Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe *32, winrscmde


  • This topic is locked This topic is locked
28 replies to this topic

#1 The Real Lee

The Real Lee

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 16 September 2012 - 06:52 PM

I first noticed that I had this virus on my computer earlier this month, and it was slowing my computer so much and causing crashes that I had to format the computer. Once I put windows 7 back on, as well as all of my virus protection, I saw that it was still on. I formatted my computer again, on the first thing I did was check to see if svchost.exe *32, winrsmde was gone, but it wasn't, it was still eating up memory and causing crashes. I have no clue what else I can do to get rid of this virus.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:21 AM

Posted 16 September 2012 - 10:35 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 The Real Lee

The Real Lee
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 17 September 2012 - 11:00 AM

Here is the DDS

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by lzimmerman at 10:53:37 on 2012-09-17
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4095.2135 [GMT -5:00]
.
AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
AV: Trend Micro Client/Server Security Agent Antivirus *Enabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Enabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe
C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe
C:\Program Files (x86)\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Trend Micro\Client Server Security Agent\PccNTMon.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\System32\taskmgr.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Users\lzimmerman\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\SysWOW64\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1006\TmIEPlg32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
TCP: DhcpNameServer = 207.69.188.185 207.69.188.186
TCP: Interfaces\{7F28E480-2226-4738-8DAB-1142E7B5EC55} : DhcpNameServer = 207.69.188.185 207.69.188.186
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1006\TmIEPlg32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1006\TmIEPlg32.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\lzimmerman\AppData\Roaming\Mozilla\Firefox\Profiles\us1oa454.default\
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-10-26 101112]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\system32\DRIVERS\tmlwf.sys --> C:\Windows\system32\DRIVERS\tmlwf.sys [?]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-7-12 1239952]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
R2 TmFilter;Trend Micro Filter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2012-9-10 344376]
R2 TmPreFilter;Trend Micro PreFilter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmpreflt.sys [2012-9-10 42808]
R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\system32\DRIVERS\tmwfp.sys --> C:\Windows\system32\DRIVERS\tmwfp.sys [?]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;C:\Windows\system32\Drivers\ATSwpWDF.sys --> C:\Windows\system32\Drivers\ATSwpWDF.sys [?]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2012-9-10 227896]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 RICOH SmartCard Reader;RICOH SmartCard Reader;C:\Windows\system32\DRIVERS\rismcx64.sys --> C:\Windows\system32\DRIVERS\rismcx64.sys [?]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
R3 tmpfw;Trend Micro Client/Server Security Agent Personal Firewall;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [2012-9-10 595960]
R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2012-9-10 917768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-10 114144]
S3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-09-16 23:13:35 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
2012-09-16 23:13:35 109056 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2012-09-16 20:59:47 1135104 ----a-w- C:\Windows\System32\FntCache.dll
2012-09-12 08:04:07 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-09-12 00:49:10 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 00:49:10 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-11 15:49:30 552448 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-09-11 06:55:51 540688 ----a-w- C:\Windows\System32\d3dx10_39.dll
2012-09-11 06:55:51 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2012-09-11 06:55:51 1942552 ----a-w- C:\Windows\System32\D3DCompiler_39.dll
2012-09-11 06:55:51 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2012-09-11 06:55:47 4992520 ----a-w- C:\Windows\System32\D3DX9_39.dll
2012-09-11 06:55:47 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2012-09-11 06:52:59 -------- d-----w- C:\Windows\SysWow64\AGEIA
2012-09-11 06:52:46 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-09-11 06:49:32 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare
2012-09-11 04:04:13 -------- d-----w- C:\Program Files (x86)\Origin Games
2012-09-11 04:03:39 -------- d-----w- C:\Users\lzimmerman\AppData\Local\Origin
2012-09-11 04:03:38 -------- d-----w- C:\Users\lzimmerman\AppData\Roaming\Origin
2012-09-11 04:03:07 -------- d-----w- C:\ProgramData\Origin
2012-09-11 04:02:30 -------- d-----w- C:\Program Files (x86)\Origin
2012-09-11 04:01:22 -------- d-----w- C:\ProgramData\Electronic Arts
2012-09-11 03:48:08 -------- d-----w- C:\Program Files (x86)\Microsoft WSE
2012-09-11 03:19:11 -------- d-----w- C:\Users\lzimmerman\AppData\Local\My Games
2012-09-11 03:03:20 -------- d-----w- C:\Program Files (x86)\2K Games
2012-09-11 02:30:01 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2012-09-11 02:28:59 520544 ----a-w- C:\Windows\System32\d3dx10_41.dll
2012-09-11 00:32:06 -------- d-----w- C:\Users\lzimmerman\AppData\Local\adaware
2012-09-11 00:31:54 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-09-11 00:31:32 60536 ----a-w- C:\Windows\System32\drivers\sbhips.sys
2012-09-11 00:31:29 57976 ----a-w- C:\Windows\System32\drivers\sbredrv.sys
2012-09-11 00:31:29 45936 ----a-w- C:\Windows\System32\sbbd.exe
2012-09-11 00:31:23 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2012-09-11 00:31:00 -------- d-----w- C:\Users\lzimmerman\AppData\Local\Downloaded Installations
2012-09-11 00:29:58 -------- d-----w- C:\Users\lzimmerman\AppData\Roaming\Ad-Aware Antivirus
2012-09-10 23:22:21 -------- d-----w- C:\Windows\System32\log
2012-09-10 23:20:49 339984 ----a-w- C:\Windows\System32\drivers\tmwfp.sys
2012-09-10 23:20:49 200720 ----a-w- C:\Windows\System32\drivers\tmlwf.sys
2012-09-10 23:20:49 107536 ----a-w- C:\Windows\System32\drivers\tmtdi.sys
2012-09-10 23:20:48 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-09-10 23:20:03 -------- d-----w- C:\Temp
2012-09-10 21:39:14 -------- d-----w- C:\Windows\SysWow64\Wat
2012-09-10 21:39:14 -------- d-----w- C:\Windows\System32\Wat
2012-09-10 21:24:19 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-09-10 21:24:17 -------- d-----w- C:\Program Files\NVIDIA Corporation
2012-09-10 21:22:38 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2012-09-10 21:22:38 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2012-09-10 21:15:30 20480 ----a-w- C:\Windows\svchost.exe
2012-09-10 21:00:28 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2012-09-10 21:00:28 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2012-09-10 20:57:57 -------- d-----w- C:\ProgramData\TrueSuite
2012-09-10 20:57:55 -------- d-----w- C:\Windows\System32\wocaffe
2012-09-10 20:57:55 -------- d-----w- C:\Program Files\TrueSuite
2012-09-10 20:57:51 -------- d-----w- C:\ProgramData\Downloaded Installations
2012-09-10 20:40:00 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2012-09-10 20:40:00 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2012-09-10 20:40:00 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2012-09-10 20:40:00 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2012-09-10 20:39:59 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2012-09-10 20:39:59 444752 ----a-w- C:\Windows\System32\mscoree.dll
2012-09-10 20:39:59 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2012-09-10 20:39:59 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-09-10 20:39:59 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-09-10 20:39:59 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2012-09-10 20:25:59 1919968 ----a-w- C:\Windows\System32\drivers\wdfcoinstaller01005.dll
2012-09-10 20:25:59 1885488 ----a-w- C:\Windows\SysWow64\BttnCmns.dll
2012-09-10 20:25:59 1885488 ----a-r- C:\Windows\SysWow64\BttnCmn.dll
2012-09-10 20:25:59 18432 ----a-w- C:\Windows\System32\drivers\HpqKbFiltr.sys
2012-09-10 20:25:59 11264 ----a-w- C:\Windows\System32\drivers\CPQBttn64.sys
2012-09-10 20:25:51 -------- d-----w- C:\Windows\QLB
2012-09-10 20:13:51 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-09-10 20:13:51 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-09-10 20:13:51 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-09-10 20:13:51 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-09-10 20:13:51 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-09-10 20:13:51 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-09-10 20:13:51 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-09-10 20:09:01 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2012-09-10 20:04:42 2228224 ----a-w- C:\Windows\System32\mssrch.dll
2012-09-10 20:02:58 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-09-10 20:01:58 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-09-10 20:00:54 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2012-09-10 19:59:59 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-09-10 19:47:29 77312 ----a-w- C:\Windows\System32\packager.dll
2012-09-10 19:47:29 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-09-10 19:45:26 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-09-10 19:45:26 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-09-10 19:45:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-09-10 19:45:16 139264 ----a-w- C:\Windows\System32\cabview.dll
2012-09-10 19:45:16 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2012-09-10 19:42:07 9310152 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{30FB73C3-CEB5-4F6E-A4D5-E38F1CC0DAAA}\mpengine.dll
2012-09-10 19:42:06 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-09-10 19:40:48 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-09-10 19:40:37 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-09-10 19:40:29 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-09-10 19:40:29 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-09-10 19:35:01 -------- d-----w- C:\Windows\PCHEALTH
2012-09-10 19:32:52 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-09-10 19:32:00 -------- d-sh--w- C:\Windows\Installer
2012-09-10 19:23:48 -------- d-sh--w- C:\Recovery
2012-09-10 18:54:54 -------- d-----w- C:\Windows\Panther
2012-09-10 18:54:40 -------- d-sh--w- C:\Boot
.
==================== Find3M ====================
.
2012-07-18 17:31:12 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-07-04 22:01:38 58880 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:01:38 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:23:55 41472 ----a-w- C:\Windows\SysWow64\browcli.dll
.
============= FINISH: 10:55:34.22 ===============


