Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

S.M.A.R.T. infection persists after 4 mbam scans


  • This topic is locked This topic is locked
46 replies to this topic

#1 alanw5

alanw5

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 26 April 2012 - 04:37 PM

I've followed the S.M.A.R.T. removal instructions carefully, scanning with mbam in safe mode (and rebooting in safe mode) but mbam finds the same infections with each successive scan. Reboot into normal mode brings up the dreaded S.M.A.R.T. warning window again, along with about 20 "System Message: write fault error" warning boxes. (I shut down with the off button at that point.)

I should note that when I run rkill the log gives me 3 blank lines (rather than a file name) after "Processes terminated by Rkill or while it was running:" (Normal?)

Thanks in advance for your help!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20
Run by Admin04 at 16:13:46 on 2012-04-26
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8151.6617 [GMT -5:00]
.
AV: Sunbelt VIPRE *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Sunbelt VIPRE *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
FW: Sunbelt VIPRE *Enabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\helppane.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\WSoft\Desktop\unhide.exe
C:\Windows\system32\conhost.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360410p316p0355v165k4951r32o
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360410p316p0355v165k4951r32o
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360410p316p0355v165k4951r32o
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360410p316p0355v165k4951r32o
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SBAMTray] "C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SMessaging] C:\Program Files (x86)\SOS Online Backup\SMessaging.exe
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [GrpConv] grpconv -o
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-7LGK5.exe" /REG /REGSVRMODE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIFE82~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{3DAA0358-66D6-4577-BAF0-2E35921E7A63} : DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{3EA59307-96C7-4B80-994F-711DC023BEC4} : DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{BBD47792-BAA1-469E-9ED6-38801506D771} : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{EE330D9C-80E1-4984-A040-96229365928B} : DhcpNameServer = 68.87.72.134 68.87.77.134
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Foxit Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Foxit Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SBAMTray] "C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SMessaging] C:\Program Files (x86)\SOS Online Backup\SMessaging.exe
mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce-x64: [GrpConv] grpconv -o
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce-x64: [InnoSetupRegFile.0000000001] "C:\Windows\is-7LGK5.exe" /REG /REGSVRMODE
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Admin04\AppData\Roaming\Mozilla\Firefox\Profiles\20b126v0.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]
R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-4-29 101720]
R1 SbTis;SbTis;C:\Windows\system32\drivers\sbtis.sys --> C:\Windows\system32\drivers\sbtis.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 SBAMSvc;VIPRE Antivirus Premium;C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2011-9-6 2804280]
R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [2011-9-6 181584]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 File Backup;File Backup Service;C:\Program Files (x86)\Workspace\offSyncService.exe [2010-7-16 1185008]
S2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-29 135664]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2011-1-12 341312]
S2 nlsX86cc;NLS Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2011-1-12 68928]
S2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-4-8 2314240]
S2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-12-1 240160]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 253600]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-29 135664]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?]
S3 SbHips;SbHips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\system32\DRIVERS\vpcuxd.sys --> C:\Windows\system32\DRIVERS\vpcuxd.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-26 21:12:47 -------- d-----w- C:\Users\Admin04\AppData\Local\Mozilla
2012-04-26 21:12:14 -------- d-----w- C:\Users\Admin04\AppData\Local\Adobe
2012-04-25 20:04:48 711240 ----a-w- C:\Windows\is-7LGK5.exe
2012-04-25 19:26:07 221696 ----a-w- C:\ProgramData\P0umlSyDUJu484.exe
2012-04-25 19:18:28 300544 ----a-w- C:\ProgramData\LHWmcRqHquM.exe
2012-04-12 08:03:16 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-12 08:03:15 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-12 08:03:15 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-12 08:00:39 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 08:00:38 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 08:00:37 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-12 08:00:36 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-12 08:00:35 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 08:00:35 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-12 08:00:35 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-04 17:48:27 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-03 23:47:03 -------- d-----w- C:\test_backup_ols
2012-04-02 20:06:21 -------- d-----w- C:\Program Files\Windows XP Mode
2012-04-02 19:26:08 3584 ----a-w- C:\Windows\System32\drivers\nb-NO\vpchbus.sys.mui
2012-04-02 19:25:56 59392 ----a-w- C:\Windows\System32\drivers\vpcnfltr.sys
2012-04-02 19:25:53 793600 ----a-w- C:\Windows\SysWow64\vmsal.exe
2012-04-02 19:25:53 2264064 ----a-w- C:\Windows\System32\VPCWizard.exe
2012-04-02 19:25:51 95232 ----a-w- C:\Windows\System32\drivers\vpcusb.sys
2012-04-02 19:25:51 360832 ----a-w- C:\Windows\System32\drivers\vpcvmm.sys
2012-04-02 19:25:51 194944 ----a-w- C:\Windows\System32\drivers\vpchbus.sys
2012-04-02 19:25:51 16384 ----a-w- C:\Windows\System32\drivers\vpcuxd.sys
2012-04-02 19:25:50 562176 ----a-w- C:\Windows\System32\VMCPropertyHandler.dll
2012-04-02 19:25:50 15872 ----a-w- C:\Windows\System32\vpchbuspipe.dll
2012-04-02 19:25:50 1369600 ----a-w- C:\Windows\System32\VPCSettings.exe
2012-04-02 19:25:44 4514816 ----a-w- C:\Windows\System32\vpc.exe
2012-04-02 19:25:42 1210368 ----a-w- C:\Windows\System32\VMWindow.exe
2012-04-02 19:25:41 936448 ----a-w- C:\Windows\System32\vmsal.exe
2012-03-30 16:11:51 -------- d-----w- C:\Program Files\iTunes
2012-03-30 16:11:51 -------- d-----w- C:\Program Files\iPod
2012-03-30 16:11:51 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M ====================
.
2012-04-09 18:45:07 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-05 23:14:25 59 ----a-w- C:\Windows\wpd99.drv
2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-07 16:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 16:14:01.99 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:16 PM

Posted 26 April 2012 - 11:48 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

<insert av's>

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:16 PM

Posted 30 April 2012 - 02:56 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 alanw5

alanw5
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 30 April 2012 - 09:21 AM

Two successive mbam scans came up clean over the weekend. However, after booting into normal mode this morning my Vipre anti-virus warned me that it prevented two different trojans from opening and modifying files.

