Jump to content

excessive incoming IP blocks


Recommended Posts

I'm afraid I may have a virus or malware of some sort. I may partly be a little paranoid, but here lately I've been noticing that MWBs protection module is blocking incoming IPs using several .exe's, but most of the time its svchost.exe. I'm pretty keen on my computer's processing speed when doing tasks, and I think I've noticed a slight drag in performance as well. Of course this could all be much ado about nothing, but I just want to make sure.

Thanks!

Attach.txt

DDS.txt

Link to post
Share on other sites

Hello and welcome. Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif Download aswMBR.exe to your desktop.

  • Double click the aswMBR.exe to run it
  • You will be asked if you want to use Avast! Free anti virus for scanning - select No
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply.

Please include the following in your next post:

  • aswMBR log

Link to post
Share on other sites

thank.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-08-06 07:31:32

-----------------------------

07:31:32.414 OS Version: Windows x64 6.1.7601 Service Pack 1

07:31:32.414 Number of processors: 8 586 0x1E05

07:31:32.415 ComputerName: MARCUS-WORK UserName: mhandy

07:31:47.226 Initialize success

07:32:53.424 AVAST engine defs: 12080600

07:33:07.982 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

07:33:07.985 Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 3

07:33:07.999 Disk 0 MBR read successfully

07:33:08.003 Disk 0 MBR scan

07:33:08.013 Disk 0 Windows 7 default MBR code

07:33:08.017 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 22003 MB offset 63

07:33:08.040 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 119231 MB offset 45062325

07:33:08.052 Disk 0 Partition - 00 0F Extended LBA 335704 MB offset 289249280

07:33:08.086 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 335703 MB offset 289251328

07:33:08.130 Disk 0 scanning C:\Windows\system32\drivers

07:33:24.884 Service scanning

07:33:55.853 Modules scanning

07:33:55.866 Disk 0 trace - called modules:

07:33:55.904 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll

07:33:55.911 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800c6a1790]

07:33:55.920 3 CLASSPNP.SYS[fffff88001b8643f] -> nt!IofCallDriver -> [0xfffffa800b5957a0]

07:33:55.929 5 ACPI.sys[fffff88000f2e7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800c439050]

07:33:59.877 AVAST engine scan C:\Windows

07:34:03.595 AVAST engine scan C:\Windows\system32

07:38:38.046 AVAST engine scan C:\Windows\system32\drivers

07:39:01.243 AVAST engine scan C:\Users\mhandy

07:52:46.235 AVAST engine scan C:\ProgramData

07:54:02.970 Scan finished successfully

07:56:11.189 Disk 0 MBR has been saved successfully to "C:\Users\mhandy\Desktop\MBR.dat"

07:56:11.197 The log file has been saved successfully to "C:\Users\mhandy\Desktop\aswMBR.txt"

Link to post
Share on other sites

Please do this next:

icon11.gif You have more than one antivirus (AV) program running. Your logs show both Emsisoft Anti-Malware Trend Micro Security Agent running. Running more than one AV program does not offer any more protection and often causes conflicts and slow downs with your computer. Please uninstall one of those AV applications.

icon11.gif Download Combofix from either of the links below, and save it to your desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.

.

Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:

  • ComboFix log

Link to post
Share on other sites

thanks!

ComboFix 12-08-07.03 - mhandy 08/07/2012 12:03:04.1.8 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.14261.11547 [GMT -5:00]

Running from: c:\users\mhandy\Desktop\ComboFix.exe

AV: Trend Micro Security Agent *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

SP: Trend Micro Security Agent *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Common Files\Net4Switch.ico

c:\programdata\FullRemove.exe

c:\users\mhandy\AppData\Local\Temp\Temp1_CoreTemp64.zip\Core Temp.exe

c:\users\mhandy\g2mdlhlpx.exe

c:\windows\AsPatch10430001.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-07 to 2012-08-07 )))))))))))))))))))))))))))))))

.

.

2012-08-07 17:08 . 2012-08-07 17:08 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-08-07 17:08 . 2012-08-07 17:08 -------- d-----w- c:\users\marcus\AppData\Local\temp

2012-08-07 17:08 . 2012-08-07 17:08 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-07 17:08 . 2012-08-07 17:08 -------- d-----w- c:\users\administrator\AppData\Local\temp

2012-07-29 07:33 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9FFF9849-4192-4526-8363-F6CA16F5A9FF}\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-03 01:31 . 2012-04-03 14:05 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-03 01:31 . 2011-05-26 04:22 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-27 18:40 . 2011-02-19 11:09 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-07-03 18:46 . 2011-10-16 00:55 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-15 05:33 . 2012-06-15 05:33 128512 ----a-w- c:\windows\RegBootClean64.exe

2012-05-31 17:25 . 2011-02-19 22:31 279656 ------w- c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl9"="c:\program files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]

"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-06-24 210216]

"SonicMasterTray"="c:\program files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" [2010-07-10 984400]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]

"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2010-08-12 21504]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"OfficeSubscriptionAgent"="c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\osaui.exe" [2011-11-16 932160]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2011-11-16 12065056]

"SignIn"="c:\program files (x86)\Microsoft Online Services\Sign In\SignIn.exe" [2011-03-16 1742704]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

c:\users\mhandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-2 1080608]

FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2010-11-11 12862]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoWelcomeScreen"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp msoidssp

.

R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-11 135664]

R2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2010-08-21 77312]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-05-03 44032]

R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 52264]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]

R3 c2wts;Claims to Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [2010-02-02 15768]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-04-12 52632]

R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]

R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]

R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 21504]

R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216]

R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-01-07 45408]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-19 1255736]

R4 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-06-22 379520]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]

S2 CrmSqlStartupSvc;SQL Server (CRM) On-Demand Shutdown;c:\program files (x86)\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe [2011-07-23 23400]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-04-26 223088]

S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2010-08-17 2024864]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]

S2 osubsvc;Microsoft Office 2010 Subscription Agent;c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\osa.exe [2011-11-16 493384]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]

S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2011-02-25 69904]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-17 13832]

S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-17 134928]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]

S3 ALSysIO;ALSysIO;c:\users\mhandy\AppData\Local\Temp\ALSysIO64.sys [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-07-21 129024]

S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2010-09-25 229376]

S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2010-09-25 69120]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-03-04 75816]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - ALSYSIO

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 01:31]

.

2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-11 05:04]

.

2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-11 05:04]

.

2012-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2625349364-4053089507-2188903137-2104Core.job

- c:\users\mhandy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-11 20:51]

.

2012-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2625349364-4053089507-2188903137-2104UA.job

- c:\users\mhandy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-11 20:51]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-09-28 2121320]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-05-03 324096]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-03-26 204584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

Trusted Zone: dynamics.com\*.crm

Trusted Zone: fibsbsbhm01

Trusted Zone: live.com

Trusted Zone: sharepoint.com\founders-admin

Trusted Zone: sharepoint.com\founders-my

Trusted Zone: sharepoint.com\foundersib

TCP: DhcpNameServer = 192.168.0.1

DPF: {9BBB3919-F518-4D06-8209-299FC243FC44} - hxxp://fibsbsbhm01/SMB/console/html/root/AtxEnc.cab

FF - ProfilePath - c:\users\mhandy\AppData\Roaming\Mozilla\Firefox\Profiles\i6r9vanq.default\

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-SpybotSD TeaTimer - c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe

Wow6432Node-HKLM-Run-SessionLogon - c:\expressgateutil\SessionLogon.exe

Wow6432Node-HKLM-Run-CLMLServer - c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe

Toolbar-Locked - (no file)

HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe

HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-08-07 12:10:11

ComboFix-quarantined-files.txt 2012-08-07 17:10

.

