Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

afd.sys problem, missing? boot performance slow


  • Please log in to reply
13 replies to this topic

#1 emak222

emak222

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 07 June 2012 - 11:45 AM

I have noticed my system takes quite a while to restart, I looked under control panel
Control Panel\All Control Panel Items\Performance Information and Tools\Advanced Tools

and there it said there was a driver causing it to load slow, afd.sys. I attached a screen shot of what the dialog box says.



Any help is much appreciated! Thanks

Attached Files

  • Attached File  afd.png   108.11KB   10 downloads

Edited by hamluis, 07 June 2012 - 12:12 PM.
Moved to Am I Infected from Win 7 - Hamluis.


BC AdBot (Login to Remove)

 


#2 JanDerek

JanDerek

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 08 June 2012 - 03:20 AM

Try formatting your System. it has this advantage when you do :
-Computer system gain back normal working condition
- May upgrade to a newer version O/S
-Computer becomes faster
-No Virus

To know more about this try looking here. : http://www.techyv.com/questions/can-i-restore-files-after-formatting

#3 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:12 PM

Posted 08 June 2012 - 10:47 AM

Hi emak222,

Please be advised that:

As this is an open area, available for any member to post in, please use caution when following the advice given. Instructions from the following member groups is to be considered trusted:
Admin | Site Admin | Global Moderator | Moderator | Malware Study Hall Admin | Malware Response Instructor | Malware Response Team | BC Advisor

Other trusted helpers include Malware Study Hall Junior and Malware Study Hall Senior with "Member of the Bleeping Computer A.I.I. early response team!" in their signature.


From this topic: http://www.bleepingcomputer.com/forums/topic182397.html

 

:step1: Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

:step2: Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

:step3: Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
When asked to update the definitions, click Yes.
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


In your next reply, please include:
  • FSS log
  • MiniToolBox log
  • aswMBR log

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#4 emak222

emak222
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 08 June 2012 - 12:50 PM

Thank you for the reply. It should be noted, while I was running aswmbr.exe, about 2 minutes into the Scan after I did the download of the updates, my Windows crashed. It showed a BSOD, I didn't write down any of what it said, though. I restarted, and then with all programs close ran the aswmbr again and it successfully scanned.

Here are my three logs:

FSS

Farbar Service Scanner Version: 05-06-2012
Ran by User (administrator) on 08-06-2012 at 20:46:28
Running from "C:\Users\User\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Result.txt:
MiniToolBox by Farbar Version: 04-06-2012
Ran by User (administrator) on 08-06-2012 at 20:48:53
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) = ??????? ?????? (Connected)
VMLite Host-Only Ethernet Adapter = ??????? ?????? 2 (Connected)
Broadcom 802.11g Network Adapter = ???????? ??????? ?????? (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Deni-Notebook
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : VIVACOM-adsl

Ethernet adapter ??????? ?????? 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMLite Host-Only Ethernet Adapter
Physical Address. . . . . . . . . : 08-00-27-00-8C-DB
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::586d:70f7:5e5:d241%19(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.210.65(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 503840807
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0B-7D-83-B9-00-16-D3-5E-A0-B5
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter ???????? ??????? ??????:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 802.11g Network Adapter
Physical Address. . . . . . . . . : 00-1C-26-42-EF-D6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter ??????? ??????:

Connection-specific DNS Suffix . : VIVACOM-adsl
Description . . . . . . . . . . . : Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 00-16-D3-5E-A0-B5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5416:299b:60a8:b0cd%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : ??? 8/06/2012 8:30:58
Lease Expires . . . . . . . . . . : ??? 9/06/2012 8:30:57
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234886867
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0B-7D-83-B9-00-16-D3-5E-A0-B5
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{B22880A5-7068-4513-B480-67A5111A77F6}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter ??????? ??????* 4:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.VIVACOM-adsl:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : VIVACOM-adsl
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{BD8EB2D6-1139-4D39-B865-B084516DC5F9}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: adslrouter.VIVACOM-adsl
Address: 192.168.1.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: google.com
Address: 209.85.148.113


Pinging google.com [209.85.148.113] with 32 bytes of data:
Reply from 209.85.148.113: bytes=32 time=50ms TTL=57
Reply from 209.85.148.113: bytes=32 time=51ms TTL=57

Ping statistics for 209.85.148.113:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 50ms, Maximum = 51ms, Average = 50ms
Server: adslrouter.VIVACOM-adsl
Address: 192.168.1.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Address: 72.30.38.140


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=238ms TTL=53
Reply from 72.30.38.140: bytes=32 time=247ms TTL=53

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 238ms, Maximum = 247ms, Average = 242ms
Server: adslrouter.VIVACOM-adsl
Address: 192.168.1.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
19...08 00 27 00 8c db ......VMLite Host-Only Ethernet Adapter
13...00 1c 26 42 ef d6 ......Broadcom 802.11g Network Adapter
10...00 16 d3 5e a0 b5 ......Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.210.65 276
169.254.210.65 255.255.255.255 On-link 169.254.210.65 276
169.254.255.255 255.255.255.255 On-link 169.254.210.65 276
192.168.1.0 255.255.255.0 On-link 192.168.1.2 276
192.168.1.2 255.255.255.255 On-link 192.168.1.2 276
192.168.1.255 255.255.255.255 On-link 192.168.1.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.210.65 276
224.0.0.0 240.0.0.0 On-link 192.168.1.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.210.65 276
255.255.255.255 255.255.255.255 On-link 192.168.1.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
19 276 fe80::/64 On-link
10 276 fe80::/64 On-link
10 276 fe80::5416:299b:60a8:b0cd/128
On-link
19 276 fe80::586d:70f7:5e5:d241/128
On-link
1 306 ff00::/8 On-link
19 276 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/05/2012 11:57:00 AM) (Source: Microsoft-Windows-LoadPerf) (User: SYSTEM)SYSTEM
Description: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (06/05/2012 10:57:00 AM) (Source: Application Error) (User: )
Description: Faulting application name: VMLite.exe, version: 3.2.6.0, time stamp: 0x4c6f90f1
Faulting module name: QtGui4.dll, version: 4.5.3.0, time stamp: 0x4b131433
Exception code: 0xc0000005
Fault offset: 0x00057ed5
Faulting process id: 0x1458
Faulting application start time: 0xVMLite.exe0
Faulting application path: VMLite.exe1
Faulting module path: VMLite.exe2
Report Id: VMLite.exe3

Error: (06/05/2012 10:55:44 AM) (Source: Application Error) (User: )
Description: Faulting application name: VMLite.exe, version: 3.2.6.0, time stamp: 0x4c6f90f1
Faulting module name: VBoxOGLrenderspu.dll_unloaded, version: 0.0.0.0, time stamp: 0x4c62e27d
Exception code: 0xc0000005
Fault offset: 0x032d3522
Faulting process id: 0x56c
Faulting application start time: 0xVMLite.exe0
Faulting application path: VMLite.exe1
Faulting module path: VMLite.exe2
Report Id: VMLite.exe3

Error: (06/05/2012 08:58:06 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: ?????????????? ?????????? ?? ?? ?????? ? ???? ?????? ?? ?????????, ?????? ? ???????? ?? ???????????? ? ??????? ???????? ???????? ??? ????????? ?????? ? ?????????? ????.
.

Error: (06/04/2012 00:36:19 AM) (Source: Application Error) (User: )
Description: Faulting application name: VMLite.exe, version: 3.2.6.0, time stamp: 0x4c6f90f1
Faulting module name: VBoxOGLrenderspu.dll_unloaded, version: 0.0.0.0, time stamp: 0x4c62e27d
Exception code: 0xc0000005
Fault offset: 0x03573522
Faulting process id: 0xe20
Faulting application start time: 0xVMLite.exe0
Faulting application path: VMLite.exe1
Faulting module path: VMLite.exe2
Report Id: VMLite.exe3

Error: (06/03/2012 11:38:32 PM) (Source: Microsoft-Windows-LoadPerf) (User: SYSTEM)SYSTEM
Description: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (06/03/2012 11:21:56 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: ?????????????? ?????????? ?? ?? ?????? ? ???? ?????? ?? ?????????, ?????? ? ???????? ?? ???????????? ? ??????? ???????? ???????? ??? ????????? ?????? ? ?????????? ????.
.