Here's the combofix log:

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
VIPRE Antivirus Premium
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 20
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (8.0.1)
Mozilla Thunderbird 6.0. Thunderbird out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

SOS Online Backup SMessaging.exe
``````````End of Log````````````

Thanks for your continued help!

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:16 PM

Posted 30 April 2012 - 09:34 AM

Hello


That is the Security Check report


I would like to see the Combofix report next


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 alanw5

alanw5
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 30 April 2012 - 11:06 AM

Yes, realized after I posted that that was not the combofix log. Combofix has been running for 90 minutes, window is jumping around on the screen so I can't tell what it's doing. (I'm posting this from a different machine of course.) Should I/can I interrupt it?

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:16 PM

Posted 30 April 2012 - 11:21 AM

Hello


lets let it run for a few more min and if it does not look like it is moving forward then go ahead and stop it and then lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 alanw5

alanw5
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 30 April 2012 - 12:27 PM

I ran combofix in safe mode. When it rebooted I sent the computer into safe mode again but nothing happened after that: combofix does not continue and notepad does not open. I tried it a couple times with the same (non)-result. Might the report exist in a directory somewhere? (It's not on the desktop.)

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:16 PM

Posted 30 April 2012 - 01:04 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 alanw5

alanw5
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 30 April 2012 - 01:24 PM

TDSSKiller and aswMBR logs:
13:06:07.0163 1940 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
13:06:07.0491 1940 ============================================================
13:06:07.0491 1940 Current date / time: 2012/04/30 13:06:07.0491
13:06:07.0491 1940 SystemInfo:
13:06:07.0491 1940
13:06:07.0491 1940 OS Version: 6.1.7601 ServicePack: 1.0
13:06:07.0491 1940 Product type: Workstation
13:06:07.0491 1940 ComputerName: WSOFT04
13:06:07.0491 1940 UserName: Admin04
13:06:07.0491 1940 Windows directory: C:\Windows
13:06:07.0491 1940 System windows directory: C:\Windows
13:06:07.0491 1940 Running under WOW64
13:06:07.0491 1940 Processor architecture: Intel x64
13:06:07.0491 1940 Number of processors: 4
13:06:07.0491 1940 Page size: 0x1000
13:06:07.0491 1940 Boot type: Safe boot with network
13:06:07.0491 1940 ============================================================
13:06:07.0928 1940 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:06:07.0959 1940 Drive \Device\Harddisk6\DR6 - Size: 0x1F288000 (0.49 Gb), SectorSize: 0x200, Cylinders: 0x3F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:06:07.0959 1940 ============================================================
13:06:07.0959 1940 \Device\Harddisk0\DR0:
13:06:07.0959 1940 MBR partitions:
13:06:07.0959 1940 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2000800, BlocksNum 0x32000
13:06:07.0959 1940 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2032800, BlocksNum 0x726D3DB0
13:06:07.0959 1940 \Device\Harddisk6\DR6:
13:06:07.0959 1940 MBR partitions:
13:06:07.0959 1940 ============================================================
13:06:07.0974 1940 C: <-> \Device\Harddisk0\DR0\Partition1
13:06:07.0974 1940 ============================================================
13:06:07.0974 1940 Initialize success
13:06:07.0974 1940 ============================================================
13:06:10.0502 1644 ============================================================
13:06:10.0502 1644 Scan started
13:06:10.0502 1644 Mode: Manual;
13:06:10.0502 1644 ============================================================
13:06:10.0767 1644 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:06:10.0767 1644 1394ohci - ok
13:06:10.0814 1644 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:06:10.0814 1644 ACPI - ok
13:06:10.0860 1644 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:06:10.0860 1644 AcpiPmi - ok
13:06:10.0985 1644 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:06:11.0001 1644 AdobeFlashPlayerUpdateSvc - ok
13:06:11.0063 1644 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:06:11.0063 1644 adp94xx - ok
13:06:11.0094 1644 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:06:11.0094 1644 adpahci - ok
13:06:11.0126 1644 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:06:11.0126 1644 adpu320 - ok
13:06:11.0157 1644 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:06:11.0157 1644 AeLookupSvc - ok
13:06:11.0219 1644 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:06:11.0219 1644 AFD - ok
13:06:11.0266 1644 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:06:11.0266 1644 agp440 - ok
13:06:11.0266 1644 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:06:11.0266 1644 ALG - ok
13:06:11.0297 1644 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:06:11.0297 1644 aliide - ok
13:06:11.0328 1644 AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe
13:06:11.0328 1644 AMD External Events Utility - ok
13:06:11.0344 1644 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:06:11.0344 1644 amdide - ok
13:06:11.0391 1644 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:06:11.0391 1644 AmdK8 - ok
13:06:11.0672 1644 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
13:06:11.0812 1644 amdkmdag - ok
13:06:11.0952 1644 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
13:06:11.0952 1644 amdkmdap - ok
13:06:11.0984 1644 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:06:11.0984 1644 AmdPPM - ok
13:06:12.0030 1644 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:06:12.0030 1644 amdsata - ok
13:06:12.0046 1644 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:06:12.0046 1644 amdsbs - ok
13:06:12.0062 1644 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:06:12.0062 1644 amdxata - ok
13:06:12.0124 1644 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
13:06:12.0124 1644 AppHostSvc - ok
13:06:12.0171 1644 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:06:12.0171 1644 AppID - ok
13:06:12.0202 1644 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:06:12.0202 1644 AppIDSvc - ok
13:06:12.0233 1644 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:06:12.0233 1644 Appinfo - ok
13:06:12.0342 1644 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:06:12.0342 1644 Apple Mobile Device - ok
13:06:12.0389 1644 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
13:06:12.0389 1644 AppMgmt - ok
13:06:12.0436 1644 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:06:12.0436 1644 arc - ok
13:06:12.0436 1644 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:06:12.0436 1644 arcsas - ok
13:06:12.0483 1644 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:06:12.0483 1644 AsyncMac - ok
13:06:12.0530 1644 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:06:12.0530 1644 atapi - ok
13:06:12.0576 1644 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
13:06:12.0576 1644 AtiHdmiService - ok
13:06:12.0639 1644 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:06:12.0639 1644 AudioEndpointBuilder - ok
13:06:12.0654 1644 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:06:12.0654 1644 AudioSrv - ok
13:06:12.0701 1644 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:06:12.0701 1644 AxInstSV - ok