Pre-Run: 35,255,345,152 bytes free

Post-Run: 37,888,307,200 bytes free

.

- - End Of File - - 93A10DD2D76A7D53D81959ADCED94BFA

Link to post
Share on other sites

Please do this next:

icon11.gif Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.

icon11.gif You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information, C:\_OTL\MovedFiles or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:

  • TDSSKiller log
  • MBAM log

Link to post
Share on other sites

It said no threats found for TDSSKiller:

00:56:48.0915 5540 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

00:56:50.0919 5540 ============================================================

00:56:50.0919 5540 Current date / time: 2012/08/09 00:56:50.0919

00:56:50.0919 5540 SystemInfo:

00:56:50.0919 5540

00:56:50.0919 5540 OS Version: 6.1.7601 ServicePack: 1.0

00:56:50.0919 5540 Product type: Workstation

00:56:50.0919 5540 ComputerName: MARCUS-WORK

00:56:50.0919 5540 UserName: mhandy

00:56:50.0919 5540 Windows directory: C:\Windows

00:56:50.0919 5540 System windows directory: C:\Windows

00:56:50.0919 5540 Running under WOW64

00:56:50.0919 5540 Processor architecture: Intel x64

00:56:50.0919 5540 Number of processors: 8

00:56:50.0919 5540 Page size: 0x1000

00:56:50.0919 5540 Boot type: Normal boot

00:56:50.0919 5540 ============================================================

00:56:51.0538 5540 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

00:56:51.0547 5540 ============================================================

00:56:51.0547 5540 \Device\Harddisk0\DR0:

00:56:51.0548 5540 MBR partitions:

00:56:51.0548 5540 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2AF98B5, BlocksNum 0xE8DFF31

00:56:51.0566 5540 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x113DA000, BlocksNum 0x28FAB800

00:56:51.0566 5540 ============================================================

00:56:51.0588 5540 C: <-> \Device\Harddisk0\DR0\Partition0

00:56:51.0619 5540 D: <-> \Device\Harddisk0\DR0\Partition1

00:56:51.0619 5540 ============================================================

00:56:51.0619 5540 Initialize success

00:56:51.0619 5540 ============================================================

00:57:25.0004 1376 ============================================================

00:57:25.0004 1376 Scan started

00:57:25.0004 1376 Mode: Manual; TDLFS;

00:57:25.0004 1376 ============================================================

00:57:25.0766 1376 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

00:57:25.0779 1376 1394ohci - ok

00:57:25.0823 1376 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

00:57:25.0838 1376 ACPI - ok

00:57:25.0861 1376 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

00:57:25.0863 1376 AcpiPmi - ok

00:57:26.0011 1376 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

00:57:26.0013 1376 AdobeFlashPlayerUpdateSvc - ok

00:57:26.0062 1376 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

00:57:26.0088 1376 adp94xx - ok

00:57:26.0113 1376 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

00:57:26.0123 1376 adpahci - ok

00:57:26.0150 1376 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

00:57:26.0164 1376 adpu320 - ok

00:57:26.0192 1376 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

00:57:26.0195 1376 AeLookupSvc - ok

00:57:26.0244 1376 AFBAgent (734d1ba96be6ad8d04e6afead569ea8a) C:\Windows\system32\FBAgent.exe

00:57:26.0257 1376 AFBAgent - ok

00:57:26.0318 1376 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

00:57:26.0333 1376 AFD - ok

00:57:26.0356 1376 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

00:57:26.0359 1376 agp440 - ok

00:57:26.0378 1376 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

00:57:26.0381 1376 ALG - ok

00:57:26.0408 1376 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

00:57:26.0411 1376 aliide - ok

00:57:26.0548 1376 ALSysIO - ok

00:57:26.0571 1376 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

00:57:26.0573 1376 amdide - ok

00:57:26.0598 1376 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

00:57:26.0600 1376 AmdK8 - ok

00:57:26.0618 1376 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

00:57:26.0621 1376 AmdPPM - ok

00:57:26.0654 1376 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

00:57:26.0657 1376 amdsata - ok

00:57:26.0687 1376 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

00:57:26.0691 1376 amdsbs - ok

00:57:26.0707 1376 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

00:57:26.0708 1376 amdxata - ok

00:57:26.0810 1376 Amsp (25e9c505a8db1b5efe631e43718fdb22) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

00:57:26.0812 1376 Amsp - ok

00:57:26.0856 1376 AmUStor (9c7f164b49cadc658d1b3c575782f346) C:\Windows\system32\drivers\AmUStor.SYS

00:57:26.0859 1376 AmUStor - ok

00:57:26.0900 1376 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

00:57:26.0903 1376 AppID - ok

00:57:26.0942 1376 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

00:57:26.0944 1376 AppIDSvc - ok

00:57:26.0987 1376 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

00:57:26.0990 1376 Appinfo - ok

00:57:27.0052 1376 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

00:57:27.0065 1376 AppMgmt - ok

00:57:27.0097 1376 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

00:57:27.0100 1376 arc - ok

00:57:27.0114 1376 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

00:57:27.0118 1376 arcsas - ok

00:57:27.0203 1376 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

00:57:27.0205 1376 ASLDRService - ok

00:57:27.0227 1376 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys

00:57:27.0228 1376 ASMMAP64 - ok

00:57:27.0311 1376 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

00:57:27.0313 1376 aspnet_state - ok

00:57:27.0329 1376 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

00:57:27.0332 1376 AsyncMac - ok

00:57:27.0367 1376 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

00:57:27.0368 1376 atapi - ok

00:57:27.0558 1376 athr (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys

00:57:27.0616 1376 athr - ok

00:57:27.0689 1376 ATKGFNEXSrv (7910158929571214a959d5a6d16dd9c0) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

