Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Request for Malware/Virus removal assistance - Windpw 7 64-Bit Ultimate


  • This topic is locked This topic is locked
48 replies to this topic

#1 Trakkur

Trakkur

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 05 June 2012 - 12:53 AM

Hello folks,

I'm here to request assistance in removing some Malware and/or Virus from my Windows 7 64-bit Ultimate PC.

A few days ago my wife was online and apparently browsed to a website that triggered some malware - I suspect this since we immediately received popups on the screen regarding potential threats on the PC and asking if we wanted to clear them up. Thankfully she's been well trained to always ask me before doing anything on the computer of this nature - but sadly it seems it was too late already. The popups wouldn't go away without a reboot and when the system came back online my virus protection software (Trend Micro Titanium Internet Security - Version: 5.2.1035) was stopped and when it was restarted it constantly complains about needing to be on the Internet to Verify and do an update - even though I was clearly online at this time.

Windows Defender and the Firewall are inoperative, they will not start up. System restore is also disabled. The virus software constantly reports Web threats being blocked - up over 3200 now and climbing, but I believe those are false positives.

I do not know the name of the Malware that is on this machine, but it seems to be protecting itself very effectively. I'm currently in Safe Mode and have tried to run RKill (including the iexplore version) and they are unable to complete due to Access Denied errors when I run them. I have Malwarebytes Anti Malware running currently, but so far it hasn't detected anything.

What can I do to identify and eradicate this nasty piece of Malware and return my machine to normal function?

I eagerly await your advice.

Please note that I'm on the East Coast and will only be able to access the system during the late evening/night time hours when I'm at home from work.

Thank you.

Trakkur

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:59 AM

Posted 05 June 2012 - 02:50 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Trakkur

Trakkur
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 05 June 2012 - 06:55 AM

Gringo,

Thank you for the prompt reply.

I have one question before I run your instructions.

Should I perform them from a normally running system or should I be in Safe Mode?

Please advise.

Thanks

Trakkur

PS - The MBAM run I did before getting your instructions finished last night, and returned no infected files - which is more than likely a false positive. Sorry I ran it before being told.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:59 AM

Posted 05 June 2012 - 07:41 AM

run in normal mode
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Trakkur

Trakkur
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 05 June 2012 - 08:49 AM

Thanks Gringo.

I'll handle this when I get home tonight. You should see a post from me with the Security Check and DDS logs later today around 7-8pm EST.

The sooner I get this machine running normally again the better. I need it for some classes I'm taking right now, one of which is a Linux class where I simply can't redo 4 weeks worth of work on a new machine.

I appreciate your help.

Trakkur


One question - For DDS, should I be downloading three different files, DDS.scr, dds.pif, dds.com or just one? Please clarify. Thanks!

Edited by Trakkur, 05 June 2012 - 09:11 AM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:59 AM

Posted 05 June 2012 - 01:02 PM

Greetings

I will be online all night tonight so that is not a problem.

Download the first one and if you have any problems running it then try the next one - we only need one of them to work.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Trakkur

Trakkur
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 05 June 2012 - 01:51 PM

Excellent, thanks Gringo.

I'll see you a bit later tonight.

-Trakkur

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:59 AM

Posted 05 June 2012 - 02:23 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Trakkur

Trakkur
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 05 June 2012 - 05:33 PM

Alright, here we go.

I executed Defogger as instructed, and it completed with the finished screen - but the main window where you choose Disable or Re-Enable did not close. I had to manually close that window.

Here are the results from the execution of Security Check:

Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Trend Micro Titanium Internet Security 2012
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 27
Java version out of date!
Adobe Reader X (10.1.3)
Google Chrome 19.0.1084.46
Google Chrome 19.0.1084.52
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Badgers Desktop Malware Cleanup Apps SecurityCheck.exe
Trend Micro AMSP coreServiceShell.exe
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
Trend Micro AMSP coreFrameworkHost.exe
Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
Trend Micro Titanium UIFramework uiWinMgr.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````


I then disabled and shut down the instance of MBAM I had running and executed DDS.

Here are the results from the execution of DDS:

First the DDS.txt file:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Badgers at 18:26:25 on 2012-06-05
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.6105 [GMT -4:00]
.
AV: Trend Micro Titanium Internet Security 2012 *Disabled/Outdated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [DACSMiniApp] C:\Program Files (x86)\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVENTR~1.LNK - C:\Program Files (x86)\The Print Shop 23\Remind.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FORGET~1.LNK - C:\Program Files (x86)\Broderbund\AG CreataCard

\AGRemind.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHOTOF~1.LNK - C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO

\PhAutoRun.exe
uPolicies-explorer: DontSetAutoplayCheckbox = 0 (0x0)
uPolicies-explorer: NoAutorun = 2 (0x2)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: DontSetAutoplayCheckbox = 0 (0x0)
mPolicies-explorer: NoAutorun = 2 (0x2)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office

\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office

\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web

Printing\hpswp_BHO.dll
LSP: %SystemRoot%\system32\vsocklib.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BF93E2E9-F33D-4C9B-9C7A-D448114C1E0C} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module

\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
BHO-X64: TmBpIeBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [DACSMiniApp] C:\Program Files (x86)\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
============= SERVICES / DRIVERS ===============
.
R1 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-11-27 275912]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-2-6 13672]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-4 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-27 2214504]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]
R2 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-4-30 11839488]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 tmnciesc;tmnciesc;C:\Windows\system32\DRIVERS\tmnciesc.sys --> C:\Windows\system32\DRIVERS\tmnciesc.sys [?]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [?]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys [?]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys [?]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys [?]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18

130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3

-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-2 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-10 257696]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service

\CTAELicensing.exe [2011-11-27 79360]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-2 136176]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9

4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers

\rdpvideominiport.sys [?]
S3 tmeevw;tmeevw;C:\Windows\system32\DRIVERS\tmeevw.sys --> C:\Windows\system32\DRIVERS\tmeevw.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-05 02:58:29 -------- d-----w- C:\Users\Badgers\AppData\Roaming\Malwarebytes
2012-06-05 02:58:26 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-05 02:58:26 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-05 02:58:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-04 05:23:28 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-06-04 04:40:40 269824 ----a-w- C:\Users\Badgers\AppData\Roaming\miene.dll
2012-06-01 20:28:18 295936 ----a-w- C:\Users\Badgers\AppData\Roaming\nerip.dll
2012-05-31 16:06:55 -------- d-----w- C:\Users\Badgers\AppData\Roaming\ActiveState
2012-05-31 16:04:43 -------- d-----w- C:\Users\Badgers\AppData\Local\ActiveState
2012-05-31 15:13:48 -------- d-----w- C:\Webmin
2012-05-31 13:57:50 -------- d-----w- C:\Perl
2012-05-28 20:57:47 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-05-28 20:54:30 134672 ----a-w- C:\Windows\RegBootClean64.exe
2012-05-28 20:54:19 -------- d-----w- C:\Users\Badgers\AppData\Roaming\Soef
2012-05-28 20:54:19 -------- d-----w- C:\Users\Badgers\AppData\Roaming\Icrua
2012-05-20 04:55:27 -------- d-----w- C:\Program Files (x86)\Diablo III
2012-05-20 04:53:37 -------- d-----w- C:\ProgramData\Battle.net
2012-05-16 02:49:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-16 02:49:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-16 02:49:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-16 02:49:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-16 02:49:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-16 02:49:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-16 02:49:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-05-12 00:10:10 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-12 00:10:09 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-12 00:10:06 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-12 00:10:05 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-12 00:10:04 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-12 00:10:04 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-12 00:09:45 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-12 00:09:36 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-12 00:09:33 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 00:09:33 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-12 00:09:33 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-12 00:09:33 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-12 00:09:33 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 15:58:32 63088 ----a-w- C:\Windows\System32\drivers\vmx86.sys
2012-05-11 15:58:05 354416 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe
2012-05-11 15:58:04 433264 ----a-w- C:\Windows\SysWow64\vmnat.exe
2012-05-11 15:58:01 30320 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys
2012-05-11 15:57:51 942192 ----a-w- C:\Windows\System32\vnetlib64.dll
2012-05-11 15:57:48 39024 ----a-w- C:\Windows\System32\drivers\hcmon.sys
2012-05-11 15:57:21 -------- d-----w- C:\Program Files (x86)\Common Files\VMware
2012-05-11 15:57:05 -------- d-----w- C:\Program Files\Common Files\VMware
2012-05-10 05:04:29 -------- d-----w- C:\Users\Badgers\AppData\Local\VMware
2012-05-10 04:58:05 -------- d-----w- C:\Program Files (x86)\VMware
.
==================== Find3M ====================
.
2012-05-05 04:13:19 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 04:13:19 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 04:13:03 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-30 22:26:28 252016 ----a-w- C:\Windows\SysWow64\vmnc.dll
2012-04-30 21:22:42 62064 ----a-w- C:\Windows\System32\vmnetbridge.dll
2012-04-30 21:22:42 48752 ----a-w- C:\Windows\System32\vnetinst.dll
2012-04-30 21:22:42 45680 ----a-w- C:\Windows\System32\drivers\vmnetbridge.sys
2012-04-30 21:22:42 24176 ----a-w- C:\Windows\System32\drivers\vmnet.sys
2012-04-30 21:22:42 20080 ----a-w- C:\Windows\System32\drivers\vmnetadapter.sys
2012-04-19 00:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-03-29 07:48:32 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr
.
============= FINISH: 18:27:03.86 ===============