Error: (06/03/2012 11:21:55 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: ?????????????? ?????????? ?? ?? ?????? ? ???? ?????? ?? ?????????, ?????? ? ???????? ?? ???????????? ? ??????? ???????? ???????? ??? ????????? ?????? ? ?????????? ????.
.

Error: (06/03/2012 11:21:55 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: ?????????????? ?????????? ?? ?? ?????? ? ???? ?????? ?? ?????????, ?????? ? ???????? ?? ???????????? ? ??????? ???????? ???????? ??? ????????? ?????? ? ?????????? ????.
.

Error: (06/03/2012 11:21:54 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: ?????????????? ?????????? ?? ?? ?????? ? ???? ?????? ?? ?????????, ?????? ? ???????? ?? ???????????? ? ??????? ???????? ???????? ??? ????????? ?????? ? ?????????? ????.
.


System errors:
=============
Error: (06/08/2012 08:32:07 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%1058

Error: (06/08/2012 08:31:32 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%1058

Error: (06/08/2012 08:31:23 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
mailKmd

Error: (06/08/2012 08:30:57 PM) (Source: BugCheck) (User: )
Description: 0x000000d1 (0x00000000, 0x000000ff, 0x00000008, 0x00000000)C:\Windows\MEMORY.DMP

Error: (06/08/2012 08:30:57 PM) (Source: BugCheck) (User: )
Description:

Error: (06/08/2012 08:30:57 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 20:29:39 ?. on ?8.?6.?2012 ??. was unexpected.

Error: (06/07/2012 05:13:42 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%1058

Error: (06/07/2012 05:13:42 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%1058

Error: (06/07/2012 00:42:09 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%1058

Error: (06/07/2012 00:42:09 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%1058


Microsoft Office Sessions:
=========================
Error: (06/05/2012 11:57:00 AM) (Source: Microsoft-Windows-LoadPerf)(User: SYSTEM)SYSTEM
Description: 002120200000000000000AF000000

Error: (06/05/2012 10:57:00 AM) (Source: Application Error)(User: )
Description: VMLite.exe3.2.6.04c6f90f1QtGui4.dll4.5.3.04b131433c000000500057ed5145801cd42f0c8737990C:\Program Files\VMLite\VMLite Workstation\VMLite.exeC:\Program Files\VMLite\VMLite Workstation\QtGui4.dll07536830-aee4-11e1-b9fa-0016d35ea0b5

Error: (06/05/2012 10:55:44 AM) (Source: Application Error)(User: )
Description: VMLite.exe3.2.6.04c6f90f1VBoxOGLrenderspu.dll_unloaded0.0.0.04c62e27dc0000005032d352256c01cd4273748595b8C:\Program Files\VMLite\VMLite Workstation\VMLite.exeVBoxOGLrenderspu.dllda28675c-aee3-11e1-b9fa-0016d35ea0b5

Error: (06/05/2012 08:58:06 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?????????????? ?????????? ?? ?? ?????? ? ???? ?????? ?? ?????????, ?????? ? ???????? ?? ???????????? ? ??????? ???????? ???????? ??? ????????? ?????? ? ?????????? ????.

Error: (06/04/2012 00:36:19 AM) (Source: Application Error)(User: )
Description: VMLite.exe3.2.6.04c6f90f1VBoxOGLrenderspu.dll_unloaded0.0.0.04c62e27dc000000503573522e2001cd41cef0d67a3cC:\Program Files\VMLite\VMLite Workstation\VMLite.exeVBoxOGLrenderspu.dll27bff4cc-adc4-11e1-bbc6-0016d35ea0b5

Error: (06/03/2012 11:38:32 PM) (Source: Microsoft-Windows-LoadPerf)(User: SYSTEM)SYSTEM
Description: 002120200000000000000AF000000

Error: (06/03/2012 11:21:56 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?????????????? ?????????? ?? ?? ?????? ? ???? ?????? ?? ?????????, ?????? ? ???????? ?? ???????????? ? ??????? ???????? ???????? ??? ????????? ?????? ? ?????????? ????.

Error: (06/03/2012 11:21:55 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?????????????? ?????????? ?? ?? ?????? ? ???? ?????? ?? ?????????, ?????? ? ???????? ?? ???????????? ? ??????? ???????? ???????? ??? ????????? ?????? ? ?????????? ????.

Error: (06/03/2012 11:21:55 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?????????????? ?????????? ?? ?? ?????? ? ???? ?????? ?? ?????????, ?????? ? ???????? ?? ???????????? ? ??????? ???????? ???????? ??? ????????? ?????? ? ?????????? ????.

Error: (06/03/2012 11:21:54 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?????????????? ?????????? ?? ?? ?????? ? ???? ?????? ?? ?????????, ?????? ? ???????? ?? ???????????? ? ??????? ???????? ???????? ??? ????????? ?????? ? ?????????? ????.


=========================== Installed Programs ============================

7 Taskbar Tweaker v3.4.3 (Version: 3.4.3)
Adobe Flash Player 11 Plugin (Version: 11.2.202.235)
Adobe Reader X (10.1.3) (Version: 10.1.3)
ANWIDA Soft GEQ15P 1.0
Ashampoo Burning Studio 10.0.1 (Version: 10.0.1)
AVG 2012 (Version: 12.0.2178)
AVG 2012 (Version: 12.0.2433)
AVG 2012 (Version: 2012.0.2178)
BitLord 2.1 (Version: 2.1.1-83)
BS.Player PRO (Version: 2.58.1053)
calibre (Version: 0.8.54)
CNET TechTracker (Version: 2.0.4)
Computer Alarm Clock
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.45.3.0297)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Setup (Version: 2.6.1.8)
DLLSuite 2.0
EVEREST Ultimate Edition v5.02 (Version: 5.02)
Google Chrome (Version: 19.0.1084.52)
GTA San Andreas (Version: 1.00.00001)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Junk Mail filter update (Version: 15.4.3502.0922)
K-Lite Codec Pack 8.7.0 (Full) (Version: 8.7.0)
Launch Manager (Version: 2.0.00)
Launch Manager V1.1.1.3 (Version: 1.1.1.3)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Bulgarian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (Bulgarian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (Bulgarian) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (Bulgarian) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (Bulgarian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (Bulgarian) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (Bulgarian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Bulgarian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Russian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (Bulgarian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (Bulgarian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (Bulgarian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (Bulgarian) 2010 (Version: 14.0.6029.1000)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (Version: 14.0.5120.5000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Virtual PC 2007 SP1 (Version: 6.0.192.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 11.0 (x86 bg) (Version: 11.0)
MSVCRT (Version: 15.4.2862.0708)
Nightmare Redux (Version: 1.6.1)
Opera 11.64 (Version: 11.64.1403)
Pando Media Booster (Version: 2.6.0.7)
Rainmeter (Version: 2.2 r1116)
Synaptics Pointing Device Driver (Version: 9.0.3.0)
System Requirements Lab for Intel (Version: 4.5.5.0)
TechPowerUp GPU-Z
Texas Instruments PCIxx21/x515/xx12 drivers. (Version: 2.00.0002)
TIPCI (Version: 2.00.0002)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VLC media player 2.0.1 (Version: 2.0.1)
VMLite Workstation (Version: 3.2.6)
Winamp (Version: 5.623 )
Windows 7 Manager (Version: 4.0.6)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows XP Mode (Version: 1.3.7600.16423)
WinRAR 4.00 ???? 3 (32-?????? ??????) (Version: 4.00.3)
Xilisoft Video Converter Ultimate (Version: 5.1.3.0926)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 44%
Total physical RAM: 2038.18 MB
Available physical RAM: 1131.79 MB
Total Pagefile: 4376.36 MB
Available Pagefile: 3221.47 MB
Total Virtual: 2047.88 MB
Available Virtual: 1930.89 MB

========================= Partitions: =====================================

1 Drive c: (???????? ????) (Fixed) (Total:104.39 GB) (Free:55.59 GB) NTFS
2 Drive d: (??????? ????) (Fixed) (Total:361.27 GB) (Free:252.67 GB) NTFS

