Windows 64, All Anti-Malware Programs Freeze

boofasten · September 13, 2012

Hello to anyone who can help. I'm running Windows 7 64-bit and I'm pretty sure I got a nasty virus earlier today. Must have come through a pass-through because I haven't downloaded anything. I tried to do a system restore back a week and it didn't do anything. I went through each of the Chameleon steps and each one froze while trying to kill any malware processes. I let it run for 30+ minutes and it must have been stuck in a loop. No antivirus program is able to update or complete, and Malwarebytes freezes each time. I saw this (http://forums.malwarebytes.org/index.php?showtopic=115466) topic and I'm in a similar position so I followed the steps in the first post. I will post the results next.

Thank you for your assistance.

boofasten · September 13, 2012

Run date: 2012-09-13 02:40:21

-----------------------------

02:40:21.597 OS Version: Windows x64 6.1.7601 Service Pack 1

02:40:21.597 Number of processors: 4 586 0x100

02:40:21.597 ComputerName: JEFF-LAPTOP UserName: Jeff

02:40:24.093 Initialize success

02:40:31.271 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000063

02:40:31.271 Disk 0 Vendor: TOSHIBA_ GS00 Size: 610480MB BusType: 11

02:40:31.364 Disk 0 MBR read successfully

02:40:31.364 Disk 0 MBR scan

02:40:31.364 Disk 0 Windows 7 default MBR code

02:40:31.380 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048

02:40:31.380 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 595169 MB offset 409600

02:40:31.411 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15007 MB offset 1219315712

02:40:31.427 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 1250050048

02:40:31.474 Disk 0 scanning C:\Windows\system32\drivers

02:40:38.993 Service scanning

02:41:06.293 Modules scanning

02:41:06.293 Scan finished successfully

02:41:14.514 Disk 0 MBR has been saved successfully to "C:\Users\Jeff\Desktop\MBR.dat"

02:41:14.530 The log file has been saved successfully to "C:\Users\Jeff\Desktop\aswMBR.txt"

RogueKiller V8.0.2 [08/31/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Jeff [Admin rights]

Mode : Scan -- Date : 09/13/2012 02:42:46

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK6476GSX SATA Disk Device +++++

--- User ---

[MBR] c8cdb432569e4d3932b3a3032fbd8a53

[bSP] df2c1c2e7bbff6bdec1ef9d26964e6b2 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 595169 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1219315712 | Size: 15007 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1250050048 | Size: 103 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] c6a45de37da3e0338231e05937094ca6

[bSP] df2c1c2e7bbff6bdec1ef9d26964e6b2 : Windows 7 MBR Code

boofasten · September 13, 2012

02:55:06.0329 4600 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48

02:55:07.0530 4600 ============================================================

02:55:07.0530 4600 Current date / time: 2012/09/13 02:55:07.0530

02:55:07.0530 4600 SystemInfo:

02:55:07.0530 4600

02:55:07.0530 4600 OS Version: 6.1.7601 ServicePack: 1.0

02:55:07.0530 4600 Product type: Workstation

02:55:07.0546 4600 ComputerName: JEFF-LAPTOP

02:55:07.0546 4600 UserName: Jeff

02:55:07.0546 4600 Windows directory: C:\Windows

02:55:07.0546 4600 System windows directory: C:\Windows

02:55:07.0546 4600 Running under WOW64

02:55:07.0546 4600 Processor architecture: Intel x64

02:55:07.0546 4600 Number of processors: 4

02:55:07.0546 4600 Page size: 0x1000

02:55:07.0546 4600 Boot type: Normal boot

02:55:07.0546 4600 ============================================================

02:55:10.0089 4600 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

02:55:10.0167 4600 ============================================================

02:55:10.0167 4600 \Device\Harddisk0\DR0:

02:55:10.0167 4600 MBR partitions:

02:55:10.0167 4600 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

02:55:10.0167 4600 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x48A70800

02:55:10.0167 4600 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x48AD4800, BlocksNum 0x1D4F800

02:55:10.0167 4600 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0

02:55:10.0167 4600 ============================================================

02:55:10.0198 4600 C: <-> \Device\Harddisk0\DR0\Partition2

02:55:10.0229 4600 D: <-> \Device\Harddisk0\DR0\Partition3

02:55:10.0245 4600 F: <-> \Device\Harddisk0\DR0\Partition4

02:55:10.0245 4600 ============================================================

02:55:10.0245 4600 Initialize success

02:55:10.0245 4600 ============================================================

02:55:11.0555 2712 ============================================================

02:55:11.0555 2712 Scan started

02:55:11.0555 2712 Mode: Manual;