13:06:12.0779 1644 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:06:12.0779 1644 b06bdrv - ok
13:06:12.0826 1644 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:06:12.0826 1644 b57nd60a - ok
13:06:12.0873 1644 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:06:12.0873 1644 BDESVC - ok
13:06:12.0888 1644 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:06:12.0888 1644 Beep - ok
13:06:12.0966 1644 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:06:12.0966 1644 BFE - ok
13:06:13.0029 1644 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
13:06:13.0076 1644 BITS - ok
13:06:13.0122 1644 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:06:13.0122 1644 blbdrive - ok
13:06:13.0216 1644 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
13:06:13.0216 1644 Bonjour Service - ok
13:06:13.0263 1644 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:06:13.0263 1644 bowser - ok
13:06:13.0278 1644 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:06:13.0278 1644 BrFiltLo - ok
13:06:13.0310 1644 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:06:13.0310 1644 BrFiltUp - ok
13:06:13.0356 1644 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:06:13.0356 1644 BridgeMP - ok
13:06:13.0388 1644 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:06:13.0388 1644 Browser - ok
13:06:13.0419 1644 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:06:13.0419 1644 Brserid - ok
13:06:13.0450 1644 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:06:13.0450 1644 BrSerWdm - ok
13:06:13.0466 1644 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:06:13.0466 1644 BrUsbMdm - ok
13:06:13.0466 1644 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:06:13.0466 1644 BrUsbSer - ok
13:06:13.0512 1644 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:06:13.0512 1644 BTHMODEM - ok
13:06:13.0544 1644 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:06:13.0544 1644 bthserv - ok
13:06:13.0653 1644 catchme - ok
13:06:13.0684 1644 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:06:13.0684 1644 cdfs - ok
13:06:13.0731 1644 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
13:06:13.0731 1644 cdrom - ok
13:06:13.0809 1644 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:06:13.0809 1644 CertPropSvc - ok
13:06:13.0824 1644 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:06:13.0824 1644 circlass - ok
13:06:13.0840 1644 CISVC (ff60401f1c659ca2ed4bae85d3fd14da) C:\Windows\system32\CISVC.EXE
13:06:13.0840 1644 CISVC - ok
13:06:13.0871 1644 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:06:13.0871 1644 CLFS - ok
13:06:13.0934 1644 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:06:13.0949 1644 clr_optimization_v2.0.50727_32 - ok
13:06:13.0980 1644 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:06:13.0980 1644 clr_optimization_v2.0.50727_64 - ok
13:06:14.0058 1644 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:06:14.0090 1644 clr_optimization_v4.0.30319_32 - ok
13:06:14.0121 1644 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:06:14.0136 1644 clr_optimization_v4.0.30319_64 - ok
13:06:14.0168 1644 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:06:14.0168 1644 CmBatt - ok
13:06:14.0199 1644 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:06:14.0199 1644 cmdide - ok
13:06:14.0246 1644 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:06:14.0246 1644 CNG - ok
13:06:14.0277 1644 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:06:14.0277 1644 Compbatt - ok
13:06:14.0324 1644 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:06:14.0324 1644 CompositeBus - ok
13:06:14.0339 1644 COMSysApp - ok
13:06:14.0370 1644 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:06:14.0370 1644 crcdisk - ok
13:06:14.0417 1644 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
13:06:14.0417 1644 CryptSvc - ok
13:06:14.0464 1644 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
13:06:14.0480 1644 CSC - ok
13:06:14.0558 1644 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
13:06:14.0558 1644 CscService - ok
13:06:14.0620 1644 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:06:14.0620 1644 DcomLaunch - ok
13:06:14.0651 1644 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:06:14.0651 1644 defragsvc - ok
13:06:14.0682 1644 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:06:14.0682 1644 DfsC - ok
13:06:14.0729 1644 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:06:14.0729 1644 Dhcp - ok
13:06:14.0745 1644 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:06:14.0745 1644 discache - ok
13:06:14.0776 1644 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:06:14.0776 1644 Disk - ok
13:06:14.0823 1644 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:06:14.0823 1644 Dnscache - ok
13:06:14.0870 1644 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:06:14.0870 1644 dot3svc - ok
13:06:14.0916 1644 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:06:14.0916 1644 DPS - ok
13:06:14.0932 1644 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:06:14.0932 1644 drmkaud - ok
13:06:15.0010 1644 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:06:15.0026 1644 DXGKrnl - ok
13:06:15.0072 1644 e1kexpress (52a482dc61f24b498c8268866b90bb44) C:\Windows\system32\DRIVERS\e1k62x64.sys
13:06:15.0072 1644 e1kexpress - ok
13:06:15.0119 1644 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:06:15.0119 1644 EapHost - ok
13:06:15.0244 1644 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:06:15.0291 1644 ebdrv - ok
13:06:15.0384 1644 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:06:15.0384 1644 EFS - ok
13:06:15.0478 1644 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:06:15.0478 1644 ehRecvr - ok
13:06:15.0525 1644 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:06:15.0525 1644 ehSched - ok
13:06:15.0587 1644 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:06:15.0603 1644 elxstor - ok
13:06:15.0650 1644 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:06:15.0650 1644 ErrDev - ok
13:06:15.0696 1644 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:06:15.0696 1644 EventSystem - ok
13:06:15.0728 1644 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:06:15.0728 1644 exfat - ok
13:06:15.0759 1644 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:06:15.0759 1644 fastfat - ok
13:06:15.0821 1644 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:06:15.0837 1644 Fax - ok
13:06:15.0852 1644 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:06:15.0852 1644 fdc - ok
13:06:15.0868 1644 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:06:15.0868 1644 fdPHost - ok
13:06:15.0884 1644 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:06:15.0884 1644 FDResPub - ok
13:06:16.0008 1644 File Backup (2814be2f1ec4e33377ec575a5c5a48f1) C:\Program Files (x86)\Workspace\offSyncService.exe
13:06:16.0024 1644 File Backup - ok
13:06:16.0055 1644 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:06:16.0055 1644 FileInfo - ok
13:06:16.0071 1644 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:06:16.0071 1644 Filetrace - ok
13:06:16.0086 1644 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:06:16.0086 1644 flpydisk - ok
13:06:16.0149 1644 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:06:16.0149 1644 FltMgr - ok
13:06:16.0227 1644 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:06:16.0242 1644 FontCache - ok
13:06:16.0320 1644 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:06:16.0320 1644 FontCache3.0.0.0 - ok
13:06:16.0352 1644 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:06:16.0352 1644 FsDepends - ok