...and now the Attach.text file:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 11/27/2011 12:32:37 AM
System Uptime: 6/5/2012 6:14:14 PM (0 hours ago)
.
Motherboard: EVGA | | 122-CK-NF68
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/267mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 931 GiB total, 657.885 GiB free.
D: is CDROM ()
E: is CDROM (UDF)
F: is Removable
G: is FIXED (NTFS) - 932 GiB total, 779.23 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart 2600 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart 2600 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: tmeevw
Device ID: ROOT\LEGACY_TMEEVW\0000
Manufacturer:
Name: tmeevw
PNP Device ID: ROOT\LEGACY_TMEEVW\0000
Service: tmeevw
.
==== System Restore Points ===================
.
RP100: 5/31/2012 2:11:19 AM - Installed Magic Online
RP101: 5/31/2012 9:43:03 AM - Installed ActivePerl 5.14.2 Build 1402 (64-bit)
RP102: 5/31/2012 9:49:19 AM - Installed ActivePerl 5.14.2 Build 1402 (64-bit)
RP103: 5/31/2012 9:57:18 AM - Installed ActivePerl 5.14.2 Build 1402 (64-bit)
RP104: 6/4/2012 5:43:22 PM - Installed The Sims 3
RP105: 6/5/2012 12:55:48 AM - Windows Update
.
==== Installed Programs ======================
.
.
2600
2600_Help
2600Trb
Adobe AIR
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
American Greetings CreataCard Select 6
Apple Application Support
Apple Software Update
ArcSoft Software Suite
Audio Control Panel
Avanquest update
Battle.net
BufferChm
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.11
Canon Utilities EOS Sample Music
Canon Utilities EOS Utility
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
Canon Utilities Movie Uploader for YouTube
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Copy
Coupon Printer for Windows
Daniusoft Video Converter Ultimate(Build 3.1.1.0)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
Diablo
Diablo III
DocProc
eReg
Fax
Free Realms
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Hewlett-Packard ACLM.NET v1.1.0.0
Hitman: Codename 47
Host OpenAL
HP Product Detection
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Java Auto Updater
Java™ 6 Update 27
LG CyberLink LabelPrint
LG CyberLink Power2Go
LG CyberLink PowerBackup
LG CyberLink PowerProducer
LG CyberLink YouCam
LG Power Tools
LightScribe System Software
Magic Online
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
Mass Effect™ 3
Mass Effect™ 3 Demo
Microsoft .NET Framework 1.1
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Standard 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Web Publishing Wizard 1.52
Microsoft WSE 3.0 Runtime
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyLabel Designer Deluxe
neroxml
Network Play System (Patching)
NVIDIA PhysX
Origin
PHOTOfunSTUDIO HD Edition
Picasa 3
QuickTime
Safari
Scan
School Zone - Golden Scholar
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
SmartWebPrinting
SolutionCenter
Status
Steam
swMSM
The Digital Arts and Crafts Studio
The Print Shop 23
The Sims 2
The Sims Makin' Magic
The Sims™ 2 Bon Voyage
The Sims™ 3
The Sims™ 3 Generations
The Sims™ 3 Pets
Toolbox
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
TrayApp
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wnjiper
TurboTax 2011 wrapper
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VMware Workstation
VoiceOver Kit
Webmin (remove only)
WebReg
Win7codecs
Wizard101
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
6/5/2012 6:26:50 PM, Error: Service Control Manager [7000] - The tmeevw service failed to start due to the following error: There are no more endpoints available from the endpoint mapper.
6/5/2012 6:15:00 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
6/5/2012 6:15:00 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
6/5/2012 6:14:36 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
6/5/2012 6:14:33 PM, Error: Service Control Manager [7000] - The Cyberlink RichVideo Service(CRVS) service failed to start due to the following error: The system cannot find the file specified.
6/5/2012 12:54:31 AM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
6/5/2012 12:54:31 AM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
6/5/2012 12:48:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
6/5/2012 12:48:04 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 4 time(s).
6/5/2012 12:46:42 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s).
6/5/2012 12:44:58 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/5/2012 12:44:58 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/5/2012 12:37:31 AM, Error: Service Control Manager [7000] - The Security Center service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
6/5/2012 1:23:45 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
6/5/2012 1:23:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/5/2012 1:23:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/5/2012 1:23:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/5/2012 1:23:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/5/2012 1:23:36 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr tmactmon tmcomm tmevtmgr tmtdi Wanarpv6
6/5/2012 1:23:33 AM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
6/5/2012 1:05:11 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
6/5/2012 1:05:11 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.
6/5/2012 1:05:11 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
6/5/2012 1:04:11 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Application Experience service, but this action failed with the following error: An instance of the service is already running.
6/5/2012 1:03:11 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
6/5/2012 1:03:11 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/5/2012 1:03:11 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/5/2012 1:03:11 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/5/2012 1:03:11 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/5/2012 1:03:11 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/5/2012 1:03:11 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/5/2012 1:03:11 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/5/2012 1:03:11 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/5/2012 1:03:11 AM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/5/2012 1:03:11 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/5/2012 1:03:11 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/5/2012 1:03:11 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/5/2012 1:03:11 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/5/2012 1:03:11 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/5/2012 1:03:10 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
6/3/2012 10:15:18 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Badgers-PC\Badgers SID (S-1-5-21-1278649202-3344994339-2898644916-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
5/31/2012 3:17:27 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
5/31/2012 3:17:27 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
5/30/2012 8:26:41 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
.
==== End Of File ===========================


I posted the contents of the DDS text files as per your instructions, even though the tool itself says to zip up Attach.txt and attach it to the post.

I'm standing by for further instructions and will be here all night until the wee hours of the morning. :)

Thanks again for all of your help.

-Trakkur

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:59 AM

Posted 05 June 2012 - 08:41 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Trakkur

Trakkur
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 05 June 2012 - 09:22 PM

Gringo,

I disabled Trend Micro Titanium Internet Security through the SupportTool.exe it comes with and downloaded ComboFix to my desktop.

Next I stopped all open browsers and programs - but didn't exit any programs running in the background (in the hidden icons in Windows 7) <-- Should I have stopped these as well?

I ran ComboFix and followed the prompts, after a few seconds the screen closed and no reports were produced. I didn't see any errors nor did I click in the ComboFix window while it was running. I was never prompted to reboot the computer.