00:57:27.0690 1376 ATKGFNEXSrv - ok

00:57:27.0846 1376 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

00:57:27.0871 1376 AudioEndpointBuilder - ok

00:57:27.0876 1376 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

00:57:27.0880 1376 AudioSrv - ok

00:57:27.0932 1376 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

00:57:27.0941 1376 AxInstSV - ok

00:57:28.0018 1376 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

00:57:28.0045 1376 b06bdrv - ok

00:57:28.0092 1376 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

00:57:28.0104 1376 b57nd60a - ok

00:57:28.0145 1376 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

00:57:28.0155 1376 BDESVC - ok

00:57:28.0164 1376 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

00:57:28.0166 1376 Beep - ok

00:57:28.0251 1376 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

00:57:28.0275 1376 BFE - ok

00:57:28.0357 1376 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

00:57:28.0387 1376 BITS - ok

00:57:28.0455 1376 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

00:57:28.0458 1376 blbdrive - ok

00:57:28.0490 1376 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

00:57:28.0494 1376 bowser - ok

00:57:28.0512 1376 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

00:57:28.0514 1376 BrFiltLo - ok

00:57:28.0523 1376 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

00:57:28.0526 1376 BrFiltUp - ok

00:57:28.0573 1376 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

00:57:28.0576 1376 BridgeMP - ok

00:57:28.0626 1376 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

00:57:28.0635 1376 Browser - ok

00:57:28.0670 1376 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

00:57:28.0680 1376 Brserid - ok

00:57:28.0697 1376 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

00:57:28.0700 1376 BrSerWdm - ok

00:57:28.0713 1376 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

00:57:28.0716 1376 BrUsbMdm - ok

00:57:28.0728 1376 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

00:57:28.0731 1376 BrUsbSer - ok

00:57:28.0757 1376 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys

00:57:28.0760 1376 BTCFilterService - ok

00:57:28.0795 1376 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

00:57:28.0797 1376 BthEnum - ok

00:57:28.0813 1376 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

00:57:28.0815 1376 BTHMODEM - ok

00:57:28.0832 1376 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

00:57:28.0843 1376 BthPan - ok

00:57:28.0899 1376 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys

00:57:28.0921 1376 BTHPORT - ok

00:57:28.0953 1376 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

00:57:28.0956 1376 bthserv - ok

00:57:28.0984 1376 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys

00:57:28.0986 1376 BTHUSB - ok

00:57:29.0017 1376 btusbflt (6e04458e98daf28826482e41a7a62df5) C:\Windows\system32\drivers\btusbflt.sys

00:57:29.0020 1376 btusbflt - ok

00:57:29.0047 1376 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys

00:57:29.0050 1376 btwaudio - ok

00:57:29.0067 1376 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys

00:57:29.0075 1376 btwavdt - ok

00:57:29.0199 1376 btwdins (1e08dc82525282e34ad66ffba0782565) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

00:57:29.0203 1376 btwdins - ok

00:57:29.0212 1376 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys

00:57:29.0214 1376 btwl2cap - ok

00:57:29.0233 1376 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys

00:57:29.0236 1376 btwrchid - ok

00:57:29.0260 1376 c2wts - ok

00:57:29.0267 1376 catchme - ok

00:57:29.0296 1376 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

00:57:29.0299 1376 cdfs - ok

00:57:29.0340 1376 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

00:57:29.0348 1376 cdrom - ok

00:57:29.0399 1376 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

00:57:29.0402 1376 CertPropSvc - ok

00:57:29.0415 1376 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

00:57:29.0418 1376 circlass - ok

00:57:29.0461 1376 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

00:57:29.0482 1376 CLFS - ok

00:57:29.0533 1376 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

00:57:29.0551 1376 clr_optimization_v2.0.50727_32 - ok

00:57:29.0589 1376 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

00:57:29.0591 1376 clr_optimization_v2.0.50727_64 - ok

00:57:29.0671 1376 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

00:57:29.0679 1376 clr_optimization_v4.0.30319_32 - ok

00:57:29.0719 1376 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

00:57:29.0744 1376 clr_optimization_v4.0.30319_64 - ok

00:57:29.0770 1376 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

00:57:29.0772 1376 CmBatt - ok

00:57:29.0797 1376 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

00:57:29.0799 1376 cmdide - ok

00:57:29.0864 1376 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

00:57:29.0880 1376 CNG - ok

00:57:29.0913 1376 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

00:57:29.0914 1376 Compbatt - ok

00:57:29.0948 1376 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

00:57:29.0951 1376 CompositeBus - ok

00:57:29.0963 1376 COMSysApp - ok

00:57:29.0980 1376 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

00:57:29.0983 1376 crcdisk - ok

00:57:30.0087 1376 CrmSqlStartupSvc (806ba965f0e19885c76ad7f47671ca2a) C:\Program Files (x86)\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe

00:57:30.0088 1376 CrmSqlStartupSvc - ok

00:57:30.0138 1376 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

00:57:30.0150 1376 CryptSvc - ok

00:57:30.0215 1376 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

00:57:30.0258 1376 CSC - ok

00:57:30.0327 1376 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll

00:57:30.0349 1376 CscService - ok

00:57:30.0388 1376 dc3d (7f61fbe259c18666d8ddf862f13a5eb0) C:\Windows\system32\DRIVERS\dc3d.sys

00:57:30.0391 1376 dc3d - ok

00:57:30.0461 1376 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

00:57:30.0475 1376 DcomLaunch - ok

00:57:30.0519 1376 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

00:57:30.0529 1376 defragsvc - ok

00:57:30.0566 1376 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

00:57:30.0568 1376 DfsC - ok

00:57:30.0610 1376 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

00:57:30.0624 1376 Dhcp - ok

00:57:30.0647 1376 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

00:57:30.0648 1376 discache - ok

00:57:30.0681 1376 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

00:57:30.0683 1376 Disk - ok

00:57:30.0715 1376 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

00:57:30.0728 1376 Dnscache - ok

00:57:30.0774 1376 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

00:57:30.0783 1376 dot3svc - ok

00:57:30.0823 1376 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

00:57:30.0836 1376 DPS - ok

00:57:30.0858 1376 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

00:57:30.0861 1376 drmkaud - ok

00:57:30.0939 1376 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

00:57:30.0958 1376 DXGKrnl - ok

00:57:30.0993 1376 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

00:57:30.0997 1376 EapHost - ok

00:57:31.0216 1376 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

00:57:31.0272 1376 ebdrv - ok

00:57:31.0374 1376 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe

00:57:31.0377 1376 EFS - ok

00:57:31.0474 1376 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

00:57:31.0514 1376 ehRecvr - ok

00:57:31.0543 1376 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

00:57:31.0552 1376 ehSched - ok

00:57:31.0643 1376 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

00:57:31.0672 1376 elxstor - ok

00:57:31.0694 1376 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

00:57:31.0696 1376 ErrDev - ok

00:57:31.0739 1376 ETD (38b0a3e42de9b36aa56f72a5ecb62331) C:\Windows\system32\DRIVERS\ETD.sys

00:57:31.0746 1376 ETD - ok

00:57:31.0790 1376 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

00:57:31.0806 1376 EventSystem - ok

00:57:31.0833 1376 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

00:57:31.0848 1376 exfat - ok

00:57:31.0877 1376 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

00:57:31.0894 1376 fastfat - ok

00:57:31.0976 1376 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

00:57:31.0993 1376 Fax - ok

00:57:32.0006 1376 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

00:57:32.0008 1376 fdc - ok

00:57:32.0022 1376 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

00:57:32.0024 1376 fdPHost - ok

00:57:32.0037 1376 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

00:57:32.0039 1376 FDResPub - ok

00:57:32.0054 1376 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

00:57:32.0056 1376 FileInfo - ok

00:57:32.0071 1376 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

00:57:32.0074 1376 Filetrace - ok

00:57:32.0173 1376 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

00:57:32.0187 1376 FLEXnet Licensing Service - ok

00:57:32.0206 1376 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

00:57:32.0208 1376 flpydisk - ok

00:57:32.0253 1376 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

00:57:32.0262 1376 FltMgr - ok

00:57:32.0312 1376 FLxHCIc (480e31b064e6f7b4eaab8b00437298b6) C:\Windows\system32\DRIVERS\FLxHCIc.sys

00:57:32.0324 1376 FLxHCIc - ok

00:57:32.0337 1376 FLxHCIh (e9cf4c5a0c31197351f89a1df4522b96) C:\Windows\system32\DRIVERS\FLxHCIh.sys