13:06:16.0383 1644 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
13:06:16.0383 1644 Fs_Rec - ok
13:06:16.0445 1644 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:06:16.0445 1644 fvevol - ok
13:06:16.0476 1644 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:06:16.0476 1644 gagp30kx - ok
13:06:16.0508 1644 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:06:16.0508 1644 GEARAspiWDM - ok
13:06:16.0570 1644 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:06:16.0601 1644 gpsvc - ok
13:06:16.0726 1644 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
13:06:16.0742 1644 Greg_Service - ok
13:06:16.0804 1644 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:06:16.0820 1644 gupdate - ok
13:06:16.0851 1644 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:06:16.0866 1644 gupdatem - ok
13:06:16.0944 1644 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:06:16.0960 1644 hcw85cir - ok
13:06:17.0007 1644 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:06:17.0007 1644 HdAudAddService - ok
13:06:17.0038 1644 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:06:17.0038 1644 HDAudBus - ok
13:06:17.0069 1644 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
13:06:17.0069 1644 HECIx64 - ok
13:06:17.0085 1644 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:06:17.0085 1644 HidBatt - ok
13:06:17.0100 1644 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:06:17.0100 1644 HidBth - ok
13:06:17.0116 1644 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:06:17.0116 1644 HidIr - ok
13:06:17.0147 1644 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
13:06:17.0147 1644 hidserv - ok
13:06:17.0178 1644 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
13:06:17.0178 1644 HidUsb - ok
13:06:17.0210 1644 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:06:17.0210 1644 hkmsvc - ok
13:06:17.0241 1644 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:06:17.0241 1644 HomeGroupListener - ok
13:06:17.0272 1644 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:06:17.0272 1644 HomeGroupProvider - ok
13:06:17.0303 1644 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:06:17.0303 1644 HpSAMD - ok
13:06:17.0381 1644 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:06:17.0381 1644 HTTP - ok
13:06:17.0412 1644 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:06:17.0412 1644 hwpolicy - ok
13:06:17.0444 1644 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:06:17.0444 1644 i8042prt - ok
13:06:17.0522 1644 IAANTMON (660bf3255a1eb18ed803fd2fba6ae400) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
13:06:17.0537 1644 IAANTMON - ok
13:06:17.0600 1644 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
13:06:17.0600 1644 iaStor - ok
13:06:17.0646 1644 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:06:17.0646 1644 iaStorV - ok
13:06:17.0740 1644 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:06:17.0756 1644 idsvc - ok
13:06:17.0802 1644 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:06:17.0802 1644 iirsp - ok
13:06:17.0880 1644 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:06:17.0880 1644 IKEEXT - ok
13:06:18.0005 1644 IntcAzAudAddService (42943bb3ab7a405b30eff7c8283cc129) C:\Windows\system32\drivers\RTKVHD64.sys
13:06:18.0021 1644 IntcAzAudAddService - ok
13:06:18.0099 1644 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:06:18.0099 1644 intelide - ok
13:06:18.0130 1644 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:06:18.0130 1644 intelppm - ok
13:06:18.0161 1644 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:06:18.0161 1644 IPBusEnum - ok
13:06:18.0192 1644 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:06:18.0192 1644 IpFilterDriver - ok
13:06:18.0286 1644 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:06:18.0302 1644 iphlpsvc - ok
13:06:18.0333 1644 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:06:18.0333 1644 IPMIDRV - ok
13:06:18.0380 1644 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:06:18.0380 1644 IPNAT - ok
13:06:18.0489 1644 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
13:06:18.0504 1644 iPod Service - ok
13:06:18.0520 1644 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:06:18.0520 1644 IRENUM - ok
13:06:18.0567 1644 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:06:18.0567 1644 isapnp - ok
13:06:18.0598 1644 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:06:18.0598 1644 iScsiPrt - ok
13:06:18.0629 1644 JRAID (75ddb94a2a24f9f7037d10a2dda06d36) C:\Windows\system32\DRIVERS\jraid.sys
13:06:18.0629 1644 JRAID - ok
13:06:18.0692 1644 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
13:06:18.0692 1644 kbdclass - ok
13:06:18.0723 1644 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
13:06:18.0723 1644 kbdhid - ok
13:06:18.0754 1644 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:06:18.0754 1644 KeyIso - ok
13:06:18.0770 1644 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:06:18.0770 1644 KSecDD - ok
13:06:18.0785 1644 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:06:18.0785 1644 KSecPkg - ok
13:06:18.0801 1644 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:06:18.0801 1644 ksthunk - ok
13:06:18.0848 1644 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:06:18.0848 1644 KtmRm - ok
13:06:18.0910 1644 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
13:06:18.0910 1644 LanmanServer - ok
13:06:18.0957 1644 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:06:18.0957 1644 LanmanWorkstation - ok
13:06:18.0988 1644 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:06:18.0988 1644 lltdio - ok
13:06:19.0035 1644 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:06:19.0035 1644 lltdsvc - ok
13:06:19.0050 1644 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:06:19.0050 1644 lmhosts - ok
13:06:19.0144 1644 LMS (a1c148801b4af64847aeb9f3ad9594ef) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
13:06:19.0144 1644 LMS - ok
13:06:19.0175 1644 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:06:19.0175 1644 LSI_FC - ok
13:06:19.0191 1644 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:06:19.0191 1644 LSI_SAS - ok
13:06:19.0206 1644 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:06:19.0206 1644 LSI_SAS2 - ok
13:06:19.0222 1644 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:06:19.0222 1644 LSI_SCSI - ok
13:06:19.0269 1644 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:06:19.0269 1644 luafv - ok
13:06:19.0284 1644 LVPr2M64 - ok
13:06:19.0378 1644 LVRS64 (803085f59ec92b3827cc4d90fcbfd335) C:\Windows\system32\DRIVERS\lvrs64.sys
13:06:19.0378 1644 LVRS64 - ok
13:06:19.0518 1644 LVUVC64 (a8d7c97016e6b76ef472a4c7ab357ee3) C:\Windows\system32\DRIVERS\lvuvc64.sys
13:06:19.0612 1644 LVUVC64 - ok
13:06:19.0721 1644 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:06:19.0721 1644 Mcx2Svc - ok
13:06:19.0737 1644 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:06:19.0752 1644 megasas - ok
13:06:19.0752 1644 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:06:19.0752 1644 MegaSR - ok
13:06:19.0784 1644 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:06:19.0784 1644 MMCSS - ok
13:06:19.0815 1644 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:06:19.0815 1644 Modem - ok
13:06:19.0846 1644 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:06:19.0846 1644 monitor - ok
13:06:19.0893 1644 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
13:06:19.0893 1644 mouclass - ok
13:06:19.0908 1644 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:06:19.0908 1644 mouhid - ok