Why didn't I get a report? I'd submit one if I had it. ;)

As far as how the computer is currently doing it is still in the same state it was in the beginning. My firewall is still non functional as well as my Trend Micro Titanium Internet Security 2012 install - it continues to complain about not being able to access the Internet to verify...when I'm clearly online. :)

-Trakkur

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:59 AM

Posted 05 June 2012 - 09:46 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Trakkur

Trakkur
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 05 June 2012 - 10:08 PM

Gringo,

How will I know aswMBR has completed? Will it say so on the screen? Currently it has the Save Log, Exit and FixMBR buttons active and the last two entries on the screen are red when all others have been white.

-Trakkur

#14 Trakkur

Trakkur
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 05 June 2012 - 10:31 PM

Never mind my last post...it just took a while to scan those files I suppose.

Here are the results..

TDSSKiller.exe report...no infected or suspicious files were found according to the console. No reboots were required either.

22:49:49.0733 5660 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
22:49:50.0045 5660 ============================================================
22:49:50.0045 5660 Current date / time: 2012/06/05 22:49:50.0045
22:49:50.0045 5660 SystemInfo:
22:49:50.0045 5660
22:49:50.0045 5660 OS Version: 6.1.7601 ServicePack: 1.0
22:49:50.0045 5660 Product type: Workstation
22:49:50.0045 5660 ComputerName: BADGERS-PC
22:49:50.0045 5660 UserName: Badgers
22:49:50.0045 5660 Windows directory: C:\Windows
22:49:50.0045 5660 System windows directory: C:\Windows
22:49:50.0045 5660 Running under WOW64
22:49:50.0045 5660 Processor architecture: Intel x64
22:49:50.0045 5660 Number of processors: 4
22:49:50.0045 5660 Page size: 0x1000
22:49:50.0045 5660 Boot type: Normal boot
22:49:50.0045 5660 ============================================================
22:49:50.0950 5660 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
22:49:50.0966 5660 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1D9265, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
22:49:50.0981 5660 ============================================================
22:49:50.0981 5660 \Device\Harddisk0\DR0:
22:49:50.0981 5660 MBR partitions:
22:49:50.0981 5660 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:49:50.0981 5660 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
22:49:50.0981 5660 \Device\Harddisk1\DR1:
22:49:50.0981 5660 MBR partitions:
22:49:50.0981 5660 ============================================================
22:49:51.0012 5660 C: <-> \Device\Harddisk0\DR0\Partition1
22:49:51.0012 5660 ============================================================
22:49:51.0012 5660 Initialize success
22:49:51.0012 5660 ============================================================
22:49:54.0054 5176 ============================================================
22:49:54.0054 5176 Scan started
22:49:54.0054 5176 Mode: Manual;
22:49:54.0054 5176 ============================================================
22:49:55.0568 5176 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:49:55.0568 5176 1394ohci - ok
22:49:55.0646 5176 ACDaemon (419c06524dc5a79baad9a67339c1c65c) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
22:49:55.0646 5176 ACDaemon - ok
22:49:55.0677 5176 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:49:55.0677 5176 ACPI - ok
22:49:55.0692 5176 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:49:55.0692 5176 AcpiPmi - ok
22:49:55.0739 5176 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:49:55.0755 5176 AdobeARMservice - ok
22:49:55.0864 5176 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:49:55.0864 5176 AdobeFlashPlayerUpdateSvc - ok
22:49:55.0911 5176 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:49:55.0926 5176 adp94xx - ok
22:49:55.0942 5176 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:49:55.0942 5176 adpahci - ok
22:49:55.0973 5176 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:49:55.0973 5176 adpu320 - ok
22:49:56.0004 5176 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:49:56.0004 5176 AeLookupSvc - ok
22:49:56.0036 5176 Afc (0d0e5281784c2c526ba43c2ecd374288) C:\Windows\syswow64\drivers\Afc.sys
22:49:56.0036 5176 Afc - ok
22:49:56.0098 5176 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:49:56.0098 5176 AFD - ok
22:49:56.0114 5176 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:49:56.0114 5176 agp440 - ok
22:49:56.0129 5176 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:49:56.0207 5176 ALG - ok
22:49:56.0223 5176 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:49:56.0223 5176 aliide - ok
22:49:56.0238 5176 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:49:56.0238 5176 amdide - ok
22:49:56.0254 5176 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:49:56.0254 5176 AmdK8 - ok
22:49:56.0254 5176 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:49:56.0254 5176 AmdPPM - ok
22:49:56.0285 5176 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:49:56.0285 5176 amdsata - ok
22:49:56.0301 5176 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:49:56.0301 5176 amdsbs - ok
22:49:56.0316 5176 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:49:56.0316 5176 amdxata - ok
22:49:56.0379 5176 Amsp (1b7d1f0a0dfadbc797c16364792a7aa5) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
22:49:56.0379 5176 Amsp - ok
22:49:56.0410 5176 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:49:56.0410 5176 AppID - ok
22:49:56.0426 5176 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:49:56.0426 5176 AppIDSvc - ok
22:49:56.0457 5176 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
22:49:56.0457 5176 Appinfo - ok
22:49:56.0535 5176 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:49:56.0535 5176 Apple Mobile Device - ok
22:49:56.0566 5176 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
22:49:56.0566 5176 AppMgmt - ok
22:49:56.0582 5176 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:49:56.0582 5176 arc - ok
22:49:56.0597 5176 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:49:56.0597 5176 arcsas - ok
22:49:56.0628 5176 aspnet_state - ok
22:49:56.0644 5176 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:49:56.0644 5176 AsyncMac - ok
22:49:56.0660 5176 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:49:56.0660 5176 atapi - ok
22:49:56.0722 5176 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:49:56.0738 5176 AudioEndpointBuilder - ok
22:49:56.0753 5176 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:49:56.0753 5176 AudioSrv - ok
22:49:56.0769 5176 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
22:49:56.0769 5176 AxInstSV - ok
22:49:56.0816 5176 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:49:56.0816 5176 b06bdrv - ok
22:49:56.0847 5176 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:49:56.0909 5176 b57nd60a - ok
22:49:56.0925 5176 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:49:56.0956 5176 BDESVC - ok
22:49:56.0972 5176 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:49:56.0972 5176 Beep - ok
22:49:57.0050 5176 bgsvcgen (acc9c8c560c567fad6f79c977ab2ea09) C:\Windows\SysWOW64\bgsvcgen.exe
22:49:57.0050 5176 bgsvcgen - ok
22:49:57.0096 5176 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
22:49:57.0112 5176 BITS - ok
22:49:57.0143 5176 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:49:57.0143 5176 blbdrive - ok
22:49:57.0206 5176 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:49:57.0221 5176 Bonjour Service - ok
22:49:57.0252 5176 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:49:57.0252 5176 bowser - ok
22:49:57.0252 5176 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:49:57.0252 5176 BrFiltLo - ok
22:49:57.0268 5176 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:49:57.0268 5176 BrFiltUp - ok
22:49:57.0284 5176 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
22:49:57.0284 5176 BridgeMP - ok
22:49:57.0299 5176 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:49:57.0299 5176 Browser - ok
22:49:57.0315 5176 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:49:57.0315 5176 Brserid - ok
22:49:57.0330 5176 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:49:57.0330 5176 BrSerWdm - ok
22:49:57.0330 5176 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:49:57.0330 5176 BrUsbMdm - ok
22:49:57.0330 5176 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:49:57.0346 5176 BrUsbSer - ok
22:49:57.0346 5176 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:49:57.0346 5176 BTHMODEM - ok
22:49:57.0377 5176 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:49:57.0377 5176 bthserv - ok
22:49:57.0393 5176 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:49:57.0393 5176 cdfs - ok
22:49:57.0408 5176 cdrbsdrv (9edd76d0800a022ae10b9243d0224e72) C:\Windows\system32\drivers\cdrbsdrv.sys
22:49:57.0408 5176 cdrbsdrv - ok
22:49:57.0440 5176 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
22:49:57.0440 5176 cdrom - ok
22:49:57.0486 5176 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:49:57.0486 5176 CertPropSvc - ok
22:49:57.0486 5176 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:49:57.0486 5176 circlass - ok
22:49:57.0518 5176 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:49:57.0533 5176 CLFS - ok
22:49:57.0580 5176 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:49:57.0580 5176 clr_optimization_v2.0.50727_32 - ok
22:49:57.0611 5176 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:49:57.0611 5176 clr_optimization_v2.0.50727_64 - ok
22:49:57.0642 5176 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:49:57.0642 5176 clr_optimization_v4.0.30319_32 - ok
22:49:57.0674 5176 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:49:57.0674 5176 clr_optimization_v4.0.30319_64 - ok
22:49:57.0689 5176 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:49:57.0689 5176 CmBatt - ok
22:49:57.0705 5176 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:49:57.0705 5176 cmdide - ok
22:49:57.0752 5176 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