Thanks for helping me. I've put this topic on alert.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:21 AM

Posted 17 September 2012 - 11:24 AM

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 The Real Lee

The Real Lee
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 17 September 2012 - 03:29 PM

# AdwCleaner v2.002 - Logfile created 09/17/2012 at 15:24:18
# Updated 16/09/2012 by Xplode
# Operating system : Windows 7 Professional (64 bits)
# User : lzimmerman - IA-LAPTOP-EXTRA
# Boot Mode : Normal
# Running from : C:\Users\lzimmerman\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\lzimmerman\AppData\Roaming\Mozilla\Firefox\Profiles\us1oa454.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1049 octets] - [17/09/2012 15:24:18]

########## EOF - C:\AdwCleaner[S1].txt - [1109 octets] ##########

This is the adwcleaner, starting the other one right now

#6 The Real Lee

The Real Lee
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 17 September 2012 - 03:33 PM

RogueKiller V8.0.3 [09/13/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : lzimmerman [Admin rights]
Mode : Scan -- Date : 09/17/2012 15:32:08

Bad processes : 1
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

Registry Entries : 0

Particular Files / Folders:

Driver : [NOT LOADED]

Infection : Root.MBR

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts



MBR Check:

+++++ PhysicalDrive0: TOSHIBA MK2546GSX ATA Device +++++
--- User ---
[MBR] 68da4f0bb4f02a9b4cc0d63b06c0211c
[BSP] 6cc8b66dcb99ee5a5e444df68528afb2 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 228251 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 467459370 | Size: 10221 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 47ab4e9e87374d0a73053fb7cced62a3
[BSP] 6cc8b66dcb99ee5a5e444df68528afb2 : Windows 7 MBR Code
Partition table:
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 228251 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 467459370 | Size: 10221 Mo

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

and here's the Roguekiller

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:21 AM

Posted 17 September 2012 - 04:14 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 The Real Lee

The Real Lee
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 17 September 2012 - 05:40 PM

I haven't gotten any logs from combofix, and my computer blue-screened and restarted.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:21 AM

Posted 17 September 2012 - 06:37 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 The Real Lee

The Real Lee
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 17 September 2012 - 09:07 PM

It crashed again, while in safe mode.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:21 AM

Posted 17 September 2012 - 09:17 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 The Real Lee

The Real Lee
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 18 September 2012 - 02:26 PM