02:55:11.0555 2712 ============================================================

02:55:13.0692 2712 ================ Scan system memory ========================

02:55:13.0692 2712 System memory - ok

02:55:13.0692 2712 ================ Scan services =============================

02:55:13.0973 2712 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

02:55:13.0973 2712 1394ohci - ok

02:55:14.0020 2712 51461388 - ok

02:55:14.0082 2712 [ 7A330A42870EB1FA81F88BE514D2D566 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys

02:55:14.0082 2712 Accelerometer - ok

02:55:14.0145 2712 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

02:55:14.0145 2712 ACPI - ok

02:55:14.0207 2712 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

02:55:14.0207 2712 AcpiPmi - ok

02:55:14.0348 2712 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

02:55:14.0348 2712 AdobeARMservice - ok

02:55:14.0566 2712 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

02:55:14.0582 2712 AdobeFlashPlayerUpdateSvc - ok

02:55:14.0644 2712 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

02:55:14.0660 2712 adp94xx - ok

02:55:14.0722 2712 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

02:55:14.0738 2712 adpahci - ok

02:55:14.0769 2712 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

02:55:14.0769 2712 adpu320 - ok

02:55:14.0816 2712 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

02:55:14.0831 2712 AeLookupSvc - ok

02:55:14.0940 2712 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe

02:55:14.0940 2712 AESTFilters - ok

02:55:15.0003 2712 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

02:55:15.0018 2712 AFD - ok

02:55:15.0081 2712 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

02:55:15.0081 2712 agp440 - ok

02:55:15.0112 2712 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

02:55:15.0112 2712 ALG - ok

02:55:15.0174 2712 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

02:55:15.0174 2712 aliide - ok

02:55:15.0237 2712 [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

02:55:15.0252 2712 AMD External Events Utility - ok

02:55:15.0299 2712 AMD FUEL Service - ok

02:55:15.0346 2712 [ 30BFEEE0DFFD5BD79D29157CF080DEED ] amdhub30 C:\Windows\system32\DRIVERS\amdhub30.sys

02:55:15.0346 2712 amdhub30 - ok

02:55:15.0408 2712 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

02:55:15.0408 2712 amdide - ok

02:55:15.0424 2712 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys

02:55:15.0424 2712 amdiox64 - ok

02:55:15.0471 2712 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

02:55:15.0471 2712 AmdK8 - ok

02:55:15.0861 2712 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

02:55:16.0157 2712 amdkmdag - ok

02:55:16.0235 2712 [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

02:55:16.0235 2712 amdkmdap - ok

02:55:16.0298 2712 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

02:55:16.0298 2712 AmdPPM - ok

02:55:16.0344 2712 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

02:55:16.0344 2712 amdsata - ok

02:55:16.0407 2712 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

02:55:16.0407 2712 amdsbs - ok

02:55:16.0422 2712 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

02:55:16.0422 2712 amdxata - ok

02:55:16.0485 2712 [ 321533578132C811EC834A1B741C994C ] amdxhc C:\Windows\system32\DRIVERS\amdxhc.sys

02:55:16.0485 2712 amdxhc - ok

02:55:16.0516 2712 [ 2FBB00A7616106B95104574C6CD640C2 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys

02:55:16.0516 2712 amd_sata - ok

02:55:16.0532 2712 [ 87D0D7645CB0D53220649BD5FE15D93E ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys

02:55:16.0532 2712 amd_xata - ok

02:55:16.0594 2712 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys

02:55:16.0594 2712 AODDriver4.1 - ok

02:55:16.0656 2712 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

02:55:16.0672 2712 AppID - ok

02:55:16.0688 2712 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

02:55:16.0688 2712 AppIDSvc - ok

02:55:16.0703 2712 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

02:55:16.0719 2712 Appinfo - ok

02:55:16.0797 2712 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

02:55:16.0797 2712 Apple Mobile Device - ok

02:55:16.0859 2712 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys

02:55:16.0859 2712 arc - ok

02:55:16.0890 2712 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys

02:55:16.0890 2712 arcsas - ok

02:55:17.0000 2712 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

02:55:17.0031 2712 aspnet_state - ok

02:55:17.0093 2712 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

02:55:17.0093 2712 AsyncMac - ok

02:55:17.0140 2712 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

02:55:17.0140 2712 atapi - ok

02:55:17.0202 2712 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys

02:55:17.0202 2712 AtiHDAudioService - ok

02:55:17.0280 2712 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

02:55:17.0296 2712 AudioEndpointBuilder - ok

02:55:17.0312 2712 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

02:55:17.0327 2712 AudioSrv - ok

02:55:17.0390 2712 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

02:55:17.0390 2712 AxInstSV - ok

02:55:17.0452 2712 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

02:55:17.0468 2712 b06bdrv - ok

02:55:17.0530 2712 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

02:55:17.0530 2712 b57nd60a - ok

02:55:17.0702 2712 [ 0E7A9264576B40638A3FBC804DE1FF76 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys

02:55:17.0748 2712 BCM43XX - ok

02:55:17.0764 2712 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

02:55:17.0780 2712 BDESVC - ok

02:55:17.0826 2712 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

02:55:17.0826 2712 Beep - ok

02:55:17.0889 2712 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

02:55:17.0904 2712 BFE - ok

02:55:17.0951 2712 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

02:55:17.0982 2712 BITS - ok

02:55:18.0029 2712 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys

02:55:18.0029 2712 blbdrive - ok

02:55:18.0092 2712 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

02:55:18.0107 2712 Bonjour Service - ok

02:55:18.0154 2712 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

02:55:18.0154 2712 bowser - ok

02:55:18.0216 2712 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

02:55:18.0216 2712 BrFiltLo - ok

02:55:18.0232 2712 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

02:55:18.0232 2712 BrFiltUp - ok

02:55:18.0279 2712 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

02:55:18.0279 2712 Browser - ok

02:55:18.0341 2712 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

02:55:18.0357 2712 Brserid - ok

02:55:18.0372 2712 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

02:55:18.0388 2712 BrSerWdm - ok

02:55:18.0419 2712 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

02:55:18.0419 2712 BrUsbMdm - ok

02:55:18.0435 2712 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

02:55:18.0435 2712 BrUsbSer - ok

02:55:18.0497 2712 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys

02:55:18.0497 2712 BthEnum - ok

02:55:18.0544 2712 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

02:55:18.0544 2712 BTHMODEM - ok

02:55:18.0606 2712 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

02:55:18.0606 2712 BthPan - ok

02:55:18.0638 2712 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys

02:55:18.0653 2712 BTHPORT - ok

02:55:18.0700 2712 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

02:55:18.0700 2712 bthserv - ok

02:55:18.0731 2712 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys

02:55:18.0731 2712 BTHUSB - ok

02:55:18.0778 2712 [ 7A2CE8C1BF4DAA1F2766E21E9CA11078 ] btwampfl C:\Windows\system32\drivers\btwampfl.sys

02:55:18.0778 2712 btwampfl - ok

02:55:18.0856 2712 [ A75BF6802A967F5AACECC3C67FEBDF55 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys

02:55:18.0856 2712 btwaudio - ok

02:55:18.0903 2712 [ D895DC213EDBDA5FCC53AAD1F1E0E63B ] btwavdt C:\Windows\system32\drivers\btwavdt.sys

02:55:18.0918 2712 btwavdt - ok

02:55:18.0996 2712 [ 692F8648D7686D91E34A65AC698019D8 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

02:55:19.0028 2712 btwdins - ok

02:55:19.0043 2712 [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys

02:55:19.0059 2712 btwl2cap - ok

02:55:19.0106 2712 [ 6D7AA2BDE0135599C5F230D69DB3B420 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys

02:55:19.0106 2712 btwrchid - ok

02:55:19.0137 2712 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

02:55:19.0137 2712 cdfs - ok

02:55:19.0215 2712 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

02:55:19.0215 2712 cdrom - ok

02:55:19.0277 2712 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

02:55:19.0277 2712 CertPropSvc - ok

02:55:19.0355 2712 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

02:55:19.0355 2712 circlass - ok

02:55:19.0371 2712 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

02:55:19.0371 2712 CLFS - ok

02:55:19.0464 2712 [ 524DC3807CB1746225F9D26ADD19C319 ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe

02:55:19.0480 2712 CLKMSVC10_38F51D56 - ok

02:55:19.0542 2712 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

02:55:19.0558 2712 clr_optimization_v2.0.50727_32 - ok

02:55:19.0605 2712 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

02:55:19.0605 2712 clr_optimization_v2.0.50727_64 - ok

02:55:19.0698 2712 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

02:55:19.0870 2712 clr_optimization_v4.0.30319_32 - ok

02:55:19.0886 2712 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

02:55:19.0917 2712 clr_optimization_v4.0.30319_64 - ok

02:55:19.0979 2712 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys

02:55:19.0979 2712 clwvd - ok

02:55:20.0026 2712 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys

02:55:20.0042 2712 CmBatt - ok

02:55:20.0073 2712 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

02:55:20.0073 2712 cmdide - ok

02:55:20.0104 2712 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

02:55:20.0120 2712 CNG - ok

02:55:20.0182 2712 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

02:55:20.0182 2712 Compbatt - ok

02:55:20.0244 2712 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

02:55:20.0244 2712 CompositeBus - ok

02:55:20.0260 2712 COMSysApp - ok

02:55:20.0307 2712 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

02:55:20.0307 2712 crcdisk - ok

02:55:20.0369 2712 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll

02:55:20.0385 2712 CryptSvc - ok

02:55:20.0432 2712 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

02:55:20.0432 2712 DcomLaunch - ok

02:55:20.0478 2712 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

02:55:20.0478 2712 defragsvc - ok

02:55:20.0541 2712 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

02:55:20.0541 2712 DfsC - ok

02:55:20.0588 2712 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

02:55:20.0588 2712 Dhcp - ok

02:55:20.0603 2712 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

02:55:20.0603 2712 discache - ok

02:55:20.0666 2712 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys

02:55:20.0666 2712 Disk - ok

02:55:20.0712 2712 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

02:55:20.0712 2712 Dnscache - ok

02:55:20.0759 2712 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

02:55:20.0759 2712 dot3svc - ok

02:55:20.0790 2712 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

02:55:20.0790 2712 DPS - ok

02:55:20.0837 2712 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

02:55:20.0837 2712 drmkaud - ok

02:55:20.0884 2712 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

02:55:20.0900 2712 DXGKrnl - ok

02:55:20.0962 2712 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

02:55:20.0962 2712 EapHost - ok

02:55:21.0071 2712 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys

02:55:21.0134 2712 ebdrv - ok

02:55:21.0196 2712 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

02:55:21.0196 2712 EFS - ok

02:55:21.0290 2712 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

02:55:21.0305 2712 ehRecvr - ok

02:55:21.0321 2712 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

02:55:21.0336 2712 ehSched - ok

02:55:21.0383 2712 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

02:55:21.0399 2712 elxstor - ok

02:55:21.0430 2712 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

02:55:21.0430 2712 ErrDev - ok

02:55:21.0539 2712 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

02:55:21.0539 2712 EventSystem - ok

02:55:21.0570 2712 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

02:55:21.0570 2712 exfat - ok

02:55:21.0602 2712 ezSharedSvc - ok

02:55:21.0633 2712 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

02:55:21.0648 2712 fastfat - ok

02:55:21.0711 2712 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

02:55:21.0726 2712 Fax - ok

02:55:21.0773 2712 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys

02:55:21.0773 2712 fdc - ok

02:55:21.0820 2712 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

02:55:21.0820 2712 fdPHost - ok

02:55:21.0851 2712 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

02:55:21.0851 2712 FDResPub - ok

02:55:21.0898 2712 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

02:55:21.0898 2712 FileInfo - ok