22:49:57.0798 5176 CNG - ok
22:49:57.0814 5176 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:49:57.0814 5176 Compbatt - ok
22:49:57.0830 5176 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:49:57.0830 5176 CompositeBus - ok
22:49:57.0830 5176 COMSysApp - ok
22:49:57.0845 5176 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:49:57.0845 5176 crcdisk - ok
22:49:57.0876 5176 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
22:49:57.0876 5176 Creative Audio Engine Licensing Service - ok
22:49:57.0908 5176 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
22:49:57.0908 5176 CryptSvc - ok
22:49:57.0954 5176 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
22:49:57.0970 5176 CSC - ok
22:49:58.0001 5176 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
22:49:58.0017 5176 CscService - ok
22:49:58.0032 5176 CTAudSvcService (07ba6d17e66879018b30b6c3f976ebed) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
22:49:58.0048 5176 CTAudSvcService - ok
22:49:58.0079 5176 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:49:58.0095 5176 DcomLaunch - ok
22:49:58.0126 5176 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:49:58.0126 5176 defragsvc - ok
22:49:58.0173 5176 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:49:58.0173 5176 DfsC - ok
22:49:58.0204 5176 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
22:49:58.0204 5176 Dhcp - ok
22:49:58.0235 5176 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:49:58.0235 5176 discache - ok
22:49:58.0251 5176 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:49:58.0251 5176 Disk - ok
22:49:58.0282 5176 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
22:49:58.0282 5176 Dnscache - ok
22:49:58.0313 5176 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
22:49:58.0313 5176 dot3svc - ok
22:49:58.0344 5176 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
22:49:58.0344 5176 Dot4 - ok
22:49:58.0360 5176 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:49:58.0360 5176 Dot4Print - ok
22:49:58.0391 5176 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
22:49:58.0391 5176 dot4usb - ok
22:49:58.0407 5176 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:49:58.0407 5176 DPS - ok
22:49:58.0422 5176 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:49:58.0422 5176 drmkaud - ok
22:49:58.0500 5176 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:49:58.0500 5176 DXGKrnl - ok
22:49:58.0532 5176 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:49:58.0547 5176 EapHost - ok
22:49:58.0688 5176 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:49:58.0734 5176 ebdrv - ok
22:49:58.0828 5176 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
22:49:58.0828 5176 EFS - ok
22:49:58.0890 5176 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:49:58.0890 5176 ehRecvr - ok
22:49:58.0922 5176 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:49:58.0922 5176 ehSched - ok
22:49:58.0953 5176 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:49:58.0968 5176 elxstor - ok
22:49:58.0984 5176 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:49:58.0984 5176 ErrDev - ok
22:49:59.0031 5176 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:49:59.0046 5176 EventSystem - ok
22:49:59.0046 5176 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:49:59.0046 5176 exfat - ok
22:49:59.0078 5176 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:49:59.0078 5176 fastfat - ok
22:49:59.0140 5176 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:49:59.0140 5176 Fax - ok
22:49:59.0156 5176 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:49:59.0156 5176 fdc - ok
22:49:59.0156 5176 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:49:59.0156 5176 fdPHost - ok
22:49:59.0171 5176 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:49:59.0171 5176 FDResPub - ok
22:49:59.0171 5176 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:49:59.0187 5176 FileInfo - ok
22:49:59.0187 5176 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:49:59.0202 5176 Filetrace - ok
22:49:59.0202 5176 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:49:59.0202 5176 flpydisk - ok
22:49:59.0234 5176 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:49:59.0234 5176 FltMgr - ok
22:49:59.0312 5176 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
22:49:59.0327 5176 FontCache - ok
22:49:59.0374 5176 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:49:59.0374 5176 FontCache3.0.0.0 - ok
22:49:59.0374 5176 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:49:59.0390 5176 FsDepends - ok
22:49:59.0405 5176 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
22:49:59.0405 5176 Fs_Rec - ok
22:49:59.0436 5176 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:49:59.0436 5176 fvevol - ok
22:49:59.0452 5176 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:49:59.0452 5176 gagp30kx - ok
22:49:59.0499 5176 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:49:59.0499 5176 GEARAspiWDM - ok
22:49:59.0546 5176 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:49:59.0561 5176 gpsvc - ok
22:49:59.0639 5176 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:49:59.0639 5176 gupdate - ok
22:49:59.0639 5176 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:49:59.0639 5176 gupdatem - ok
22:49:59.0670 5176 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:49:59.0686 5176 gusvc - ok
22:49:59.0733 5176 hcmon (adb4348da1345877b04e22203afc8993) C:\Windows\system32\drivers\hcmon.sys
22:49:59.0733 5176 hcmon - ok
22:49:59.0748 5176 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:49:59.0764 5176 hcw85cir - ok
22:49:59.0811 5176 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:49:59.0811 5176 HdAudAddService - ok
22:49:59.0826 5176 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:49:59.0826 5176 HDAudBus - ok
22:49:59.0842 5176 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:49:59.0842 5176 HidBatt - ok
22:49:59.0842 5176 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:49:59.0842 5176 HidBth - ok
22:49:59.0858 5176 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:49:59.0858 5176 HidIr - ok
22:49:59.0873 5176 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
22:49:59.0873 5176 hidserv - ok
22:49:59.0889 5176 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:49:59.0889 5176 HidUsb - ok
22:49:59.0920 5176 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:49:59.0920 5176 hkmsvc - ok
22:49:59.0951 5176 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:49:59.0951 5176 HomeGroupListener - ok
22:49:59.0982 5176 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:49:59.0982 5176 HomeGroupProvider - ok
22:50:00.0060 5176 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
22:50:00.0060 5176 hpqcxs08 - ok
22:50:00.0092 5176 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
22:50:00.0092 5176 hpqddsvc - ok
22:50:00.0123 5176 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:50:00.0123 5176 HpSAMD - ok
22:50:00.0201 5176 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
22:50:00.0201 5176 HPSLPSVC - ok
22:50:00.0263 5176 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:50:00.0279 5176 HTTP - ok
22:50:00.0294 5176 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:50:00.0294 5176 hwpolicy - ok
22:50:00.0310 5176 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:50:00.0310 5176 i8042prt - ok
22:50:00.0341 5176 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:50:00.0357 5176 iaStorV - ok
22:50:00.0435 5176 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:50:00.0435 5176 idsvc - ok
22:50:00.0450 5176 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:50:00.0450 5176 iirsp - ok
22:50:00.0513 5176 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:50:00.0513 5176 IKEEXT - ok
22:50:00.0544 5176 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:50:00.0544 5176 intelide - ok
22:50:00.0560 5176 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:50:00.0560 5176 intelppm - ok
22:50:00.0638 5176 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
22:50:00.0638 5176 IntuitUpdateServiceV4 - ok
22:50:00.0653 5176 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:50:00.0653 5176 IPBusEnum - ok
22:50:00.0684 5176 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:50:00.0684 5176 IpFilterDriver - ok
22:50:00.0731 5176 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
22:50:00.0747 5176 iphlpsvc - ok
22:50:00.0762 5176 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:50:00.0762 5176 IPMIDRV - ok
22:50:00.0778 5176 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:50:00.0778 5176 IPNAT - ok
22:50:00.0856 5176 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
22:50:00.0856 5176 iPod Service - ok
22:50:00.0872 5176 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:50:00.0872 5176 IRENUM - ok
22:50:00.0903 5176 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:50:00.0903 5176 isapnp - ok
22:50:00.0918 5176 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:50:00.0918 5176 iScsiPrt - ok
22:50:00.0934 5176 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:50:00.0934 5176 kbdclass - ok
22:50:00.0950 5176 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
22:50:00.0950 5176 kbdhid - ok
22:50:00.0981 5176 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:50:00.0981 5176 KeyIso - ok
22:50:00.0996 5176 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:50:00.0996 5176 KSecDD - ok
22:50:01.0012 5176 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:50:01.0012 5176 KSecPkg - ok
22:50:01.0028 5176 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:50:01.0028 5176 ksthunk - ok
22:50:01.0059 5176 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:50:01.0059 5176 KtmRm - ok
22:50:01.0090 5176 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
22:50:01.0090 5176 LanmanServer - ok
22:50:01.0121 5176 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:50:01.0121 5176 LanmanWorkstation - ok
22:50:01.0199 5176 LBTServ (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
22:50:01.0199 5176 LBTServ - ok
22:50:01.0230 5176 LEqdUsb (ed7ec050cd6c20e1a93a4dafb7efd14d) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