00:57:32.0340 1376 FLxHCIh - ok

00:57:32.0428 1376 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

00:57:32.0463 1376 FontCache - ok

00:57:32.0533 1376 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

00:57:32.0536 1376 FontCache3.0.0.0 - ok

00:57:32.0553 1376 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

00:57:32.0564 1376 FsDepends - ok

00:57:32.0586 1376 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

00:57:32.0589 1376 Fs_Rec - ok

00:57:32.0631 1376 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

00:57:32.0644 1376 fvevol - ok

00:57:32.0668 1376 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

00:57:32.0671 1376 gagp30kx - ok

00:57:32.0724 1376 ghaio (7d66ebde8b7f9b4e00beefeee82670d4) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys

00:57:32.0729 1376 ghaio - ok

00:57:32.0796 1376 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

00:57:32.0823 1376 gpsvc - ok

00:57:32.0886 1376 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

00:57:32.0887 1376 gupdate - ok

00:57:32.0905 1376 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

00:57:32.0908 1376 hcw85cir - ok

00:57:32.0965 1376 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

00:57:32.0980 1376 HdAudAddService - ok

00:57:33.0015 1376 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

00:57:33.0024 1376 HDAudBus - ok

00:57:33.0047 1376 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

00:57:33.0050 1376 HECIx64 - ok

00:57:33.0066 1376 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

00:57:33.0068 1376 HidBatt - ok

00:57:33.0090 1376 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

00:57:33.0100 1376 HidBth - ok

00:57:33.0123 1376 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

00:57:33.0126 1376 HidIr - ok

00:57:33.0149 1376 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

00:57:33.0153 1376 hidserv - ok

00:57:33.0177 1376 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

00:57:33.0179 1376 HidUsb - ok

00:57:33.0222 1376 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

00:57:33.0225 1376 hkmsvc - ok

00:57:33.0267 1376 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

00:57:33.0281 1376 HomeGroupListener - ok

00:57:33.0307 1376 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

00:57:33.0321 1376 HomeGroupProvider - ok

00:57:33.0336 1376 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

00:57:33.0339 1376 HpSAMD - ok

00:57:33.0410 1376 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

00:57:33.0430 1376 HTTP - ok

00:57:33.0457 1376 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

00:57:33.0458 1376 hwpolicy - ok

00:57:33.0490 1376 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

00:57:33.0493 1376 i8042prt - ok

00:57:33.0550 1376 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys

00:57:33.0552 1376 iaStor - ok

00:57:33.0611 1376 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

00:57:33.0623 1376 iaStorV - ok

00:57:33.0738 1376 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

00:57:33.0758 1376 idsvc - ok

00:57:33.0784 1376 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

00:57:33.0788 1376 iirsp - ok

00:57:33.0870 1376 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

00:57:33.0890 1376 IKEEXT - ok

00:57:34.0070 1376 IntcAzAudAddService (e02a55f45edb35641cb470a2cd56e74e) C:\Windows\system32\drivers\RTKVHD64.sys

00:57:34.0135 1376 IntcAzAudAddService - ok

00:57:34.0260 1376 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

00:57:34.0262 1376 intelide - ok

00:57:34.0286 1376 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

00:57:34.0289 1376 intelppm - ok

00:57:34.0321 1376 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

00:57:34.0332 1376 IPBusEnum - ok

00:57:34.0368 1376 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

00:57:34.0371 1376 IpFilterDriver - ok

00:57:34.0427 1376 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

00:57:34.0449 1376 iphlpsvc - ok

00:57:34.0464 1376 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

00:57:34.0467 1376 IPMIDRV - ok

00:57:34.0498 1376 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

00:57:34.0509 1376 IPNAT - ok

00:57:34.0525 1376 ipswuio - ok

00:57:34.0546 1376 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

00:57:34.0548 1376 IRENUM - ok

00:57:34.0562 1376 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

00:57:34.0566 1376 isapnp - ok

00:57:34.0590 1376 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

00:57:34.0602 1376 iScsiPrt - ok

00:57:34.0629 1376 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

00:57:34.0632 1376 kbdclass - ok

00:57:34.0656 1376 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

00:57:34.0658 1376 kbdhid - ok

00:57:34.0676 1376 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys

00:57:34.0679 1376 kbfiltr - ok

00:57:34.0693 1376 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe

00:57:34.0695 1376 KeyIso - ok

00:57:34.0723 1376 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

00:57:34.0726 1376 KSecDD - ok

00:57:34.0769 1376 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

00:57:34.0777 1376 KSecPkg - ok

00:57:34.0802 1376 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

00:57:34.0805 1376 ksthunk - ok

00:57:34.0841 1376 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

00:57:34.0862 1376 KtmRm - ok

00:57:34.0891 1376 L1C (48686c29856f46443952a831424f8d6f) C:\Windows\system32\DRIVERS\L1C62x64.sys

00:57:34.0901 1376 L1C - ok

00:57:34.0924 1376 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

00:57:34.0936 1376 LanmanServer - ok

00:57:34.0958 1376 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

00:57:34.0968 1376 LanmanWorkstation - ok

00:57:35.0001 1376 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

00:57:35.0004 1376 lltdio - ok

00:57:35.0054 1376 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

00:57:35.0068 1376 lltdsvc - ok

00:57:35.0086 1376 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

00:57:35.0089 1376 lmhosts - ok

00:57:35.0166 1376 LMS (a1c148801b4af64847aeb9f3ad9594ef) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

00:57:35.0184 1376 LMS - ok

00:57:35.0243 1376 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

00:57:35.0252 1376 LSI_FC - ok

00:57:35.0277 1376 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

00:57:35.0287 1376 LSI_SAS - ok

00:57:35.0308 1376 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

00:57:35.0312 1376 LSI_SAS2 - ok

00:57:35.0335 1376 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

00:57:35.0344 1376 LSI_SCSI - ok

00:57:35.0364 1376 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

00:57:35.0367 1376 luafv - ok

00:57:35.0404 1376 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys

00:57:35.0410 1376 MBAMProtector - ok

00:57:35.0503 1376 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

00:57:35.0552 1376 MBAMService - ok

00:57:35.0592 1376 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

00:57:35.0595 1376 Mcx2Svc - ok

00:57:35.0610 1376 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

00:57:35.0613 1376 megasas - ok

00:57:35.0644 1376 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

00:57:35.0654 1376 MegaSR - ok

00:57:35.0698 1376 Microsoft SharePoint Workspace Audit Service - ok

00:57:35.0727 1376 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

00:57:35.0731 1376 MMCSS - ok

00:57:35.0744 1376 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

00:57:35.0746 1376 Modem - ok

00:57:35.0761 1376 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

00:57:35.0762 1376 monitor - ok

00:57:35.0787 1376 motandroidusb (d69f1e9a944a5f46a494af901ed41118) C:\Windows\system32\Drivers\motoandroid.sys

00:57:35.0790 1376 motandroidusb - ok

00:57:35.0809 1376 motccgp (c94a2ea3fdfa5d650884926b710b7db1) C:\Windows\system32\DRIVERS\motccgp.sys

00:57:35.0812 1376 motccgp - ok

00:57:35.0841 1376 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys

00:57:35.0843 1376 motccgpfl - ok

00:57:35.0868 1376 motmodem (060f0ef84f430802df3788f3dcfd009c) C:\Windows\system32\DRIVERS\motmodem.sys

