Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI Moneypak/Feasible Magnitude 2011 Totally Gone?


  • Please log in to reply
9 replies to this topic

#1 i.hate.open.cloud

i.hate.open.cloud

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:28 AM

Posted 07 September 2012 - 07:40 PM

Like many people, I have been hit with the FBI Green Dot Moneypak trojan. Yesterday, I was online when I noticed my webcan light come on, and then the FBI Moneypak screen came up, and I was unable close it, open the Task Manager, or anything else. I restarted the computer, and the FBI screen was still there (webcam light was still on) but the program froze and I received a box saying that "FeasibleMagnitude2011" had stopped working, and of course I chose to end the program. This didn't kill the FBI screen, but it allowed me to bring up the Task Manager, which listed Explorer as the only program running (it was listed as Not Responding). I ended Explorer, and then opened up Malware Bytes and ran a quick scan, which detected 6 items (results are here: http://i1237.photobucket.com/albums/ff463/microbiology2230/MBAMResults.png) which I quarantined and deleted.

I restarted the computer and ran Ad-Aware, HouseCall, and another MBAM quick scan, all of which came back clean. The computer is working fine, but I would like to know that the trojan is actually removed completely. Any help with determining this would be appreciated. I am running Windows 7 Home Premium, 64-bit.

Thank you for reading.

-James

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:28 AM

Posted 07 September 2012 - 07:51 PM

Hello please follow our guide and if needed ask any questions.

Remove the FBI MoneyPak Ransomware or the Reveton Trojan
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 i.hate.open.cloud

i.hate.open.cloud
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:28 AM

Posted 07 September 2012 - 11:23 PM

Thank you for the link to the removal guide. I ran Emsisoft as instructed and it detected a few files, including one Dropper.Win32 trojan, which I quarantined in Safe Mode and deleted in Normal mode. Is there anything else I should do now?

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:28 AM

Posted 08 September 2012 - 09:52 AM

You're welcome!! We should still do these and be sure there is nothing else living here.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

>>>>>>>>>>..

Run RKill....


Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

>>>


Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.


>>>


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 i.hate.open.cloud

i.hate.open.cloud
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:28 AM

Posted 10 September 2012 - 08:40 PM

Thanks. ESET found and quarantined two files. Should I delete them? Here are the logs requested:


MiniToolBox:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Giest (administrator) on 10-09-2012 at 18:48:50
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

DW1520 Wireless-N WLAN Half-Mini Card = Wireless Network Connection (Connected)
Atheros AR8132 PCI-E Fast Ethernet Controller = Local Area Connection (Hardware not present)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : GW-Net
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : DW1520 Wireless-N WLAN Half-Mini Card
Physical Address. . . . . . . . . : 5C-AC-4C-97-3D-7D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::546f:461c:faf7:4a9f%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.15.201(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, September 10, 2012 6:44:54 PM
Lease Expires . . . . . . . . . . : Tuesday, September 11, 2012 6:44:53 PM
Default Gateway . . . . . . . . . : 192.168.15.1
DHCP Server . . . . . . . . . . . : 192.168.15.1
DHCPv6 IAID . . . . . . . . . . . : 224177228
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-FB-CE-9B-5C-26-0A-00-7B-F0
DNS Servers . . . . . . . . . . . : 192.168.15.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{5A195FB8-E5E5-4D7F-B5C1-39AB78A0F63D}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: WiMaxCPE
Address: 192.168.15.1

Name: google.com
Addresses: 2607:f8b0:4009:801::1001
74.125.225.64
74.125.225.67
74.125.225.68
74.125.225.65
74.125.225.69
74.125.225.78
74.125.225.73
74.125.225.70
74.125.225.72
74.125.225.71
74.125.225.66


Pinging google.com [74.125.225.66] with 32 bytes of data:
Reply from 74.125.225.66: bytes=32 time=242ms TTL=56
Reply from 74.125.225.66: bytes=32 time=97ms TTL=56

Ping statistics for 74.125.225.66:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 97ms, Maximum = 242ms, Average = 169ms
Server: WiMaxCPE
Address: 192.168.15.1

Name: yahoo.com
Addresses: 72.30.38.140
98.138.253.109
98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=398ms TTL=52
Reply from 98.139.183.24: bytes=32 time=198ms TTL=52

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 198ms, Maximum = 398ms, Average = 298ms
Server: WiMaxCPE
Address: 192.168.15.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...5c ac 4c 97 3d 7d ......DW1520 Wireless-N WLAN Half-Mini Card
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.15.1 192.168.15.201 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.15.0 255.255.255.0 On-link 192.168.15.201 281
192.168.15.201 255.255.255.255 On-link 192.168.15.201 281
192.168.15.255 255.255.255.255 On-link 192.168.15.201 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.15.201 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.15.201 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 281 fe80::/64 On-link
11 281 fe80::546f:461c:faf7:4a9f/128
On-link
1 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/10/2012 06:46:27 PM) (Source: Application Error) (User: )
Description: Faulting application name: WLMerger.exe, version: 0.0.0.0, time stamp: 0x4b6c02a5
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc0000005
Fault offset: 0x00000000000252c3
Faulting process id: 0x1ce0
Faulting application start time: 0xWLMerger.exe0
Faulting application path: WLMerger.exe1
Faulting module path: WLMerger.exe2
Report Id: WLMerger.exe3

Error: (09/10/2012 06:46:25 PM) (Source: Application Error) (User: )
Description: Faulting application name: WLMerger.exe, version: 0.0.0.0, time stamp: 0x4b6c02a5
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc0000005
Fault offset: 0x00000000000252c3
Faulting process id: 0x1e38
Faulting application start time: 0xWLMerger.exe0
Faulting application path: WLMerger.exe1
Faulting module path: WLMerger.exe2
Report Id: WLMerger.exe3

Error: (09/07/2012 07:36:34 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e9c

Start Time: 01cd8c7eafca6cd8

Termination Time: 0

Application Path: C:\Windows\Explorer.EXE

Report Id: 32a69c8d-f94d-11e1-a34f-82ae345d983e

Error: (09/07/2012 06:50:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: Flash32_11_3_300_271.ocx, version: 11.3.300.271, time stamp: 0x5026ff3f
Exception code: 0xc0000005
Fault offset: 0x0010a367
Faulting process id: 0x1e7c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (09/07/2012 06:47:43 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: Flash32_11_3_300_271.ocx, version: 11.3.300.271, time stamp: 0x5026ff3f
Exception code: 0xc0000005
Fault offset: 0x0010a367
Faulting process id: 0x259c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (09/07/2012 06:46:59 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: Flash32_11_3_300_271.ocx, version: 11.3.300.271, time stamp: 0x5026ff3f
Exception code: 0xc0000005
Fault offset: 0x0010a367
Faulting process id: 0x14fc
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (09/07/2012 03:58:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: WLMerger.exe, version: 0.0.0.0, time stamp: 0x4b6c02a5
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc0000005
Fault offset: 0x00000000000252c3
Faulting process id: 0x1e5c
Faulting application start time: 0xWLMerger.exe0
Faulting application path: WLMerger.exe1
Faulting module path: WLMerger.exe2
Report Id: WLMerger.exe3

Error: (09/07/2012 03:58:09 PM) (Source: Application Error) (User: )
Description: Faulting application name: WLMerger.exe, version: 0.0.0.0, time stamp: 0x4b6c02a5
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc0000005
Fault offset: 0x00000000000252c3
Faulting process id: 0x1d98
Faulting application start time: 0xWLMerger.exe0
Faulting application path: WLMerger.exe1
Faulting module path: WLMerger.exe2
Report Id: WLMerger.exe3

Error: (09/06/2012 05:17:12 PM) (Source: Application Hang) (User: )
Description: The program winlogon.exe version 6.0.0.15670 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1390

Start Time: 01cd8c7c91680f00

Termination Time: 4

Application Path: C:\Users\Giest\AppData\Roaming\System\winlogon.exe

Report Id: 939f4a8a-f870-11e1-9364-90a681bf870c

Error: (09/06/2012 03:25:14 AM) (Source: Application Error) (User: )
Description: Faulting application name: WLMerger.exe, version: 0.0.0.0, time stamp: 0x4b6c02a5
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc0000005
Fault offset: 0x00000000000252c3
Faulting process id: 0x1af0
Faulting application start time: 0xWLMerger.exe0
Faulting application path: WLMerger.exe1
Faulting module path: WLMerger.exe2
Report Id: WLMerger.exe3


System errors:
=============
Error: (09/07/2012 11:12:10 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (09/07/2012 11:11:11 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/07/2012 11:11:11 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/07/2012 11:11:11 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/07/2012 11:11:11 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/07/2012 11:11:11 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/07/2012 11:11:11 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/07/2012 11:11:11 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/07/2012 11:11:11 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/07/2012 11:11:11 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (09/10/2012 06:46:27 PM) (Source: Application Error)(User: )
Description: WLMerger.exe0.0.0.04b6c02a5ntdll.dll6.1.7601.177254ec4aa8ec000000500000000000252c31ce001cd8fae67be7d74C:\ProgramData\NVIDIA\Updatus\WLMerger.exeC:\Windows\SYSTEM32\ntdll.dllbc04cb64-fba1-11e1-a8b9-dbd2bb8f203c

Error: (09/10/2012 06:46:25 PM) (Source: Application Error)(User: )
Description: WLMerger.exe0.0.0.04b6c02a5ntdll.dll6.1.7601.177254ec4aa8ec000000500000000000252c31e3801cd8fae67c9c83eC:\ProgramData\NVIDIA\Updatus\WLMerger.exeC:\Windows\SYSTEM32\ntdll.dllbae6ad04-fba1-11e1-a8b9-dbd2bb8f203c

Error: (09/07/2012 07:36:34 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.17514e9c01cd8c7eafca6cd80C:\Windows\Explorer.EXE32a69c8d-f94d-11e1-a34f-82ae345d983e