========================= Users: ========================================

User accounts for \\DENI-NOTEBOOK

Administrator ASPNET Guest
User

========================= Minidump Files ==================================

No minidump file found


**** End of log ****

And the last one:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-08 20:32:32
-----------------------------
20:32:32.577 OS Version: Windows 6.1.7601 Service Pack 1
20:32:32.577 Number of processors: 2 586 0xE08
20:32:32.577 ComputerName: DENI-NOTEBOOK UserName: User
20:32:33.326 Initialize success
20:32:40.782 AVAST engine defs: 12060800
20:32:43.559 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:32:43.559 Disk 0 Vendor: WDC_WD5000BPVT-00HXZT1 01.01A01 Size: 476940MB BusType: 3
20:32:43.590 Disk 0 MBR read successfully
20:32:43.590 Disk 0 MBR scan
20:32:43.590 Disk 0 Windows 7 default MBR code
20:32:43.637 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:32:43.653 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 106900 MB offset 206848
20:32:43.668 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 369937 MB offset 219138048
20:32:43.684 Disk 0 scanning sectors +976769024
20:32:43.731 Disk 0 scanning C:\Windows\system32\drivers
20:33:04.058 Service scanning
20:33:36.724 Modules scanning
20:33:42.793 Disk 0 trace - called modules:
20:33:42.824 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
20:33:42.839 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8564e200]
20:33:42.839 3 CLASSPNP.SYS[88e7f59e] -> nt!IofCallDriver -> [0x848cf1e0]
20:33:42.855 5 ACPI.sys[8869c3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85571030]
20:33:43.900 AVAST engine scan C:\Windows
20:33:46.958 AVAST engine scan C:\Windows\system32
20:37:52.783 AVAST engine scan C:\Windows\system32\drivers
20:38:15.263 AVAST engine scan C:\Users\User
20:44:01.334 AVAST engine scan C:\ProgramData
20:44:52.408 Scan finished successfully
20:45:01.799 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
20:45:01.799 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"

#5 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:12 PM

Posted 08 June 2012 - 01:05 PM

A couple things:

  • If you type http://208.43.87.2 into your browser, are you able to access Bleeping Computer's homepage?
  • What language do you have configured on this computer?

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#6 emak222

emak222
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 08 June 2012 - 01:17 PM

Yes, that link brings me to bleepingcomputer's page.

It is installed with Bulgarian language version but I have it set to English.

#7 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:12 PM

Posted 08 June 2012 - 01:19 PM

Are you able to access the Internet successfully?

Do you notice anything else odd other than slow boot performance?
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#8 emak222

emak222
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 08 June 2012 - 01:25 PM

Well, I noticed when I was using Google Chrome that it would about every 20th page load or so it would say unable to load, and just simply reloading/resfreshing the page would fix that problem. I didn't know if it was due to Chrome or not so I installed Opera and haven't run into that problem since however.

And there doesn't seem to be anything else weird going on with the computer.

#9 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:12 PM

Posted 08 June 2012 - 01:28 PM

It may just be Chrome, as I don't yet see anything odd in your logs.

:step1: Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

:step2: Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.


In your next reply, please include:
  • Malwarebytes log
  • GMER log
  • How's your computer running now?

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#10 emak222

emak222
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 08 June 2012 - 02:26 PM

Ok, I did those two things. After I ran the gmer thing I restarted and it still took a while, and I looked in control panel and the same thing is there saying it is starting slowly because of that.

her are the logs:
malwarebytes


Internet Explorer 9.0.8112.16421
User :: DENI-NOTEBOOK [administrator]

Protection: Enabled

пет 8/06/2012 9:32:37
mbam-log-2012-06-08 (21-32-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211341
Time elapsed: 7 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\User\Downloads\etype_setup.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.

(end)

and gmer.log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-08 22:18:57
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BPVT-00HXZT1 rev.01.01A01
Running: uy7psvlg.exe; Driver: C:\Users\User\AppData\Local\Temp\kgloqpoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xB287D004]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xB287D0D4]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB287CD76]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB287CE1E]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB287CEBA]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB287CF56]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82A443C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A7DD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1357 82A8500C 8 Bytes [04, D0, 87, B2, D4, D0, 87, ...] {ADD AL, 0xd0; XCHG [EDX-0x4d782f2c], ESI}
.text ntkrnlpa.exe!KeRemoveQueueEx + 139F 82A85054 4 Bytes [76, CD, 87, B2]
.text ntkrnlpa.exe!KeRemoveQueueEx + 166F 82A85324 8 Bytes [1E, CE, 87, B2, BA, CE, 87, ...] {PUSH DS; INTO ; XCHG [EDX-0x4d783146], ESI}
.text ntkrnlpa.exe!KeRemoveQueueEx + 16E3 82A85398 4 Bytes [56, CF, 87, B2]
? System32\drivers\qjhkxm.sys The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[1824] Explorer.EXE 000725BC 4 Bytes [60, 34, 4E, 72]
.text C:\Windows\Explorer.EXE[1824] Explorer.EXE 00072830 4 Bytes [D0, 35, 4E, 72]
.text C:\Windows\Explorer.EXE[1824] Explorer.EXE 00072840 4 Bytes [30, 36, 4E, 72]
.text C:\Windows\Explorer.EXE[1824] Explorer.EXE 00072860 4 Bytes [E0, 36, 4E, 72]
.text C:\Windows\Explorer.EXE[1824] Explorer.EXE 00072868 4 Bytes [50, 37, 4E, 72]
.text ...

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\rundll32.exe[2568] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74D3FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[2568] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74D3FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[2568] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74D3FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[2568] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74D3FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Launch Manager\LaunchAp.exe[2676] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74D3FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Launch Manager\LaunchAp.exe[2676] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74D3FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Launch Manager\LaunchAp.exe[2676] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74D3FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Launch Manager\LaunchAp.exe[2676] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74D3FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\ACPI_HAL \Device\0000005d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

#11 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:12 PM

Posted 08 June 2012 - 02:29 PM

Please carefully follow the steps in the following guide:

How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller If you have previously downloaded TDSSkiller, please download a new version, as it is updated often. Leave everything set to the default options.

Please post the TDSS log in your next reply, located at C:\TDSSkiller
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#12 emak222

emak222
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 08 June 2012 - 02:43 PM

Ok, the program said it didnt find anything, here is that log:

22:39:57.0277 5664 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
22:39:57.0437 5664 ============================================================
22:39:57.0437 5664 Current date / time: 2012/06/08 22:39:57.0437
22:39:57.0438 5664 SystemInfo:
22:39:57.0438 5664
22:39:57.0438 5664 OS Version: 6.1.7601 ServicePack: 1.0
22:39:57.0438 5664 Product type: Workstation
22:39:57.0438 5664 ComputerName: DENI-NOTEBOOK
22:39:57.0442 5664 UserName: User
22:39:57.0442 5664 Windows directory: C:\Windows
22:39:57.0442 5664 System windows directory: C:\Windows
22:39:57.0442 5664 Processor architecture: Intel x86
22:39:57.0442 5664 Number of processors: 2
22:39:57.0442 5664 Page size: 0x1000
22:39:57.0443 5664 Boot type: Normal boot
22:39:57.0443 5664 ============================================================
22:39:58.0056 5664 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:39:58.0060 5664 ============================================================
22:39:58.0060 5664 \Device\Harddisk0\DR0:
22:39:58.0061 5664 MBR partitions:
22:39:58.0061 5664 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:39:58.0061 5664 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xD0CA000
22:39:58.0061 5664 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xD0FC800, BlocksNum 0x2D288800
22:39:58.0061 5664 ============================================================
22:39:58.0098 5664 C: <-> \Device\Harddisk0\DR0\Partition1
22:39:58.0143 5664 D: <-> \Device\Harddisk0\DR0\Partition2
22:39:58.0143 5664 ============================================================
22:39:58.0143 5664 Initialize success
22:39:58.0143 5664 ============================================================
22:40:29.0831 5828 ============================================================
22:40:29.0831 5828 Scan started
22:40:29.0831 5828 Mode: Manual;
22:40:29.0831 5828 ============================================================
22:40:31.0791 5828 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
22:40:31.0971 5828 1394ohci - ok
22:40:32.0051 5828 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
22:40:32.0061 5828 ACPI - ok
22:40:32.0111 5828 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
22:40:32.0121 5828 AcpiPmi - ok
22:40:32.0211 5828 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:40:32.0211 5828 AdobeARMservice - ok
22:40:32.0301 5828 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
22:40:32.0361 5828 adp94xx - ok
22:40:32.0391 5828 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
22:40:32.0401 5828 adpahci - ok
22:40:32.0441 5828 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
22:40:32.0441 5828 adpu320 - ok
22:40:32.0501 5828 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
22:40:32.0511 5828 AeLookupSvc - ok
22:40:32.0591 5828 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
22:40:32.0651 5828 AFD - ok
22:40:32.0791 5828 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
22:40:32.0861 5828 AgereSoftModem - ok
22:40:32.0901 5828 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
22:40:32.0901 5828 agp440 - ok
22:40:32.0921 5828 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
22:40:32.0921 5828 aic78xx - ok
22:40:32.0971 5828 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
22:40:32.0971 5828 ALG - ok
22:40:33.0001 5828 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
22:40:33.0001 5828 aliide - ok
22:40:33.0041 5828 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
22:40:33.0051 5828 amdagp - ok
22:40:33.0061 5828 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
22:40:33.0061 5828 amdide - ok
22:40:33.0091 5828 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
22:40:33.0091 5828 AmdK8 - ok
22:40:33.0121 5828 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
22:40:33.0121 5828 AmdPPM - ok
22:40:33.0161 5828 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
22:40:33.0171 5828 amdsata - ok
22:40:33.0201 5828 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
22:40:33.0211 5828 amdsbs - ok
22:40:33.0271 5828 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
22:40:33.0271 5828 amdxata - ok
22:40:33.0331 5828 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
22:40:33.0331 5828 AppID - ok
22:40:33.0391 5828 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
22:40:33.0391 5828 AppIDSvc - ok
22:40:33.0431 5828 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
22:40:33.0431 5828 Appinfo - ok
22:40:33.0471 5828 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
22:40:33.0481 5828 AppMgmt - ok
22:40:33.0531 5828 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
22:40:33.0531 5828 arc - ok
22:40:33.0591 5828 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
22:40:33.0591 5828 arcsas - ok
22:40:33.0731 5828 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
22:40:33.0751 5828 aspnet_state - ok
22:40:33.0781 5828 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
22:40:33.0781 5828 AsyncMac - ok
22:40:33.0821 5828 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
22:40:33.0821 5828 atapi - ok
22:40:33.0921 5828 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
22:40:33.0931 5828 AudioEndpointBuilder - ok
22:40:33.0951 5828 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
22:40:33.0961 5828 Audiosrv - ok
22:40:34.0381 5828 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\avgidsagent.exe
22:40:34.0521 5828 AVGIDSAgent - ok
22:40:34.0731 5828 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys
22:40:34.0741 5828 AVGIDSDriver - ok
22:40:34.0781 5828 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys
22:40:34.0791 5828 AVGIDSFilter - ok
22:40:34.0831 5828 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys
22:40:34.0831 5828 AVGIDSHX - ok
22:40:34.0881 5828 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys
22:40:34.0881 5828 AVGIDSShim - ok
22:40:34.0961 5828 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys
22:40:34.0971 5828 Avgldx86 - ok
22:40:35.0011 5828 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys
22:40:35.0011 5828 Avgmfx86 - ok
22:40:35.0071 5828 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys
22:40:35.0071 5828 Avgrkx86 - ok
22:40:35.0101 5828 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys
22:40:35.0111 5828 Avgtdix - ok
22:40:35.0161 5828 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
22:40:35.0161 5828 avgwd - ok
22:40:35.0221 5828 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
22:40:35.0221 5828 AxInstSV - ok
22:40:35.0281 5828 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
22:40:35.0311 5828 b06bdrv - ok
22:40:35.0371 5828 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:40:35.0391 5828 b57nd60x - ok
22:40:35.0601 5828 BCM43XX (f9ce9b5e049efc66b8e6c73c18ee8438) C:\Windows\system32\DRIVERS\bcmwl6.sys
22:40:35.0661 5828 BCM43XX - ok
22:40:35.0761 5828 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
22:40:35.0771 5828 BDESVC - ok
22:40:35.0791 5828 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
22:40:35.0791 5828 Beep - ok
22:40:35.0871 5828 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
22:40:35.0881 5828 BFE - ok
22:40:35.0951 5828 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
22:40:36.0031 5828 BITS - ok
22:40:36.0041 5828 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
22:40:36.0091 5828 blbdrive - ok
22:40:36.0131 5828 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
22:40:36.0131 5828 bowser - ok
22:40:36.0141 5828 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:40:36.0141 5828 BrFiltLo - ok
22:40:36.0161 5828 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:40:36.0161 5828 BrFiltUp - ok
22:40:36.0211 5828 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
22:40:36.0211 5828 Browser - ok
22:40:36.0231 5828 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
22:40:36.0241 5828 Brserid - ok
22:40:36.0261 5828 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
22:40:36.0261 5828 BrSerWdm - ok
22:40:36.0271 5828 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:40:36.0281 5828 BrUsbMdm - ok
22:40:36.0291 5828 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
22:40:36.0291 5828 BrUsbSer - ok
22:40:36.0311 5828 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
22:40:36.0311 5828 BTHMODEM - ok
22:40:36.0351 5828 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
22:40:36.0351 5828 bthserv - ok
22:40:36.0381 5828 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
22:40:36.0381 5828 cdfs - ok
22:40:36.0441 5828 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
22:40:36.0451 5828 cdrom - ok
22:40:36.0479 5828 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
22:40:36.0481 5828 CertPropSvc - ok
22:40:36.0494 5828 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
22:40:36.0504 5828 circlass - ok
22:40:36.0549 5828 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
22:40:36.0554 5828 CLFS - ok
22:40:36.0626 5828 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:40:36.0631 5828 clr_optimization_v2.0.50727_32 - ok
22:40:36.0716 5828 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:40:36.0746 5828 clr_optimization_v4.0.30319_32 - ok
22:40:36.0746 5828 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
22:40:36.0756 5828 CmBatt - ok
22:40:36.0796 5828 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
22:40:36.0796 5828 cmdide - ok
22:40:36.0856 5828 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
22:40:36.0866 5828 CNG - ok
22:40:36.0886 5828 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
22:40:36.0896 5828 Compbatt - ok
22:40:36.0936 5828 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
22:40:36.0946 5828 CompositeBus - ok
22:40:36.0976 5828 COMSysApp - ok
22:40:37.0026 5828 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
22:40:37.0026 5828 crcdisk - ok
22:40:37.0086 5828 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
22:40:37.0086 5828 CryptSvc - ok