Here's the TDSSkiller log

14:15:31.0835 4296 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
14:15:32.0498 4296 ============================================================
14:15:32.0498 4296 Current date / time: 2012/09/18 14:15:32.0498
14:15:32.0498 4296 SystemInfo:
14:15:32.0498 4296
14:15:32.0498 4296 OS Version: 6.1.7600 ServicePack: 0.0
14:15:32.0498 4296 Product type: Workstation
14:15:32.0498 4296 ComputerName: IA-LAPTOP-EXTRA
14:15:32.0499 4296 UserName: lzimmerman
14:15:32.0499 4296 Windows directory: C:\Windows
14:15:32.0499 4296 System windows directory: C:\Windows
14:15:32.0499 4296 Running under WOW64
14:15:32.0499 4296 Processor architecture: Intel x64
14:15:32.0499 4296 Number of processors: 2
14:15:32.0499 4296 Page size: 0x1000
14:15:32.0499 4296 Boot type: Normal boot
14:15:32.0499 4296 ============================================================
14:15:33.0738 4296 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:15:33.0744 4296 ============================================================
14:15:33.0744 4296 \Device\Harddisk0\DR0:
14:15:33.0744 4296 MBR partitions:
14:15:33.0744 4296 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BDCDCEB
14:15:33.0744 4296 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BDCDD2A, BlocksNum 0x13F6857
14:15:33.0744 4296 ============================================================
14:15:33.0758 4296 C: <-> \Device\Harddisk0\DR0\Partition1
14:15:33.0807 4296 D: <-> \Device\Harddisk0\DR0\Partition2
14:15:33.0807 4296 ============================================================
14:15:33.0808 4296 Initialize success
14:15:33.0808 4296 ============================================================
14:15:38.0578 3584 ============================================================
14:15:38.0578 3584 Scan started
14:15:38.0579 3584 Mode: Manual;
14:15:38.0579 3584 ============================================================
14:15:39.0551 3584 ================ Scan system memory ========================
14:15:39.0552 3584 System memory - ok
14:15:39.0553 3584 ================ Scan services =============================
14:15:39.0723 3584 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
14:15:39.0754 3584 1394ohci - ok
14:15:39.0790 3584 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
14:15:39.0800 3584 Accelerometer - ok
14:15:39.0828 3584 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
14:15:39.0854 3584 ACPI - ok
14:15:39.0868 3584 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
14:15:39.0876 3584 AcpiPmi - ok
14:15:40.0029 3584 [ AF9658974154C3B6A333D86DC2E0AAC8 ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
14:15:40.0049 3584 Ad-Aware Service - ok
14:15:40.0105 3584 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:15:40.0129 3584 adp94xx - ok
14:15:40.0165 3584 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:15:40.0188 3584 adpahci - ok
14:15:40.0196 3584 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:15:40.0213 3584 adpu320 - ok
14:15:40.0242 3584 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:15:40.0249 3584 AeLookupSvc - ok
14:15:40.0299 3584 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
14:15:40.0308 3584 AFD - ok
14:15:40.0339 3584 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
14:15:40.0349 3584 agp440 - ok
14:15:40.0371 3584 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:15:40.0381 3584 ALG - ok
14:15:40.0413 3584 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
14:15:40.0420 3584 aliide - ok
14:15:40.0425 3584 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
14:15:40.0433 3584 amdide - ok
14:15:40.0445 3584 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:15:40.0455 3584 AmdK8 - ok
14:15:40.0461 3584 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:15:40.0469 3584 AmdPPM - ok
14:15:40.0495 3584 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:15:40.0506 3584 amdsata - ok
14:15:40.0513 3584 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:15:40.0527 3584 amdsbs - ok
14:15:40.0544 3584 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:15:40.0551 3584 amdxata - ok
14:15:40.0591 3584 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
14:15:40.0600 3584 AppID - ok
14:15:40.0626 3584 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:15:40.0633 3584 AppIDSvc - ok
14:15:40.0653 3584 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
14:15:40.0654 3584 Appinfo - ok
14:15:40.0695 3584 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
14:15:40.0709 3584 AppMgmt - ok
14:15:40.0732 3584 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
14:15:40.0741 3584 arc - ok
14:15:40.0762 3584 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:15:40.0773 3584 arcsas - ok
14:15:40.0801 3584 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:15:40.0810 3584 AsyncMac - ok
14:15:40.0815 3584 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
14:15:40.0816 3584 atapi - ok
14:15:40.0875 3584 [ EA512F43F4A28D18B52CAFE8C93984FB ] ATSwpWDF C:\Windows\system32\Drivers\ATSwpWDF.sys
14:15:40.0910 3584 ATSwpWDF - ok
14:15:40.0957 3584 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:15:40.0961 3584 AudioEndpointBuilder - ok
14:15:40.0973 3584 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:15:40.0977 3584 AudioSrv - ok
14:15:41.0007 3584 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:15:41.0018 3584 AxInstSV - ok
14:15:41.0082 3584 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
14:15:41.0113 3584 b06bdrv - ok
14:15:41.0137 3584 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:15:41.0155 3584 b57nd60a - ok
14:15:41.0180 3584 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:15:41.0191 3584 BDESVC - ok
14:15:41.0210 3584 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:15:41.0216 3584 Beep - ok
14:15:41.0274 3584 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
14:15:41.0308 3584 BFE - ok
14:15:41.0356 3584 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
14:15:41.0380 3584 BITS - ok
14:15:41.0405 3584 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:15:41.0418 3584 blbdrive - ok
14:15:41.0446 3584 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:15:41.0457 3584 bowser - ok
14:15:41.0485 3584 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:15:41.0492 3584 BrFiltLo - ok
14:15:41.0496 3584 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:15:41.0505 3584 BrFiltUp - ok
14:15:41.0526 3584 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
14:15:41.0538 3584 BridgeMP - ok
14:15:41.0564 3584 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
14:15:41.0574 3584 Browser - ok
14:15:41.0599 3584 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:15:41.0617 3584 Brserid - ok
14:15:41.0623 3584 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:15:41.0632 3584 BrSerWdm - ok
14:15:41.0637 3584 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:15:41.0645 3584 BrUsbMdm - ok
14:15:41.0649 3584 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:15:41.0657 3584 BrUsbSer - ok
14:15:41.0713 3584 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
14:15:41.0732 3584 BthEnum - ok
14:15:41.0752 3584 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:15:41.0766 3584 BTHMODEM - ok
14:15:41.0803 3584 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
14:15:41.0805 3584 BthPan - ok
14:15:41.0839 3584 [ D59773C7FDD3D795D6FE402EEEA8D71E ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
14:15:41.0845 3584 BTHPORT - ok
14:15:41.0876 3584 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:15:41.0877 3584 bthserv - ok
14:15:41.0918 3584 [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
14:15:41.0920 3584 BTHUSB - ok
14:15:41.0946 3584 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:15:41.0964 3584 cdfs - ok
14:15:42.0020 3584 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:15:42.0042 3584 cdrom - ok
14:15:42.0094 3584 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
14:15:42.0108 3584 CertPropSvc - ok
14:15:42.0153 3584 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:15:42.0167 3584 circlass - ok
14:15:42.0202 3584 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:15:42.0206 3584 CLFS - ok
14:15:42.0275 3584 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:15:42.0305 3584 clr_optimization_v2.0.50727_32 - ok
14:15:42.0332 3584 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:15:42.0351 3584 clr_optimization_v2.0.50727_64 - ok
14:15:42.0403 3584 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:15:42.0405 3584 clr_optimization_v4.0.30319_32 - ok
14:15:42.0435 3584 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:15:42.0437 3584 clr_optimization_v4.0.30319_64 - ok
14:15:42.0477 3584 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:15:42.0486 3584 CmBatt - ok
14:15:42.0491 3584 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
14:15:42.0501 3584 cmdide - ok
14:15:42.0548 3584 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
14:15:42.0572 3584 CNG - ok
14:15:42.0638 3584 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
14:15:42.0642 3584 Com4QLBEx - ok
14:15:42.0689 3584 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:15:42.0698 3584 Compbatt - ok
14:15:42.0709 3584 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
14:15:42.0719 3584 CompositeBus - ok
14:15:42.0724 3584 COMSysApp - ok
14:15:42.0742 3584 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:15:42.0749 3584 crcdisk - ok
14:15:42.0802 3584 [ F02786B66375292E58C8777082D4396D ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:15:42.0814 3584 CryptSvc - ok
14:15:42.0843 3584 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
14:15:42.0866 3584 CSC - ok
14:15:42.0911 3584 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
14:15:42.0942 3584 CscService - ok
14:15:43.0082 3584 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:15:43.0088 3584 DcomLaunch - ok