Error: (09/07/2012 06:50:19 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7601.175144ce79912Flash32_11_3_300_271.ocx11.3.300.2715026ff3fc00000050010a3671e7c01cd8d535602edb7C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\Flash32_11_3_300_271.ocxc72077c3-f946-11e1-a34f-82ae345d983e

Error: (09/07/2012 06:47:43 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7601.175144ce79912Flash32_11_3_300_271.ocx11.3.300.2715026ff3fc00000050010a367259c01cd8d531c171d7aC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\Flash32_11_3_300_271.ocx6aa0d469-f946-11e1-a34f-82ae345d983e

Error: (09/07/2012 06:46:59 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7601.175144ce79912Flash32_11_3_300_271.ocx11.3.300.2715026ff3fc00000050010a36714fc01cd8d3bce788eeeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\Flash32_11_3_300_271.ocx5038095b-f946-11e1-a34f-82ae345d983e

Error: (09/07/2012 03:58:12 PM) (Source: Application Error)(User: )
Description: WLMerger.exe0.0.0.04b6c02a5ntdll.dll6.1.7601.177254ec4aa8ec000000500000000000252c31e5c01cd8d3b6800e4f6C:\ProgramData\NVIDIA\Updatus\WLMerger.exeC:\Windows\SYSTEM32\ntdll.dllbbe6e90e-f92e-11e1-a34f-82ae345d983e

Error: (09/07/2012 03:58:09 PM) (Source: Application Error)(User: )
Description: WLMerger.exe0.0.0.04b6c02a5ntdll.dll6.1.7601.177254ec4aa8ec000000500000000000252c31d9801cd8d3b683a1e3dC:\ProgramData\NVIDIA\Updatus\WLMerger.exeC:\Windows\SYSTEM32\ntdll.dllb9f794ed-f92e-11e1-a34f-82ae345d983e

Error: (09/06/2012 05:17:12 PM) (Source: Application Hang)(User: )
Description: winlogon.exe6.0.0.15670139001cd8c7c91680f004C:\Users\Giest\AppData\Roaming\System\winlogon.exe939f4a8a-f870-11e1-9364-90a681bf870c

Error: (09/06/2012 03:25:14 AM) (Source: Application Error)(User: )
Description: WLMerger.exe0.0.0.04b6c02a5ntdll.dll6.1.7601.177254ec4aa8ec000000500000000000252c31af001cd8c09120a4f3cC:\ProgramData\NVIDIA\Updatus\WLMerger.exeC:\Windows\SYSTEM32\ntdll.dll6195c282-f7fc-11e1-8593-a510a5089334


=========================== Installed Programs ============================

7-Zip 9.22beta
AccelerometerP11 (Version: 2.00.00.16)
Ad-Aware (Version: 9.0.6)
Ad-Aware (Version: 9.0.7)
Adobe AIR (Version: 3.0.0.4080)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Reader 6.0.1 (Version: 006.000.001)
AlienRespawn - Support Software
AlienRespawn (Version: 9.4.51)
Alienware On-Screen Display (Version: 0.0.0.12C)
Amazon Kindle
Avant Browser (remove only) (Version: 12.0.0.0)
Banctec Service Agreement (Version: 2.0.0)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Cobian Backup 10
Command Center (Version: 2.5.54.0)
CyberLink YouCam (Version: 2.0.3131)
DivX Setup (Version: 2.6.1.8)
DW WLAN Card Utility (Version: 5.60.48.18)
EMSC (Version: 0.0.0.22C)
Eurotalk Talk Now! (Version: 1.0.70)
FLV Player (Version: 2.0.25)
HiJackThis (Version: 1.0.0)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2119)
Intel® Rapid Storage Technology (Version: 9.5.6.1001)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 20 (64-bit) (Version: 6.0.200)
Java™ 6 Update 31 (Version: 6.0.310)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
McAfee SecurityCenter (Version: 11.0.669)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office Basic Edition 2003 (Version: 11.0.5614.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
NVIDIA Drivers (Version: 1.10.59.37)
NVIDIA Updatus (Version: 1.0.3)
Portal
Realtek High Definition Audio Driver (Version: 6.0.1.6083)
Revo Uninstaller 1.93 (Version: 1.93)
SpywareBlaster 4.4 (Version: 4.4.0)
Stardock MyColors (Version: 2.7.500)
Steam (Version: 1.0.0.0)
Synaptics Pointing Device Driver (Version: 15.0.4.0)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)

========================= Memory info: ===================================

Percentage of memory in use: 38%
Total physical RAM: 3893.86 MB
Available physical RAM: 2389.03 MB
Total Pagefile: 7785.91 MB
Available Pagefile: 5289.53 MB
Total Virtual: 4095.88 MB
Available Virtual: 3951.26 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:221.61 GB) NTFS

========================= Users: ========================================

User accounts for \\GW-NET

Administrator Giest Guest
UpdatusUser


**** End of log ****




Rkill:

Rkill 2.3.11 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/10/2012 06:53:20 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!

* HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!


Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* iphlpsvc [Missing Service]
* WinDefend [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/10/2012 06:53:40 PM
Execution time: 0 hours(s), 0 minute(s), and 19 seconds(s)






TDSS:

18:54:29.0513 6252 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
18:54:30.0468 6252 ============================================================
18:54:30.0468 6252 Current date / time: 2012/09/10 18:54:30.0468
18:54:30.0468 6252 SystemInfo:
18:54:30.0468 6252
18:54:30.0468 6252 OS Version: 6.1.7601 ServicePack: 1.0
18:54:30.0468 6252 Product type: Workstation
18:54:30.0469 6252 ComputerName: GW-NET
18:54:30.0469 6252 UserName: Giest
18:54:30.0469 6252 Windows directory: C:\Windows
18:54:30.0469 6252 System windows directory: C:\Windows
18:54:30.0469 6252 Running under WOW64
18:54:30.0469 6252 Processor architecture: Intel x64
18:54:30.0469 6252 Number of processors: 4
18:54:30.0469 6252 Page size: 0x1000
18:54:30.0469 6252 Boot type: Normal boot
18:54:30.0469 6252 ============================================================
18:54:31.0313 6252 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize:

0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags

0x00000040
18:54:31.0329 6252 ============================================================
18:54:31.0330 6252 \Device\Harddisk0\DR0:
18:54:31.0330 6252 MBR partitions:
18:54:31.0330 6252 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum

0x1D4C000
18:54:31.0330 6252 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000,

BlocksNum 0x236CE2B0
18:54:31.0330 6252 ============================================================
18:54:31.0358 6252 C: <-> \Device\Harddisk0\DR0\Partition2
18:54:31.0358 6252 ============================================================
18:54:31.0358 6252 Initialize success
18:54:31.0358 6252 ============================================================
18:54:47.0882 3196 ============================================================
18:54:47.0882 3196 Scan started
18:54:47.0882 3196 Mode: Manual; TDLFS;
18:54:47.0882 3196 ============================================================
18:54:48.0146 3196 ================ Scan system memory ========================
18:54:48.0146 3196 System memory - ok
18:54:48.0147 3196 ================ Scan services =============================
18:54:48.0340 3196 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows

\system32\drivers\1394ohci.sys
18:54:48.0347 3196 1394ohci - ok
18:54:48.0487 3196 [ 3044D0F3FEB9FFE8BC953D8F34B5B504 ] A2DDA C:\Users\Giest\Desktop

\EmsisoftEmergencyKit\Run\a2ddax64.sys
18:54:48.0609 3196 A2DDA - ok
18:54:48.0642 3196 [ 627371B2D48F64CECC4D019114FB140D ] Acceler C:\Windows

\system32\DRIVERS\Accelern.sys
18:54:48.0644 3196 Acceler - ok
18:54:48.0676 3196 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows

\system32\drivers\ACPI.sys
18:54:48.0684 3196 ACPI - ok
18:54:48.0724 3196 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows

\system32\drivers\acpipmi.sys
18:54:48.0726 3196 AcpiPmi - ok
18:54:48.0865 3196 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows

\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:54:48.0867 3196 AdobeFlashPlayerUpdateSvc - ok
18:54:48.0914 3196 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows

\system32\DRIVERS\adp94xx.sys
18:54:48.0922 3196 adp94xx - ok
18:54:48.0937 3196 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows

\system32\DRIVERS\adpahci.sys
18:54:48.0944 3196 adpahci - ok
18:54:48.0966 3196 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows

\system32\DRIVERS\adpu320.sys
18:54:48.0976 3196 adpu320 - ok
18:54:49.0005 3196 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows

\System32\aelupsvc.dll
18:54:49.0008 3196 AeLookupSvc - ok
18:54:49.0049 3196 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files

\Realtek\Audio\HDA\AERTSr64.exe
18:54:49.0051 3196 AERTFilters - ok
18:54:49.0089 3196 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows

\system32\drivers\afd.sys
18:54:49.0098 3196 AFD - ok
18:54:49.0129 3196 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows

\system32\drivers\agp440.sys
18:54:49.0132 3196 agp440 - ok
18:54:49.0153 3196 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows

\System32\alg.exe
18:54:49.0156 3196 ALG - ok
18:54:49.0203 3196 [ A99E57669390F265D25288C8BA042D78 ] AlienFusionService C:\Program Files

\Alienware\Command Center\AlienFusionService.exe
18:54:49.0204 3196 AlienFusionService - ok
18:54:49.0220 3196 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows

\system32\drivers\aliide.sys
18:54:49.0222 3196 aliide - ok
18:54:49.0233 3196 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows

\system32\drivers\amdide.sys
18:54:49.0236 3196 amdide - ok
18:54:49.0254 3196 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows

\system32\DRIVERS\amdk8.sys
18:54:49.0258 3196 AmdK8 - ok
18:54:49.0272 3196 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows

\system32\DRIVERS\amdppm.sys
18:54:49.0278 3196 AmdPPM - ok
18:54:49.0291 3196 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows

\system32\drivers\amdsata.sys
18:54:49.0295 3196 amdsata - ok
18:54:49.0308 3196 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows

\system32\DRIVERS\amdsbs.sys
18:54:49.0318 3196 amdsbs - ok
18:54:49.0333 3196 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows

\system32\drivers\amdxata.sys
18:54:49.0336 3196 amdxata - ok
18:54:49.0362 3196 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows

\system32\drivers\appid.sys
18:54:49.0365 3196 AppID - ok
18:54:49.0380 3196 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows

\System32\appidsvc.dll
18:54:49.0382 3196 AppIDSvc - ok
18:54:49.0412 3196 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows

\System32\appinfo.dll
18:54:49.0415 3196 Appinfo - ok
18:54:49.0454 3196 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows

\system32\DRIVERS\arc.sys
18:54:49.0459 3196 arc - ok
18:54:49.0489 3196 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows

\system32\DRIVERS\arcsas.sys
18:54:49.0497 3196 arcsas - ok
18:54:49.0523 3196 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows

\system32\DRIVERS\asyncmac.sys
18:54:49.0528 3196 AsyncMac - ok
18:54:49.0558 3196 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows

\system32\drivers\atapi.sys
18:54:49.0560 3196 atapi - ok
18:54:49.0606 3196 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows

\System32\Audiosrv.dll
18:54:49.0640 3196 AudioEndpointBuilder - ok
18:54:49.0666 3196 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows

\System32\Audiosrv.dll
18:54:49.0675 3196 AudioSrv - ok
18:54:49.0730 3196 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows

\System32\AxInstSV.dll
18:54:49.0735 3196 AxInstSV - ok
18:54:49.0773 3196 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows

\system32\DRIVERS\bxvbda.sys
18:54:49.0792 3196 b06bdrv - ok
18:54:49.0813 3196 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows

\system32\DRIVERS\b57nd60a.sys
18:54:49.0820 3196 b57nd60a - ok
18:54:49.0843 3196 [ 5C0F919666954885D7760DFFE4B29A25 ] BCM42RLY C:\Windows

\system32\drivers\BCM42RLY.sys
18:54:49.0846 3196 BCM42RLY - ok
18:54:49.0965 3196 [ BAB887A2B2786310A966881F074F4A99 ] BCM43XX C:\Windows

\system32\DRIVERS\bcmwl664.sys
18:54:50.0059 3196 BCM43XX - ok
18:54:50.0122 3196 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows

\System32\bdesvc.dll
18:54:50.0126 3196 BDESVC - ok
18:54:50.0164 3196 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows

\system32\drivers\Beep.sys
18:54:50.0166 3196 Beep - ok
18:54:50.0249 3196 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows

\System32\bfe.dll
18:54:50.0274 3196 BFE - ok
18:54:50.0320 3196 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows

\system32\qmgr.dll
18:54:50.0353 3196 BITS - ok
18:54:50.0370 3196 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows

\system32\DRIVERS\blbdrive.sys
18:54:50.0373 3196 blbdrive - ok
18:54:50.0405 3196 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows

\system32\DRIVERS\bowser.sys
18:54:50.0408 3196 bowser - ok
18:54:50.0422 3196 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows

\system32\DRIVERS\BrFiltLo.sys
18:54:50.0425 3196 BrFiltLo - ok
18:54:50.0436 3196 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows

\system32\DRIVERS\BrFiltUp.sys
18:54:50.0439 3196 BrFiltUp - ok
18:54:50.0474 3196 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows

\System32\browser.dll
18:54:50.0478 3196 Browser - ok
18:54:50.0503 3196 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows

\System32\Drivers\Brserid.sys
18:54:50.0512 3196 Brserid - ok
18:54:50.0534 3196 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows

\System32\Drivers\BrSerWdm.sys
18:54:50.0537 3196 BrSerWdm - ok
18:54:50.0552 3196 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows

\System32\Drivers\BrUsbMdm.sys
18:54:50.0560 3196 BrUsbMdm - ok
18:54:50.0578 3196 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows

\System32\Drivers\BrUsbSer.sys
18:54:50.0581 3196 BrUsbSer - ok
18:54:50.0596 3196 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows

\system32\DRIVERS\bthmodem.sys
18:54:50.0599 3196 BTHMODEM - ok
18:54:50.0634 3196 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows

\system32\bthserv.dll
18:54:50.0638 3196 bthserv - ok
18:54:50.0737 3196 [ ED5411A69C5BAC78D245C893AF64352A ] cbVSCService C:\Program Files

(x86)\Cobian Backup 10\cbVSCService.exe
18:54:50.0739 3196 cbVSCService - ok
18:54:50.0758 3196 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows

\system32\DRIVERS\cdfs.sys
18:54:50.0765 3196 cdfs - ok
18:54:50.0805 3196 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows

\system32\drivers\cdrom.sys
18:54:50.0809 3196 cdrom - ok
18:54:50.0857 3196 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows

\System32\certprop.dll
18:54:50.0946 3196 CertPropSvc - ok
18:54:50.0998 3196 [ 274CE03459896006F7A5069266E0469E ] cfwids C:\Windows

\system32\drivers\cfwids.sys
18:54:51.0001 3196 cfwids - ok
18:54:51.0018 3196 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows

\system32\DRIVERS\circlass.sys
18:54:51.0021 3196 circlass - ok
18:54:51.0053 3196 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows

\system32\CLFS.sys
18:54:51.0061 3196 CLFS - ok
18:54:51.0126 3196 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:

\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:54:51.0129 3196 clr_optimization_v2.0.50727_32 - ok
18:54:51.0198 3196 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:

\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:54:51.0201 3196 clr_optimization_v2.0.50727_64 - ok
18:54:51.0277 3196 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:

\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:54:51.0282 3196 clr_optimization_v4.0.30319_32 - ok
18:54:51.0331 3196 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:

\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:54:51.0336 3196 clr_optimization_v4.0.30319_64 - ok
18:54:51.0360 3196 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows

\system32\DRIVERS\CmBatt.sys
18:54:51.0363 3196 CmBatt - ok
18:54:51.0395 3196 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows

\system32\drivers\cmdide.sys
18:54:51.0402 3196 cmdide - ok
18:54:51.0442 3196 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows

\system32\Drivers\cng.sys
18:54:51.0463 3196 CNG - ok
18:54:51.0490 3196 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows

\system32\DRIVERS\compbatt.sys
18:54:51.0493 3196 Compbatt - ok
18:54:51.0531 3196 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows

\system32\drivers\CompositeBus.sys
18:54:51.0533 3196 CompositeBus - ok
18:54:51.0546 3196 COMSysApp - ok
18:54:51.0567 3196 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows

\system32\DRIVERS\crcdisk.sys
18:54:51.0572 3196 crcdisk - ok
18:54:51.0623 3196 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows

\system32\cryptsvc.dll
18:54:51.0630 3196 CryptSvc - ok
18:54:51.0680 3196 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows

\system32\rpcss.dll
18:54:51.0706 3196 DcomLaunch - ok
18:54:51.0749 3196 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows

\System32\defragsvc.dll
18:54:51.0757 3196 defragsvc - ok
18:54:51.0789 3196 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows

\system32\Drivers\dfsc.sys
18:54:51.0792 3196 DfsC - ok
18:54:51.0835 3196 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows

\system32\dhcpcore.dll
18:54:51.0852 3196 Dhcp - ok
18:54:51.0902 3196 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows

\system32\drivers\discache.sys
18:54:51.0905 3196 discache - ok
18:54:51.0938 3196 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows

\system32\DRIVERS\disk.sys
18:54:51.0941 3196 Disk - ok
18:54:51.0969 3196 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows

\System32\dnsrslvr.dll
18:54:51.0975 3196 Dnscache - ok
18:54:52.0010 3196 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows

\System32\dot3svc.dll
18:54:52.0090 3196 dot3svc - ok
18:54:52.0145 3196 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows

\system32\dps.dll
18:54:52.0151 3196 DPS - ok
18:54:52.0184 3196 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows

\system32\drivers\drmkaud.sys
18:54:52.0186 3196 drmkaud - ok
18:54:52.0234 3196 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows

\System32\drivers\dxgkrnl.sys
18:54:52.0272 3196 DXGKrnl - ok
18:54:52.0304 3196 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows

\System32\eapsvc.dll
18:54:52.0309 3196 EapHost - ok
18:54:52.0415 3196 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows

\system32\DRIVERS\evbda.sys
18:54:52.0520 3196 ebdrv - ok
18:54:52.0569 3196 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows

\System32\lsass.exe
18:54:52.0572 3196 EFS - ok
18:54:52.0638 3196 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome

\ehRecvr.exe
18:54:52.0675 3196 ehRecvr - ok
18:54:52.0706 3196 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome

\ehsched.exe
18:54:52.0709 3196 ehSched - ok
18:54:52.0744 3196 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows

\system32\DRIVERS\elxstor.sys
18:54:52.0777 3196 elxstor - ok
18:54:52.0807 3196 [ E47D9D7E6E53892FC97282482F4AE307 ] EMSC C:\Windows

\system32\DRIVERS\EMSC.SYS
18:54:52.0810 3196 EMSC - ok
18:54:52.0825 3196 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows

\system32\drivers\errdev.sys
18:54:52.0827 3196 ErrDev - ok
18:54:52.0859 3196 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows

\system32\es.dll
18:54:52.0868 3196 EventSystem - ok
18:54:52.0877 3196 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows

\system32\drivers\exfat.sys
18:54:52.0882 3196 exfat - ok
18:54:52.0918 3196 [ 2C1D443E14F376E8331F52F135DCA9EF ] FACAP C:\Windows

\system32\DRIVERS\facap.sys
18:54:52.0924 3196 FACAP - ok
18:54:53.0014 3196 [ 53E30A6E86AA93C0FFC0BC0439E3E636 ] FAService C:\Program Files