13:06:19.0955 1644 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:06:19.0955 1644 mountmgr - ok
13:06:20.0002 1644 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:06:20.0002 1644 mpio - ok
13:06:20.0018 1644 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:06:20.0018 1644 mpsdrv - ok
13:06:20.0080 1644 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
13:06:20.0080 1644 MpsSvc - ok
13:06:20.0127 1644 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:06:20.0127 1644 MRxDAV - ok
13:06:20.0158 1644 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:06:20.0158 1644 mrxsmb - ok
13:06:20.0205 1644 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:06:20.0205 1644 mrxsmb10 - ok
13:06:20.0220 1644 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:06:20.0220 1644 mrxsmb20 - ok
13:06:20.0236 1644 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:06:20.0236 1644 msahci - ok
13:06:20.0267 1644 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:06:20.0283 1644 msdsm - ok
13:06:20.0314 1644 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:06:20.0314 1644 MSDTC - ok
13:06:20.0330 1644 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:06:20.0330 1644 Msfs - ok
13:06:20.0345 1644 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:06:20.0345 1644 mshidkmdf - ok
13:06:20.0361 1644 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:06:20.0361 1644 msisadrv - ok
13:06:20.0392 1644 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:06:20.0392 1644 MSiSCSI - ok
13:06:20.0392 1644 msiserver - ok
13:06:20.0423 1644 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:06:20.0423 1644 MSKSSRV - ok
13:06:20.0439 1644 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:06:20.0439 1644 MSPCLOCK - ok
13:06:20.0439 1644 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:06:20.0439 1644 MSPQM - ok
13:06:20.0470 1644 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:06:20.0486 1644 MsRPC - ok
13:06:20.0486 1644 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:06:20.0486 1644 mssmbios - ok
13:06:20.0486 1644 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:06:20.0486 1644 MSTEE - ok
13:06:20.0501 1644 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:06:20.0501 1644 MTConfig - ok
13:06:20.0532 1644 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:06:20.0532 1644 Mup - ok
13:06:20.0579 1644 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:06:20.0579 1644 napagent - ok
13:06:20.0626 1644 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:06:20.0642 1644 NativeWifiP - ok
13:06:20.0704 1644 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:06:20.0735 1644 NDIS - ok
13:06:20.0735 1644 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:06:20.0735 1644 NdisCap - ok
13:06:20.0766 1644 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:06:20.0766 1644 NdisTapi - ok
13:06:20.0798 1644 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:06:20.0798 1644 Ndisuio - ok
13:06:20.0829 1644 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:06:20.0829 1644 NdisWan - ok
13:06:20.0844 1644 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:06:20.0844 1644 NDProxy - ok
13:06:20.0954 1644 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
13:06:20.0969 1644 Nero BackItUp Scheduler 4.0 - ok
13:06:21.0000 1644 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:06:21.0000 1644 NetBIOS - ok
13:06:21.0032 1644 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:06:21.0032 1644 NetBT - ok
13:06:21.0063 1644 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:06:21.0063 1644 Netlogon - ok
13:06:21.0110 1644 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:06:21.0110 1644 Netman - ok
13:06:21.0125 1644 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:06:21.0125 1644 netprofm - ok
13:06:21.0219 1644 netr28ux (883269c1ca478658f1334f3c39b0c7ac) C:\Windows\system32\DRIVERS\netr28ux.sys
13:06:21.0234 1644 netr28ux - ok
13:06:21.0281 1644 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:06:21.0281 1644 NetTcpPortSharing - ok
13:06:21.0312 1644 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:06:21.0312 1644 nfrd960 - ok
13:06:21.0390 1644 NitroDriverReadSpool (14a8a3d61bd17ac77db1ec54d8229a6f) C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
13:06:21.0390 1644 NitroDriverReadSpool - ok
13:06:21.0437 1644 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:06:21.0437 1644 NlaSvc - ok
13:06:21.0484 1644 nlsX86cc (1e38790bdea07472c4b16add469e9912) C:\Windows\SysWOW64\NLSSRV32.EXE
13:06:21.0515 1644 nlsX86cc - ok
13:06:21.0562 1644 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:06:21.0562 1644 Npfs - ok
13:06:21.0593 1644 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:06:21.0593 1644 nsi - ok
13:06:21.0609 1644 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:06:21.0609 1644 nsiproxy - ok
13:06:21.0702 1644 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:06:21.0718 1644 Ntfs - ok
13:06:21.0765 1644 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:06:21.0765 1644 Null - ok
13:06:21.0796 1644 NVHDA (ad37248bd442d41c9a896e53eb8a85ee) C:\Windows\system32\drivers\nvhda64v.sys
13:06:21.0796 1644 NVHDA - ok
13:06:22.0124 1644 nvlddmkm (34b73206afafd49e9e8b98661cc92176) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:06:22.0280 1644 nvlddmkm - ok
13:06:22.0342 1644 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:06:22.0342 1644 nvraid - ok
13:06:22.0373 1644 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:06:22.0373 1644 nvstor - ok
13:06:22.0404 1644 nvsvc (fdb105ca43502bde6eabaff667ad7bcb) C:\Windows\system32\nvvsvc.exe
13:06:22.0404 1644 nvsvc - ok
13:06:22.0436 1644 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:06:22.0436 1644 nv_agp - ok
13:06:22.0545 1644 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:06:22.0545 1644 odserv - ok
13:06:22.0560 1644 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:06:22.0576 1644 ohci1394 - ok
13:06:22.0607 1644 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:06:22.0607 1644 ose - ok
13:06:22.0826 1644 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:06:22.0841 1644 osppsvc - ok
13:06:22.0904 1644 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:06:22.0904 1644 p2pimsvc - ok
13:06:22.0950 1644 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:06:22.0950 1644 p2psvc - ok
13:06:22.0982 1644 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:06:22.0982 1644 Parport - ok
13:06:23.0028 1644 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
13:06:23.0028 1644 partmgr - ok
13:06:23.0044 1644 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:06:23.0060 1644 PcaSvc - ok
13:06:23.0106 1644 PcdrNdisuio - ok
13:06:23.0169 1644 PCDSRVC{1CB8192B-FFC13AB3-06020101}_0 - ok
13:06:23.0184 1644 PCDSRVC{DCB8192B-D4DDB46C-06020101}_0 - ok
13:06:23.0216 1644 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:06:23.0216 1644 pci - ok
13:06:23.0231 1644 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:06:23.0231 1644 pciide - ok
13:06:23.0262 1644 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:06:23.0262 1644 pcmcia - ok
13:06:23.0278 1644 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:06:23.0278 1644 pcw - ok
13:06:23.0325 1644 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:06:23.0340 1644 PEAUTH - ok
13:06:23.0434 1644 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
13:06:23.0465 1644 PeerDistSvc - ok
13:06:23.0496 1644 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:06:23.0512 1644 PerfHost - ok
13:06:23.0668 1644 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:06:23.0684 1644 pla - ok