14:15:43.0113 3584 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:15:43.0127 3584 defragsvc - ok
14:15:43.0171 3584 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:15:43.0182 3584 DfsC - ok
14:15:43.0201 3584 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
14:15:43.0212 3584 Dhcp - ok
14:15:43.0235 3584 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
14:15:43.0243 3584 discache - ok
14:15:43.0261 3584 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:15:43.0271 3584 Disk - ok
14:15:43.0304 3584 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:15:43.0314 3584 Dnscache - ok
14:15:43.0451 3584 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
14:15:43.0530 3584 dot3svc - ok
14:15:43.0560 3584 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
14:15:43.0570 3584 DPS - ok
14:15:43.0602 3584 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:15:43.0608 3584 drmkaud - ok
14:15:43.0673 3584 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:15:43.0707 3584 DXGKrnl - ok
14:15:43.0741 3584 [ 416A2007878ED1D6FC5DDDB9E1F6DB3E ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys
14:15:43.0761 3584 e1express - ok
14:15:43.0796 3584 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:15:43.0806 3584 EapHost - ok
14:15:43.0923 3584 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
14:15:43.0977 3584 ebdrv - ok
14:15:44.0009 3584 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
14:15:44.0017 3584 EFS - ok
14:15:44.0107 3584 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:15:44.0141 3584 ehRecvr - ok
14:15:44.0170 3584 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
14:15:44.0185 3584 ehSched - ok
14:15:44.0231 3584 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:15:44.0268 3584 elxstor - ok
14:15:44.0282 3584 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
14:15:44.0289 3584 ErrDev - ok
14:15:44.0350 3584 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:15:44.0376 3584 EventSystem - ok
14:15:44.0411 3584 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:15:44.0430 3584 exfat - ok
14:15:44.0456 3584 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:15:44.0471 3584 fastfat - ok
14:15:44.0517 3584 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
14:15:44.0554 3584 Fax - ok
14:15:44.0585 3584 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:15:44.0596 3584 fdc - ok
14:15:44.0642 3584 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:15:44.0643 3584 fdPHost - ok
14:15:44.0661 3584 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:15:44.0662 3584 FDResPub - ok
14:15:44.0683 3584 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:15:44.0695 3584 FileInfo - ok
14:15:44.0700 3584 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:15:44.0710 3584 Filetrace - ok
14:15:44.0715 3584 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:15:44.0724 3584 flpydisk - ok
14:15:44.0732 3584 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:15:44.0750 3584 FltMgr - ok
14:15:44.0823 3584 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
14:15:44.0859 3584 FontCache - ok
14:15:44.0910 3584 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:15:44.0934 3584 FontCache3.0.0.0 - ok
14:15:44.0968 3584 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:15:44.0977 3584 FsDepends - ok
14:15:45.0004 3584 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:15:45.0012 3584 Fs_Rec - ok
14:15:45.0062 3584 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:15:45.0097 3584 fvevol - ok
14:15:45.0129 3584 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:15:45.0141 3584 gagp30kx - ok
14:15:45.0192 3584 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
14:15:45.0220 3584 gpsvc - ok
14:15:45.0252 3584 [ 965FC9D0BD1E13B02DC71B77B68092F4 ] HBtnKey C:\Windows\system32\DRIVERS\cpqbttn64.sys
14:15:45.0261 3584 HBtnKey - ok
14:15:45.0292 3584 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:15:45.0301 3584 hcw85cir - ok
14:15:45.0347 3584 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:15:45.0369 3584 HdAudAddService - ok
14:15:45.0396 3584 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:15:45.0397 3584 HDAudBus - ok
14:15:45.0403 3584 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:15:45.0414 3584 HidBatt - ok
14:15:45.0435 3584 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:15:45.0448 3584 HidBth - ok
14:15:45.0465 3584 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:15:45.0475 3584 HidIr - ok
14:15:45.0504 3584 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
14:15:45.0511 3584 hidserv - ok
14:15:45.0541 3584 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:15:45.0550 3584 HidUsb - ok
14:15:45.0571 3584 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:15:45.0583 3584 hkmsvc - ok
14:15:45.0598 3584 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:15:45.0610 3584 HomeGroupListener - ok
14:15:45.0636 3584 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:15:45.0648 3584 HomeGroupProvider - ok
14:15:45.0677 3584 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
14:15:45.0684 3584 hpdskflt - ok
14:15:45.0731 3584 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
14:15:45.0747 3584 HpqKbFiltr - ok
14:15:45.0803 3584 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
14:15:45.0805 3584 hpqwmiex - ok
14:15:45.0845 3584 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
14:15:45.0867 3584 HpSAMD - ok
14:15:45.0889 3584 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
14:15:45.0900 3584 hpsrv - ok
14:15:45.0939 3584 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:15:45.0966 3584 HTTP - ok
14:15:45.0985 3584 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:15:45.0994 3584 hwpolicy - ok
14:15:46.0002 3584 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:15:46.0023 3584 i8042prt - ok
14:15:46.0070 3584 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:15:46.0089 3584 iaStorV - ok
14:15:46.0184 3584 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:15:46.0222 3584 idsvc - ok
14:15:46.0255 3584 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:15:46.0265 3584 iirsp - ok
14:15:46.0325 3584 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
14:15:46.0359 3584 IKEEXT - ok
14:15:46.0368 3584 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
14:15:46.0377 3584 intelide - ok
14:15:46.0398 3584 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:15:46.0406 3584 intelppm - ok
14:15:46.0420 3584 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:15:46.0431 3584 IPBusEnum - ok
14:15:46.0449 3584 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:15:46.0459 3584 IpFilterDriver - ok
14:15:46.0501 3584 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:15:46.0515 3584 iphlpsvc - ok
14:15:46.0521 3584 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
14:15:46.0533 3584 IPMIDRV - ok
14:15:46.0539 3584 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:15:46.0552 3584 IPNAT - ok
14:15:46.0588 3584 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:15:46.0595 3584 IRENUM - ok
14:15:46.0614 3584 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
14:15:46.0622 3584 isapnp - ok
14:15:46.0645 3584 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
14:15:46.0663 3584 iScsiPrt - ok
14:15:46.0669 3584 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:15:46.0677 3584 kbdclass - ok
14:15:46.0691 3584 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:15:46.0701 3584 kbdhid - ok
14:15:46.0731 3584 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
14:15:46.0732 3584 KeyIso - ok
14:15:46.0759 3584 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:15:46.0770 3584 KSecDD - ok
14:15:46.0789 3584 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:15:46.0804 3584 KSecPkg - ok
14:15:46.0833 3584 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:15:46.0839 3584 ksthunk - ok
14:15:46.0886 3584 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:15:46.0915 3584 KtmRm - ok
14:15:46.0964 3584 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
14:15:46.0976 3584 LanmanServer - ok
14:15:47.0007 3584 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:15:47.0017 3584 LanmanWorkstation - ok
14:15:47.0049 3584 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:15:47.0059 3584 lltdio - ok
14:15:47.0080 3584 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:15:47.0096 3584 lltdsvc - ok
14:15:47.0119 3584 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:15:47.0126 3584 lmhosts - ok
14:15:47.0141 3584 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:15:47.0153 3584 LSI_FC - ok
14:15:47.0159 3584 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:15:47.0169 3584 LSI_SAS - ok
14:15:47.0174 3584 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:15:47.0184 3584 LSI_SAS2 - ok
14:15:47.0201 3584 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:15:47.0211 3584 LSI_SCSI - ok
14:15:47.0222 3584 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:15:47.0236 3584 luafv - ok
14:15:47.0266 3584 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:15:47.0278 3584 Mcx2Svc - ok
14:15:47.0297 3584 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:15:47.0305 3584 megasas - ok
14:15:47.0321 3584 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:15:47.0338 3584 MegaSR - ok
14:15:47.0401 3584 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
14:15:47.0429 3584 Microsoft Office Groove Audit Service - ok
14:15:47.0482 3584 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:15:47.0501 3584 MMCSS - ok
14:15:47.0531 3584 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:15:47.0540 3584 Modem - ok
14:15:47.0564 3584 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:15:47.0571 3584 monitor - ok