\Alienware\Command Center\AlienSense\FAService.exe
18:54:53.0039 3196 FAService - ok
18:54:53.0056 3196 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows

\system32\drivers\fastfat.sys
18:54:53.0061 3196 fastfat - ok
18:54:53.0104 3196 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows

\system32\fxssvc.exe
18:54:53.0130 3196 Fax - ok
18:54:53.0153 3196 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows

\system32\DRIVERS\fdc.sys
18:54:53.0157 3196 fdc - ok
18:54:53.0184 3196 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows

\system32\fdPHost.dll
18:54:53.0188 3196 fdPHost - ok
18:54:53.0195 3196 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows

\system32\fdrespub.dll
18:54:53.0199 3196 FDResPub - ok
18:54:53.0214 3196 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows

\system32\drivers\fileinfo.sys
18:54:53.0217 3196 FileInfo - ok
18:54:53.0229 3196 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows

\system32\drivers\filetrace.sys
18:54:53.0232 3196 Filetrace - ok
18:54:53.0247 3196 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows

\system32\DRIVERS\flpydisk.sys
18:54:53.0249 3196 flpydisk - ok
18:54:53.0292 3196 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows

\system32\drivers\fltmgr.sys
18:54:53.0299 3196 FltMgr - ok
18:54:53.0362 3196 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows

\system32\FntCache.dll
18:54:53.0463 3196 FontCache - ok
18:54:53.0523 3196 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows

\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:54:53.0525 3196 FontCache3.0.0.0 - ok
18:54:53.0548 3196 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows

\system32\drivers\FsDepends.sys
18:54:53.0552 3196 FsDepends - ok
18:54:53.0580 3196 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows

\system32\drivers\Fs_Rec.sys
18:54:53.0583 3196 Fs_Rec - ok
18:54:53.0630 3196 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows

\system32\DRIVERS\fvevol.sys
18:54:53.0638 3196 fvevol - ok
18:54:53.0661 3196 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows

\system32\DRIVERS\gagp30kx.sys
18:54:53.0664 3196 gagp30kx - ok
18:54:53.0701 3196 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows

\System32\gpsvc.dll
18:54:53.0725 3196 gpsvc - ok
18:54:53.0741 3196 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows

\system32\drivers\hcw85cir.sys
18:54:53.0744 3196 hcw85cir - ok
18:54:53.0779 3196 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows

\system32\drivers\HDAudBus.sys
18:54:53.0783 3196 HDAudBus - ok
18:54:53.0806 3196 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows

\system32\DRIVERS\HidBatt.sys
18:54:53.0808 3196 HidBatt - ok
18:54:53.0826 3196 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows

\system32\DRIVERS\hidbth.sys
18:54:53.0830 3196 HidBth - ok
18:54:53.0844 3196 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows

\system32\DRIVERS\hidir.sys
18:54:53.0853 3196 HidIr - ok
18:54:53.0879 3196 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows

\System32\hidserv.dll
18:54:53.0882 3196 hidserv - ok
18:54:53.0908 3196 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows

\system32\drivers\hidusb.sys
18:54:53.0911 3196 HidUsb - ok
18:54:53.0944 3196 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows

\system32\kmsvc.dll
18:54:53.0950 3196 hkmsvc - ok
18:54:53.0984 3196 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows

\system32\ListSvc.dll
18:54:53.0992 3196 HomeGroupListener - ok
18:54:54.0022 3196 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows

\system32\provsvc.dll
18:54:54.0028 3196 HomeGroupProvider - ok
18:54:54.0053 3196 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows

\system32\drivers\HpSAMD.sys
18:54:54.0057 3196 HpSAMD - ok
18:54:54.0109 3196 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows

\system32\drivers\HTTP.sys
18:54:54.0135 3196 HTTP - ok
18:54:54.0165 3196 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows

\system32\drivers\hwpolicy.sys
18:54:54.0167 3196 hwpolicy - ok
18:54:54.0206 3196 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows

\system32\drivers\i8042prt.sys
18:54:54.0209 3196 i8042prt - ok
18:54:54.0262 3196 [ 42E00996DFC13C46366689C0EA8ABC5E ] iaStor C:\Windows

\system32\DRIVERS\iaStor.sys
18:54:54.0268 3196 iaStor - ok
18:54:54.0325 3196 [ 48362E5DB5CB2C000C514EE1F3890ACD ] IAStorDataMgrSvc C:\Program Files

(x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
18:54:54.0326 3196 IAStorDataMgrSvc - ok
18:54:54.0358 3196 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows

\system32\drivers\iaStorV.sys
18:54:54.0377 3196 iaStorV - ok
18:54:54.0442 3196 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files

(x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:54:54.0445 3196 IDriverT - ok
18:54:54.0498 3196 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows

\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:54:54.0508 3196 idsvc - ok
18:54:54.0773 3196 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows

\system32\DRIVERS\igdkmd64.sys
18:54:55.0009 3196 igfx - ok
18:54:55.0032 3196 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows

\system32\DRIVERS\iirsp.sys
18:54:55.0034 3196 iirsp - ok
18:54:55.0089 3196 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows

\System32\ikeext.dll
18:54:55.0114 3196 IKEEXT - ok
18:54:55.0144 3196 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows

\system32\DRIVERS\Impcd.sys
18:54:55.0149 3196 Impcd - ok
18:54:55.0182 3196 [ A4A87C2F228DD2AC93DAE94E103792D3 ] InstallFilterService C:\Program Files

(x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
18:54:55.0183 3196 InstallFilterService - ok
18:54:55.0258 3196 [ 0ADF714079AE174A39D69036143E4C50 ] IntcAzAudAddService C:\Windows

\system32\drivers\RTKVHD64.sys
18:54:55.0319 3196 IntcAzAudAddService - ok
18:54:55.0346 3196 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\Windows

\system32\DRIVERS\IntcDAud.sys
18:54:55.0353 3196 IntcDAud - ok
18:54:55.0370 3196 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows

\system32\drivers\intelide.sys
18:54:55.0373 3196 intelide - ok
18:54:55.0401 3196 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows

\system32\DRIVERS\intelppm.sys
18:54:55.0404 3196 intelppm - ok
18:54:55.0433 3196 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows

\system32\ipbusenum.dll
18:54:55.0438 3196 IPBusEnum - ok
18:54:55.0472 3196 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows

\system32\DRIVERS\ipfltdrv.sys
18:54:55.0475 3196 IpFilterDriver - ok
18:54:55.0509 3196 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows

\system32\drivers\IPMIDrv.sys
18:54:55.0513 3196 IPMIDRV - ok
18:54:55.0544 3196 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows

\system32\drivers\ipnat.sys
18:54:55.0548 3196 IPNAT - ok
18:54:55.0575 3196 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows

\system32\drivers\irenum.sys
18:54:55.0578 3196 IRENUM - ok
18:54:55.0596 3196 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows

\system32\drivers\isapnp.sys
18:54:55.0600 3196 isapnp - ok
18:54:55.0622 3196 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows

\system32\drivers\msiscsi.sys
18:54:55.0629 3196 iScsiPrt - ok
18:54:55.0656 3196 [ 1EA84FC4DF200FF77A823078532123BF ] JMCR C:\Windows

\system32\DRIVERS\jmcr.sys
18:54:55.0659 3196 JMCR - ok
18:54:55.0697 3196 [ 0B585D18C93379227FA2A645181A6DA2 ] johci C:\Windows

\system32\DRIVERS\johci.sys
18:54:55.0698 3196 johci - ok
18:54:55.0719 3196 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows

\system32\drivers\kbdclass.sys
18:54:55.0722 3196 kbdclass - ok
18:54:55.0750 3196 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows

\system32\drivers\kbdhid.sys
18:54:55.0848 3196 kbdhid - ok
18:54:55.0860 3196 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows

\system32\lsass.exe
18:54:55.0863 3196 KeyIso - ok
18:54:55.0899 3196 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows

\system32\Drivers\ksecdd.sys
18:54:55.0903 3196 KSecDD - ok
18:54:55.0918 3196 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows

\system32\Drivers\ksecpkg.sys
18:54:55.0923 3196 KSecPkg - ok
18:54:55.0937 3196 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows

\system32\drivers\ksthunk.sys
18:54:55.0940 3196 ksthunk - ok
18:54:55.0977 3196 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows

\system32\msdtckrm.dll
18:54:55.0995 3196 KtmRm - ok
18:54:56.0023 3196 [ 9C46A5421DE9D116C47155317CABB522 ] L1C C:\Windows

\system32\DRIVERS\L1C62x64.sys
18:54:56.0026 3196 L1C - ok
18:54:56.0064 3196 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows

\System32\srvsvc.dll
18:54:56.0071 3196 LanmanServer - ok
18:54:56.0101 3196 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows

\System32\wkssvc.dll
18:54:56.0108 3196 LanmanWorkstation - ok
18:54:56.0226 3196 [ ED60FFD305AC0424920D146DB9F9ED78 ] Lavasoft Ad-Aware Service C:\Program

Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
18:54:56.0255 3196 Lavasoft Ad-Aware Service - ok
18:54:56.0272 3196 [ C8B3131857931AE76798A741CC52B021 ] Lbd C:\Windows

\system32\DRIVERS\Lbd.sys
18:54:56.0276 3196 Lbd - ok
18:54:56.0316 3196 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows

\system32\DRIVERS\lltdio.sys
18:54:56.0319 3196 lltdio - ok
18:54:56.0355 3196 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows

\System32\lltdsvc.dll
18:54:56.0363 3196 lltdsvc - ok
18:54:56.0376 3196 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows

\System32\lmhsvc.dll
18:54:56.0380 3196 lmhosts - ok
18:54:56.0421 3196 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows

\system32\DRIVERS\lsi_fc.sys
18:54:56.0426 3196 LSI_FC - ok
18:54:56.0448 3196 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows

\system32\DRIVERS\lsi_sas.sys
18:54:56.0452 3196 LSI_SAS - ok
18:54:56.0460 3196 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows

\system32\DRIVERS\lsi_sas2.sys
18:54:56.0465 3196 LSI_SAS2 - ok
18:54:56.0488 3196 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows

\system32\DRIVERS\lsi_scsi.sys
18:54:56.0493 3196 LSI_SCSI - ok
18:54:56.0517 3196 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows

\system32\drivers\luafv.sys
18:54:56.0521 3196 luafv - ok
18:54:56.0542 3196 lxcf_device - ok
18:54:56.0586 3196 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows

\system32\drivers\mbam.sys
18:54:56.0589 3196 MBAMProtector - ok
18:54:56.0655 3196 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files

(x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:54:56.0667 3196 MBAMService - ok
18:54:56.0715 3196 [ ACB01BF1A905356AB7F978C7FE852209 ] McAfee SiteAdvisor Service C:\Program

Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:54:56.0721 3196 McAfee SiteAdvisor Service - ok
18:54:56.0732 3196 [ ACB01BF1A905356AB7F978C7FE852209 ] McMPFSvc C:\Program Files\Common

Files\McAfee\McSvcHost\McSvHost.exe
18:54:56.0736 3196 McMPFSvc - ok
18:54:56.0750 3196 [ ACB01BF1A905356AB7F978C7FE852209 ] mcmscsvc C:\Program Files\Common

Files\McAfee\McSvcHost\McSvHost.exe
18:54:56.0754 3196 mcmscsvc - ok
18:54:56.0766 3196 [ ACB01BF1A905356AB7F978C7FE852209 ] McNaiAnn C:\Program Files\Common

Files\McAfee\McSvcHost\McSvHost.exe
18:54:56.0770 3196 McNaiAnn - ok
18:54:56.0800 3196 [ ACB01BF1A905356AB7F978C7FE852209 ] McNASvc C:\Program Files\Common

Files\McAfee\McSvcHost\McSvHost.exe
18:54:56.0804 3196 McNASvc - ok
18:54:56.0873 3196 [ DD01BF24DD6BF70A90549F9A7BB2D1EB ] McODS C:\Program Files\McAfee

\VirusScan\mcods.exe
18:54:56.0883 3196 McODS - ok
18:54:56.0906 3196 [ ACB01BF1A905356AB7F978C7FE852209 ] McProxy C:\Program Files\Common

Files\McAfee\McSvcHost\McSvHost.exe
18:54:56.0910 3196 McProxy - ok
18:54:56.0927 3196 [ E998E3B12101288D716558466CBF6AE1 ] McShield C:\Program Files\Common

Files\McAfee\SystemCore\\mcshield.exe
18:54:56.0931 3196 McShield - ok
18:54:56.0964 3196 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows

\system32\Mcx2Svc.dll
18:54:56.0969 3196 Mcx2Svc - ok
18:54:56.0984 3196 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows

\system32\DRIVERS\megasas.sys
18:54:56.0987 3196 megasas - ok
18:54:57.0017 3196 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows

\system32\DRIVERS\MegaSR.sys
18:54:57.0023 3196 MegaSR - ok
18:54:57.0060 3196 [ 01884CB7655C8908B43FF5E364FE6FD2 ] mfeapfk C:\Windows

\system32\drivers\mfeapfk.sys
18:54:57.0062 3196 mfeapfk - ok
18:54:57.0094 3196 [ DAB9A9CDFB04E4D68924492AA043019D ] mfeavfk C:\Windows

\system32\drivers\mfeavfk.sys
18:54:57.0099 3196 mfeavfk - ok
18:54:57.0113 3196 mfeavfk01 - ok
18:54:57.0135 3196 [ B26782C3D6045B4464017D7926877560 ] mfefire C:\Program Files\Common

Files\McAfee\SystemCore\\mfefire.exe
18:54:57.0225 3196 mfefire - ok
18:54:57.0260 3196 [ CE9A3680675C0907ADE16404CA967B49 ] mfefirek C:\Windows

\system32\drivers\mfefirek.sys
18:54:57.0277 3196 mfefirek - ok
18:54:57.0323 3196 [ 60CF67458DD29CD17E77F2327B1A9A54 ] mfehidk C:\Windows

\system32\drivers\mfehidk.sys
18:54:57.0348 3196 mfehidk - ok
18:54:57.0367 3196 [ A8129CFB919347F8533C934B365E9202 ] mfenlfk C:\Windows

\system32\DRIVERS\mfenlfk.sys
18:54:57.0370 3196 mfenlfk - ok
18:54:57.0398 3196 [ 5041FA2BD2B3A2693B015771BFBF6DCA ] mferkdet C:\Windows

\system32\drivers\mferkdet.sys
18:54:57.0402 3196 mferkdet - ok
18:54:57.0419 3196 [ 723A5EB6CEF7F408C3D0F15A82A6BFF8 ] mfevtp C:\Windows

\system32\mfevtps.exe
18:54:57.0423 3196 mfevtp - ok
18:54:57.0444 3196 [ 919C56DB14A0E1E2AB6DA5D2821DC26E ] mfewfpk C:\Windows

\system32\drivers\mfewfpk.sys
18:54:57.0451 3196 mfewfpk - ok
18:54:57.0473 3196 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows

\system32\mmcss.dll
18:54:57.0476 3196 MMCSS - ok
18:54:57.0493 3196 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows

\system32\drivers\modem.sys
18:54:57.0496 3196 Modem - ok
18:54:57.0524 3196 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows

\system32\DRIVERS\monitor.sys
18:54:57.0526 3196 monitor - ok
18:54:57.0549 3196 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows

\system32\drivers\mouclass.sys
18:54:57.0552 3196 mouclass - ok
18:54:57.0575 3196 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows

\system32\DRIVERS\mouhid.sys
18:54:57.0578 3196 mouhid - ok
18:54:57.0608 3196 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows

\system32\drivers\mountmgr.sys
18:54:57.0611 3196 mountmgr - ok
18:54:57.0644 3196 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows

\system32\drivers\mpio.sys
18:54:57.0649 3196 mpio - ok
18:54:57.0664 3196 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows

\system32\drivers\mpsdrv.sys
18:54:57.0667 3196 mpsdrv - ok
18:54:57.0754 3196 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows

\system32\mpssvc.dll
18:54:57.0788 3196 MpsSvc - ok
18:54:57.0816 3196 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows

\system32\drivers\mrxdav.sys
18:54:57.0821 3196 MRxDAV - ok
18:54:57.0848 3196 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows

\system32\DRIVERS\mrxsmb.sys
18:54:57.0854 3196 mrxsmb - ok
18:54:57.0889 3196 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows

\system32\DRIVERS\mrxsmb10.sys
18:54:57.0898 3196 mrxsmb10 - ok
18:54:57.0931 3196 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows

\system32\DRIVERS\mrxsmb20.sys
18:54:57.0936 3196 mrxsmb20 - ok
18:54:57.0949 3196 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows

\system32\drivers\msahci.sys
18:54:57.0951 3196 msahci - ok
18:54:57.0972 3196 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows

\system32\drivers\msdsm.sys
18:54:57.0976 3196 msdsm - ok
18:54:58.0011 3196 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows

\System32\msdtc.exe
18:54:58.0017 3196 MSDTC - ok
18:54:58.0053 3196 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows

\system32\drivers\Msfs.sys
18:54:58.0055 3196 Msfs - ok
18:54:58.0068 3196 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows

\System32\drivers\mshidkmdf.sys
18:54:58.0070 3196 mshidkmdf - ok
18:54:58.0083 3196 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows

\system32\drivers\msisadrv.sys
18:54:58.0086 3196 msisadrv - ok
18:54:58.0120 3196 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows

\system32\iscsiexe.dll
18:54:58.0126 3196 MSiSCSI - ok
18:54:58.0134 3196 msiserver - ok
18:54:58.0158 3196 [ ACB01BF1A905356AB7F978C7FE852209 ] MSK80Service C:\Program Files\Common

Files\McAfee\McSvcHost\McSvHost.exe
18:54:58.0161 3196 MSK80Service - ok
18:54:58.0186 3196 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows

\system32\drivers\MSKSSRV.sys
18:54:58.0189 3196 MSKSSRV - ok
18:54:58.0199 3196 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows

\system32\drivers\MSPCLOCK.sys
18:54:58.0202 3196 MSPCLOCK - ok
18:54:58.0209 3196 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows

\system32\drivers\MSPQM.sys
18:54:58.0212 3196 MSPQM - ok
18:54:58.0246 3196 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows

\system32\drivers\MsRPC.sys
18:54:58.0255 3196 MsRPC - ok
18:54:58.0277 3196 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows

\system32\drivers\mssmbios.sys
18:54:58.0280 3196 mssmbios - ok
18:54:58.0294 3196 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows

\system32\drivers\MSTEE.sys
18:54:58.0296 3196 MSTEE - ok
18:54:58.0310 3196 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows

\system32\DRIVERS\MTConfig.sys
18:54:58.0312 3196 MTConfig - ok
18:54:58.0344 3196 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows

\system32\Drivers\mup.sys
18:54:58.0347 3196 Mup - ok
18:54:58.0386 3196 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows

\system32\qagentRT.dll
18:54:58.0406 3196 napagent - ok
18:54:58.0438 3196 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows

\system32\DRIVERS\nwifi.sys
18:54:58.0446 3196 NativeWifiP - ok
18:54:58.0489 3196 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows

\system32\drivers\ndis.sys
18:54:58.0516 3196 NDIS - ok
18:54:58.0535 3196 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows

\system32\DRIVERS\ndiscap.sys
18:54:58.0538 3196 NdisCap - ok
18:54:58.0561 3196 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows

\system32\DRIVERS\ndistapi.sys
18:54:58.0564 3196 NdisTapi - ok
18:54:58.0596 3196 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows

\system32\DRIVERS\ndisuio.sys
18:54:58.0600 3196 Ndisuio - ok
18:54:58.0630 3196 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows

\system32\DRIVERS\ndiswan.sys
18:54:58.0636 3196 NdisWan - ok
18:54:58.0673 3196 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows

\system32\drivers\NDProxy.sys
18:54:58.0676 3196 NDProxy - ok
18:54:58.0702 3196 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows

\system32\DRIVERS\netbios.sys
18:54:58.0705 3196 NetBIOS - ok
18:54:58.0737 3196 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows

\system32\DRIVERS\netbt.sys
18:54:58.0743 3196 NetBT - ok
18:54:58.0756 3196 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows

\system32\lsass.exe
18:54:58.0759 3196 Netlogon - ok
18:54:58.0801 3196 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows

\System32\netman.dll
18:54:58.0811 3196 Netman - ok
18:54:58.0834 3196 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows

\System32\netprofm.dll
18:54:58.0841 3196 netprofm - ok
18:54:58.0871 3196 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows

\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:54:58.0875 3196 NetTcpPortSharing - ok
18:54:58.0903 3196 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows

\system32\DRIVERS\nfrd960.sys
18:54:58.0906 3196 nfrd960 - ok
18:54:58.0951 3196 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows

\System32\nlasvc.dll
18:54:58.0961 3196 NlaSvc - ok
18:54:58.0972 3196 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows

\system32\drivers\Npfs.sys
18:54:58.0975 3196 Npfs - ok
18:54:59.0010 3196 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows

\system32\nsisvc.dll
18:54:59.0018 3196 nsi - ok
18:54:59.0034 3196 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows

\system32\drivers\nsiproxy.sys
18:54:59.0038 3196 nsiproxy - ok
18:54:59.0126 3196 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows

\system32\drivers\Ntfs.sys
18:54:59.0196 3196 Ntfs - ok
18:54:59.0222 3196 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows

\system32\drivers\Null.sys
18:54:59.0224 3196 Null - ok
18:54:59.0557 3196 [ 9F6ADE7EC1D5480AD1EF370859B26D5A ] nvlddmkm C:\Windows

\system32\DRIVERS\nvlddmkm.sys
18:54:59.0880 3196 nvlddmkm - ok
18:54:59.0928 3196 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows

\system32\drivers\nvraid.sys
18:54:59.0934 3196 nvraid - ok
18:54:59.0955 3196 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows

\system32\drivers\nvstor.sys
18:54:59.0961 3196 nvstor - ok
18:54:59.0998 3196 [ 628167D7E894807EF883A13E34172C3C ] nvsvc C:\Windows

\system32\nvvsvc.exe
18:55:00.0005 3196 nvsvc - ok
18:55:00.0077 3196 [ 1681E56145A43C0F1EDA60618D7AFD60 ] nvUpdatusService C:\Program Files

(x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
18:55:00.0088 3196 nvUpdatusService - ok
18:55:00.0129 3196 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows

\system32\drivers\nv_agp.sys
18:55:00.0132 3196 nv_agp - ok
18:55:00.0177 3196 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows

\system32\drivers\ohci1394.sys
18:55:00.0183 3196 ohci1394 - ok
18:55:00.0283 3196 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files

(x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:55:00.0289 3196 ose - ok
18:55:00.0335 3196 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows

\system32\pnrpsvc.dll
18:55:00.0349 3196 p2pimsvc - ok
18:55:00.0409 3196 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows

\system32\p2psvc.dll
18:55:00.0431 3196 p2psvc - ok
18:55:00.0468 3196 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows

\system32\DRIVERS\parport.sys
18:55:00.0472 3196 Parport - ok
18:55:00.0508 3196 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows

\system32\drivers\partmgr.sys
18:55:00.0511 3196 partmgr - ok
18:55:00.0534 3196 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows

\System32\pcasvc.dll
18:55:00.0542 3196 PcaSvc - ok
18:55:00.0565 3196 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows

\system32\drivers\pci.sys
18:55:00.0570 3196 pci - ok
18:55:00.0588 3196 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows

\system32\drivers\pciide.sys
18:55:00.0590 3196 pciide - ok
18:55:00.0610 3196 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows

\system32\DRIVERS\pcmcia.sys
18:55:00.0616 3196 pcmcia - ok
18:55:00.0637 3196 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows

\system32\drivers\pcw.sys
18:55:00.0640 3196 pcw - ok
18:55:00.0665 3196 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows

\system32\drivers\peauth.sys
18:55:00.0690 3196 PEAUTH - ok
18:55:00.0824 3196 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows

\SysWow64\perfhost.exe
18:55:00.0826 3196 PerfHost - ok
18:55:00.0889 3196 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows

\system32\pla.dll
18:55:00.0923 3196 pla - ok
18:55:00.0971 3196 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows

\system32\umpnpmgr.dll
18:55:00.0977 3196 PlugPlay - ok
18:55:01.0007 3196 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows

\system32\pnrpauto.dll
18:55:01.0011 3196 PNRPAutoReg - ok
18:55:01.0032 3196 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows

\system32\pnrpsvc.dll
18:55:01.0036 3196 PNRPsvc - ok
18:55:01.0078 3196 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows

\System32\ipsecsvc.dll
18:55:01.0103 3196 PolicyAgent - ok
18:55:01.0149 3196 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows

\system32\umpo.dll
18:55:01.0159 3196 Power - ok
18:55:01.0200 3196 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows

\system32\DRIVERS\raspptp.sys
18:55:01.0205 3196 PptpMiniport - ok
18:55:01.0225 3196 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows

\system32\DRIVERS\processr.sys
18:55:01.0229 3196 Processor - ok
18:55:01.0254 3196 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows

\system32\profsvc.dll
18:55:01.0262 3196 ProfSvc - ok
18:55:01.0281 3196 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows

\system32\lsass.exe
18:55:01.0284 3196 ProtectedStorage - ok
18:55:01.0321 3196 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows

\system32\DRIVERS\pacer.sys
18:55:01.0325 3196 Psched - ok
18:55:01.0375 3196 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows

\system32\Drivers\PxHlpa64.sys
18:55:01.0378 3196 PxHlpa64 - ok
18:55:01.0515 3196 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows

\system32\DRIVERS\ql2300.sys
18:55:01.0574 3196 ql2300 - ok
18:55:01.0605 3196 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows

\system32\DRIVERS\ql40xx.sys
18:55:01.0609 3196 ql40xx - ok
18:55:01.0642 3196 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows

\system32\qwave.dll
18:55:01.0663 3196 QWAVE - ok
18:55:01.0677 3196 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows

\system32\drivers\qwavedrv.sys
18:55:01.0680 3196 QWAVEdrv - ok
18:55:01.0697 3196 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows

\system32\DRIVERS\rasacd.sys
18:55:01.0700 3196 RasAcd - ok
18:55:01.0737 3196 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows

\system32\DRIVERS\AgileVpn.sys
18:55:01.0740 3196 RasAgileVpn - ok
18:55:01.0751 3196 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows

\System32\rasauto.dll
18:55:01.0757 3196 RasAuto - ok
18:55:01.0783 3196 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows

\system32\DRIVERS\rasl2tp.sys
18:55:01.0787 3196 Rasl2tp - ok
18:55:01.0830 3196 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows

\System32\rasmans.dll
18:55:01.0841 3196 RasMan - ok
18:55:01.0856 3196 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows

\system32\DRIVERS\raspppoe.sys
18:55:01.0860 3196 RasPppoe - ok
18:55:01.0874 3196 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows

\system32\DRIVERS\rassstp.sys
18:55:01.0877 3196 RasSstp - ok
18:55:01.0911 3196 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows

\system32\DRIVERS\rdbss.sys
18:55:01.0919 3196 rdbss - ok
18:55:01.0935 3196 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows

\system32\DRIVERS\rdpbus.sys
18:55:01.0937 3196 rdpbus - ok
18:55:01.0956 3196 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows

\system32\DRIVERS\RDPCDD.sys
18:55:01.0959 3196 RDPCDD - ok
18:55:01.0976 3196 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows

\system32\drivers\rdpencdd.sys
18:55:01.0979 3196 RDPENCDD - ok
18:55:01.0990 3196 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows

\system32\drivers\rdprefmp.sys
18:55:01.0993 3196 RDPREFMP - ok
18:55:02.0027 3196 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows

\system32\drivers\RDPWD.sys
18:55:02.0032 3196 RDPWD - ok
18:55:02.0063 3196 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows

\system32\drivers\rdyboost.sys
18:55:02.0067 3196 rdyboost - ok
18:55:02.0115 3196 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows

\System32\mprdim.dll
18:55:02.0123 3196 RemoteAccess - ok
18:55:02.0318 3196 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows

\system32\regsvc.dll
18:55:02.0343 3196 RemoteRegistry - ok
18:55:02.0367 3196 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows

\System32\RpcEpMap.dll
18:55:02.0371 3196 RpcEptMapper - ok
18:55:02.0386 3196 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows

\system32\locator.exe
18:55:02.0390 3196 RpcLocator - ok
18:55:02.0426 3196 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows

\system32\rpcss.dll
18:55:02.0431 3196 RpcSs - ok
18:55:02.0481 3196 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows

\system32\DRIVERS\rspndr.sys
18:55:02.0484 3196 rspndr - ok
18:55:02.0502 3196 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows

\system32\lsass.exe
18:55:02.0506 3196 SamSs - ok
18:55:02.0540 3196 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows

\system32\drivers\sbp2port.sys
18:55:02.0544 3196 sbp2port - ok
18:55:02.0568 3196 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows

\System32\SCardSvr.dll
18:55:02.0577 3196 SCardSvr - ok
18:55:02.0609 3196 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows

\system32\DRIVERS\scfilter.sys
18:55:02.0614 3196 scfilter - ok
18:55:02.0673 3196 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows

\system32\schedsvc.dll
18:55:02.0723 3196 Schedule - ok
18:55:02.0753 3196 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows

\System32\certprop.dll
18:55:02.0829 3196 SCPolicySvc - ok
18:55:02.0843 3196 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows

\System32\SDRSVC.dll
18:55:02.0849 3196 SDRSVC - ok
18:55:02.0874 3196 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows

\system32\drivers\secdrv.sys
18:55:02.0881 3196 secdrv - ok
18:55:02.0929 3196 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows

\system32\seclogon.dll
18:55:02.0933 3196 seclogon - ok
18:55:02.0973 3196 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows

\system32\sens.dll
18:55:02.0978 3196 SENS - ok
18:55:02.0993 3196 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows

\system32\sensrsvc.dll
18:55:02.0997 3196 SensrSvc - ok
18:55:03.0016 3196 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows

\system32\DRIVERS\serenum.sys
18:55:03.0020 3196 Serenum - ok
18:55:03.0086 3196 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows

\system32\DRIVERS\serial.sys
18:55:03.0105 3196 Serial - ok
18:55:03.0165 3196 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows

\system32\DRIVERS\sermouse.sys
18:55:03.0173 3196 sermouse - ok
18:55:03.0231 3196 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows

\system32\sessenv.dll
18:55:03.0238 3196 SessionEnv - ok
18:55:03.0286 3196 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows

\system32\drivers\sffdisk.sys
18:55:03.0294 3196 sffdisk - ok
18:55:03.0306 3196 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows

\system32\drivers\sffp_mmc.sys
18:55:03.0320 3196 sffp_mmc - ok
18:55:03.0328 3196 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows

\system32\drivers\sffp_sd.sys
18:55:03.0331 3196 sffp_sd - ok
18:55:03.0358 3196 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows

\system32\DRIVERS\sfloppy.sys
18:55:03.0361 3196 sfloppy - ok
18:55:03.0418 3196 [ 38F88F0DF46C4D42125EF721ABD7F6B9 ] SftService C:\Program Files

(x86)\AlienRespawn\sftservice.EXE
18:55:03.0432 3196 SftService - ok
18:55:03.0475 3196 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows

\System32\ipnathlp.dll
18:55:03.0485 3196 SharedAccess - ok
18:55:03.0516 3196 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows

\System32\shsvcs.dll
18:55:03.0527 3196 ShellHWDetection - ok
18:55:03.0562 3196 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows

\system32\DRIVERS\SiSRaid2.sys
18:55:03.0565 3196 SiSRaid2 - ok
18:55:03.0581 3196 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows

\system32\DRIVERS\sisraid4.sys
18:55:03.0585 3196 SiSRaid4 - ok
18:55:03.0613 3196 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows

\system32\DRIVERS\smb.sys
18:55:03.0617 3196 Smb - ok
18:55:03.0665 3196 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows

\System32\snmptrap.exe
18:55:03.0671 3196 SNMPTRAP - ok
18:55:03.0681 3196 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows

\system32\drivers\spldr.sys
18:55:03.0684 3196 spldr - ok
18:55:03.0721 3196 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows

\System32\spoolsv.exe
18:55:03.0729 3196 Spooler - ok
18:55:03.0837 3196 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows

\system32\sppsvc.exe
18:55:03.0873 3196 sppsvc - ok
18:55:03.0906 3196 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows

\system32\sppuinotify.dll
18:55:03.0912 3196 sppuinotify - ok
18:55:03.0949 3196 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows

\system32\DRIVERS\srv.sys
18:55:03.0969 3196 srv - ok
18:55:03.0994 3196 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows

\system32\DRIVERS\srv2.sys
18:55:04.0013 3196 srv2 - ok
18:55:04.0045 3196 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows

\system32\DRIVERS\srvnet.sys
18:55:04.0051 3196 srvnet - ok
18:55:04.0094 3196 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows

\System32\ssdpsrv.dll
18:55:04.0103 3196 SSDPSRV - ok
18:55:04.0138 3196 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows

\system32\sstpsvc.dll
18:55:04.0150 3196 SstpSvc - ok
18:55:04.0199 3196 [ C568FDB21CE77A44FD166F28F104AC46 ] stdflt C:\Windows

\system32\DRIVERS\stdfltn.sys
18:55:04.0201 3196 stdflt - ok
18:55:04.0222 3196 Steam Client Service - ok
18:55:04.0250 3196 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows

\system32\DRIVERS\stexstor.sys
18:55:04.0253 3196 stexstor - ok
18:55:04.0292 3196 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows

\System32\wiaservc.dll
18:55:04.0317 3196 stisvc - ok
18:55:04.0341 3196 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows

\system32\drivers\swenum.sys
18:55:04.0344 3196 swenum - ok
18:55:04.0388 3196 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows

\System32\swprv.dll
18:55:04.0413 3196 swprv - ok
18:55:04.0443 3196 [ BE2B928DE9AF2848289DB7A54C7E2398 ] SynTP C:\Windows

\system32\DRIVERS\SynTP.sys
18:55:04.0449 3196 SynTP - ok
18:55:04.0518 3196 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows

\system32\sysmain.dll
18:55:04.0579 3196 SysMain - ok
18:55:04.0607 3196 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows

\System32\TabSvc.dll
18:55:04.0613 3196 TabletInputService - ok
18:55:04.0645 3196 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows

\System32\tapisrv.dll
18:55:04.0655 3196 TapiSrv - ok
18:55:04.0681 3196 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows

\System32\tbssvc.dll
18:55:04.0686 3196 TBS - ok
18:55:04.0764 3196 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows

\system32\drivers\tcpip.sys
18:55:04.0830 3196 Tcpip - ok
18:55:04.0905 3196 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows

\system32\DRIVERS\tcpip.sys
18:55:04.0938 3196 TCPIP6 - ok
18:55:04.0992 3196 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows

\system32\drivers\tcpipreg.sys
18:55:04.0996 3196 tcpipreg - ok
18:55:05.0047 3196 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows

\system32\drivers\tdpipe.sys
18:55:05.0050 3196 TDPIPE - ok
18:55:05.0081 3196 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows

\system32\drivers\tdtcp.sys
18:55:05.0084 3196 TDTCP - ok
18:55:05.0109 3196 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows

\system32\DRIVERS\tdx.sys
18:55:05.0114 3196 tdx - ok
18:55:05.0147 3196 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows

\system32\drivers\termdd.sys
18:55:05.0150 3196 TermDD - ok
18:55:05.0198 3196 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows

\System32\termsrv.dll
18:55:05.0224 3196 TermService - ok
18:55:05.0251 3196 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows

\system32\themeservice.dll
18:55:05.0256 3196 Themes - ok
18:55:05.0286 3196 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows

\system32\mmcss.dll
18:55:05.0289 3196 THREADORDER - ok
18:55:05.0315 3196 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows

\System32\trkwks.dll
18:55:05.0321 3196 TrkWks - ok
18:55:05.0371 3196 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing

\TrustedInstaller.exe
18:55:05.0375 3196 TrustedInstaller - ok
18:55:05.0410 3196 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows

\system32\DRIVERS\tssecsrv.sys
18:55:05.0413 3196 tssecsrv - ok
18:55:05.0452 3196 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows

\system32\drivers\tsusbflt.sys
18:55:05.0455 3196 TsUsbFlt - ok
18:55:05.0502 3196 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows

\system32\DRIVERS\tunnel.sys
18:55:05.0506 3196 tunnel - ok
18:55:05.0542 3196 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows

\system32\DRIVERS\uagp35.sys
18:55:05.0545 3196 uagp35 - ok
18:55:05.0570 3196 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows

\system32\DRIVERS\udfs.sys
18:55:05.0586 3196 udfs - ok
18:55:05.0620 3196 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows

\system32\UI0Detect.exe
18:55:05.0624 3196 UI0Detect - ok
18:55:05.0650 3196 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows

\system32\drivers\uliagpkx.sys
18:55:05.0653 3196 uliagpkx - ok
18:55:05.0679 3196 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows

\system32\drivers\umbus.sys
18:55:05.0766 3196 umbus - ok
18:55:05.0804 3196 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows

\system32\DRIVERS\umpass.sys
18:55:05.0806 3196 UmPass - ok
18:55:05.0858 3196 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows

\System32\upnphost.dll
18:55:05.0881 3196 upnphost - ok
18:55:05.0896 3196 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows

\system32\drivers\usbccgp.sys
18:55:05.0899 3196 usbccgp - ok
18:55:05.0924 3196 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows

\system32\drivers\usbcir.sys
18:55:05.0928 3196 usbcir - ok
18:55:05.0935 3196 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows

\system32\drivers\usbehci.sys
18:55:06.0003 3196 usbehci - ok
18:55:06.0035 3196 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows

\system32\drivers\usbhub.sys
18:55:06.0040 3196 usbhub - ok
18:55:06.0058 3196 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows

\system32\drivers\usbohci.sys
18:55:06.0061 3196 usbohci - ok
18:55:06.0078 3196 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows

\system32\DRIVERS\usbprint.sys
18:55:06.0080 3196 usbprint - ok
18:55:06.0095 3196 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows

\system32\DRIVERS\USBSTOR.SYS
18:55:06.0098 3196 USBSTOR - ok
18:55:06.0109 3196 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows

\system32\drivers\usbuhci.sys
18:55:06.0112 3196 usbuhci - ok
18:55:06.0144 3196 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows

\System32\Drivers\usbvideo.sys
18:55:06.0149 3196 usbvideo - ok
18:55:06.0166 3196 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows

\System32\uxsms.dll
18:55:06.0170 3196 UxSms - ok
18:55:06.0181 3196 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows

\system32\lsass.exe
18:55:06.0182 3196 VaultSvc - ok
18:55:06.0193 3196 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows

\system32\drivers\vdrvroot.sys
18:55:06.0195 3196 vdrvroot - ok
18:55:06.0232 3196 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows

\System32\vds.exe
18:55:06.0252 3196 vds - ok
18:55:06.0269 3196 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows

\system32\DRIVERS\vgapnp.sys
18:55:06.0272 3196 vga - ok
18:55:06.0288 3196 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows

\System32\drivers\vga.sys
18:55:06.0290 3196 VgaSave - ok
18:55:06.0298 3196 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows

\system32\drivers\vhdmp.sys
18:55:06.0302 3196 vhdmp - ok
18:55:06.0334 3196 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows

\system32\drivers\viaide.sys
18:55:06.0340 3196 viaide - ok
18:55:06.0352 3196 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows

\system32\drivers\volmgr.sys
18:55:06.0355 3196 volmgr - ok
18:55:06.0425 3196 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows

\system32\drivers\volmgrx.sys
18:55:06.0442 3196 volmgrx - ok
18:55:06.0500 3196 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows

\system32\drivers\volsnap.sys
18:55:06.0517 3196 volsnap - ok
18:55:06.0599 3196 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows

\system32\DRIVERS\vsmraid.sys
18:55:06.0605 3196 vsmraid - ok
18:55:06.0668 3196 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows

\system32\vssvc.exe
18:55:06.0703 3196 VSS - ok
18:55:06.0725 3196 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows

\system32\DRIVERS\vwifibus.sys
18:55:07.0140 3196 vwifibus - ok
18:55:07.0271 3196 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows

\system32\DRIVERS\vwififlt.sys
18:55:07.0275 3196 vwififlt - ok
18:55:07.0326 3196 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows

\system32\w32time.dll
18:55:07.0336 3196 W32Time - ok
18:55:07.0358 3196 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows

\system32\DRIVERS\wacompen.sys
18:55:07.0361 3196 WacomPen - ok
18:55:07.0406 3196 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows

\system32\DRIVERS\wanarp.sys
18:55:07.0409 3196 WANARP - ok
18:55:07.0425 3196 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows

\system32\DRIVERS\wanarp.sys
18:55:07.0427 3196 Wanarpv6 - ok
18:55:07.0478 3196 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat

\WatAdminSvc.exe
18:55:07.0505 3196 WatAdminSvc - ok
18:55:07.0555 3196 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows

\system32\wbengine.exe
18:55:07.0598 3196 wbengine - ok
18:55:07.0616 3196 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows

\System32\wbiosrvc.dll
18:55:07.0622 3196 WbioSrvc - ok
18:55:07.0678 3196 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows

\System32\wcncsvc.dll
18:55:07.0700 3196 wcncsvc - ok
18:55:07.0723 3196 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows

\System32\WcsPlugInService.dll
18:55:07.0731 3196 WcsPlugInService - ok
18:55:07.0762 3196 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows

\system32\DRIVERS\wd.sys
18:55:07.0764 3196 Wd - ok
18:55:07.0797 3196 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows

\system32\drivers\Wdf01000.sys
18:55:07.0823 3196 Wdf01000 - ok
18:55:07.0835 3196 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows

\system32\wdi.dll
18:55:07.0840 3196 WdiServiceHost - ok
18:55:07.0845 3196 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows

\system32\wdi.dll
18:55:07.0848 3196 WdiSystemHost - ok
18:55:07.0874 3196 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows

\System32\webclnt.dll
18:55:07.0881 3196 WebClient - ok
18:55:07.0897 3196 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows

\system32\wecsvc.dll
18:55:07.0904 3196 Wecsvc - ok
18:55:07.0920 3196 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows

\System32\wercplsupport.dll
18:55:07.0925 3196 wercplsupport - ok
18:55:07.0943 3196 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows

\System32\WerSvc.dll
18:55:07.0948 3196 WerSvc - ok
18:55:07.0963 3196 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows

\system32\DRIVERS\wfplwf.sys
18:55:07.0966 3196 WfpLwf - ok
18:55:08.0007 3196 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows

\system32\DRIVERS\wimfltr.sys
18:55:08.0011 3196 WimFltr - ok
18:55:08.0027 3196 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows

\system32\drivers\wimmount.sys
18:55:08.0029 3196 WIMMount - ok
18:55:08.0065 3196 [ 8258726D076C8FFF994F468712DDFBAB ] WindowBlinds C:\Program Files

(x86)\Stardock\MyColors\VistaSrv.exe
18:55:08.0068 3196 WindowBlinds - ok
18:55:08.0076 3196 WinHttpAutoProxySvc - ok
18:55:08.0141 3196 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows

\system32\wbem\WMIsvc.dll
18:55:08.0147 3196 Winmgmt - ok
18:55:08.0216 3196 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows

\system32\WsmSvc.dll
18:55:08.0275 3196 WinRM - ok
18:55:08.0367 3196 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows

\System32\wlansvc.dll
18:55:08.0400 3196 Wlansvc - ok
18:55:08.0456 3196 [ A96D6C0613DCF84F2D07FAEB75663072 ] wltrysvc C:\Program Files\Dell\DW

WLAN Card\WLTRYSVC.EXE
18:55:08.0457 3196 wltrysvc - ok
18:55:08.0485 3196 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows

\system32\drivers\wmiacpi.sys
18:55:08.0487 3196 WmiAcpi - ok
18:55:08.0523 3196 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows

\system32\wbem\WmiApSrv.exe
18:55:08.0528 3196 wmiApSrv - ok
18:55:08.0558 3196 WMPNetworkSvc - ok
18:55:08.0576 3196 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows

\System32\wpcsvc.dll
18:55:08.0580 3196 WPCSvc - ok
18:55:08.0642 3196 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows

\system32\wpdbusenum.dll
18:55:08.0652 3196 WPDBusEnum - ok
18:55:08.0687 3196 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows

\system32\drivers\ws2ifsl.sys
18:55:08.0691 3196 ws2ifsl - ok
18:55:08.0753 3196 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows

\system32\wscsvc.dll
18:55:08.0757 3196 wscsvc - ok
18:55:08.0761 3196 WSearch - ok
18:55:09.0045 3196 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows

\system32\wuaueng.dll
18:55:09.0132 3196 wuauserv - ok
18:55:09.0175 3196 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows

\system32\drivers\WudfPf.sys
18:55:09.0182 3196 WudfPf - ok
18:55:09.0257 3196 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows

\system32\DRIVERS\WUDFRd.sys
18:55:09.0263 3196 WUDFRd - ok
18:55:09.0300 3196 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows

\System32\WUDFSvc.dll
18:55:09.0308 3196 wudfsvc - ok
18:55:09.0357 3196 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows

\System32\wwansvc.dll
18:55:09.0370 3196 WwanSvc - ok
18:55:09.0405 3196 ================ Scan global ===============================
18:55:09.0436 3196 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:55:09.0484 3196 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:55:09.0505 3196 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:55:09.0552 3196 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:55:09.0602 3196 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:55:09.0613 3196 [Global] - ok
18:55:09.0615 3196 ================ Scan MBR ==================================
18:55:09.0632 3196 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:55:15.0301 3196 \Device\Harddisk0\DR0 - ok
18:55:15.0302 3196 ================ Scan VBR ==================================
18:55:15.0354 3196 [ 95AC16B2AD32F930F1AB88D8815E0AEA ] \Device\Harddisk0\DR0\Partition1
18:55:15.0359 3196 \Device\Harddisk0\DR0\Partition1 - ok
18:55:15.0379 3196 [ 524170FF9B08E5A8B00AB51DBDED8B2E ] \Device\Harddisk0\DR0\Partition2
18:55:15.0382 3196 \Device\Harddisk0\DR0\Partition2 - ok
18:55:15.0383 3196 ============================================================
18:55:15.0383 3196 Scan finished
18:55:15.0383 3196 ============================================================
18:55:15.0404 7124 Detected object count: 0
18:55:15.0404 7124 Actual detected object count: 0



and ESET:

C:\Program Files (x86)\AlienRespawn\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:28 AM

Posted 11 September 2012 - 08:03 PM

Looks a lot better.
This is outdated and dangerous to use amd should be removed.
HiJackThis (Version: 1.0.0)


Also,... Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
    64-bit OS users, should read: Which Java download should I choose for my 64-bit Windows operating system?
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u7-windows-i586.exe (or jre-7u7-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


Similarly Update to Adobe Reader X (10.1.0)
Note UN check the box so you do not install the toolbar,unless you really want it..

Free! Google Toolbar search Google from any web page, block pop-ups

Yes, install Google Toolbar - optional

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 i.hate.open.cloud

i.hate.open.cloud
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:28 AM

Posted 13 September 2012 - 04:35 AM

Thank you for your help. I've updated Java and removed HiJackThis. Is there anything else I should do?

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:28 AM

Posted 13 September 2012 - 11:29 AM

You're very welcome!!

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 i.hate.open.cloud

i.hate.open.cloud
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:28 AM

Posted 14 September 2012 - 11:07 AM

I just took care of both of those tasks. Again, thank you for youur help; I know just enough about my computer to break everything, so it's great that you guys here at BC are avalible to walk me through things that are beyond my ken. Would you accept a PayPal donation?

-James

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:28 AM

Posted 14 September 2012 - 12:42 PM

Thanks for the offer... I do not accept donations nor does BC.. But I will recommend, if you'd like to contribute to something that would be very much appreciated..
Make a donation to some people here that would appreciate it. They help or developed some of the tools we use here to clean computers,train people here in malware removal or are just hard workers.

I am still adding to this list.

farbar
fireman4it
JSntgRvr
m0le
myrti
sempai
Thunder
SweetTech

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users