00:57:35.0870 1376 motmodem - ok

00:57:35.0928 1376 MotoHelper (3bbc6c2402242401f791548aaebf3d39) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

00:57:35.0943 1376 MotoHelper - ok

00:57:35.0957 1376 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys

00:57:35.0959 1376 MotoSwitchService - ok

00:57:35.0975 1376 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\Windows\system32\DRIVERS\Motousbnet.sys

00:57:35.0978 1376 Motousbnet - ok

00:57:36.0001 1376 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

00:57:36.0003 1376 mouclass - ok

00:57:36.0012 1376 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

00:57:36.0015 1376 mouhid - ok

00:57:36.0047 1376 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

00:57:36.0050 1376 mountmgr - ok

00:57:36.0084 1376 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

00:57:36.0092 1376 mpio - ok

00:57:36.0107 1376 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

00:57:36.0109 1376 mpsdrv - ok

00:57:36.0179 1376 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

00:57:36.0198 1376 MpsSvc - ok

00:57:36.0239 1376 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

00:57:36.0247 1376 MRxDAV - ok

00:57:36.0273 1376 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

00:57:36.0282 1376 mrxsmb - ok

00:57:36.0335 1376 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

00:57:36.0349 1376 mrxsmb10 - ok

00:57:36.0379 1376 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

00:57:36.0388 1376 mrxsmb20 - ok

00:57:36.0398 1376 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

00:57:36.0400 1376 msahci - ok

00:57:36.0430 1376 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

00:57:36.0439 1376 msdsm - ok

00:57:36.0468 1376 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

00:57:36.0482 1376 MSDTC - ok

00:57:36.0520 1376 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

00:57:36.0521 1376 Msfs - ok

00:57:36.0548 1376 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

00:57:36.0551 1376 mshidkmdf - ok

00:57:36.0563 1376 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

00:57:36.0564 1376 msisadrv - ok

00:57:36.0593 1376 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

00:57:36.0606 1376 MSiSCSI - ok

00:57:36.0609 1376 msiserver - ok

00:57:36.0636 1376 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

00:57:36.0639 1376 MSKSSRV - ok

00:57:36.0820 1376 msoidsvc (b0f062a952da37da2ed5dfe40f57e9e8) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE

00:57:36.0829 1376 msoidsvc - ok

00:57:36.0938 1376 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

00:57:36.0941 1376 MSPCLOCK - ok

00:57:36.0948 1376 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

00:57:36.0950 1376 MSPQM - ok

00:57:36.0995 1376 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

00:57:37.0009 1376 MsRPC - ok

00:57:37.0035 1376 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

00:57:37.0038 1376 mssmbios - ok

00:57:37.0050 1376 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

00:57:37.0053 1376 MSTEE - ok

00:57:37.0064 1376 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

00:57:37.0067 1376 MTConfig - ok

00:57:37.0080 1376 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys

00:57:37.0083 1376 MTsensor - ok

00:57:37.0110 1376 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

00:57:37.0112 1376 Mup - ok

00:57:37.0149 1376 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

00:57:37.0166 1376 napagent - ok

00:57:37.0211 1376 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

00:57:37.0226 1376 NativeWifiP - ok

00:57:37.0309 1376 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

00:57:37.0329 1376 NDIS - ok

00:57:37.0346 1376 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

00:57:37.0349 1376 NdisCap - ok

00:57:37.0370 1376 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

00:57:37.0373 1376 NdisTapi - ok

00:57:37.0411 1376 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

00:57:37.0414 1376 Ndisuio - ok

00:57:37.0447 1376 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

00:57:37.0459 1376 NdisWan - ok

00:57:37.0491 1376 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

00:57:37.0494 1376 NDProxy - ok

00:57:37.0508 1376 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

00:57:37.0510 1376 NetBIOS - ok

00:57:37.0553 1376 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

00:57:37.0563 1376 NetBT - ok

00:57:37.0587 1376 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe

00:57:37.0589 1376 Netlogon - ok

00:57:37.0652 1376 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

00:57:37.0664 1376 Netman - ok

00:57:37.0743 1376 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

00:57:37.0747 1376 NetMsmqActivator - ok

00:57:37.0750 1376 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

00:57:37.0752 1376 NetPipeActivator - ok

00:57:37.0790 1376 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

00:57:37.0817 1376 netprofm - ok

00:57:37.0820 1376 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

00:57:37.0821 1376 NetTcpActivator - ok

00:57:37.0824 1376 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

00:57:37.0826 1376 NetTcpPortSharing - ok

00:57:37.0867 1376 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

00:57:37.0870 1376 nfrd960 - ok

00:57:37.0909 1376 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

00:57:37.0919 1376 NlaSvc - ok

00:57:37.0930 1376 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

00:57:37.0933 1376 Npfs - ok

00:57:37.0940 1376 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

00:57:37.0944 1376 nsi - ok

00:57:37.0953 1376 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

00:57:37.0954 1376 nsiproxy - ok

00:57:38.0068 1376 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

00:57:38.0125 1376 Ntfs - ok

00:57:38.0210 1376 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

00:57:38.0212 1376 Null - ok

00:57:38.0251 1376 NVHDA (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys

00:57:38.0265 1376 NVHDA - ok

00:57:39.0118 1376 nvlddmkm (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys

00:57:39.0294 1376 nvlddmkm - ok

00:57:39.0373 1376 nvpciflt - ok

00:57:39.0401 1376 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

00:57:39.0409 1376 nvraid - ok

00:57:39.0445 1376 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

00:57:39.0458 1376 nvstor - ok

00:57:39.0574 1376 nvsvc (39f933ca2798156b0b7a19d104b73b9a) C:\Windows\system32\nvvsvc.exe

00:57:39.0598 1376 nvsvc - ok

00:57:39.0797 1376 nvUpdatusService (4e5c5d88eb0a8d21824d5a3eb7327e69) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

00:57:39.0807 1376 nvUpdatusService - ok

00:57:39.0982 1376 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

00:57:39.0990 1376 nv_agp - ok

00:57:40.0007 1376 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

00:57:40.0010 1376 ohci1394 - ok

00:57:40.0061 1376 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

00:57:40.0062 1376 ose - ok

00:57:40.0491 1376 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

00:57:40.0567 1376 osppsvc - ok

00:57:40.0668 1376 osubsvc (cb4440b56fd4993b4e8ccdb39baa23e6) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\osa.exe

00:57:40.0671 1376 osubsvc - ok

00:57:40.0781 1376 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

00:57:40.0797 1376 p2pimsvc - ok

00:57:40.0845 1376 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

00:57:40.0864 1376 p2psvc - ok

00:57:40.0905 1376 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

00:57:40.0908 1376 Parport - ok

00:57:40.0944 1376 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

00:57:40.0946 1376 partmgr - ok

00:57:40.0974 1376 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

00:57:40.0988 1376 PcaSvc - ok

00:57:41.0022 1376 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

00:57:41.0033 1376 pci - ok

00:57:41.0045 1376 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

00:57:41.0046 1376 pciide - ok

00:57:41.0079 1376 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

00:57:41.0091 1376 pcmcia - ok

00:57:41.0105 1376 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

00:57:41.0107 1376 pcw - ok

00:57:41.0153 1376 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

00:57:41.0171 1376 PEAUTH - ok

00:57:41.0298 1376 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll

00:57:41.0322 1376 PeerDistSvc - ok

00:57:41.0392 1376 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

00:57:41.0395 1376 PerfHost - ok

00:57:41.0565 1376 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

00:57:41.0590 1376 pla - ok

00:57:41.0655 1376 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

00:57:41.0683 1376 PlugPlay - ok

00:57:41.0705 1376 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

00:57:41.0708 1376 PNRPAutoReg - ok

00:57:41.0738 1376 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

00:57:41.0740 1376 PNRPsvc - ok

00:57:41.0787 1376 Point64 (b23f79e41e30ed500586151a9ef27d8f) C:\Windows\system32\DRIVERS\point64.sys