22:40:37.0236 5828 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
22:40:37.0266 5828 CSC - ok
22:40:37.0336 5828 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
22:40:37.0366 5828 CscService - ok
22:40:37.0416 5828 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
22:40:37.0416 5828 DcomLaunch - ok
22:40:37.0466 5828 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
22:40:37.0476 5828 defragsvc - ok
22:40:37.0526 5828 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
22:40:37.0536 5828 DfsC - ok
22:40:37.0576 5828 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
22:40:37.0596 5828 Dhcp - ok
22:40:37.0606 5828 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
22:40:37.0606 5828 discache - ok
22:40:37.0646 5828 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
22:40:37.0656 5828 Disk - ok
22:40:37.0696 5828 DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys
22:40:37.0696 5828 DKbFltr - ok
22:40:37.0736 5828 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
22:40:37.0746 5828 Dnscache - ok
22:40:37.0806 5828 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
22:40:37.0816 5828 dot3svc - ok
22:40:37.0856 5828 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
22:40:37.0866 5828 DPS - ok
22:40:37.0936 5828 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\Program Files\Launch Manager\DPortIO.sys
22:40:37.0946 5828 DritekPortIO - ok
22:40:37.0976 5828 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
22:40:37.0976 5828 drmkaud - ok
22:40:38.0016 5828 DsiWMIService (760dd6d97a9efb6db16cf297fa5d8db8) C:\Program Files\Launch Manager\dsiwmis.exe
22:40:38.0016 5828 DsiWMIService - ok
22:40:38.0106 5828 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
22:40:38.0106 5828 dtsoftbus01 - ok
22:40:38.0196 5828 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
22:40:38.0216 5828 DXGKrnl - ok
22:40:38.0266 5828 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
22:40:38.0266 5828 EapHost - ok
22:40:38.0466 5828 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
22:40:38.0556 5828 ebdrv - ok
22:40:38.0656 5828 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
22:40:38.0666 5828 EFS - ok
22:40:38.0786 5828 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
22:40:38.0796 5828 ehRecvr - ok
22:40:38.0846 5828 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
22:40:38.0846 5828 ehSched - ok
22:40:38.0916 5828 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
22:40:38.0936 5828 elxstor - ok
22:40:38.0976 5828 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
22:40:38.0976 5828 ErrDev - ok
22:40:39.0046 5828 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
22:40:39.0086 5828 EventSystem - ok
22:40:39.0116 5828 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
22:40:39.0126 5828 exfat - ok
22:40:39.0164 5828 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
22:40:39.0173 5828 fastfat - ok
22:40:39.0258 5828 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
22:40:39.0268 5828 Fax - ok
22:40:39.0278 5828 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
22:40:39.0288 5828 fdc - ok
22:40:39.0308 5828 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
22:40:39.0308 5828 fdPHost - ok
22:40:39.0318 5828 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
22:40:39.0328 5828 FDResPub - ok
22:40:39.0348 5828 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
22:40:39.0348 5828 FileInfo - ok
22:40:39.0358 5828 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
22:40:39.0368 5828 Filetrace - ok
22:40:39.0368 5828 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
22:40:39.0378 5828 flpydisk - ok
22:40:39.0418 5828 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
22:40:39.0418 5828 FltMgr - ok
22:40:39.0508 5828 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
22:40:39.0528 5828 FontCache - ok
22:40:39.0598 5828 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:40:39.0598 5828 FontCache3.0.0.0 - ok
22:40:39.0628 5828 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
22:40:39.0628 5828 FsDepends - ok
22:40:39.0668 5828 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
22:40:39.0668 5828 Fs_Rec - ok
22:40:39.0698 5828 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
22:40:39.0708 5828 fvevol - ok
22:40:39.0738 5828 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:40:39.0738 5828 gagp30kx - ok
22:40:39.0818 5828 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
22:40:39.0848 5828 gpsvc - ok
22:40:39.0868 5828 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
22:40:39.0868 5828 hcw85cir - ok
22:40:39.0948 5828 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
22:40:39.0958 5828 HdAudAddService - ok
22:40:39.0998 5828 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
22:40:39.0998 5828 HDAudBus - ok
22:40:40.0008 5828 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
22:40:40.0008 5828 HidBatt - ok
22:40:40.0028 5828 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
22:40:40.0028 5828 HidBth - ok
22:40:40.0048 5828 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
22:40:40.0058 5828 HidIr - ok
22:40:40.0100 5828 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
22:40:40.0100 5828 hidserv - ok
22:40:40.0130 5828 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
22:40:40.0130 5828 HidUsb - ok
22:40:40.0180 5828 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
22:40:40.0190 5828 hkmsvc - ok
22:40:40.0240 5828 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
22:40:40.0250 5828 HomeGroupListener - ok
22:40:40.0308 5828 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
22:40:40.0320 5828 HomeGroupProvider - ok
22:40:40.0403 5828 Hotkey (8b566ea71d5b76157a9cdb78f25a5731) C:\Windows\system32\drivers\Hotkey.sys
22:40:40.0405 5828 Hotkey - ok
22:40:40.0430 5828 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
22:40:40.0433 5828 HpSAMD - ok
22:40:40.0535 5828 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
22:40:40.0550 5828 HTTP - ok
22:40:40.0568 5828 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
22:40:40.0570 5828 hwpolicy - ok
22:40:40.0613 5828 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
22:40:40.0615 5828 i8042prt - ok
22:40:40.0683 5828 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
22:40:40.0693 5828 iaStorV - ok
22:40:40.0833 5828 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:40:40.0853 5828 idsvc - ok
22:40:41.0253 5828 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:40:41.0413 5828 igfx - ok
22:40:41.0583 5828 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
22:40:41.0593 5828 iirsp - ok
22:40:41.0673 5828 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
22:40:41.0713 5828 IKEEXT - ok
22:40:41.0753 5828 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
22:40:41.0753 5828 intelide - ok
22:40:41.0763 5828 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
22:40:41.0773 5828 intelppm - ok
22:40:41.0813 5828 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
22:40:41.0813 5828 IPBusEnum - ok
22:40:41.0843 5828 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:40:41.0843 5828 IpFilterDriver - ok
22:40:41.0933 5828 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
22:40:41.0943 5828 iphlpsvc - ok
22:40:41.0963 5828 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
22:40:41.0963 5828 IPMIDRV - ok
22:40:41.0993 5828 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
22:40:41.0993 5828 IPNAT - ok
22:40:42.0023 5828 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
22:40:42.0023 5828 IRENUM - ok
22:40:42.0063 5828 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
22:40:42.0073 5828 isapnp - ok
22:40:42.0113 5828 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
22:40:42.0133 5828 iScsiPrt - ok
22:40:42.0163 5828 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:40:42.0173 5828 kbdclass - ok
22:40:42.0203 5828 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
22:40:42.0203 5828 kbdhid - ok
22:40:42.0233 5828 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:40:42.0243 5828 KeyIso - ok
22:40:42.0263 5828 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
22:40:42.0263 5828 KSecDD - ok
22:40:42.0293 5828 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
22:40:42.0293 5828 KSecPkg - ok
22:40:42.0353 5828 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
22:40:42.0373 5828 KtmRm - ok
22:40:42.0413 5828 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
22:40:42.0433 5828 LanmanServer - ok
22:40:42.0453 5828 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
22:40:42.0463 5828 LanmanWorkstation - ok
22:40:42.0513 5828 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
22:40:42.0513 5828 lltdio - ok
22:40:42.0543 5828 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
22:40:42.0553 5828 lltdsvc - ok
22:40:42.0573 5828 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
22:40:42.0573 5828 lmhosts - ok
22:40:42.0623 5828 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:40:42.0633 5828 LSI_FC - ok
22:40:42.0653 5828 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:40:42.0653 5828 LSI_SAS - ok
22:40:42.0683 5828 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:40:42.0683 5828 LSI_SAS2 - ok
22:40:42.0713 5828 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:40:42.0713 5828 LSI_SCSI - ok
22:40:42.0733 5828 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
22:40:42.0743 5828 luafv - ok
22:40:42.0763 5828 mailKmd - ok
22:40:42.0803 5828 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
22:40:42.0803 5828 MBAMProtector - ok
22:40:42.0903 5828 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:40:42.0913 5828 MBAMService - ok
22:40:42.0963 5828 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
22:40:42.0973 5828 Mcx2Svc - ok
22:40:42.0993 5828 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
22:40:42.0993 5828 megasas - ok