02:55:21.0914 2712 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

02:55:21.0914 2712 Filetrace - ok

02:55:21.0976 2712 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

02:55:21.0976 2712 flpydisk - ok

02:55:22.0023 2712 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

02:55:22.0023 2712 FltMgr - ok

02:55:22.0085 2712 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

02:55:22.0101 2712 FontCache - ok

02:55:22.0148 2712 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

02:55:22.0163 2712 FontCache3.0.0.0 - ok

02:55:22.0179 2712 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

02:55:22.0179 2712 FsDepends - ok

02:55:22.0241 2712 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

02:55:22.0241 2712 Fs_Rec - ok

02:55:22.0304 2712 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

02:55:22.0319 2712 fvevol - ok

02:55:22.0366 2712 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

02:55:22.0366 2712 gagp30kx - ok

02:55:22.0444 2712 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

02:55:22.0444 2712 GamesAppService - ok

02:55:22.0491 2712 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

02:55:22.0491 2712 GEARAspiWDM - ok

02:55:22.0553 2712 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

02:55:22.0569 2712 gpsvc - ok

02:55:22.0631 2712 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

02:55:22.0631 2712 gusvc - ok

02:55:22.0647 2712 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

02:55:22.0662 2712 hcw85cir - ok

02:55:22.0725 2712 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

02:55:22.0725 2712 HdAudAddService - ok

02:55:22.0772 2712 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

02:55:22.0787 2712 HDAudBus - ok

02:55:22.0803 2712 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

02:55:22.0818 2712 HidBatt - ok

02:55:22.0834 2712 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

02:55:22.0834 2712 HidBth - ok

02:55:22.0881 2712 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

02:55:22.0881 2712 HidIr - ok

02:55:22.0928 2712 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

02:55:22.0928 2712 hidserv - ok

02:55:22.0990 2712 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

02:55:22.0990 2712 HidUsb - ok

02:55:23.0021 2712 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

02:55:23.0021 2712 hkmsvc - ok

02:55:23.0052 2712 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

02:55:23.0052 2712 HomeGroupListener - ok

02:55:23.0099 2712 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

02:55:23.0099 2712 HomeGroupProvider - ok

02:55:23.0193 2712 [ 170233B8D743EFE35F462A5D516B93E3 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

02:55:23.0208 2712 HP Support Assistant Service - ok

02:55:23.0271 2712 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

02:55:23.0286 2712 HPClientSvc - ok

02:55:23.0364 2712 [ D17F9E527F01770BD04A9223BC40EC22 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

02:55:23.0364 2712 HPDrvMntSvc.exe - ok

02:55:23.0411 2712 [ A4BE23C451ADEB252CD17A0532CAE220 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys

02:55:23.0411 2712 hpdskflt - ok

02:55:23.0489 2712 [ 0955C23C041451FB4E7099D6B2CF1C06 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

02:55:23.0505 2712 hpqwmiex - ok

02:55:23.0567 2712 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

02:55:23.0583 2712 HpSAMD - ok

02:55:23.0614 2712 [ A88A45E82BC54BFFB49C63973010226A ] hpsrv C:\Windows\system32\Hpservice.exe

02:55:23.0614 2712 hpsrv - ok

02:55:23.0692 2712 [ F630DD7564EBB7248A13B1CC774D9EA6 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

02:55:23.0708 2712 HPWMISVC - ok

02:55:23.0786 2712 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

02:55:23.0801 2712 HTTP - ok

02:55:23.0817 2712 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

02:55:23.0817 2712 hwpolicy - ok

02:55:23.0879 2712 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

02:55:23.0879 2712 i8042prt - ok

02:55:23.0942 2712 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

02:55:23.0957 2712 iaStorV - ok

02:55:24.0098 2712 [ 3A0FF117B4ADC5ABE4D968E26A337158 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