00:57:41.0790 1376 Point64 - ok

00:57:41.0844 1376 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

00:57:41.0875 1376 PolicyAgent - ok

00:57:41.0911 1376 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

00:57:41.0925 1376 Power - ok

00:57:41.0956 1376 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

00:57:41.0959 1376 PptpMiniport - ok

00:57:41.0979 1376 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

00:57:41.0982 1376 Processor - ok

00:57:42.0025 1376 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

00:57:42.0038 1376 ProfSvc - ok

00:57:42.0059 1376 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe

00:57:42.0060 1376 ProtectedStorage - ok

00:57:42.0101 1376 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

00:57:42.0104 1376 Psched - ok

00:57:42.0215 1376 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

00:57:42.0260 1376 ql2300 - ok

00:57:42.0394 1376 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

00:57:42.0403 1376 ql40xx - ok

00:57:42.0447 1376 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

00:57:42.0458 1376 QWAVE - ok

00:57:42.0472 1376 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

00:57:42.0475 1376 QWAVEdrv - ok

00:57:42.0485 1376 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

00:57:42.0488 1376 RasAcd - ok

00:57:42.0510 1376 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

00:57:42.0513 1376 RasAgileVpn - ok

00:57:42.0529 1376 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

00:57:42.0539 1376 RasAuto - ok

00:57:42.0575 1376 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

00:57:42.0584 1376 Rasl2tp - ok

00:57:42.0639 1376 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

00:57:42.0653 1376 RasMan - ok

00:57:42.0668 1376 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

00:57:42.0670 1376 RasPppoe - ok

00:57:42.0690 1376 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

00:57:42.0692 1376 RasSstp - ok

00:57:42.0721 1376 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

00:57:42.0735 1376 rdbss - ok

00:57:42.0752 1376 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

00:57:42.0754 1376 rdpbus - ok

00:57:42.0771 1376 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

00:57:42.0772 1376 RDPCDD - ok

00:57:42.0817 1376 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

00:57:42.0825 1376 RDPDR - ok

00:57:42.0839 1376 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

00:57:42.0840 1376 RDPENCDD - ok

00:57:42.0851 1376 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

00:57:42.0852 1376 RDPREFMP - ok

00:57:42.0882 1376 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

00:57:42.0894 1376 RDPWD - ok

00:57:42.0940 1376 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

00:57:42.0952 1376 rdyboost - ok

00:57:42.0992 1376 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

00:57:42.0995 1376 RemoteAccess - ok

00:57:43.0035 1376 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

00:57:43.0049 1376 RemoteRegistry - ok

00:57:43.0084 1376 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

00:57:43.0092 1376 RFCOMM - ok

00:57:43.0114 1376 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

00:57:43.0117 1376 RpcEptMapper - ok

00:57:43.0128 1376 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

00:57:43.0131 1376 RpcLocator - ok

00:57:43.0182 1376 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

00:57:43.0185 1376 RpcSs - ok

00:57:43.0200 1376 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

00:57:43.0203 1376 rspndr - ok

00:57:43.0214 1376 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe

00:57:43.0215 1376 SamSs - ok

00:57:43.0243 1376 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

00:57:43.0246 1376 sbp2port - ok

00:57:43.0386 1376 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

00:57:43.0392 1376 SBSDWSCService - ok

00:57:43.0414 1376 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

00:57:43.0429 1376 SCardSvr - ok

00:57:43.0478 1376 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

00:57:43.0481 1376 scfilter - ok

00:57:43.0566 1376 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

00:57:43.0593 1376 Schedule - ok

00:57:43.0631 1376 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

00:57:43.0632 1376 SCPolicySvc - ok

00:57:43.0654 1376 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

00:57:43.0668 1376 SDRSVC - ok

00:57:43.0714 1376 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

00:57:43.0716 1376 secdrv - ok

00:57:43.0728 1376 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

00:57:43.0731 1376 seclogon - ok

00:57:43.0764 1376 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

00:57:43.0767 1376 SENS - ok

00:57:43.0785 1376 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

00:57:43.0789 1376 SensrSvc - ok

00:57:43.0811 1376 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

00:57:43.0814 1376 Serenum - ok

00:57:43.0841 1376 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

00:57:43.0843 1376 Serial - ok

00:57:43.0861 1376 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

00:57:43.0863 1376 sermouse - ok

00:57:43.0908 1376 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

00:57:43.0917 1376 SessionEnv - ok

00:57:43.0931 1376 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

00:57:43.0934 1376 sffdisk - ok

00:57:43.0947 1376 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

00:57:43.0949 1376 sffp_mmc - ok

00:57:43.0953 1376 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

00:57:43.0955 1376 sffp_sd - ok

00:57:43.0962 1376 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

00:57:43.0965 1376 sfloppy - ok

00:57:44.0023 1376 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

00:57:44.0038 1376 SharedAccess - ok

00:57:44.0095 1376 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

00:57:44.0107 1376 ShellHWDetection - ok

00:57:44.0134 1376 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys

00:57:44.0136 1376 SiSGbeLH - ok

00:57:44.0151 1376 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

00:57:44.0154 1376 SiSRaid2 - ok

00:57:44.0171 1376 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

00:57:44.0174 1376 SiSRaid4 - ok

00:57:44.0195 1376 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

00:57:44.0198 1376 Smb - ok

00:57:44.0226 1376 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

00:57:44.0231 1376 SNMPTRAP - ok

00:57:44.0374 1376 SNP2UVC (2114518e55b380a3acc28b2c27fd499a) C:\Windows\system32\DRIVERS\snp2uvc.sys

00:57:44.0423 1376 SNP2UVC - ok

00:57:44.0528 1376 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

00:57:44.0529 1376 spldr - ok

00:57:44.0594 1376 spmgr (739db668dbd812285ecc553e64a5e212) C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

00:57:44.0604 1376 spmgr - ok

00:57:44.0669 1376 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

00:57:44.0673 1376 Spooler - ok

00:57:44.0946 1376 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

00:57:44.0963 1376 sppsvc - ok

00:57:45.0044 1376 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

00:57:45.0048 1376 sppuinotify - ok

00:57:45.0105 1376 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

00:57:45.0120 1376 srv - ok

00:57:45.0162 1376 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

00:57:45.0175 1376 srv2 - ok

00:57:45.0200 1376 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

00:57:45.0211 1376 srvnet - ok

00:57:45.0254 1376 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

00:57:45.0266 1376 SSDPSRV - ok

00:57:45.0284 1376 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

00:57:45.0288 1376 SstpSvc - ok

00:57:45.0377 1376 Stereo Service (9bf7e58d9113ce15cf4f1e1b18ceff83) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