22:40:43.0033 5828 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
22:40:43.0063 5828 MegaSR - ok
22:40:43.0183 5828 Microsoft SharePoint Workspace Audit Service - ok
22:40:43.0223 5828 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
22:40:43.0233 5828 MMCSS - ok
22:40:43.0253 5828 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
22:40:43.0253 5828 Modem - ok
22:40:43.0293 5828 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
22:40:43.0293 5828 monitor - ok
22:40:43.0333 5828 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
22:40:43.0343 5828 mouclass - ok
22:40:43.0363 5828 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
22:40:43.0363 5828 mouhid - ok
22:40:43.0403 5828 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
22:40:43.0413 5828 mountmgr - ok
22:40:43.0463 5828 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
22:40:43.0463 5828 mpio - ok
22:40:43.0493 5828 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
22:40:43.0493 5828 mpsdrv - ok
22:40:43.0573 5828 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
22:40:43.0583 5828 MpsSvc - ok
22:40:43.0633 5828 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
22:40:43.0633 5828 MRxDAV - ok
22:40:43.0693 5828 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:40:43.0703 5828 mrxsmb - ok
22:40:43.0753 5828 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:40:43.0783 5828 mrxsmb10 - ok
22:40:43.0843 5828 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:40:43.0843 5828 mrxsmb20 - ok
22:40:43.0853 5828 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
22:40:43.0863 5828 msahci - ok
22:40:43.0893 5828 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
22:40:43.0893 5828 msdsm - ok
22:40:43.0923 5828 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
22:40:43.0933 5828 MSDTC - ok
22:40:43.0953 5828 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
22:40:43.0953 5828 Msfs - ok
22:40:43.0973 5828 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
22:40:43.0983 5828 mshidkmdf - ok
22:40:43.0993 5828 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
22:40:43.0993 5828 msisadrv - ok
22:40:44.0043 5828 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
22:40:44.0043 5828 MSiSCSI - ok
22:40:44.0053 5828 msiserver - ok
22:40:44.0093 5828 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
22:40:44.0093 5828 MSKSSRV - ok
22:40:44.0113 5828 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
22:40:44.0113 5828 MSPCLOCK - ok
22:40:44.0133 5828 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
22:40:44.0143 5828 MSPQM - ok
22:40:44.0173 5828 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
22:40:44.0173 5828 MsRPC - ok
22:40:44.0203 5828 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
22:40:44.0213 5828 mssmbios - ok
22:40:44.0223 5828 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
22:40:44.0223 5828 MSTEE - ok
22:40:44.0233 5828 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
22:40:44.0243 5828 MTConfig - ok
22:40:44.0263 5828 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
22:40:44.0263 5828 Mup - ok
22:40:44.0323 5828 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
22:40:44.0343 5828 napagent - ok
22:40:44.0403 5828 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
22:40:44.0423 5828 NativeWifiP - ok
22:40:44.0503 5828 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
22:40:44.0513 5828 NDIS - ok
22:40:44.0523 5828 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
22:40:44.0533 5828 NdisCap - ok
22:40:44.0553 5828 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
22:40:44.0563 5828 NdisTapi - ok
22:40:44.0593 5828 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
22:40:44.0603 5828 Ndisuio - ok
22:40:44.0653 5828 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
22:40:44.0653 5828 NdisWan - ok
22:40:44.0683 5828 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
22:40:44.0683 5828 NDProxy - ok
22:40:44.0693 5828 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
22:40:44.0693 5828 NetBIOS - ok
22:40:44.0743 5828 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
22:40:44.0753 5828 NetBT - ok
22:40:44.0793 5828 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:40:44.0803 5828 Netlogon - ok
22:40:44.0863 5828 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
22:40:44.0883 5828 Netman - ok
22:40:44.0993 5828 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:40:45.0003 5828 NetMsmqActivator - ok
22:40:45.0053 5828 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:40:45.0063 5828 NetPipeActivator - ok
22:40:45.0103 5828 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
22:40:45.0113 5828 netprofm - ok
22:40:45.0133 5828 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:40:45.0133 5828 NetTcpActivator - ok
22:40:45.0143 5828 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:40:45.0143 5828 NetTcpPortSharing - ok
22:40:45.0173 5828 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
22:40:45.0183 5828 nfrd960 - ok
22:40:45.0223 5828 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
22:40:45.0233 5828 NlaSvc - ok
22:40:45.0243 5828 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
22:40:45.0253 5828 Npfs - ok
22:40:45.0263 5828 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
22:40:45.0263 5828 nsi - ok
22:40:45.0293 5828 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
22:40:45.0293 5828 nsiproxy - ok
22:40:45.0433 5828 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
22:40:45.0473 5828 Ntfs - ok
22:40:45.0493 5828 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
22:40:45.0493 5828 Null - ok
22:40:45.0553 5828 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
22:40:45.0563 5828 nvraid - ok
22:40:45.0613 5828 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
22:40:45.0613 5828 nvstor - ok
22:40:45.0643 5828 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
22:40:45.0653 5828 nv_agp - ok
22:40:45.0693 5828 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
22:40:45.0693 5828 ohci1394 - ok
22:40:45.0783 5828 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:40:45.0803 5828 ose - ok
22:40:46.0173 5828 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:40:46.0283 5828 osppsvc - ok
22:40:46.0423 5828 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
22:40:46.0433 5828 p2pimsvc - ok
22:40:46.0473 5828 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
22:40:46.0483 5828 p2psvc - ok
22:40:46.0525 5828 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
22:40:46.0528 5828 Parport - ok
22:40:46.0570 5828 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
22:40:46.0575 5828 partmgr - ok
22:40:46.0590 5828 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
22:40:46.0593 5828 Parvdm - ok
22:40:46.0625 5828 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
22:40:46.0638 5828 PcaSvc - ok
22:40:46.0685 5828 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
22:40:46.0688 5828 pci - ok
22:40:46.0698 5828 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
22:40:46.0698 5828 pciide - ok
22:40:46.0738 5828 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
22:40:46.0748 5828 pcmcia - ok
22:40:46.0768 5828 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
22:40:46.0778 5828 pcw - ok
22:40:46.0848 5828 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
22:40:46.0868 5828 PEAUTH - ok
22:40:46.0968 5828 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
22:40:46.0988 5828 PeerDistSvc - ok
22:40:47.0188 5828 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
22:40:47.0228 5828 pla - ok
22:40:47.0358 5828 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
22:40:47.0378 5828 PlugPlay - ok
22:40:47.0408 5828 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
22:40:47.0418 5828 PNRPAutoReg - ok
22:40:47.0458 5828 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
22:40:47.0468 5828 PNRPsvc - ok
22:40:47.0528 5828 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
22:40:47.0538 5828 PolicyAgent - ok
22:40:47.0588 5828 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
22:40:47.0598 5828 Power - ok
22:40:47.0648 5828 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
22:40:47.0658 5828 PptpMiniport - ok
22:40:47.0678 5828 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
22:40:47.0688 5828 Processor - ok
22:40:47.0728 5828 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
22:40:47.0738 5828 ProfSvc - ok
22:40:47.0768 5828 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:40:47.0778 5828 ProtectedStorage - ok
22:40:47.0808 5828 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
22:40:47.0808 5828 Psched - ok
22:40:47.0928 5828 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
22:40:47.0968 5828 ql2300 - ok
22:40:48.0028 5828 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
22:40:48.0038 5828 ql40xx - ok
22:40:48.0068 5828 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
22:40:48.0088 5828 QWAVE - ok
22:40:48.0098 5828 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
22:40:48.0098 5828 QWAVEdrv - ok
22:40:48.0118 5828 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
22:40:48.0118 5828 RasAcd - ok
22:40:48.0148 5828 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:40:48.0148 5828 RasAgileVpn - ok
22:40:48.0168 5828 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
22:40:48.0178 5828 RasAuto - ok
22:40:48.0198 5828 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:40:48.0208 5828 Rasl2tp - ok
22:40:48.0258 5828 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
22:40:48.0268 5828 RasMan - ok
22:40:48.0298 5828 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
22:40:48.0298 5828 RasPppoe - ok
22:40:48.0318 5828 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
22:40:48.0328 5828 RasSstp - ok
22:40:48.0378 5828 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
22:40:48.0378 5828 rdbss - ok