14:15:47.0585 3584 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:15:47.0595 3584 mouclass - ok
14:15:47.0607 3584 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:15:47.0616 3584 mouhid - ok
14:15:47.0628 3584 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:15:47.0639 3584 mountmgr - ok
14:15:47.0679 3584 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:15:47.0718 3584 MozillaMaintenance - ok
14:15:47.0737 3584 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
14:15:47.0764 3584 mpio - ok
14:15:47.0776 3584 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:15:47.0788 3584 mpsdrv - ok
14:15:47.0843 3584 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:15:47.0877 3584 MpsSvc - ok
14:15:47.0895 3584 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:15:47.0911 3584 MRxDAV - ok
14:15:47.0952 3584 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:15:47.0968 3584 mrxsmb - ok
14:15:47.0985 3584 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:15:48.0005 3584 mrxsmb10 - ok
14:15:48.0042 3584 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:15:48.0055 3584 mrxsmb20 - ok
14:15:48.0082 3584 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
14:15:48.0089 3584 msahci - ok
14:15:48.0095 3584 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
14:15:48.0108 3584 msdsm - ok
14:15:48.0125 3584 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:15:48.0140 3584 MSDTC - ok
14:15:48.0163 3584 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:15:48.0171 3584 Msfs - ok
14:15:48.0192 3584 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:15:48.0199 3584 mshidkmdf - ok
14:15:48.0204 3584 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
14:15:48.0212 3584 msisadrv - ok
14:15:48.0242 3584 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:15:48.0257 3584 MSiSCSI - ok
14:15:48.0261 3584 msiserver - ok
14:15:48.0278 3584 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:15:48.0285 3584 MSKSSRV - ok
14:15:48.0294 3584 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:15:48.0301 3584 MSPCLOCK - ok
14:15:48.0320 3584 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:15:48.0326 3584 MSPQM - ok
14:15:48.0349 3584 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:15:48.0365 3584 MsRPC - ok
14:15:48.0373 3584 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:15:48.0381 3584 mssmbios - ok
14:15:48.0392 3584 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:15:48.0398 3584 MSTEE - ok
14:15:48.0403 3584 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:15:48.0411 3584 MTConfig - ok
14:15:48.0417 3584 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:15:48.0424 3584 Mup - ok
14:15:48.0462 3584 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
14:15:48.0480 3584 napagent - ok
14:15:48.0518 3584 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:15:48.0538 3584 NativeWifiP - ok
14:15:48.0589 3584 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
14:15:48.0641 3584 NDIS - ok
14:15:48.0674 3584 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:15:48.0686 3584 NdisCap - ok
14:15:48.0695 3584 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:15:48.0707 3584 NdisTapi - ok
14:15:48.0740 3584 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:15:48.0750 3584 Ndisuio - ok
14:15:48.0772 3584 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:15:48.0788 3584 NdisWan - ok
14:15:48.0793 3584 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:15:48.0803 3584 NDProxy - ok
14:15:48.0808 3584 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:15:48.0817 3584 NetBIOS - ok
14:15:48.0825 3584 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:15:48.0840 3584 NetBT - ok
14:15:48.0864 3584 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
14:15:48.0866 3584 Netlogon - ok
14:15:48.0907 3584 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:15:48.0934 3584 Netman - ok
14:15:48.0957 3584 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:15:48.0962 3584 netprofm - ok
14:15:48.0989 3584 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:15:49.0005 3584 NetTcpPortSharing - ok
14:15:49.0165 3584 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
14:15:49.0399 3584 netw5v64 - ok
14:15:49.0440 3584 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:15:49.0448 3584 nfrd960 - ok
14:15:49.0488 3584 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:15:49.0501 3584 NlaSvc - ok
14:15:49.0506 3584 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:15:49.0515 3584 Npfs - ok
14:15:49.0548 3584 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:15:49.0554 3584 nsi - ok
14:15:49.0561 3584 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:15:49.0569 3584 nsiproxy - ok
14:15:49.0652 3584 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:15:49.0689 3584 Ntfs - ok
14:15:49.0801 3584 [ 0FFABAA4DD0501CB6F8E073DEDA93097 ] ntrtscan C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe
14:15:49.0820 3584 ntrtscan - ok
14:15:49.0847 3584 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:15:49.0854 3584 Null - ok
14:15:50.0204 3584 [ CA10F931C7C91A111E6D27762400AAD8 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:15:50.0304 3584 nvlddmkm - ok
14:15:50.0331 3584 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:15:50.0346 3584 nvraid - ok
14:15:50.0382 3584 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:15:50.0397 3584 nvstor - ok
14:15:50.0440 3584 [ 19883C9E84AAE9C9F0591B683D46CD9F ] nvsvc C:\Windows\system32\nvvsvc.exe
14:15:50.0446 3584 nvsvc - ok
14:15:50.0473 3584 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
14:15:50.0487 3584 nv_agp - ok
14:15:50.0599 3584 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:15:50.0643 3584 odserv - ok
14:15:50.0669 3584 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
14:15:50.0680 3584 ohci1394 - ok
14:15:50.0735 3584 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:15:50.0774 3584 ose - ok
14:15:50.0818 3584 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:15:50.0822 3584 p2pimsvc - ok
14:15:50.0843 3584 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:15:50.0849 3584 p2psvc - ok
14:15:50.0874 3584 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:15:50.0890 3584 Parport - ok
14:15:50.0917 3584 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:15:50.0929 3584 partmgr - ok
14:15:50.0946 3584 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:15:50.0961 3584 PcaSvc - ok
14:15:50.0969 3584 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
14:15:50.0985 3584 pci - ok
14:15:50.0990 3584 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
14:15:50.0997 3584 pciide - ok
14:15:51.0016 3584 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:15:51.0033 3584 pcmcia - ok
14:15:51.0038 3584 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:15:51.0047 3584 pcw - ok
14:15:51.0064 3584 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:15:51.0085 3584 PEAUTH - ok
14:15:51.0164 3584 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
14:15:51.0205 3584 PeerDistSvc - ok
14:15:51.0287 3584 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:15:51.0321 3584 PerfHost - ok
14:15:51.0560 3584 [ F042EE4C8D66248D9B86DCF52ABAE416 ] PEVSystemStart C:\ComboFix\pev.3XE
14:15:52.0093 3584 PEVSystemStart - ok
14:15:52.0157 3584 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
14:15:52.0187 3584 pla - ok
14:15:52.0247 3584 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:15:52.0280 3584 PlugPlay - ok
14:15:52.0318 3584 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:15:52.0332 3584 PNRPAutoReg - ok
14:15:52.0387 3584 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:15:52.0396 3584 PNRPsvc - ok
14:15:52.0458 3584 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:15:52.0468 3584 PolicyAgent - ok
14:15:52.0516 3584 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
14:15:52.0536 3584 Power - ok
14:15:52.0575 3584 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:15:52.0593 3584 PptpMiniport - ok
14:15:52.0611 3584 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:15:52.0619 3584 Processor - ok
14:15:52.0643 3584 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
14:15:52.0654 3584 ProfSvc - ok
14:15:52.0664 3584 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:15:52.0666 3584 ProtectedStorage - ok
14:15:52.0695 3584 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:15:52.0696 3584 Psched - ok
14:15:52.0738 3584 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:15:52.0775 3584 ql2300 - ok
14:15:52.0806 3584 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:15:52.0818 3584 ql40xx - ok
14:15:52.0857 3584 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:15:52.0887 3584 QWAVE - ok
14:15:52.0904 3584 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:15:52.0914 3584 QWAVEdrv - ok
14:15:52.0919 3584 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:15:52.0927 3584 RasAcd - ok
14:15:52.0967 3584 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:15:52.0977 3584 RasAgileVpn - ok
14:15:52.0991 3584 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:15:53.0003 3584 RasAuto - ok
14:15:53.0026 3584 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:15:53.0040 3584 Rasl2tp - ok
14:15:53.0079 3584 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
14:15:53.0096 3584 RasMan - ok
14:15:53.0102 3584 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:15:53.0113 3584 RasPppoe - ok
14:15:53.0119 3584 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:15:53.0131 3584 RasSstp - ok
14:15:53.0148 3584 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:15:53.0167 3584 rdbss - ok
14:15:53.0185 3584 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:15:53.0195 3584 rdpbus - ok
14:15:53.0219 3584 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:15:53.0225 3584 RDPCDD - ok