00:57:45.0380 1376 Stereo Service - ok

00:57:45.0404 1376 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

00:57:45.0407 1376 stexstor - ok

00:57:45.0470 1376 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

00:57:45.0489 1376 stisvc - ok

00:57:45.0524 1376 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll

00:57:45.0527 1376 StorSvc - ok

00:57:45.0550 1376 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

00:57:45.0552 1376 swenum - ok

00:57:45.0600 1376 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

00:57:45.0615 1376 swprv - ok

00:57:45.0746 1376 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

00:57:45.0776 1376 SysMain - ok

00:57:45.0877 1376 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

00:57:45.0887 1376 TabletInputService - ok

00:57:45.0915 1376 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

00:57:45.0931 1376 TapiSrv - ok

00:57:45.0947 1376 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

00:57:45.0951 1376 TBS - ok

00:57:46.0106 1376 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

00:57:46.0140 1376 Tcpip - ok

00:57:46.0342 1376 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

00:57:46.0351 1376 TCPIP6 - ok

00:57:46.0448 1376 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

00:57:46.0451 1376 tcpipreg - ok

00:57:46.0490 1376 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

00:57:46.0492 1376 TDPIPE - ok

00:57:46.0508 1376 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

00:57:46.0511 1376 TDTCP - ok

00:57:46.0559 1376 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

00:57:46.0567 1376 tdx - ok

00:57:46.0591 1376 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

00:57:46.0594 1376 TermDD - ok

00:57:46.0658 1376 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

00:57:46.0677 1376 TermService - ok

00:57:46.0704 1376 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

00:57:46.0707 1376 Themes - ok

00:57:46.0733 1376 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

00:57:46.0735 1376 THREADORDER - ok

00:57:46.0762 1376 tmactmon (ba4030f56aacecd0e6d413565b4aed75) C:\Windows\system32\DRIVERS\tmactmon.sys

00:57:46.0765 1376 tmactmon - ok

00:57:46.0794 1376 tmcomm (ed866799ca62626341632da9edecfd04) C:\Windows\system32\DRIVERS\tmcomm.sys

00:57:46.0807 1376 tmcomm - ok

00:57:46.0835 1376 tmevtmgr (84fb4b5c8dcd78163c440431fef3e096) C:\Windows\system32\DRIVERS\tmevtmgr.sys

00:57:46.0838 1376 tmevtmgr - ok

00:57:46.0967 1376 TmListen (14aad1604c9386899485758c05a1757e) C:\Program Files\Trend Micro\Security Agent\tmlisten.exe

00:57:46.0971 1376 TmListen - ok

00:57:47.0049 1376 tmtdi (77b9bebb0769f45ef770297196ef3506) C:\Windows\system32\DRIVERS\tmtdi.sys

00:57:47.0052 1376 tmtdi - ok

00:57:47.0082 1376 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

00:57:47.0091 1376 TrkWks - ok

00:57:47.0148 1376 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

00:57:47.0150 1376 TrustedInstaller - ok

00:57:47.0182 1376 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

00:57:47.0183 1376 tssecsrv - ok

00:57:47.0217 1376 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

00:57:47.0220 1376 TsUsbFlt - ok

00:57:47.0263 1376 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

00:57:47.0266 1376 tunnel - ok

00:57:47.0286 1376 TurboB (b355581a9da34c92e2dbafa410d2f829) C:\Windows\system32\DRIVERS\TurboB.sys

00:57:47.0293 1376 TurboB - ok

00:57:47.0332 1376 TurboBoost (6564e84b1522c12ea1c3a181ed03276f) C:\Program Files\Intel\TurboBoost\TurboBoost.exe

00:57:47.0348 1376 TurboBoost - ok

00:57:47.0369 1376 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

00:57:47.0372 1376 uagp35 - ok

00:57:47.0420 1376 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

00:57:47.0437 1376 udfs - ok

00:57:47.0464 1376 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

00:57:47.0467 1376 UI0Detect - ok

00:57:47.0506 1376 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

00:57:47.0509 1376 uliagpkx - ok

00:57:47.0543 1376 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

00:57:47.0546 1376 umbus - ok

00:57:47.0568 1376 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

00:57:47.0571 1376 UmPass - ok

00:57:47.0628 1376 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll

00:57:47.0639 1376 UmRdpService - ok

00:57:47.0836 1376 UNS (41118d920b2b268c0adc36421248cdcf) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

00:57:47.0863 1376 UNS - ok

00:57:47.0991 1376 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

00:57:48.0005 1376 upnphost - ok

00:57:48.0069 1376 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

00:57:48.0072 1376 usbaudio - ok

00:57:48.0103 1376 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

00:57:48.0114 1376 usbccgp - ok

00:57:48.0154 1376 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

00:57:48.0157 1376 usbcir - ok

00:57:48.0177 1376 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

00:57:48.0180 1376 usbehci - ok

00:57:48.0219 1376 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

00:57:48.0234 1376 usbhub - ok

00:57:48.0260 1376 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

00:57:48.0263 1376 usbohci - ok

00:57:48.0285 1376 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

00:57:48.0288 1376 usbprint - ok

00:57:48.0311 1376 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

00:57:48.0320 1376 USBSTOR - ok

00:57:48.0346 1376 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

00:57:48.0348 1376 usbuhci - ok

00:57:48.0392 1376 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

00:57:48.0404 1376 usbvideo - ok

00:57:48.0429 1376 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

00:57:48.0433 1376 UxSms - ok

00:57:48.0453 1376 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe

00:57:48.0454 1376 VaultSvc - ok

00:57:48.0486 1376 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

00:57:48.0489 1376 vdrvroot - ok

00:57:48.0551 1376 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

00:57:48.0581 1376 vds - ok

00:57:48.0598 1376 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

00:57:48.0600 1376 vga - ok

00:57:48.0618 1376 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

00:57:48.0620 1376 VgaSave - ok

00:57:48.0645 1376 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

00:57:48.0648 1376 vhdmp - ok

00:57:48.0660 1376 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

00:57:48.0662 1376 viaide - ok

00:57:48.0709 1376 VideAceWindowsService (0adf410187b71c9b855721c8d59cec7a) C:\ExpressGateUtil\VAWinService.exe