13:06:23.0902 1644 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:06:23.0902 1644 PlugPlay - ok
13:06:23.0933 1644 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:06:23.0933 1644 PNRPAutoReg - ok
13:06:23.0980 1644 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:06:23.0996 1644 PNRPsvc - ok
13:06:24.0042 1644 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:06:24.0042 1644 PolicyAgent - ok
13:06:24.0089 1644 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:06:24.0089 1644 Power - ok
13:06:24.0183 1644 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:06:24.0183 1644 PptpMiniport - ok
13:06:24.0198 1644 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:06:24.0198 1644 Processor - ok
13:06:24.0245 1644 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
13:06:24.0245 1644 ProfSvc - ok
13:06:24.0292 1644 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:06:24.0292 1644 ProtectedStorage - ok
13:06:24.0370 1644 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:06:24.0370 1644 Psched - ok
13:06:24.0604 1644 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:06:24.0620 1644 ql2300 - ok
13:06:24.0698 1644 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:06:24.0698 1644 ql40xx - ok
13:06:24.0744 1644 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:06:24.0744 1644 QWAVE - ok
13:06:24.0744 1644 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:06:24.0760 1644 QWAVEdrv - ok
13:06:24.0776 1644 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:06:24.0776 1644 RasAcd - ok
13:06:24.0916 1644 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:06:24.0932 1644 RasAgileVpn - ok
13:06:24.0947 1644 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:06:24.0947 1644 RasAuto - ok
13:06:24.0978 1644 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:06:24.0994 1644 Rasl2tp - ok
13:06:25.0025 1644 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:06:25.0041 1644 RasMan - ok
13:06:25.0056 1644 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:06:25.0072 1644 RasPppoe - ok
13:06:25.0072 1644 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:06:25.0072 1644 RasSstp - ok
13:06:25.0119 1644 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:06:25.0119 1644 rdbss - ok
13:06:25.0134 1644 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:06:25.0134 1644 rdpbus - ok
13:06:25.0134 1644 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:06:25.0134 1644 RDPCDD - ok
13:06:25.0181 1644 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
13:06:25.0181 1644 RDPDR - ok
13:06:25.0212 1644 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:06:25.0212 1644 RDPENCDD - ok
13:06:25.0228 1644 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:06:25.0228 1644 RDPREFMP - ok
13:06:25.0275 1644 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
13:06:25.0275 1644 RDPWD - ok
13:06:25.0322 1644 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:06:25.0322 1644 rdyboost - ok
13:06:25.0353 1644 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:06:25.0353 1644 RemoteAccess - ok
13:06:25.0384 1644 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:06:25.0384 1644 RemoteRegistry - ok
13:06:25.0400 1644 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:06:25.0400 1644 RpcEptMapper - ok
13:06:25.0415 1644 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:06:25.0415 1644 RpcLocator - ok
13:06:25.0478 1644 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:06:25.0478 1644 RpcSs - ok
13:06:25.0509 1644 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:06:25.0509 1644 rspndr - ok
13:06:25.0524 1644 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:06:25.0524 1644 SamSs - ok
13:06:25.0712 1644 SBAMSvc (39c35dd3df985dde1cf8ac3b76c35d64) C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe
13:06:25.0727 1644 SBAMSvc - ok
13:06:25.0852 1644 sbapifs (db7f9394b2f2d446df14d46c61b0e94b) C:\Windows\system32\DRIVERS\sbapifs.sys
13:06:25.0852 1644 sbapifs - ok
13:06:25.0899 1644 SbFw (cdb954c736d51dc5fa712c039af4f683) C:\Windows\system32\drivers\SbFw.sys
13:06:25.0899 1644 SbFw - ok
13:06:25.0930 1644 SBFWIMCL (5de22e3cb6140213da2e0599b08d525c) C:\Windows\system32\DRIVERS\sbfwim.sys
13:06:25.0930 1644 SBFWIMCL - ok
13:06:25.0930 1644 SBFWIMCLMP (5de22e3cb6140213da2e0599b08d525c) C:\Windows\system32\DRIVERS\SBFWIM.sys
13:06:25.0930 1644 SBFWIMCLMP - ok
13:06:25.0961 1644 SbHips (a5bc45f8c2f30350e7566799c86b2f5d) C:\Windows\system32\drivers\sbhips.sys
13:06:25.0961 1644 SbHips - ok
13:06:26.0008 1644 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:06:26.0008 1644 sbp2port - ok
13:06:26.0024 1644 SBPIMSvc (1b74c5525b3647481eea5c6bddf8bcea) C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe
13:06:26.0024 1644 SBPIMSvc - ok
13:06:26.0039 1644 SBRE (fd833bee2fd9befdc0afd1941a306d9e) C:\Windows\system32\drivers\SBREdrv.sys
13:06:26.0039 1644 SBRE - ok
13:06:26.0055 1644 SbTis (f9955774a6bf0a5ca696f591c7b80a79) C:\Windows\system32\drivers\sbtis.sys
13:06:26.0055 1644 SbTis - ok
13:06:26.0086 1644 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:06:26.0086 1644 SCardSvr - ok
13:06:26.0117 1644 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:06:26.0117 1644 scfilter - ok
13:06:26.0195 1644 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:06:26.0195 1644 Schedule - ok
13:06:26.0242 1644 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:06:26.0242 1644 SCPolicySvc - ok
13:06:26.0273 1644 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:06:26.0273 1644 SDRSVC - ok
13:06:26.0320 1644 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:06:26.0320 1644 secdrv - ok
13:06:26.0336 1644 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:06:26.0336 1644 seclogon - ok
13:06:26.0367 1644 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
13:06:26.0367 1644 SENS - ok
13:06:26.0367 1644 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:06:26.0367 1644 SensrSvc - ok
13:06:26.0382 1644 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:06:26.0382 1644 Serenum - ok
13:06:26.0414 1644 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:06:26.0414 1644 Serial - ok
13:06:26.0445 1644 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:06:26.0445 1644 sermouse - ok
13:06:26.0476 1644 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:06:26.0476 1644 SessionEnv - ok
13:06:26.0507 1644 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:06:26.0523 1644 sffdisk - ok
13:06:26.0523 1644 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:06:26.0523 1644 sffp_mmc - ok
13:06:26.0523 1644 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:06:26.0523 1644 sffp_sd - ok
13:06:26.0538 1644 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:06:26.0538 1644 sfloppy - ok
13:06:26.0570 1644 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:06:26.0585 1644 SharedAccess - ok
13:06:26.0632 1644 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:06:26.0632 1644 ShellHWDetection - ok
13:06:26.0663 1644 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:06:26.0663 1644 SiSRaid2 - ok
13:06:26.0679 1644 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:06:26.0679 1644 SiSRaid4 - ok
13:06:26.0694 1644 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:06:26.0694 1644 Smb - ok
13:06:26.0710 1644 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:06:26.0710 1644 SNMPTRAP - ok
13:06:26.0726 1644 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:06:26.0726 1644 spldr - ok
13:06:26.0788 1644 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:06:26.0804 1644 Spooler - ok
13:06:26.0928 1644 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:06:26.0991 1644 sppsvc - ok