14:15:53.0259 3584 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
14:15:53.0272 3584 RDPDR - ok
14:15:53.0302 3584 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:15:53.0308 3584 RDPENCDD - ok
14:15:53.0322 3584 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:15:53.0329 3584 RDPREFMP - ok
14:15:53.0367 3584 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:15:53.0398 3584 RDPWD - ok
14:15:53.0417 3584 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:15:53.0436 3584 rdyboost - ok
14:15:53.0461 3584 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:15:53.0473 3584 RemoteAccess - ok
14:15:53.0495 3584 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:15:53.0508 3584 RemoteRegistry - ok
14:15:53.0545 3584 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
14:15:53.0546 3584 RFCOMM - ok
14:15:53.0590 3584 [ B416FA425949575A730260CC7AED8136 ] RICOH SmartCard Reader C:\Windows\system32\DRIVERS\rismcx64.sys
14:15:53.0613 3584 RICOH SmartCard Reader - ok
14:15:53.0649 3584 [ 2A43F9E6DBDE12BC0C104785C3B3F5DF ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys
14:15:53.0659 3584 rismxdp - ok
14:15:53.0675 3584 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:15:53.0683 3584 RpcEptMapper - ok
14:15:53.0709 3584 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:15:53.0717 3584 RpcLocator - ok
14:15:53.0745 3584 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
14:15:53.0749 3584 RpcSs - ok
14:15:53.0787 3584 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:15:53.0798 3584 rspndr - ok
14:15:53.0825 3584 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
14:15:53.0832 3584 s3cap - ok
14:15:53.0853 3584 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
14:15:53.0855 3584 SamSs - ok
14:15:53.0999 3584 [ BCE943896289A91AD75CC5652620B1C6 ] SBAMSvc C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
14:15:54.0023 3584 SBAMSvc - ok
14:15:54.0084 3584 [ 6E342316E72F4B6FA39C99E06373A1A3 ] sbapifs C:\Windows\system32\DRIVERS\sbapifs.sys
14:15:54.0103 3584 sbapifs - ok
14:15:54.0135 3584 [ B671EEF468D13016B9286F5835A06AE1 ] sbhips C:\Windows\system32\drivers\sbhips.sys
14:15:54.0145 3584 sbhips - ok
14:15:54.0167 3584 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
14:15:54.0178 3584 sbp2port - ok
14:15:54.0194 3584 [ 9ACEB2A2362FC87A3825963E61BA9076 ] SBRE C:\Windows\system32\drivers\SBREdrv.sys
14:15:54.0202 3584 SBRE - ok
14:15:54.0236 3584 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:15:54.0249 3584 SCardSvr - ok
14:15:54.0273 3584 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:15:54.0280 3584 scfilter - ok
14:15:54.0331 3584 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
14:15:54.0368 3584 Schedule - ok
14:15:54.0394 3584 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:15:54.0395 3584 SCPolicySvc - ok
14:15:54.0441 3584 [ 2C8D162EFAF73ABD36D8BCBB6340CAE7 ] sdbus C:\Windows\system32\drivers\sdbus.sys
14:15:54.0453 3584 sdbus - ok
14:15:54.0484 3584 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:15:54.0500 3584 SDRSVC - ok
14:15:54.0533 3584 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:15:54.0541 3584 secdrv - ok
14:15:54.0555 3584 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
14:15:54.0563 3584 seclogon - ok
14:15:54.0583 3584 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
14:15:54.0592 3584 SENS - ok
14:15:54.0608 3584 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:15:54.0616 3584 SensrSvc - ok
14:15:54.0635 3584 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:15:54.0643 3584 Serenum - ok
14:15:54.0649 3584 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:15:54.0662 3584 Serial - ok
14:15:54.0682 3584 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:15:54.0692 3584 sermouse - ok
14:15:54.0729 3584 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
14:15:54.0740 3584 SessionEnv - ok
14:15:54.0781 3584 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:15:54.0798 3584 sffdisk - ok
14:15:54.0819 3584 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:15:54.0826 3584 sffp_mmc - ok
14:15:54.0840 3584 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:15:54.0848 3584 sffp_sd - ok
14:15:54.0876 3584 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:15:54.0883 3584 sfloppy - ok
14:15:54.0924 3584 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:15:54.0952 3584 SharedAccess - ok
14:15:54.0993 3584 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:15:55.0011 3584 ShellHWDetection - ok
14:15:55.0035 3584 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:15:55.0043 3584 SiSRaid2 - ok
14:15:55.0048 3584 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:15:55.0057 3584 SiSRaid4 - ok
14:15:55.0096 3584 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:15:55.0107 3584 Smb - ok
14:15:55.0130 3584 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:15:55.0139 3584 SNMPTRAP - ok
14:15:55.0144 3584 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:15:55.0151 3584 spldr - ok
14:15:55.0194 3584 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
14:15:55.0199 3584 Spooler - ok
14:15:55.0328 3584 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
14:15:55.0359 3584 sppsvc - ok
14:15:55.0381 3584 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:15:55.0392 3584 sppuinotify - ok
14:15:55.0430 3584 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:15:55.0455 3584 srv - ok
14:15:55.0480 3584 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:15:55.0508 3584 srv2 - ok
14:15:55.0546 3584 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
14:15:55.0567 3584 SrvHsfHDA - ok
14:15:55.0616 3584 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
14:15:55.0655 3584 SrvHsfV92 - ok
14:15:55.0685 3584 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
14:15:55.0716 3584 SrvHsfWinac - ok
14:15:55.0746 3584 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:15:55.0765 3584 srvnet - ok
14:15:55.0808 3584 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:15:55.0824 3584 SSDPSRV - ok
14:15:55.0830 3584 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:15:55.0841 3584 SstpSvc - ok
14:15:55.0892 3584 Steam Client Service - ok
14:15:55.0923 3584 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:15:55.0930 3584 stexstor - ok
14:15:55.0969 3584 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
14:15:55.0992 3584 stisvc - ok
14:15:56.0057 3584 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
14:15:56.0075 3584 storflt - ok
14:15:56.0115 3584 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
14:15:56.0124 3584 StorSvc - ok
14:15:56.0137 3584 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
14:15:56.0147 3584 storvsc - ok
14:15:56.0182 3584 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:15:56.0190 3584 swenum - ok
14:15:56.0228 3584 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:15:56.0252 3584 swprv - ok
14:15:56.0306 3584 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
14:15:56.0338 3584 SysMain - ok
14:15:56.0366 3584 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:15:56.0378 3584 TabletInputService - ok
14:15:56.0396 3584 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
14:15:56.0414 3584 TapiSrv - ok
14:15:56.0433 3584 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:15:56.0442 3584 TBS - ok
14:15:56.0527 3584 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:15:56.0594 3584 Tcpip - ok
14:15:56.0638 3584 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:15:56.0650 3584 TCPIP6 - ok
14:15:56.0682 3584 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:15:56.0692 3584 tcpipreg - ok
14:15:56.0714 3584 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:15:56.0721 3584 TDPIPE - ok
14:15:56.0753 3584 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:15:56.0762 3584 TDTCP - ok
14:15:56.0774 3584 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:15:56.0786 3584 tdx - ok
14:15:56.0792 3584 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:15:56.0799 3584 TermDD - ok
14:15:56.0841 3584 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
14:15:56.0848 3584 TermService - ok
14:15:56.0857 3584 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
14:15:56.0865 3584 Themes - ok
14:15:56.0893 3584 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:15:56.0894 3584 THREADORDER - ok
14:15:56.0974 3584 [ 963C903E5176C5CDCAE321D48635B21F ] TMBMServer C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
14:15:57.0011 3584 TMBMServer - ok
14:15:57.0062 3584 [ 55283E1FC92021AEBA8E1E5B7EBAD9D1 ] TmFilter C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys
14:15:57.0095 3584 TmFilter - ok
14:15:57.0190 3584 [ 7D2E179DF9FD0CAF8CECA9EE3AF1C0E0 ] tmlisten C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe
14:15:57.0215 3584 tmlisten - ok
14:15:57.0259 3584 [ 8F82EF40FA762354530236ABE302FA35 ] TmPreFilter C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys
14:15:57.0266 3584 TmPreFilter - ok
14:15:57.0313 3584 [ 3AE913B4FBF06EE49831FF9DB2330830 ] TmProxy C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe
14:15:57.0327 3584 TmProxy - ok
14:15:57.0377 3584 [ 21CC12B7F8B44E91D03EAD5B17AAF0B2 ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys
14:15:57.0401 3584 tmtdi - ok
14:15:57.0436 3584 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
14:15:57.0445 3584 TPM - ok
14:15:57.0492 3584 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:15:57.0506 3584 TrkWks - ok
14:15:57.0549 3584 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:15:57.0580 3584 TrustedInstaller - ok
14:15:57.0600 3584 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:15:57.0610 3584 tssecsrv - ok
14:15:57.0650 3584 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:15:57.0664 3584 tunnel - ok
14:15:57.0679 3584 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:15:57.0690 3584 uagp35 - ok