00:57:48.0723 1376 VideAceWindowsService - ok

00:57:48.0752 1376 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

00:57:48.0754 1376 volmgr - ok

00:57:48.0804 1376 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

00:57:48.0818 1376 volmgrx - ok

00:57:48.0848 1376 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

00:57:48.0863 1376 volsnap - ok

00:57:48.0894 1376 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

00:57:48.0903 1376 vsmraid - ok

00:57:49.0023 1376 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

00:57:49.0056 1376 VSS - ok

00:57:49.0176 1376 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

00:57:49.0179 1376 vwifibus - ok

00:57:49.0194 1376 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

00:57:49.0196 1376 vwififlt - ok

00:57:49.0220 1376 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

00:57:49.0222 1376 vwifimp - ok

00:57:49.0273 1376 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

00:57:49.0286 1376 W32Time - ok

00:57:49.0301 1376 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

00:57:49.0303 1376 WacomPen - ok

00:57:49.0349 1376 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

00:57:49.0352 1376 WANARP - ok

00:57:49.0361 1376 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

00:57:49.0362 1376 Wanarpv6 - ok

00:57:49.0487 1376 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

00:57:49.0510 1376 WatAdminSvc - ok

00:57:49.0633 1376 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

00:57:49.0664 1376 wbengine - ok

00:57:49.0769 1376 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

00:57:49.0784 1376 WbioSrvc - ok

00:57:49.0829 1376 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

00:57:49.0843 1376 wcncsvc - ok

00:57:49.0858 1376 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

00:57:49.0870 1376 WcsPlugInService - ok

00:57:49.0901 1376 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

00:57:49.0903 1376 Wd - ok

00:57:49.0953 1376 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

00:57:49.0971 1376 Wdf01000 - ok

00:57:49.0984 1376 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

00:57:49.0988 1376 WdiServiceHost - ok

00:57:49.0991 1376 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

00:57:49.0993 1376 WdiSystemHost - ok

00:57:50.0037 1376 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

00:57:50.0052 1376 WebClient - ok

00:57:50.0078 1376 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

00:57:50.0091 1376 Wecsvc - ok

00:57:50.0104 1376 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

00:57:50.0108 1376 wercplsupport - ok

00:57:50.0129 1376 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

00:57:50.0134 1376 WerSvc - ok

00:57:50.0165 1376 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

00:57:50.0168 1376 WfpLwf - ok

00:57:50.0205 1376 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys

00:57:50.0219 1376 WimFltr - ok

00:57:50.0236 1376 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

00:57:50.0238 1376 WIMMount - ok

00:57:50.0299 1376 WinDefend - ok

00:57:50.0304 1376 WinHttpAutoProxySvc - ok

00:57:50.0372 1376 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

00:57:50.0383 1376 Winmgmt - ok

00:57:50.0525 1376 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

00:57:50.0580 1376 WinRM - ok

00:57:50.0701 1376 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

00:57:50.0704 1376 WinUsb - ok

00:57:50.0782 1376 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

00:57:50.0804 1376 Wlansvc - ok

00:57:50.0987 1376 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

00:57:50.0997 1376 wlidsvc - ok

00:57:51.0085 1376 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

00:57:51.0088 1376 WmiAcpi - ok

00:57:51.0153 1376 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

00:57:51.0166 1376 wmiApSrv - ok

00:57:51.0212 1376 WMPNetworkSvc - ok

00:57:51.0229 1376 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

00:57:51.0232 1376 WPCSvc - ok

00:57:51.0271 1376 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

00:57:51.0280 1376 WPDBusEnum - ok

00:57:51.0294 1376 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

00:57:51.0295 1376 ws2ifsl - ok

00:57:51.0323 1376 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

00:57:51.0328 1376 wscsvc - ok

00:57:51.0330 1376 WSearch - ok

00:57:51.0506 1376 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

00:57:51.0549 1376 wuauserv - ok

00:57:51.0675 1376 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

00:57:51.0684 1376 WudfPf - ok

00:57:51.0719 1376 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

00:57:51.0731 1376 WUDFRd - ok

00:57:51.0771 1376 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

00:57:51.0781 1376 wudfsvc - ok

00:57:51.0808 1376 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

00:57:51.0822 1376 WwanSvc - ok

00:57:51.0868 1376 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

00:57:52.0308 1376 \Device\Harddisk0\DR0 - ok

00:57:52.0311 1376 Boot (0x1200) (421deaba3a15f407afda0645f46ecf3c) \Device\Harddisk0\DR0\Partition0

00:57:52.0313 1376 \Device\Harddisk0\DR0\Partition0 - ok

00:57:52.0359 1376 Boot (0x1200) (7d0f7ab5c5feaa887cee1e8ad37a9af7) \Device\Harddisk0\DR0\Partition1

00:57:52.0362 1376 \Device\Harddisk0\DR0\Partition1 - ok

00:57:52.0362 1376 ============================================================

00:57:52.0363 1376 Scan finished

00:57:52.0363 1376 ============================================================

00:57:52.0372 7988 Detected object count: 0

00:57:52.0372 7988 Actual detected object count: 0

MBAM:

Malwarebytes Anti-Malware (PRO) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.09.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

mhandy :: MARCUS-WORK [administrator]

Protection: Enabled

8/9/2012 1:01:58 AM

mbam-log-2012-08-09 (01-01-58).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 398505

Time elapsed: 53 minute(s), 31 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

How is the computer running now? Please do this next:

icon11.gif Go to thisLINK to run an online scannner from ESET.

  • Note: For browsers other than Internet Explorer, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If you are using Internet Explorer, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.

Please include the following in your next post:

  • How is the computer running now?
  • ESET log

Link to post
Share on other sites

thank you. it's about the same, though i have noticed a drop in MBAM blocking IPs, so i guess something was removed?? i've also always had an issue with my wifi disabling everytime i close my laptop down, and that i would have to troubleshoot it to enable it every time. however, it looks as if that was fixed. not sure what that was? did you see anything out of the ordinary in any of the logs? thank you a lot for your help. is it customary to donate after receiving help? if so, what do people generally donate? thanks.

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=327c229505f8614bba9f7cddbc1001db

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-08-10 07:36:10

# local_time=2012-08-10 02:36:10 (-0600, Central Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 10627887 10627887 0 0

# compatibility_mode=5893 16776573 100 94 111500 96123781 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=158154

# found=3

# cleaned=0

# scan_time=3847

C:\Users\marcus\Downloads\Soup or Root 2.05 Extreme rev.1.exe Android/Exploit.RageCage.A trojan (unable to clean) 00000000000000000000000000000000 I

C:\Users\mhandy\Downloads\freeripmp3-setup.exe multiple threats (unable to clean) 00000000000000000000000000000000 I

C:\Users\mhandy\Downloads\UVRT-v1.9.1.0-Installer.exe a variant of MSIL/Packed.CryptoObfuscator.C application (unable to clean) 00000000000000000000000000000000 I

Link to post
Share on other sites

HI,

This will clean up those ESET detections:

icon11.gif Open notepad and copy/paste the text in the box below into it:

@echo off
del "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5_0001_N56M0311NetInstaller.exe"
del "C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWFX5_0001_N56M0311NetInstaller.exe"
del /Q %0

Save this as fix.bat Choose to "Save type as - All Files"

It should look like this: vista_bat_icon.png

Right click on fix.bat and select "Run as administrator" to allow it to run.

Other than those your logs look good. ComboFix did remove some rogue files, but nothing terribly serious. I suspect that your wireless problem may have been caused either by the malware or possibly by running more than one anti-virus application. Donations are appreciated, but not expected or required and are entirely at your discretion.

All I have left for you is another update and some very important cleanup:

icon11.gif Your Adobe reader needs to be updated. Please visit Adobe's site and grab the newest version. Be sure to watch for and uncheck any boxes offering to install other software.

icon11.gif Uninstall ComboFix

  • Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall

Combofix_uninstall_image.jpg

icon11.gif Delete the following tools along with any other logs you saved from our work:

  • DDS
  • aswMBR

icon11.gif Download TFC to your desktop

  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean

icon11.gif Finally, I'd like to make a couple of suggestions to help you stay clean in the future:

  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated. Scan with them at least weekly.
  • Avoid using P2P programs. Refer back to my earlier post for more information.
  • Please read this post for some helpful information.

Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.