22:40:48.0398 5828 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
22:40:48.0398 5828 rdpbus - ok
22:40:48.0428 5828 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:40:48.0428 5828 RDPCDD - ok
22:40:48.0488 5828 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
22:40:48.0488 5828 RDPDR - ok
22:40:48.0508 5828 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
22:40:48.0518 5828 RDPENCDD - ok
22:40:48.0528 5828 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
22:40:48.0528 5828 RDPREFMP - ok
22:40:48.0588 5828 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
22:40:48.0588 5828 RdpVideoMiniport - ok
22:40:48.0638 5828 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
22:40:48.0638 5828 RDPWD - ok
22:40:48.0688 5828 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
22:40:48.0698 5828 rdyboost - ok
22:40:48.0738 5828 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
22:40:48.0748 5828 RemoteAccess - ok
22:40:48.0778 5828 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
22:40:48.0778 5828 RemoteRegistry - ok
22:40:48.0818 5828 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
22:40:48.0818 5828 RpcEptMapper - ok
22:40:48.0848 5828 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
22:40:48.0858 5828 RpcLocator - ok
22:40:48.0918 5828 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
22:40:48.0928 5828 RpcSs - ok
22:40:48.0948 5828 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
22:40:48.0958 5828 rspndr - ok
22:40:49.0018 5828 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys
22:40:49.0018 5828 RTL8167 - ok
22:40:49.0088 5828 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
22:40:49.0088 5828 s3cap - ok
22:40:49.0118 5828 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:40:49.0118 5828 SamSs - ok
22:40:49.0208 5828 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
22:40:49.0218 5828 sbp2port - ok
22:40:49.0268 5828 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
22:40:49.0278 5828 SCardSvr - ok
22:40:49.0308 5828 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
22:40:49.0318 5828 scfilter - ok
22:40:49.0418 5828 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
22:40:49.0438 5828 Schedule - ok
22:40:49.0488 5828 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
22:40:49.0488 5828 SCPolicySvc - ok
22:40:49.0538 5828 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
22:40:49.0548 5828 sdbus - ok
22:40:49.0608 5828 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
22:40:49.0628 5828 SDRSVC - ok
22:40:49.0648 5828 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:40:49.0648 5828 secdrv - ok
22:40:49.0668 5828 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
22:40:49.0668 5828 seclogon - ok
22:40:49.0698 5828 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
22:40:49.0698 5828 SENS - ok
22:40:49.0718 5828 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
22:40:49.0718 5828 SensrSvc - ok
22:40:49.0738 5828 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
22:40:49.0748 5828 Serenum - ok
22:40:49.0758 5828 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
22:40:49.0768 5828 Serial - ok
22:40:49.0778 5828 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
22:40:49.0778 5828 sermouse - ok
22:40:49.0828 5828 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
22:40:49.0828 5828 SessionEnv - ok
22:40:49.0868 5828 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
22:40:49.0878 5828 sffdisk - ok
22:40:49.0898 5828 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
22:40:49.0898 5828 sffp_mmc - ok
22:40:49.0908 5828 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
22:40:49.0918 5828 sffp_sd - ok
22:40:49.0928 5828 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
22:40:49.0928 5828 sfloppy - ok
22:40:50.0008 5828 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
22:40:50.0028 5828 SharedAccess - ok
22:40:50.0088 5828 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
22:40:50.0108 5828 ShellHWDetection - ok
22:40:50.0128 5828 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
22:40:50.0138 5828 sisagp - ok
22:40:50.0198 5828 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:40:50.0198 5828 SiSRaid2 - ok
22:40:50.0228 5828 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
22:40:50.0238 5828 SiSRaid4 - ok
22:40:50.0278 5828 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
22:40:50.0278 5828 Smb - ok
22:40:50.0328 5828 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
22:40:50.0328 5828 SNMPTRAP - ok
22:40:50.0348 5828 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
22:40:50.0348 5828 spldr - ok
22:40:50.0398 5828 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
22:40:50.0418 5828 Spooler - ok
22:40:50.0648 5828 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
22:40:50.0688 5828 sppsvc - ok
22:40:50.0808 5828 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
22:40:50.0818 5828 sppuinotify - ok
22:40:50.0928 5828 SRS_AE_Service (3eed76a0c1412f52860f7e7eab5aecca) C:\Windows\system32\drivers\SRS_AE_i386.sys
22:40:50.0958 5828 SRS_AE_Service - ok
22:40:51.0038 5828 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
22:40:51.0058 5828 srv - ok
22:40:51.0088 5828 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
22:40:51.0108 5828 srv2 - ok
22:40:51.0158 5828 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
22:40:51.0158 5828 srvnet - ok
22:40:51.0188 5828 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
22:40:51.0208 5828 SSDPSRV - ok
22:40:51.0228 5828 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
22:40:51.0238 5828 SstpSvc - ok
22:40:51.0268 5828 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
22:40:51.0278 5828 stexstor - ok
22:40:51.0348 5828 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
22:40:51.0368 5828 StiSvc - ok
22:40:51.0408 5828 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
22:40:51.0408 5828 storflt - ok
22:40:51.0438 5828 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
22:40:51.0438 5828 storvsc - ok
22:40:51.0458 5828 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
22:40:51.0458 5828 swenum - ok
22:40:51.0508 5828 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
22:40:51.0538 5828 swprv - ok
22:40:51.0538 5828 Synth3dVsc - ok
22:40:51.0598 5828 SynTP (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys
22:40:51.0608 5828 SynTP - ok
22:40:51.0748 5828 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
22:40:51.0768 5828 SysMain - ok
22:40:51.0818 5828 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
22:40:51.0818 5828 TabletInputService - ok
22:40:51.0878 5828 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
22:40:51.0888 5828 TapiSrv - ok
22:40:51.0908 5828 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
22:40:51.0918 5828 TBS - ok
22:40:52.0088 5828 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
22:40:52.0128 5828 Tcpip - ok
22:40:52.0178 5828 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
22:40:52.0188 5828 TCPIP6 - ok
22:40:52.0238 5828 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
22:40:52.0238 5828 tcpipreg - ok
22:40:52.0278 5828 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
22:40:52.0288 5828 TDPIPE - ok
22:40:52.0328 5828 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
22:40:52.0328 5828 TDTCP - ok
22:40:52.0378 5828 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
22:40:52.0378 5828 tdx - ok
22:40:52.0398 5828 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
22:40:52.0398 5828 TermDD - ok
22:40:52.0468 5828 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
22:40:52.0488 5828 TermService - ok
22:40:52.0508 5828 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
22:40:52.0518 5828 Themes - ok
22:40:52.0558 5828 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
22:40:52.0558 5828 THREADORDER - ok
22:40:52.0638 5828 tifm21 (78213f01ce781f93180bef5eb5b3ad81) C:\Windows\system32\drivers\tifm21.sys
22:40:52.0658 5828 tifm21 - ok
22:40:52.0698 5828 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
22:40:52.0698 5828 TrkWks - ok
22:40:52.0768 5828 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
22:40:52.0768 5828 TrustedInstaller - ok
22:40:52.0788 5828 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:40:52.0788 5828 tssecsrv - ok
22:40:52.0848 5828 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
22:40:52.0858 5828 TsUsbFlt - ok
22:40:52.0878 5828 tsusbhub - ok
22:40:52.0908 5828 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
22:40:52.0918 5828 tunnel - ok
22:40:52.0948 5828 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
22:40:52.0948 5828 uagp35 - ok
22:40:53.0008 5828 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
22:40:53.0068 5828 udfs - ok
22:40:53.0108 5828 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
22:40:53.0118 5828 UI0Detect - ok
22:40:53.0158 5828 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
22:40:53.0158 5828 uliagpkx - ok
22:40:53.0198 5828 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
22:40:53.0198 5828 umbus - ok
22:40:53.0218 5828 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
22:40:53.0228 5828 UmPass - ok
22:40:53.0288 5828 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
22:40:53.0298 5828 UmRdpService - ok
22:40:53.0338 5828 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
22:40:53.0358 5828 upnphost - ok
22:40:53.0378 5828 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
22:40:53.0378 5828 usbccgp - ok
22:40:53.0418 5828 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
22:40:53.0418 5828 usbcir - ok
22:40:53.0468 5828 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
22:40:53.0468 5828 usbehci - ok
22:40:53.0518 5828 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
22:40:53.0538 5828 usbhub - ok
22:40:53.0568 5828 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
22:40:53.0568 5828 usbohci - ok