14:15:57.0712 3584 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:15:57.0731 3584 udfs - ok
14:15:57.0769 3584 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:15:57.0779 3584 UI0Detect - ok
14:15:57.0809 3584 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
14:15:57.0818 3584 uliagpkx - ok
14:15:57.0839 3584 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:15:57.0847 3584 umbus - ok
14:15:57.0852 3584 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:15:57.0860 3584 UmPass - ok
14:15:57.0899 3584 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
14:15:57.0911 3584 UmRdpService - ok
14:15:57.0933 3584 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:15:57.0950 3584 upnphost - ok
14:15:57.0975 3584 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
14:15:57.0985 3584 usbccgp - ok
14:15:58.0009 3584 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
14:15:58.0020 3584 usbcir - ok
14:15:58.0040 3584 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:15:58.0049 3584 usbehci - ok
14:15:58.0087 3584 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:15:58.0109 3584 usbhub - ok
14:15:58.0130 3584 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:15:58.0138 3584 usbohci - ok
14:15:58.0157 3584 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:15:58.0166 3584 usbprint - ok
14:15:58.0182 3584 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:15:58.0192 3584 USBSTOR - ok
14:15:58.0219 3584 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
14:15:58.0226 3584 usbuhci - ok
14:15:58.0248 3584 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:15:58.0256 3584 UxSms - ok
14:15:58.0276 3584 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
14:15:58.0278 3584 VaultSvc - ok
14:15:58.0298 3584 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
14:15:58.0305 3584 vdrvroot - ok
14:15:58.0337 3584 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
14:15:58.0362 3584 vds - ok
14:15:58.0387 3584 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:15:58.0396 3584 vga - ok
14:15:58.0401 3584 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:15:58.0413 3584 VgaSave - ok
14:15:58.0429 3584 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
14:15:58.0447 3584 vhdmp - ok
14:15:58.0452 3584 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
14:15:58.0460 3584 viaide - ok
14:15:58.0490 3584 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
14:15:58.0505 3584 vmbus - ok
14:15:58.0515 3584 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
14:15:58.0523 3584 VMBusHID - ok
14:15:58.0547 3584 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
14:15:58.0555 3584 volmgr - ok
14:15:58.0566 3584 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:15:58.0583 3584 volmgrx - ok
14:15:58.0592 3584 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
14:15:58.0611 3584 volsnap - ok
14:15:58.0717 3584 [ BF63E3F8F1CED65F4F5AD22E0735B2E4 ] VSApiNt C:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys
14:15:58.0750 3584 VSApiNt - ok
14:15:58.0795 3584 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:15:58.0815 3584 vsmraid - ok
14:15:58.0888 3584 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
14:15:58.0929 3584 VSS - ok
14:15:58.0943 3584 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
14:15:58.0950 3584 vwifibus - ok
14:15:58.0967 3584 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:15:58.0980 3584 W32Time - ok
14:15:59.0002 3584 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:15:59.0012 3584 WacomPen - ok
14:15:59.0051 3584 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:15:59.0062 3584 WANARP - ok
14:15:59.0067 3584 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:15:59.0068 3584 Wanarpv6 - ok
14:15:59.0165 3584 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:15:59.0199 3584 WatAdminSvc - ok
14:15:59.0270 3584 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
14:15:59.0311 3584 wbengine - ok
14:15:59.0328 3584 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:15:59.0344 3584 WbioSrvc - ok
14:15:59.0388 3584 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:15:59.0407 3584 wcncsvc - ok
14:15:59.0441 3584 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:15:59.0450 3584 WcsPlugInService - ok
14:15:59.0476 3584 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:15:59.0483 3584 Wd - ok
14:15:59.0499 3584 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:15:59.0523 3584 Wdf01000 - ok
14:15:59.0534 3584 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:15:59.0543 3584 WdiServiceHost - ok
14:15:59.0547 3584 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:15:59.0550 3584 WdiSystemHost - ok
14:15:59.0580 3584 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
14:15:59.0596 3584 WebClient - ok
14:15:59.0616 3584 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:15:59.0633 3584 Wecsvc - ok
14:15:59.0665 3584 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:15:59.0676 3584 wercplsupport - ok
14:15:59.0693 3584 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:15:59.0706 3584 WerSvc - ok
14:15:59.0731 3584 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:15:59.0738 3584 WfpLwf - ok
14:15:59.0751 3584 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:15:59.0759 3584 WIMMount - ok
14:15:59.0775 3584 WinDefend - ok
14:15:59.0783 3584 WinHttpAutoProxySvc - ok
14:15:59.0846 3584 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:15:59.0865 3584 Winmgmt - ok
14:15:59.0956 3584 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
14:16:00.0007 3584 WinRM - ok
14:16:00.0096 3584 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:16:00.0130 3584 Wlansvc - ok
14:16:00.0155 3584 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
14:16:00.0162 3584 WmiAcpi - ok
14:16:00.0197 3584 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:16:00.0217 3584 wmiApSrv - ok
14:16:00.0246 3584 WMPNetworkSvc - ok
14:16:00.0271 3584 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:16:00.0279 3584 WPCSvc - ok
14:16:00.0296 3584 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:16:00.0305 3584 WPDBusEnum - ok
14:16:00.0324 3584 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:16:00.0332 3584 ws2ifsl - ok
14:16:00.0363 3584 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll
14:16:00.0366 3584 wscsvc - ok
14:16:00.0370 3584 WSearch - ok
14:16:00.0471 3584 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:16:00.0505 3584 wuauserv - ok
14:16:00.0525 3584 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:16:00.0541 3584 WudfPf - ok
14:16:00.0556 3584 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:16:00.0575 3584 WUDFRd - ok
14:16:00.0603 3584 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:16:00.0615 3584 wudfsvc - ok
14:16:00.0641 3584 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
14:16:00.0661 3584 WwanSvc - ok
14:16:00.0696 3584 ================ Scan global ===============================
14:16:00.0725 3584 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:16:00.0761 3584 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
14:16:00.0779 3584 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
14:16:00.0816 3584 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:16:00.0862 3584 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:16:00.0882 3584 [Global] - ok
14:16:00.0882 3584 ================ Scan MBR ==================================
14:16:00.0896 3584 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:16:00.0897 3584 Suspicious mbr (Forged): \Device\Harddisk0\DR0
14:16:00.0930 3584 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
14:16:00.0930 3584 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
14:16:00.0931 3584 ================ Scan VBR ==================================
14:16:00.0935 3584 [ 4BB57C06DE8DDA0B583EDEF6650341CE ] \Device\Harddisk0\DR0\Partition1
14:16:00.0937 3584 \Device\Harddisk0\DR0\Partition1 - ok
14:16:00.0962 3584 [ E7CAB2A5EFCE8F2A60D1A40C3A5D0A5D ] \Device\Harddisk0\DR0\Partition2
14:16:00.0965 3584 \Device\Harddisk0\DR0\Partition2 - ok
14:16:00.0966 3584 ============================================================
14:16:00.0966 3584 Scan finished
14:16:00.0966 3584 ============================================================
14:16:01.0065 3708 Detected object count: 1
14:16:01.0065 3708 Actual detected object count: 1
14:16:18.0853 3708 \Device\Harddisk0\DR0\# - copied to quarantine
14:16:18.0859 3708 \Device\Harddisk0\DR0 - copied to quarantine
14:16:18.0910 3708 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
14:16:18.0923 3708 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
14:16:18.0936 3708 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
14:16:18.0961 3708 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
14:16:18.0994 3708 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
14:16:19.0036 3708 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
14:16:19.0056 3708 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
14:16:19.0062 3708 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
14:16:19.0069 3708 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
14:16:19.0075 3708 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
14:16:19.0097 3708 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
14:16:19.0117 3708 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
14:16:19.0124 3708 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
14:16:19.0130 3708 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
14:16:19.0145 3708 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
14:16:19.0187 3708 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
14:16:19.0188 3708 \Device\Harddisk0\DR0 - ok
14:16:19.0194 3708 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
14:16:39.0452 4888 Deinitialize success