02:55:24.0144 2712 IconMan_R - ok

02:55:24.0207 2712 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

02:55:24.0222 2712 idsvc - ok

02:55:24.0269 2712 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

02:55:24.0269 2712 iirsp - ok

02:55:24.0332 2712 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

02:55:24.0347 2712 IKEEXT - ok

02:55:24.0363 2712 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

02:55:24.0363 2712 intelide - ok

02:55:24.0410 2712 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys

02:55:24.0410 2712 intelppm - ok

02:55:24.0472 2712 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

02:55:24.0472 2712 IPBusEnum - ok

02:55:24.0534 2712 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

02:55:24.0534 2712 IpFilterDriver - ok

02:55:24.0597 2712 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

02:55:24.0597 2712 iphlpsvc - ok

02:55:24.0628 2712 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

02:55:24.0628 2712 IPMIDRV - ok

02:55:24.0644 2712 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

02:55:24.0644 2712 IPNAT - ok

02:55:24.0722 2712 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

02:55:24.0753 2712 iPod Service - ok

02:55:24.0800 2712 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

02:55:24.0800 2712 IRENUM - ok

02:55:24.0862 2712 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

02:55:24.0862 2712 isapnp - ok

02:55:24.0909 2712 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

02:55:24.0909 2712 iScsiPrt - ok

02:55:24.0940 2712 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

02:55:24.0940 2712 kbdclass - ok

02:55:24.0987 2712 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

02:55:24.0987 2712 kbdhid - ok

02:55:25.0018 2712 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

02:55:25.0018 2712 KeyIso - ok

02:55:25.0049 2712 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

02:55:25.0049 2712 KSecDD - ok

02:55:25.0065 2712 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

02:55:25.0080 2712 KSecPkg - ok

02:55:25.0127 2712 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

02:55:25.0127 2712 ksthunk - ok

02:55:25.0158 2712 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

02:55:25.0174 2712 KtmRm - ok

02:55:25.0236 2712 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

02:55:25.0252 2712 LanmanServer - ok

02:55:25.0283 2712 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

02:55:25.0299 2712 LanmanWorkstation - ok

02:55:25.0346 2712 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

02:55:25.0346 2712 lltdio - ok

02:55:25.0392 2712 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

02:55:25.0392 2712 lltdsvc - ok

02:55:25.0424 2712 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

02:55:25.0439 2712 lmhosts - ok

02:55:25.0486 2712 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

02:55:25.0486 2712 LSI_FC - ok

02:55:25.0533 2712 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

02:55:25.0533 2712 LSI_SAS - ok

02:55:25.0564 2712 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

02:55:25.0564 2712 LSI_SAS2 - ok

02:55:25.0580 2712 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

02:55:25.0595 2712 LSI_SCSI - ok

02:55:25.0626 2712 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

02:55:25.0626 2712 luafv - ok

02:55:25.0704 2712 [ ED1FC81096C86D7EDB785F47E8342A5E ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys

02:55:25.0704 2712 mbamchameleon - ok

02:55:25.0736 2712 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

02:55:25.0751 2712 Mcx2Svc - ok

02:55:25.0767 2712 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys

02:55:25.0767 2712 megasas - ok

02:55:25.0829 2712 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

02:55:25.0829 2712 MegaSR - ok

02:55:25.0907 2712 Microsoft SharePoint Workspace Audit Service - ok

02:55:25.0938 2712 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

02:55:25.0938 2712 MMCSS - ok

02:55:26.0001 2712 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

02:55:26.0001 2712 Modem - ok

02:55:26.0048 2712 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

02:55:26.0048 2712 monitor - ok

02:55:26.0110 2712 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

02:55:26.0110 2712 mouclass - ok

02:55:26.0157 2712 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

02:55:26.0157 2712 mouhid - ok

02:55:26.0188 2712 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

02:55:26.0204 2712 mountmgr - ok

02:55:26.0266 2712 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

02:55:26.0282 2712 MozillaMaintenance - ok

02:55:26.0360 2712 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys

02:55:26.0360 2712 MpFilter - ok

02:55:26.0422 2712 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

02:55:26.0422 2712 mpio - ok

02:55:26.0453 2712 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

02:55:26.0469 2712 mpsdrv - ok

02:55:26.0516 2712 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

02:55:26.0531 2712 MpsSvc - ok

02:55:26.0547 2712 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

02:55:26.0547 2712 MRxDAV - ok

02:55:26.0578 2712 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

02:55:26.0594 2712 mrxsmb - ok

02:55:26.0609 2712 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

02:55:26.0625 2712 mrxsmb10 - ok

02:55:26.0640 2712 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

02:55:26.0656 2712 mrxsmb20 - ok

02:55:26.0672 2712 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

02:55:26.0672 2712 msahci - ok

02:55:26.0703 2712 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

02:55:26.0703 2712 msdsm - ok

02:55:26.0734 2712 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

02:55:26.0734 2712 MSDTC - ok

02:55:26.0796 2712 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

02:55:26.0796 2712 Msfs - ok

02:55:26.0843 2712 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

02:55:26.0859 2712 mshidkmdf - ok

02:55:26.0890 2712 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

02:55:26.0890 2712 msisadrv - ok

02:55:26.0906 2712 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

02:55:26.0906 2712 MSiSCSI - ok

02:55:26.0921 2712 msiserver - ok

02:55:26.0952 2712 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

02:55:26.0952 2712 MSKSSRV - ok

02:55:27.0030 2712 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe

02:55:27.0046 2712 MsMpSvc - ok

02:55:27.0062 2712 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

02:55:27.0077 2712 MSPCLOCK - ok

02:55:27.0077 2712 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

02:55:27.0077 2712 MSPQM - ok

02:55:27.0124 2712 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

02:55:27.0124 2712 MsRPC - ok

02:55:27.0155 2712 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

02:55:27.0155 2712 mssmbios - ok

02:55:27.0202 2712 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

02:55:27.0218 2712 MSTEE - ok

02:55:27.0249 2712 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

02:55:27.0249 2712 MTConfig - ok

02:55:27.0296 2712 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

02:55:27.0296 2712 Mup - ok

02:55:27.0374 2712 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

02:55:27.0389 2712 napagent - ok

02:55:27.0545 2712 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

02:55:27.0545 2712 NativeWifiP - ok

02:55:27.0732 2712 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys

02:55:27.0764 2712 NDIS - ok

02:55:27.0857 2712 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

02:55:27.0857 2712 NdisCap - ok

02:55:27.0935 2712 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

02:55:27.0935 2712 NdisTapi - ok

02:55:28.0013 2712 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

02:55:28.0013 2712 Ndisuio - ok

02:55:28.0091 2712 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

02:55:28.0091 2712 NdisWan - ok

02:55:28.0154 2712 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

02:55:28.0154 2712 NDProxy - ok

02:55:28.0263 2712 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

02:55:28.0263 2712 NetBIOS - ok

02:55:28.0310 2712 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

02:55:28.0310 2712 NetBT - ok

02:55:28.0341 2712 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

02:55:28.0341 2712 Netlogon - ok

02:55:28.0450 2712 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

02:55:28.0466 2712 Netman - ok

02:55:28.0559 2712 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

02:55:28.0606 2712 NetMsmqActivator - ok

02:55:28.0637 2712 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

02:55:28.0653 2712 NetPipeActivator - ok

02:55:28.0715 2712 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

02:55:28.0731 2712 netprofm - ok

02:55:28.0762 2712 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

02:55:28.0762 2712 NetTcpActivator - ok

02:55:28.0778 2712 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

02:55:28.0778 2712 NetTcpPortSharing - ok

02:55:28.0824 2712 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

02:55:28.0824 2712 nfrd960 - ok

02:55:28.0918 2712 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys

02:55:28.0918 2712 NisDrv - ok

02:55:29.0152 2712 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe

02:55:29.0152 2712 NisSrv - ok

02:55:29.0292 2712 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

02:55:29.0292 2712 NlaSvc - ok

02:55:29.0355 2712 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

02:55:29.0355 2712 Npfs - ok

02:55:29.0402 2712 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

02:55:29.0402 2712 nsi - ok

02:55:29.0433 2712 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

02:55:29.0433 2712 nsiproxy - ok

02:55:29.0620 2712 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

02:55:29.0667 2712 Ntfs - ok

02:55:29.0682 2712 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