22:40:53.0588 5828 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
22:40:53.0598 5828 usbprint - ok
22:40:53.0618 5828 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:40:53.0618 5828 USBSTOR - ok
22:40:53.0648 5828 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
22:40:53.0648 5828 usbuhci - ok
22:40:53.0698 5828 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
22:40:53.0708 5828 usbvideo - ok
22:40:53.0728 5828 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
22:40:53.0728 5828 UxSms - ok
22:40:53.0768 5828 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:40:53.0778 5828 VaultSvc - ok
22:40:53.0818 5828 VBoxDrv (78e34aaa6939fb0ece3afa5fd356f540) C:\Windows\system32\drivers\VBoxDrv.sys
22:40:53.0828 5828 VBoxDrv - ok
22:40:53.0858 5828 VBoxNetAdp (b39fecb3b506660c4942c906e5362a58) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
22:40:53.0858 5828 VBoxNetAdp - ok
22:40:53.0888 5828 VBoxNetFlt (0d26330db08bce43deace125bbf3bb01) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
22:40:53.0888 5828 VBoxNetFlt - ok
22:40:53.0908 5828 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
22:40:53.0918 5828 vdrvroot - ok
22:40:53.0978 5828 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
22:40:53.0998 5828 vds - ok
22:40:54.0018 5828 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
22:40:54.0018 5828 vga - ok
22:40:54.0048 5828 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
22:40:54.0048 5828 VgaSave - ok
22:40:54.0058 5828 VGPU - ok
22:40:54.0098 5828 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
22:40:54.0108 5828 vhdmp - ok
22:40:54.0168 5828 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
22:40:54.0168 5828 viaagp - ok
22:40:54.0198 5828 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
22:40:54.0198 5828 ViaC7 - ok
22:40:54.0228 5828 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
22:40:54.0228 5828 viaide - ok
22:40:54.0258 5828 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
22:40:54.0268 5828 vmbus - ok
22:40:54.0288 5828 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
22:40:54.0288 5828 VMBusHID - ok
22:40:54.0338 5828 vmlitedrv (50af24ed984db1f285972d1fca592c74) C:\Windows\system32\drivers\vmlitedrv.sys
22:40:54.0338 5828 vmlitedrv - ok
22:40:54.0478 5828 VMLiteService (012325c427e7bbe8372c54149a310b57) C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe
22:40:54.0478 5828 VMLiteService - ok
22:40:54.0508 5828 vmlitestor (5b9e1b9e579724be53008cf9121ba334) C:\Windows\system32\DRIVERS\vmlitestor.sys
22:40:54.0518 5828 vmlitestor - ok
22:40:54.0558 5828 VMLiteUSBMon (60916b5da67ccb81b20bf135fac026a8) C:\Windows\system32\drivers\vmliteusbmon.sys
22:40:54.0568 5828 VMLiteUSBMon - ok
22:40:54.0628 5828 vmm (817da66b1b889fad1dbf669e0e2f3228) C:\Windows\system32\Drivers\vmm.sys
22:40:54.0638 5828 vmm - ok
22:40:54.0668 5828 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
22:40:54.0668 5828 volmgr - ok
22:40:54.0718 5828 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
22:40:54.0738 5828 volmgrx - ok
22:40:54.0768 5828 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
22:40:54.0788 5828 volsnap - ok
22:40:54.0838 5828 vpcbus (63ef70b7bfb875436d5983e3c77f0681) C:\Windows\system32\DRIVERS\vpchbus.sys
22:40:54.0848 5828 vpcbus - ok
22:40:54.0908 5828 VPCNetS2 (2abe8281db609d8bb1bd1b2f93800d5f) C:\Windows\system32\DRIVERS\VMNetSrv.sys
22:40:54.0908 5828 VPCNetS2 - ok
22:40:54.0948 5828 vpcusb (ac0adad2ad5a166100cf59fb9a7880b7) C:\Windows\system32\DRIVERS\vpcusb.sys
22:40:54.0998 5828 vpcusb - ok
22:40:55.0048 5828 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
22:40:55.0058 5828 vsmraid - ok
22:40:55.0198 5828 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
22:40:55.0238 5828 VSS - ok
22:40:55.0388 5828 vToolbarUpdater11.1.0 (5fa45791413acce628d5361458f32dde) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
22:40:55.0398 5828 vToolbarUpdater11.1.0 - ok
22:40:55.0518 5828 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
22:40:55.0518 5828 vwifibus - ok
22:40:55.0548 5828 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
22:40:55.0558 5828 vwififlt - ok
22:40:55.0618 5828 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
22:40:55.0638 5828 W32Time - ok
22:40:55.0658 5828 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
22:40:55.0658 5828 WacomPen - ok
22:40:55.0718 5828 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:40:55.0718 5828 WANARP - ok
22:40:55.0728 5828 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:40:55.0728 5828 Wanarpv6 - ok
22:40:55.0888 5828 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
22:40:55.0938 5828 WatAdminSvc - ok
22:40:56.0048 5828 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
22:40:56.0098 5828 wbengine - ok
22:40:56.0128 5828 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
22:40:56.0138 5828 WbioSrvc - ok
22:40:56.0198 5828 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
22:40:56.0218 5828 wcncsvc - ok
22:40:56.0238 5828 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
22:40:56.0248 5828 WcsPlugInService - ok
22:40:56.0278 5828 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
22:40:56.0278 5828 Wd - ok
22:40:56.0338 5828 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
22:40:56.0348 5828 Wdf01000 - ok
22:40:56.0378 5828 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
22:40:56.0388 5828 WdiServiceHost - ok
22:40:56.0388 5828 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
22:40:56.0398 5828 WdiSystemHost - ok
22:40:56.0438 5828 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
22:40:56.0448 5828 WebClient - ok
22:40:56.0488 5828 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
22:40:56.0500 5828 Wecsvc - ok
22:40:56.0510 5828 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
22:40:56.0518 5828 wercplsupport - ok
22:40:56.0550 5828 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
22:40:56.0555 5828 WerSvc - ok
22:40:56.0598 5828 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
22:40:56.0600 5828 WfpLwf - ok
22:40:56.0643 5828 WGSControl - ok
22:40:56.0670 5828 WGSMain - ok
22:40:56.0703 5828 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
22:40:56.0703 5828 WIMMount - ok
22:40:56.0863 5828 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
22:40:56.0893 5828 WinDefend - ok
22:40:56.0913 5828 WinHttpAutoProxySvc - ok
22:40:56.0973 5828 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
22:40:56.0993 5828 Winmgmt - ok
22:40:57.0133 5828 WinRing0_1_2_0 - ok
22:40:57.0273 5828 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
22:40:57.0303 5828 WinRM - ok
22:40:57.0363 5828 WisLMSvc (b0e6faa0f0ead4772c545a3737efb47f) C:\Program Files\Launch Manager\WisLMSvc.exe
22:40:57.0363 5828 WisLMSvc - ok
22:40:57.0433 5828 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
22:40:57.0443 5828 Wlansvc - ok
22:40:57.0653 5828 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:40:57.0673 5828 wlidsvc - ok
22:40:57.0803 5828 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
22:40:57.0813 5828 WmiAcpi - ok
22:40:57.0853 5828 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
22:40:57.0853 5828 wmiApSrv - ok
22:40:57.0973 5828 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
22:40:58.0003 5828 WMPNetworkSvc - ok
22:40:58.0043 5828 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
22:40:58.0053 5828 WPCSvc - ok
22:40:58.0093 5828 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
22:40:58.0093 5828 WPDBusEnum - ok
22:40:58.0133 5828 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
22:40:58.0133 5828 ws2ifsl - ok
22:40:58.0163 5828 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
22:40:58.0163 5828 wscsvc - ok
22:40:58.0173 5828 WSearch - ok
22:40:58.0333 5828 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
22:40:58.0393 5828 wuauserv - ok
22:40:58.0483 5828 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
22:40:58.0483 5828 WudfPf - ok
22:40:58.0523 5828 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:40:58.0533 5828 WUDFRd - ok
22:40:58.0583 5828 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
22:40:58.0593 5828 wudfsvc - ok
22:40:58.0623 5828 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
22:40:58.0643 5828 WwanSvc - ok
22:40:58.0683 5828 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:40:59.0203 5828 \Device\Harddisk0\DR0 - ok
22:40:59.0213 5828 Boot (0x1200) (d6f55cbcea73d2e5c766b6d24e56979e) \Device\Harddisk0\DR0\Partition0
22:40:59.0213 5828 \Device\Harddisk0\DR0\Partition0 - ok
22:40:59.0233 5828 Boot (0x1200) (3b3efc8e3610802f19e8593072f99ee4) \Device\Harddisk0\DR0\Partition1
22:40:59.0233 5828 \Device\Harddisk0\DR0\Partition1 - ok
22:40:59.0263 5828 Boot (0x1200) (18688e9ca157cef256f802cd9362cd57) \Device\Harddisk0\DR0\Partition2
22:40:59.0263 5828 \Device\Harddisk0\DR0\Partition2 - ok
22:40:59.0273 5828 ============================================================
22:40:59.0273 5828 Scan finished
22:40:59.0273 5828 ============================================================
22:40:59.0293 5820 Detected object count: 0
22:40:59.0293 5820 Actual detected object count: 0
22:41:55.0660 5660 Deinitialize success

#13 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:12 PM

Posted 08 June 2012 - 02:47 PM

emak222,

I'm not seeing a malware infection in your logs.

With the information you have provided I believe you will need help from the malware removal team. It's not that I don't want to continue helping you here, there are tools that may need to be used that aren't allowed in the Am I Infected forum.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#14 emak222

emak222
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 08 June 2012 - 03:33 PM

Ok, thank you for your help!!

I did the steps, and made my topic, http://www.bleepingcomputer.com/forums/topic456359.html.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users