I'll put up the aswMBR log up next

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:21 AM

Posted 18 September 2012 - 02:43 PM

I will be looking for it


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 The Real Lee

The Real Lee
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 18 September 2012 - 02:44 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-18 14:26:20
-----------------------------
14:26:20.841 OS Version: Windows x64 6.1.7600
14:26:20.841 Number of processors: 2 586 0x1706
14:26:20.842 ComputerName: IA-LAPTOP-EXTRA UserName: lzimmerman
14:26:21.761 Initialize success
14:27:52.201 AVAST engine defs: 12091400
14:28:55.364 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
14:28:55.368 Disk 0 Vendor: TOSHIBA_MK2546GSX LB014C Size: 238475MB BusType: 11
14:28:55.407 Disk 0 MBR read successfully
14:28:55.411 Disk 0 MBR scan
14:28:55.423 Disk 0 Windows 7 default MBR code
14:28:55.427 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 228251 MB offset 63
14:28:55.461 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10221 MB offset 467459370
14:28:55.502 Disk 0 scanning C:\Windows\system32\drivers
14:29:09.959 Service scanning
14:29:42.506 Service TmFilter C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys **LOCKED** 32
14:29:43.103 Service TmPreFilter C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys **LOCKED** 32
14:29:46.186 Service VSApiNt C:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys **LOCKED** 32
14:29:50.392 Modules scanning
14:29:50.407 Disk 0 trace - called modules:
14:29:50.454 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
14:29:50.465 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800483d790]
14:29:50.475 3 CLASSPNP.SYS[fffff8800199143f] -> nt!IofCallDriver -> [0xfffffa800483d040]
14:29:50.485 5 hpdskflt.sys[fffff88001938189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0xfffffa80046c1060]
14:29:51.179 AVAST engine scan C:\Windows
14:29:56.269 AVAST engine scan C:\Windows\system32
14:34:32.193 AVAST engine scan C:\Windows\system32\drivers
14:34:45.234 AVAST engine scan C:\Users\lzimmerman
14:43:46.317 Disk 0 MBR has been saved successfully to "C:\Users\lzimmerman\Desktop\MBR.dat"
14:43:46.323 The log file has been saved successfully to "C:\Users\lzimmerman\Desktop\aswMBR.txt"


and here it is.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:21 AM

Posted 18 September 2012 - 03:13 PM

Please try and run combofix for me know


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users