115 4940 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
02:04:07.0146 4940 Updater Service - ok
02:04:07.0208 4940 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
02:04:07.0395 4940 upnphost - ok
02:04:07.0505 4940 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
02:04:07.0567 4940 usbccgp - ok
02:04:07.0614 4940 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
02:04:07.0661 4940 usbcir - ok
02:04:07.0723 4940 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
02:04:07.0754 4940 usbehci - ok
02:04:07.0832 4940 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
02:04:07.0895 4940 usbhub - ok
02:04:07.0973 4940 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
02:04:08.0144 4940 usbohci - ok
02:04:08.0238 4940 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
02:04:08.0300 4940 usbprint - ok
02:04:08.0363 4940 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
02:04:08.0425 4940 usbscan - ok
02:04:08.0565 4940 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:04:08.0815 4940 USBSTOR - ok
02:04:08.0955 4940 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
02:04:09.0548 4940 usbuhci - ok
02:04:09.0657 4940 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
02:04:09.0704 4940 usbvideo - ok
02:04:09.0735 4940 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
02:04:09.0969 4940 UxSms - ok
02:04:10.0016 4940 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
02:04:10.0032 4940 VaultSvc - ok
02:04:10.0094 4940 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
02:04:10.0110 4940 vdrvroot - ok
02:04:10.0188 4940 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
02:04:10.0328 4940 vds - ok
02:04:10.0406 4940 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
02:04:10.0437 4940 vga - ok
02:04:10.0484 4940 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
02:04:10.0625 4940 VgaSave - ok
02:04:10.0671 4940 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
02:04:10.0781 4940 vhdmp - ok
02:04:10.0968 4940 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
02:04:11.0217 4940 viaide - ok
02:04:11.0327 4940 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
02:04:11.0358 4940 volmgr - ok
02:04:11.0561 4940 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
02:04:11.0592 4940 volmgrx - ok
02:04:11.0701 4940 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
02:04:11.0748 4940 volsnap - ok
02:04:11.0779 4940 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
02:04:11.0841 4940 vsmraid - ok
02:04:11.0982 4940 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
02:04:12.0341 4940 VSS - ok
02:04:12.0419 4940 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
02:04:12.0590 4940 vwifibus - ok
02:04:12.0606 4940 [ 6A3D66263414FF0D6FA754C646612F3F ] VWiFiFlt C:\Windows\system32\DRIVERS\vwififlt.sys
02:04:12.0715 4940 VWiFiFlt - ok
02:04:12.0762 4940 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
02:04:12.0918 4940 W32Time - ok
02:04:12.0996 4940 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
02:04:13.0027 4940 WacomPen - ok
02:04:13.0105 4940 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
02:04:13.0245 4940 WANARP - ok
02:04:13.0245 4940 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
02:04:13.0308 4940 Wanarpv6 - ok
02:04:13.0511 4940 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
02:04:13.0589 4940 WatAdminSvc - ok
02:04:13.0698 4940 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
02:04:14.0135 4940 wbengine - ok
02:04:14.0181 4940 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
02:04:14.0384 4940 WbioSrvc - ok
02:04:14.0493 4940 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
02:04:14.0681 4940 wcncsvc - ok
02:04:14.0712 4940 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
02:04:14.0790 4940 WcsPlugInService - ok
02:04:14.0883 4940 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
02:04:14.0915 4940 Wd - ok
02:04:15.0024 4940 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
02:04:15.0086 4940 Wdf01000 - ok
02:04:15.0117 4940 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
02:04:15.0211 4940 WdiServiceHost - ok
02:04:15.0211 4940 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
02:04:15.0242 4940 WdiSystemHost - ok
02:04:15.0305 4940 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
02:04:15.0429 4940 WebClient - ok
02:04:15.0476 4940 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
02:04:15.0819 4940 Wecsvc - ok
02:04:15.0851 4940 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
02:04:15.0944 4940 wercplsupport - ok
02:04:15.0975 4940 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
02:04:16.0038 4940 WerSvc - ok
02:04:16.0131 4940 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
02:04:16.0256 4940 WfpLwf - ok
02:04:16.0303 4940 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
02:04:16.0350 4940 WIMMount - ok
02:04:16.0475 4940 [ A6EA7A3FC4B00F48535B506DB1E86EFD ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
02:04:16.0537 4940 winachsf - ok
02:04:16.0631 4940 WinDefend - ok
02:04:16.0631 4940 WinHttpAutoProxySvc - ok
02:04:16.0724 4940 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
02:04:16.0865 4940 Winmgmt - ok
02:04:17.0005 4940 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
02:04:17.0379 4940 WinRM - ok
02:04:17.0473 4940 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
02:04:17.0567 4940 WinUsb - ok
02:04:17.0707 4940 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
02:04:17.0879 4940 Wlansvc - ok
02:04:18.0113 4940 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:04:18.0175 4940 wlidsvc - ok
02:04:18.0222 4940 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
02:04:18.0237 4940 WmiAcpi - ok
02:04:18.0284 4940 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
02:04:18.0487 4940 wmiApSrv - ok
02:04:18.0565 4940 WMPNetworkSvc - ok
02:04:18.0581 4940 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
02:04:18.0627 4940 WPCSvc - ok
02:04:18.0690 4940 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
02:04:18.0752 4940 WPDBusEnum - ok
02:04:18.0799 4940 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
02:04:18.0877 4940 ws2ifsl - ok
02:04:18.0955 4940 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
02:04:19.0002 4940 wscsvc - ok