13:06:27.0069 1644 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:06:27.0069 1644 sppuinotify - ok
13:06:27.0116 1644 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:06:27.0116 1644 srv - ok
13:06:27.0162 1644 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:06:27.0178 1644 srv2 - ok
13:06:27.0194 1644 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:06:27.0194 1644 srvnet - ok
13:06:27.0272 1644 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:06:27.0272 1644 SSDPSRV - ok
13:06:27.0303 1644 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:06:27.0303 1644 SstpSvc - ok
13:06:27.0443 1644 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:06:27.0459 1644 stexstor - ok
13:06:27.0552 1644 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:06:27.0568 1644 stisvc - ok
13:06:27.0630 1644 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
13:06:27.0630 1644 StorSvc - ok
13:06:27.0677 1644 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:06:27.0677 1644 swenum - ok
13:06:27.0724 1644 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:06:27.0740 1644 swprv - ok
13:06:27.0880 1644 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:06:27.0927 1644 SysMain - ok
13:06:28.0052 1644 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:06:28.0052 1644 TabletInputService - ok
13:06:28.0176 1644 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:06:28.0192 1644 TapiSrv - ok
13:06:28.0208 1644 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:06:28.0208 1644 TBS - ok
13:06:28.0379 1644 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
13:06:28.0410 1644 Tcpip - ok
13:06:28.0613 1644 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
13:06:28.0629 1644 TCPIP6 - ok
13:06:28.0707 1644 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:06:28.0707 1644 tcpipreg - ok
13:06:28.0800 1644 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:06:28.0800 1644 TDPIPE - ok
13:06:28.0941 1644 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:06:28.0972 1644 TDTCP - ok
13:06:29.0019 1644 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:06:29.0034 1644 tdx - ok
13:06:29.0066 1644 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:06:29.0066 1644 TermDD - ok
13:06:29.0159 1644 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:06:29.0159 1644 TermService - ok
13:06:29.0190 1644 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:06:29.0190 1644 Themes - ok
13:06:29.0222 1644 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:06:29.0222 1644 THREADORDER - ok
13:06:29.0237 1644 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:06:29.0237 1644 TrkWks - ok
13:06:29.0331 1644 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:06:29.0331 1644 TrustedInstaller - ok
13:06:29.0378 1644 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:06:29.0378 1644 tssecsrv - ok
13:06:29.0440 1644 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:06:29.0440 1644 TsUsbFlt - ok
13:06:29.0487 1644 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:06:29.0487 1644 tunnel - ok
13:06:29.0518 1644 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:06:29.0518 1644 uagp35 - ok
13:06:29.0549 1644 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:06:29.0549 1644 udfs - ok
13:06:29.0565 1644 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:06:29.0565 1644 UI0Detect - ok
13:06:29.0596 1644 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:06:29.0596 1644 uliagpkx - ok
13:06:29.0627 1644 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
13:06:29.0627 1644 umbus - ok
13:06:29.0643 1644 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:06:29.0643 1644 UmPass - ok
13:06:29.0690 1644 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
13:06:29.0690 1644 UmRdpService - ok
13:06:29.0877 1644 UNS (41118d920b2b268c0adc36421248cdcf) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
13:06:29.0924 1644 UNS - ok
13:06:30.0033 1644 Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
13:06:30.0033 1644 Updater Service - ok
13:06:30.0095 1644 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:06:30.0095 1644 upnphost - ok
13:06:30.0111 1644 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
13:06:30.0111 1644 usbaudio - ok
13:06:30.0158 1644 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:06:30.0158 1644 usbccgp - ok
13:06:30.0189 1644 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:06:30.0189 1644 usbcir - ok
13:06:30.0204 1644 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
13:06:30.0204 1644 usbehci - ok
13:06:30.0236 1644 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:06:30.0236 1644 usbhub - ok
13:06:30.0267 1644 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
13:06:30.0267 1644 usbohci - ok
13:06:30.0298 1644 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:06:30.0298 1644 usbprint - ok
13:06:30.0329 1644 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:06:30.0329 1644 usbscan - ok
13:06:30.0345 1644 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:06:30.0345 1644 USBSTOR - ok
13:06:30.0360 1644 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:06:30.0360 1644 usbuhci - ok
13:06:30.0376 1644 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:06:30.0376 1644 UxSms - ok
13:06:30.0407 1644 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:06:30.0407 1644 VaultSvc - ok
13:06:30.0423 1644 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:06:30.0423 1644 vdrvroot - ok
13:06:30.0485 1644 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:06:30.0501 1644 vds - ok
13:06:30.0501 1644 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:06:30.0501 1644 vga - ok
13:06:30.0516 1644 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:06:30.0516 1644 VgaSave - ok
13:06:30.0548 1644 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\DRIVERS\vhdmp.sys
13:06:30.0548 1644 vhdmp - ok
13:06:30.0579 1644 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:06:30.0579 1644 viaide - ok
13:06:30.0610 1644 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:06:30.0610 1644 volmgr - ok
13:06:30.0657 1644 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:06:30.0657 1644 volmgrx - ok
13:06:30.0688 1644 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:06:30.0704 1644 volsnap - ok
13:06:30.0735 1644 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
13:06:30.0735 1644 vpcbus - ok
13:06:30.0782 1644 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
13:06:30.0782 1644 vpcnfltr - ok
13:06:30.0797 1644 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
13:06:30.0797 1644 vpcusb - ok
13:06:30.0844 1644 vpcuxd (63f4e10873beb4124028c6d1a66b0968) C:\Windows\system32\DRIVERS\vpcuxd.sys
13:06:30.0844 1644 vpcuxd - ok
13:06:30.0891 1644 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
13:06:30.0906 1644 vpcvmm - ok
13:06:30.0922 1644 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:06:30.0922 1644 vsmraid - ok
13:06:31.0000 1644 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:06:31.0016 1644 VSS - ok
13:06:31.0094 1644 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:06:31.0094 1644 vwifibus - ok
13:06:31.0109 1644 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:06:31.0109 1644 vwififlt - ok
13:06:31.0156 1644 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:06:31.0156 1644 W32Time - ok
13:06:31.0234 1644 W3SVC (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
13:06:31.0234 1644 W3SVC - ok
13:06:31.0250 1644 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:06:31.0250 1644 WacomPen - ok