22:50:01.0230 5176 LEqdUsb - ok
22:50:01.0262 5176 LHidEqd (3267bc698e29474a8381e68904eb0390) C:\Windows\system32\DRIVERS\LHidEqd.Sys
22:50:01.0262 5176 LHidEqd - ok
22:50:01.0277 5176 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
22:50:01.0277 5176 LHidFilt - ok
22:50:01.0293 5176 LightScribeService (2238b91ac1a12cc6cc4c4fed41258b2a) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
22:50:01.0293 5176 LightScribeService - ok
22:50:01.0308 5176 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:50:01.0308 5176 lltdio - ok
22:50:01.0355 5176 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:50:01.0355 5176 lltdsvc - ok
22:50:01.0371 5176 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:50:01.0371 5176 lmhosts - ok
22:50:01.0371 5176 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
22:50:01.0371 5176 LMouFilt - ok
22:50:01.0418 5176 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:50:01.0418 5176 LSI_FC - ok
22:50:01.0433 5176 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:50:01.0433 5176 LSI_SAS - ok
22:50:01.0449 5176 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:50:01.0449 5176 LSI_SAS2 - ok
22:50:01.0464 5176 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:50:01.0464 5176 LSI_SCSI - ok
22:50:01.0480 5176 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:50:01.0480 5176 luafv - ok
22:50:01.0527 5176 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
22:50:01.0527 5176 MBAMProtector - ok
22:50:01.0589 5176 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:50:01.0589 5176 MBAMService - ok
22:50:01.0620 5176 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:50:01.0620 5176 Mcx2Svc - ok
22:50:01.0667 5176 MDM (e416e967e3fb6fb1e9ae12b9c7dab526) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
22:50:01.0667 5176 MDM - ok
22:50:01.0683 5176 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:50:01.0683 5176 megasas - ok
22:50:01.0714 5176 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:50:01.0730 5176 MegaSR - ok
22:50:01.0745 5176 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:50:01.0745 5176 MMCSS - ok
22:50:01.0761 5176 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:50:01.0761 5176 Modem - ok
22:50:01.0776 5176 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:50:01.0776 5176 monitor - ok
22:50:01.0792 5176 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:50:01.0792 5176 mouclass - ok
22:50:01.0808 5176 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:50:01.0808 5176 mouhid - ok
22:50:01.0823 5176 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:50:01.0823 5176 mountmgr - ok
22:50:01.0854 5176 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:50:01.0854 5176 mpio - ok
22:50:01.0854 5176 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:50:01.0854 5176 mpsdrv - ok
22:50:01.0886 5176 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:50:01.0886 5176 MRxDAV - ok
22:50:01.0901 5176 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:50:01.0901 5176 mrxsmb - ok
22:50:01.0932 5176 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:50:01.0932 5176 mrxsmb10 - ok
22:50:01.0964 5176 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:50:01.0964 5176 mrxsmb20 - ok
22:50:01.0979 5176 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:50:01.0979 5176 msahci - ok
22:50:01.0995 5176 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:50:02.0010 5176 msdsm - ok
22:50:02.0026 5176 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:50:02.0026 5176 MSDTC - ok
22:50:02.0057 5176 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:50:02.0057 5176 Msfs - ok
22:50:02.0057 5176 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:50:02.0057 5176 mshidkmdf - ok
22:50:02.0073 5176 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:50:02.0073 5176 msisadrv - ok
22:50:02.0104 5176 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:50:02.0104 5176 MSiSCSI - ok
22:50:02.0120 5176 msiserver - ok
22:50:02.0120 5176 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:50:02.0120 5176 MSKSSRV - ok
22:50:02.0135 5176 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:50:02.0135 5176 MSPCLOCK - ok
22:50:02.0135 5176 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:50:02.0135 5176 MSPQM - ok
22:50:02.0166 5176 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:50:02.0166 5176 MsRPC - ok
22:50:02.0198 5176 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:50:02.0198 5176 mssmbios - ok
22:50:02.0198 5176 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:50:02.0198 5176 MSTEE - ok
22:50:02.0213 5176 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:50:02.0213 5176 MTConfig - ok
22:50:02.0229 5176 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:50:02.0229 5176 Mup - ok
22:50:02.0260 5176 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:50:02.0291 5176 napagent - ok
22:50:02.0322 5176 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:50:02.0322 5176 NativeWifiP - ok
22:50:02.0385 5176 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:50:02.0385 5176 NDIS - ok
22:50:02.0400 5176 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:50:02.0416 5176 NdisCap - ok
22:50:02.0416 5176 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:50:02.0416 5176 NdisTapi - ok
22:50:02.0447 5176 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:50:02.0447 5176 Ndisuio - ok
22:50:02.0478 5176 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:50:02.0478 5176 NdisWan - ok
22:50:02.0494 5176 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:50:02.0510 5176 NDProxy - ok
22:50:02.0541 5176 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
22:50:02.0541 5176 Net Driver HPZ12 - ok
22:50:02.0556 5176 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:50:02.0556 5176 NetBIOS - ok
22:50:02.0572 5176 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:50:02.0572 5176 NetBT - ok
22:50:02.0603 5176 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:50:02.0603 5176 Netlogon - ok
22:50:02.0666 5176 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:50:02.0666 5176 Netman - ok
22:50:02.0697 5176 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:50:02.0697 5176 netprofm - ok
22:50:02.0759 5176 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:50:02.0759 5176 NetTcpPortSharing - ok
22:50:02.0790 5176 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:50:02.0790 5176 nfrd960 - ok
22:50:02.0837 5176 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:50:02.0837 5176 NlaSvc - ok
22:50:02.0853 5176 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:50:02.0853 5176 Npfs - ok
22:50:02.0853 5176 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:50:02.0853 5176 nsi - ok
22:50:02.0868 5176 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:50:02.0868 5176 nsiproxy - ok
22:50:02.0962 5176 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:50:02.0978 5176 Ntfs - ok
22:50:03.0056 5176 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:50:03.0056 5176 Null - ok
22:50:03.0102 5176 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
22:50:03.0102 5176 NVENETFD - ok
22:50:03.0773 5176 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:50:03.0851 5176 nvlddmkm - ok
22:50:03.0914 5176 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:50:03.0929 5176 nvraid - ok
22:50:03.0945 5176 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:50:03.0945 5176 nvstor - ok
22:50:04.0007 5176 nvsvc (dfda089bb2cd0ff7e789e2ef6ba1e4ba) C:\Windows\system32\nvvsvc.exe
22:50:04.0007 5176 nvsvc - ok
22:50:04.0132 5176 nvUpdatusService (e7818cd4fb51284c948d68a7a85a69b8) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
22:50:04.0148 5176 nvUpdatusService - ok
22:50:04.0194 5176 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:50:04.0194 5176 nv_agp - ok
22:50:04.0210 5176 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:50:04.0210 5176 ohci1394 - ok
22:50:04.0272 5176 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:50:04.0272 5176 ose - ok
22:50:04.0506 5176 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:50:04.0538 5176 osppsvc - ok
22:50:04.0647 5176 P17 (edd1dcd36f6115acc6935c3f88ff54d7) C:\Windows\system32\drivers\P17.sys
22:50:04.0662 5176 P17 - ok
22:50:04.0678 5176 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:50:04.0678 5176 p2pimsvc - ok
22:50:04.0709 5176 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:50:04.0725 5176 p2psvc - ok
22:50:04.0740 5176 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:50:04.0740 5176 Parport - ok
22:50:04.0772 5176 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
22:50:04.0772 5176 partmgr - ok
22:50:04.0787 5176 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:50:04.0787 5176 PcaSvc - ok
22:50:04.0803 5176 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:50:04.0803 5176 pci - ok
22:50:04.0818 5176 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:50:04.0818 5176 pciide - ok
22:50:04.0850 5176 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:50:04.0912 5176 pcmcia - ok
22:50:04.0928 5176 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:50:04.0928 5176 pcw - ok
22:50:04.0959 5176 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:50:04.0974 5176 PEAUTH - ok
22:50:05.0052 5176 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
22:50:05.0084 5176 PeerDistSvc - ok
22:50:05.0130 5176 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:50:05.0130 5176 PerfHost - ok
22:50:05.0240 5176 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:50:05.0271 5176 pla - ok
22:50:05.0318 5176 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:50:05.0318 5176 PlugPlay - ok
22:50:05.0349 5176 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
22:50:05.0349 5176 Pml Driver HPZ12 - ok
22:50:05.0364 5176 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:50:05.0364 5176 PNRPAutoReg - ok
22:50:05.0380 5176 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:50:05.0380 5176 PNRPsvc - ok
22:50:05.0411 5176 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:50:05.0427 5176 PolicyAgent - ok
22:50:05.0442 5176 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:50:05.0442 5176 Power - ok