13:06:31.0296 1644 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:06:31.0296 1644 WANARP - ok
13:06:31.0296 1644 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:06:31.0296 1644 Wanarpv6 - ok
13:06:31.0296 1644 WAS (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
13:06:31.0296 1644 WAS - ok
13:06:31.0390 1644 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:06:31.0406 1644 WatAdminSvc - ok
13:06:31.0499 1644 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:06:31.0515 1644 wbengine - ok
13:06:31.0577 1644 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:06:31.0577 1644 WbioSrvc - ok
13:06:31.0624 1644 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:06:31.0624 1644 wcncsvc - ok
13:06:31.0640 1644 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:06:31.0640 1644 WcsPlugInService - ok
13:06:31.0655 1644 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:06:31.0655 1644 Wd - ok
13:06:31.0686 1644 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:06:31.0702 1644 Wdf01000 - ok
13:06:31.0718 1644 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:06:31.0718 1644 WdiServiceHost - ok
13:06:31.0718 1644 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:06:31.0718 1644 WdiSystemHost - ok
13:06:31.0764 1644 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:06:31.0764 1644 WebClient - ok
13:06:31.0780 1644 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:06:31.0796 1644 Wecsvc - ok
13:06:31.0796 1644 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:06:31.0796 1644 wercplsupport - ok
13:06:31.0827 1644 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:06:31.0827 1644 WerSvc - ok
13:06:31.0842 1644 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:06:31.0842 1644 WfpLwf - ok
13:06:31.0842 1644 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:06:31.0858 1644 WIMMount - ok
13:06:31.0905 1644 WinDefend - ok
13:06:31.0905 1644 WinHttpAutoProxySvc - ok
13:06:31.0952 1644 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:06:31.0952 1644 Winmgmt - ok
13:06:32.0045 1644 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:06:32.0061 1644 WinRM - ok
13:06:32.0154 1644 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:06:32.0154 1644 Wlansvc - ok
13:06:32.0186 1644 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:06:32.0186 1644 WmiAcpi - ok
13:06:32.0201 1644 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:06:32.0201 1644 wmiApSrv - ok
13:06:32.0217 1644 WMPNetworkSvc - ok
13:06:32.0232 1644 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:06:32.0232 1644 WPCSvc - ok
13:06:32.0264 1644 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:06:32.0264 1644 WPDBusEnum - ok
13:06:32.0279 1644 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:06:32.0279 1644 ws2ifsl - ok
13:06:32.0310 1644 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
13:06:32.0310 1644 wscsvc - ok
13:06:32.0310 1644 WSearch - ok
13:06:32.0435 1644 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
13:06:32.0498 1644 wuauserv - ok
13:06:32.0591 1644 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:06:32.0591 1644 WudfPf - ok
13:06:32.0607 1644 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:06:32.0607 1644 WUDFRd - ok
13:06:32.0622 1644 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:06:32.0638 1644 wudfsvc - ok
13:06:32.0638 1644 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:06:32.0654 1644 WwanSvc - ok
13:06:32.0685 1644 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:06:32.0732 1644 \Device\Harddisk0\DR0 - ok
13:06:32.0747 1644 MBR (0x1B8) (bffbe27fb17cedd63e454cc0c885ab65) \Device\Harddisk6\DR6
13:06:34.0229 1644 \Device\Harddisk6\DR6 - ok
13:06:34.0229 1644 Boot (0x1200) (01021836dc2b8f02bdc5ad55c121cdba) \Device\Harddisk0\DR0\Partition0
13:06:34.0229 1644 \Device\Harddisk0\DR0\Partition0 - ok
13:06:34.0260 1644 Boot (0x1200) (835899e048deccdf07a102c5a442f5fd) \Device\Harddisk0\DR0\Partition1
13:06:34.0260 1644 \Device\Harddisk0\DR0\Partition1 - ok
13:06:34.0260 1644 ============================================================
13:06:34.0260 1644 Scan finished
13:06:34.0260 1644 ============================================================
13:06:34.0260 1184 Detected object count: 0
13:06:34.0260 1184 Actual detected object count: 0
***
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-30 13:09:31
-----------------------------
13:09:31.727 OS Version: Windows x64 6.1.7601 Service Pack 1
13:09:31.727 Number of processors: 4 586 0x1E05
13:09:31.727 ComputerName: WSOFT04 UserName: Admin04
13:09:32.991 Initialize success
13:12:34.903 AVAST engine defs: 12043000
13:13:52.856 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:13:52.856 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3
13:13:52.872 Disk 0 MBR read successfully
13:13:52.872 Disk 0 MBR scan
13:13:52.872 Disk 0 Windows 7 default MBR code
13:13:52.872 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 16384 MB offset 2048
13:13:52.887 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 33556480
13:13:52.903 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 937383 MB offset 33761280
13:13:52.934 Disk 0 scanning C:\Windows\system32\drivers
13:14:03.495 Service scanning
13:14:23.120 Modules scanning
13:14:23.120 Disk 0 trace - called modules:
13:14:23.151 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
13:14:23.151 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800894f060]
13:14:23.151 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007acc050]
13:14:25.429 AVAST engine scan C:\Windows
13:14:29.516 AVAST engine scan C:\Windows\system32
13:18:06.060 AVAST engine scan C:\Windows\system32\drivers
13:18:23.423 AVAST engine scan C:\Users\Admin04
13:18:45.825 AVAST engine scan C:\ProgramData
13:21:27.035 Scan finished successfully
13:21:57.939 Disk 0 MBR has been saved successfully to "C:\Users\WSoft\Desktop\MBR.dat"
13:21:57.939 The log file has been saved successfully to "C:\Users\WSoft\Desktop\aswMBR20120430.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:16 PM

Posted 30 April 2012 - 02:58 PM

Hello

lets see if combofix made a report



  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\ComboFix.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 alanw5

alanw5
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 30 April 2012 - 04:02 PM

The only combofix.txt file I have is here: C:\ComboFix\ComboFix.txt. There isn't one at C:\.

C:\ComboFix\ComboFix.txt:
ComboFix 12-04-31.02 - Admin04 04/30/2012 14:10:05.5.4 - x64 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8151.6896 [GMT -5:00]
Running from: C:\Users\WSoft\Desktop\ComboFix.exe
AV: Sunbelt VIPRE *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
FW: Sunbelt VIPRE *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
SP: Sunbelt VIPRE *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point

ADS - Windows: deleted 0 bytes in 1 streams.

Incidentally, I've rebooted into normal mode and am running a deep scan with Vipre antivirus.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:16 PM

Posted 30 April 2012 - 04:10 PM

Hello

please don't run scans without my asking for them at best it will only confuse things with the reports

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:16 PM

Posted 30 April 2012 - 04:12 PM

double post

Edited by gringo_pr, 30 April 2012 - 04:13 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 alanw5

alanw5
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 30 April 2012 - 04:18 PM

Thanks Gringo. I'll pick this up tomorrow with OTL, uninstall of Chrome, and rerun TDSSKiller and aswMBR.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users