22:50:05.0474 5176 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:50:05.0489 5176 PptpMiniport - ok
22:50:05.0489 5176 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:50:05.0505 5176 Processor - ok
22:50:05.0520 5176 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
22:50:05.0520 5176 ProfSvc - ok
22:50:05.0536 5176 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:50:05.0536 5176 ProtectedStorage - ok
22:50:05.0567 5176 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:50:05.0567 5176 Psched - ok
22:50:05.0645 5176 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:50:05.0661 5176 ql2300 - ok
22:50:05.0723 5176 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:50:05.0723 5176 ql40xx - ok
22:50:05.0754 5176 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:50:05.0754 5176 QWAVE - ok
22:50:05.0770 5176 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:50:05.0770 5176 QWAVEdrv - ok
22:50:05.0786 5176 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:50:05.0786 5176 RasAcd - ok
22:50:05.0801 5176 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:50:05.0801 5176 RasAgileVpn - ok
22:50:05.0817 5176 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:50:05.0817 5176 RasAuto - ok
22:50:05.0832 5176 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:50:05.0832 5176 Rasl2tp - ok
22:50:05.0864 5176 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:50:05.0864 5176 RasMan - ok
22:50:05.0879 5176 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:50:05.0879 5176 RasPppoe - ok
22:50:05.0895 5176 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:50:05.0895 5176 RasSstp - ok
22:50:05.0910 5176 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:50:05.0926 5176 rdbss - ok
22:50:05.0942 5176 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:50:05.0942 5176 rdpbus - ok
22:50:05.0942 5176 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:50:05.0957 5176 RDPCDD - ok
22:50:05.0988 5176 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
22:50:05.0988 5176 RDPDR - ok
22:50:06.0004 5176 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:50:06.0004 5176 RDPENCDD - ok
22:50:06.0004 5176 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:50:06.0004 5176 RDPREFMP - ok
22:50:06.0035 5176 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
22:50:06.0035 5176 RdpVideoMiniport - ok
22:50:06.0066 5176 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
22:50:06.0066 5176 RDPWD - ok
22:50:06.0098 5176 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:50:06.0098 5176 rdyboost - ok
22:50:06.0129 5176 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:50:06.0129 5176 RemoteAccess - ok
22:50:06.0144 5176 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:50:06.0160 5176 RemoteRegistry - ok
22:50:06.0191 5176 RichVideo - ok
22:50:06.0207 5176 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:50:06.0207 5176 RpcEptMapper - ok
22:50:06.0222 5176 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:50:06.0222 5176 RpcLocator - ok
22:50:06.0254 5176 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:50:06.0254 5176 RpcSs - ok
22:50:06.0285 5176 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:50:06.0285 5176 rspndr - ok
22:50:06.0300 5176 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
22:50:06.0300 5176 s3cap - ok
22:50:06.0300 5176 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:50:06.0316 5176 SamSs - ok
22:50:06.0332 5176 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:50:06.0332 5176 sbp2port - ok
22:50:06.0347 5176 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:50:06.0347 5176 SCardSvr - ok
22:50:06.0378 5176 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:50:06.0378 5176 scfilter - ok
22:50:06.0441 5176 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:50:06.0456 5176 Schedule - ok
22:50:06.0472 5176 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:50:06.0472 5176 SCPolicySvc - ok
22:50:06.0503 5176 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:50:06.0503 5176 SDRSVC - ok
22:50:06.0534 5176 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:50:06.0534 5176 secdrv - ok
22:50:06.0550 5176 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:50:06.0550 5176 seclogon - ok
22:50:06.0566 5176 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
22:50:06.0566 5176 SENS - ok
22:50:06.0581 5176 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:50:06.0581 5176 SensrSvc - ok
22:50:06.0597 5176 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:50:06.0597 5176 Serenum - ok
22:50:06.0612 5176 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:50:06.0612 5176 Serial - ok
22:50:06.0644 5176 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:50:06.0644 5176 sermouse - ok
22:50:06.0675 5176 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:50:06.0675 5176 SessionEnv - ok
22:50:06.0690 5176 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:50:06.0690 5176 sffdisk - ok
22:50:06.0706 5176 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:50:06.0706 5176 sffp_mmc - ok
22:50:06.0706 5176 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:50:06.0706 5176 sffp_sd - ok
22:50:06.0737 5176 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:50:06.0737 5176 sfloppy - ok
22:50:06.0768 5176 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:50:06.0784 5176 ShellHWDetection - ok
22:50:06.0800 5176 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:50:06.0815 5176 SiSRaid2 - ok
22:50:06.0831 5176 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:50:06.0831 5176 SiSRaid4 - ok
22:50:06.0831 5176 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:50:06.0831 5176 Smb - ok
22:50:06.0846 5176 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:50:06.0862 5176 SNMPTRAP - ok
22:50:06.0862 5176 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:50:06.0862 5176 spldr - ok
22:50:06.0893 5176 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:50:06.0909 5176 Spooler - ok
22:50:07.0080 5176 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:50:07.0096 5176 sppsvc - ok
22:50:07.0174 5176 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:50:07.0174 5176 sppuinotify - ok
22:50:07.0221 5176 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:50:07.0236 5176 srv - ok
22:50:07.0268 5176 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:50:07.0268 5176 srv2 - ok
22:50:07.0283 5176 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:50:07.0283 5176 srvnet - ok
22:50:07.0314 5176 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:50:07.0314 5176 SSDPSRV - ok
22:50:07.0330 5176 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:50:07.0330 5176 SstpSvc - ok
22:50:07.0361 5176 Steam Client Service - ok
22:50:07.0392 5176 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:50:07.0392 5176 stexstor - ok
22:50:07.0424 5176 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:50:07.0470 5176 stisvc - ok
22:50:07.0486 5176 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
22:50:07.0486 5176 storflt - ok
22:50:07.0517 5176 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
22:50:07.0517 5176 storvsc - ok
22:50:07.0517 5176 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:50:07.0517 5176 swenum - ok
22:50:07.0564 5176 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:50:07.0580 5176 swprv - ok
22:50:07.0580 5176 Synth3dVsc - ok
22:50:07.0689 5176 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:50:07.0704 5176 SysMain - ok
22:50:07.0751 5176 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:50:07.0767 5176 TabletInputService - ok
22:50:07.0782 5176 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:50:07.0782 5176 TapiSrv - ok
22:50:07.0798 5176 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:50:07.0798 5176 TBS - ok
22:50:07.0907 5176 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
22:50:07.0938 5176 Tcpip - ok
22:50:08.0048 5176 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
22:50:08.0063 5176 TCPIP6 - ok
22:50:08.0126 5176 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:50:08.0126 5176 tcpipreg - ok
22:50:08.0141 5176 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:50:08.0141 5176 TDPIPE - ok
22:50:08.0172 5176 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:50:08.0172 5176 TDTCP - ok
22:50:08.0188 5176 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:50:08.0188 5176 tdx - ok
22:50:08.0204 5176 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:50:08.0204 5176 TermDD - ok
22:50:08.0235 5176 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:50:08.0250 5176 TermService - ok
22:50:08.0250 5176 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:50:08.0250 5176 Themes - ok
22:50:08.0266 5176 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:50:08.0266 5176 THREADORDER - ok
22:50:08.0297 5176 tmactmon (e386dd8ec68c67ca3e2a3abdc1df5c56) C:\Windows\system32\DRIVERS\tmactmon.sys
22:50:08.0297 5176 tmactmon - ok
22:50:08.0328 5176 tmcomm (ab011c569487fd65c8944ddf8cbb2572) C:\Windows\system32\DRIVERS\tmcomm.sys
22:50:08.0328 5176 tmcomm - ok
22:50:08.0344 5176 tmeevw (1161f882b3cfa8076870a09924e0adc2) C:\Windows\system32\DRIVERS\tmeevw.sys
22:50:08.0344 5176 tmeevw - ok
22:50:08.0360 5176 tmevtmgr (8870a3d7305455b47adccd226f8e51bc) C:\Windows\system32\DRIVERS\tmevtmgr.sys
22:50:08.0360 5176 tmevtmgr - ok
22:50:08.0375 5176 tmnciesc (f0ae672ee91e7f1ef24644621b57ca7f) C:\Windows\system32\DRIVERS\tmnciesc.sys
22:50:08.0391 5176 tmnciesc - ok
22:50:08.0391 5176 tmtdi (065cb7d9278d778fb9ef62cead01433f) C:\Windows\system32\DRIVERS\tmtdi.sys
22:50:08.0391 5176 tmtdi - ok
22:50:08.0406 5176 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:50:08.0406 5176 TrkWks - ok
22:50:08.0453 5176 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:50:08.0453 5176 TrustedInstaller - ok
22:50:08.0469 5176 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:50:08.0469 5176 tssecsrv - ok
22:50:08.0484 5176 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:50:08.0500 5176 TsUsbFlt - ok
22:50:08.0516 5176 tsusbhub - ok
22:50:08.0547 5176 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:50:08.0547 5176 tunnel - ok
22:50:08.0578 5176 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:50:08.0594 5176 uagp35 - ok
22:50:08.0640 5176 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:50:08.0640 5176 udfs - ok
22:50:08.0734 5176 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:50:08.0734 5176 UI0Detect - ok
22:50:08.0765 5176 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:50:08.0765 5176 uliagpkx - ok
22:50:08.0796 5176 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
22:50:08.0796 5176 umbus - ok
22:50:08.0796 5176 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:50:08.0796 5176 UmPass - ok
22:50:08.0812 5176 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
22:50:08.0828 5176 UmRdpService - ok
22:50:08.0859 5176 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:50:08.0859 5176 upnphost - ok
22:50:08.0906 5176 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
22:50:08.0906 5176 USBAAPL64 - ok
22:50:08.0921 5176 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:50:08.0921 5176 usbccgp - ok
22:50:08.0937 5176 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:50:08.0952 5176 usbcir - ok
22:50:08.0968 5176 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
22:50:08.0968 5176 usbehci - ok
22:50:08.0984 5176 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:50:08.0999 5176 usbhub - ok
22:50:08.0999 5176 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
22:50:08.0999 5176 usbohci - ok
22:50:09.0015 5176 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:50:09.0015 5176 usbprint - ok
22:50:09.0046 5176 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:50:09.0046 5176 usbscan - ok
22:50:09.0062 5176 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:50:09.0062 5176 USBSTOR - ok
22:50:09.0077 5176 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:50:09.0077 5176 usbuhci - ok
22:50:09.0093 5176 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:50:09.0108 5176 UxSms - ok
22:50:09.0124 5176 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:50:09.0124 5176 VaultSvc - ok
22:50:09.0140 5176 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:50:09.0140 5176 vdrvroot - ok
22:50:09.0186 5176 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:50:09.0186 5176 vds - ok
22:50:09.0202 5176 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:50:09.0202 5176 vga - ok
22:50:09.0218 5176 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:50:09.0218 5176 VgaSave - ok
22:50:09.0218 5176 VGPU - ok
22:50:09.0249 5176 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:50:09.0249 5176 vhdmp - ok
22:50:09.0264 5176 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:50:09.0264 5176 viaide - ok
22:50:09.0311 5176 VMAuthdService (94cf2d157c8fd9089afa5da78aa64c65) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
22:50:09.0311 5176 VMAuthdService - ok
22:50:09.0342 5176 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
22:50:09.0342 5176 vmbus - ok
22:50:09.0342 5176 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
22:50:09.0358 5176 VMBusHID - ok
22:50:09.0389 5176 vmci (87fc1dd880e8cac4faebb84af61a87c4) C:\Windows\system32\DRIVERS\vmci.sys
22:50:09.0389 5176 vmci - ok
22:50:09.0436 5176 VMnetAdapter (b259c31378bc855afd1b53f59311c251) C:\Windows\system32\DRIVERS\vmnetadapter.sys
22:50:09.0436 5176 VMnetAdapter - ok
22:50:09.0467 5176 VMnetBridge (dec4ce720ffeda939cf1ba315cfbd993) C:\Windows\system32\DRIVERS\vmnetbridge.sys
22:50:09.0467 5176 VMnetBridge - ok
22:50:09.0467 5176 VMnetDHCP - ok
22:50:09.0483 5176 VMnetuserif (ec9456d3e0e194d67d7430c7ab4eab2c) C:\Windows\system32\drivers\vmnetuserif.sys
22:50:09.0483 5176 VMnetuserif - ok
22:50:09.0530 5176 vmusb (415b167695c4b5960a13098622ef3d80) C:\Windows\system32\Drivers\vmusb.sys
22:50:09.0530 5176 vmusb - ok
22:50:09.0608 5176 VMUSBArbService (18903ca7936912c337c9d28858880cf2) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
22:50:09.0608 5176 VMUSBArbService - ok
22:50:09.0623 5176 VMware NAT Service - ok
22:50:10.0060 5176 VMwareHostd (8c01ae115e9e6806a25a9b5136fd6fc0) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
22:50:10.0122 5176 VMwareHostd - ok
22:50:10.0216 5176 vmx86 (940933def15495d50dc1232e28c70b48) C:\Windows\system32\drivers\vmx86.sys
22:50:10.0216 5176 vmx86 - ok
22:50:10.0232 5176 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:50:10.0232 5176 volmgr - ok
22:50:10.0278 5176 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:50:10.0294 5176 volmgrx - ok
22:50:10.0310 5176 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:50:10.0310 5176 volsnap - ok
22:50:10.0341 5176 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:50:10.0341 5176 vsmraid - ok
22:50:10.0434 5176 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:50:10.0450 5176 VSS - ok
22:50:10.0481 5176 vstor2-mntapi10-shared (6107e33a30c0b923f31c872e1980d2d1) C:\Windows\syswow64\drivers\vstor2-mntapi10-shared.sys
22:50:10.0481 5176 vstor2-mntapi10-shared - ok
22:50:10.0528 5176 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
22:50:10.0528 5176 vwifibus - ok
22:50:10.0575 5176 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:50:10.0590 5176 W32Time - ok
22:50:10.0606 5176 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:50:10.0606 5176 WacomPen - ok
22:50:10.0622 5176 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:50:10.0637 5176 WANARP - ok
22:50:10.0637 5176 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:50:10.0637 5176 Wanarpv6 - ok
22:50:10.0715 5176 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
22:50:10.0731 5176 WatAdminSvc - ok
22:50:10.0824 5176 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:50:10.0840 5176 wbengine - ok
22:50:10.0887 5176 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:50:10.0887 5176 WbioSrvc - ok
22:50:10.0934 5176 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:50:10.0949 5176 wcncsvc - ok
22:50:10.0965 5176 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:50:10.0965 5176 WcsPlugInService - ok
22:50:10.0980 5176 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:50:10.0980 5176 Wd - ok
22:50:11.0027 5176 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:50:11.0043 5176 Wdf01000 - ok
22:50:11.0058 5176 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:50:11.0058 5176 WdiServiceHost - ok
22:50:11.0058 5176 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:50:11.0074 5176 WdiSystemHost - ok
22:50:11.0090 5176 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:50:11.0090 5176 WebClient - ok
22:50:11.0121 5176 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:50:11.0121 5176 Wecsvc - ok
22:50:11.0136 5176 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:50:11.0136 5176 wercplsupport - ok
22:50:11.0152 5176 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:50:11.0152 5176 WerSvc - ok
22:50:11.0168 5176 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:50:11.0168 5176 WfpLwf - ok
22:50:11.0183 5176 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:50:11.0183 5176 WIMMount - ok
22:50:11.0199 5176 WinDefend - ok
22:50:11.0199 5176 WinHttpAutoProxySvc - ok
22:50:11.0246 5176 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:50:11.0246 5176 Winmgmt - ok
22:50:11.0355 5176 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:50:11.0370 5176 WinRM - ok
22:50:11.0433 5176 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:50:11.0433 5176 WinUsb - ok
22:50:11.0495 5176 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:50:11.0511 5176 Wlansvc - ok
22:50:11.0526 5176 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:50:11.0526 5176 WmiAcpi - ok
22:50:11.0558 5176 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:50:11.0558 5176 wmiApSrv - ok
22:50:11.0573 5176 WMPNetworkSvc - ok
22:50:11.0589 5176 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:50:11.0589 5176 WPCSvc - ok
22:50:11.0604 5176 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:50:11.0604 5176 WPDBusEnum - ok
22:50:11.0620 5176 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:50:11.0620 5176 ws2ifsl - ok
22:50:11.0651 5176 WsAudio_DeviceS(1) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
22:50:11.0651 5176 WsAudio_DeviceS(1) - ok
22:50:11.0667 5176 WsAudio_DeviceS(2) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
22:50:11.0682 5176 WsAudio_DeviceS(2) - ok
22:50:11.0698 5176 WsAudio_DeviceS(3) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
22:50:11.0698 5176 WsAudio_DeviceS(3) - ok
22:50:11.0714 5176 WsAudio_DeviceS(4) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
22:50:11.0714 5176 WsAudio_DeviceS(4) - ok
22:50:11.0729 5176 WsAudio_DeviceS(5) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
22:50:11.0729 5176 WsAudio_DeviceS(5) - ok
22:50:11.0760 5176 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
22:50:11.0760 5176 wscsvc - ok
22:50:11.0760 5176 WSearch - ok
22:50:11.0885 5176 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
22:50:11.0932 5176 wuauserv - ok
22:50:11.0979 5176 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:50:11.0979 5176 WudfPf - ok
22:50:12.0010 5176 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:50:12.0010 5176 WUDFRd - ok
22:50:12.0026 5176 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:50:12.0041 5176 wudfsvc - ok
22:50:12.0057 5176 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:50:12.0072 5176 WwanSvc - ok
22:50:12.0104 5176 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:50:12.0275 5176 \Device\Harddisk0\DR0 - ok
22:50:12.0291 5176 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
22:50:12.0291 5176 \Device\Harddisk1\DR1 - ok
22:50:12.0291 5176 Boot (0x1200) (8e08600d65fcdcaad3cd7f9088edb31c) \Device\Harddisk0\DR0\Partition0
22:50:12.0291 5176 \Device\Harddisk0\DR0\Partition0 - ok
22:50:12.0291 5176 Boot (0x1200) (010f27e0e1d84b30e216b9ef8d9d170e) \Device\Harddisk0\DR0\Partition1
22:50:12.0291 5176 \Device\Harddisk0\DR0\Partition1 - ok
22:50:12.0306 5176 ============================================================
22:50:12.0306 5176 Scan finished
22:50:12.0306 5176 ============================================================
22:50:12.0306 5184 Detected object count: 0
22:50:12.0306 5184 Actual detected object count: 0
22:51:36.0237 1144 Deinitialize success


Here are the contents of the aswMBR log:



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-05 22:51:40
-----------------------------
22:51:40.366 OS Version: Windows x64 6.1.7601 Service Pack 1
22:51:40.366 Number of processors: 4 586 0xF0B
22:51:40.366 ComputerName: BADGERS-PC UserName: Badgers
22:51:41.786 Initialize success
22:52:13.831 AVAST engine defs: 12060501
22:52:20.024 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006f
22:52:20.040 Disk 0 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 3
22:52:20.040 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000070
22:52:20.040 Disk 1 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 3
22:52:20.071 Disk 0 MBR read successfully
22:52:20.071 Disk 0 MBR scan
22:52:20.071 Disk 0 Windows 7 default MBR code
22:52:20.102 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:52:20.118 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
22:52:20.180 Disk 0 scanning C:\Windows\system32\drivers
22:52:27.777 Service scanning
22:52:45.515 Modules scanning
22:52:45.515 Disk 0 trace - called modules:
22:52:45.546 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys
22:52:45.546 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008018060]
22:52:45.546 3 CLASSPNP.SYS[fffff88001bad43f] -> nt!IofCallDriver -> [0xfffffa8007c58c40]
22:52:45.546 5 ACPI.sys[fffff88000fb17a1] -> nt!IofCallDriver -> \Device\0000006f[0xfffffa8007c55060]
22:52:47.246 AVAST engine scan C:\Windows
22:52:49.586 AVAST engine scan C:\Windows\system32
22:55:03.294 AVAST engine scan C:\Windows\system32\drivers
22:55:12.170 AVAST engine scan C:\Users\Badgers
23:02:22.512 File: C:\Users\Badgers\AppData\Local\{f8c6dd05-c38e-b77e-8127-04fb576e7835}\n **INFECTED** Win64:Sirefef-F [Rtk]
23:02:48.501 File: C:\Users\Badgers\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\338b3f18-489c3e5c **INFECTED** Win32:Dropper-gen [Drp]
23:12:10.209 File: C:\Users\Badgers\AppData\Roaming\Soef\itimto.exe **INFECTED** Win32:Crypt-MYS [Trj]
23:24:03.665 AVAST engine scan C:\ProgramData
23:28:32.500 Scan finished successfully
23:29:02.325 Disk 0 MBR has been saved successfully to "C:\Users\Badgers\Desktop\MBR.dat"
23:29:02.340 The log file has been saved successfully to "C:\Users\Badgers\Desktop\aswMBR.txt"

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:59 AM

Posted 05 June 2012 - 10:36 PM

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users