02:55:29.0698 2712 Null - ok

02:55:29.0776 2712 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys

02:55:29.0776 2712 NVENETFD - ok

02:55:29.0916 2712 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

02:55:29.0994 2712 nvraid - ok

02:55:30.0119 2712 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

02:55:30.0119 2712 nvstor - ok

02:55:30.0135 2712 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

02:55:30.0150 2712 nv_agp - ok

02:55:30.0182 2712 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

02:55:30.0182 2712 ohci1394 - ok

02:55:30.0291 2712 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

02:55:30.0306 2712 ose64 - ok

02:55:30.0478 2712 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

02:55:30.0650 2712 osppsvc - ok

02:55:30.0696 2712 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

02:55:30.0696 2712 p2pimsvc - ok

02:55:30.0728 2712 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

02:55:30.0743 2712 p2psvc - ok

02:55:30.0774 2712 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys

02:55:30.0774 2712 Parport - ok

02:55:30.0806 2712 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

02:55:30.0806 2712 partmgr - ok

02:55:30.0852 2712 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

02:55:30.0852 2712 PcaSvc - ok

02:55:30.0899 2712 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

02:55:30.0899 2712 pci - ok

02:55:30.0930 2712 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

02:55:30.0930 2712 pciide - ok

02:55:30.0962 2712 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

02:55:30.0977 2712 pcmcia - ok

02:55:30.0993 2712 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

02:55:30.0993 2712 pcw - ok

02:55:31.0024 2712 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

02:55:31.0040 2712 PEAUTH - ok

02:55:31.0164 2712 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

02:55:31.0164 2712 PerfHost - ok

02:55:31.0242 2712 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

02:55:31.0274 2712 pla - ok

02:55:31.0336 2712 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

02:55:31.0352 2712 PlugPlay - ok

02:55:31.0383 2712 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

02:55:31.0383 2712 PNRPAutoReg - ok

02:55:31.0414 2712 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

02:55:31.0414 2712 PNRPsvc - ok

02:55:31.0492 2712 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys

02:55:31.0492 2712 Point64 - ok

02:55:31.0523 2712 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

02:55:31.0539 2712 PolicyAgent - ok

02:55:31.0601 2712 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

02:55:31.0617 2712 Power - ok

02:55:31.0679 2712 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

02:55:31.0679 2712 PptpMiniport - ok

02:55:31.0710 2712 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

02:55:31.0710 2712 Processor - ok

02:55:31.0742 2712 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

02:55:31.0742 2712 ProfSvc - ok

02:55:31.0773 2712 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

02:55:31.0773 2712 ProtectedStorage - ok

02:55:31.0820 2712 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

02:55:31.0835 2712 Psched - ok

02:55:31.0913 2712 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

02:55:31.0944 2712 ql2300 - ok

02:55:31.0976 2712 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

02:55:31.0976 2712 ql40xx - ok

02:55:32.0022 2712 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

02:55:32.0038 2712 QWAVE - ok

02:55:32.0054 2712 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

02:55:32.0054 2712 QWAVEdrv - ok

02:55:32.0085 2712 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

02:55:32.0085 2712 RasAcd - ok

02:55:32.0132 2712 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

02:55:32.0147 2712 RasAgileVpn - ok

02:55:32.0194 2712 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

02:55:32.0194 2712 RasAuto - ok

02:55:32.0225 2712 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

02:55:32.0225 2712 Rasl2tp - ok

02:55:32.0288 2712 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

02:55:32.0288 2712 RasMan - ok

02:55:32.0350 2712 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

02:55:32.0350 2712 RasPppoe - ok

02:55:32.0366 2712 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

02:55:32.0366 2712 RasSstp - ok

02:55:32.0381 2712 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

02:55:32.0397 2712 rdbss - ok

02:55:32.0428 2712 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

02:55:32.0428 2712 rdpbus - ok

02:55:32.0475 2712 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

02:55:32.0475 2712 RDPCDD - ok

02:55:32.0506 2712 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

02:55:32.0506 2712 RDPENCDD - ok

02:55:32.0522 2712 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

02:55:32.0522 2712 RDPREFMP - ok

02:55:32.0553 2712 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

02:55:32.0568 2712 RDPWD - ok

02:55:32.0615 2712 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

02:55:32.0615 2712 rdyboost - ok

02:55:32.0646 2712 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

02:55:32.0646 2712 RemoteAccess - ok

02:55:32.0709 2712 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

02:55:32.0709 2712 RemoteRegistry - ok

02:55:32.0740 2712 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

02:55:32.0756 2712 RFCOMM - ok

02:55:32.0802 2712 [ 085D18C71AB2611A3D61528132B6501E ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

02:55:32.0818 2712 RoxioNow Service - ok

02:55:32.0834 2712 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

02:55:32.0834 2712 RpcEptMapper - ok

02:55:32.0865 2712 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

02:55:32.0865 2712 RpcLocator - ok

02:55:32.0912 2712 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

02:55:32.0912 2712 RpcSs - ok

02:55:32.0990 2712 [ 9D21618E7A3B2C75CF1A2ECBBE723730 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys

02:55:32.0990 2712 RSPCIESTOR - ok

02:55:33.0052 2712 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

02:55:33.0052 2712 rspndr - ok

02:55:33.0177 2712 [ ED5873F7DFB2F96D37F13322211B6BDC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

02:55:33.0177 2712 RTL8167 - ok

02:55:33.0208 2712 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

02:55:33.0208 2712 SamSs - ok

02:55:33.0239 2712 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

02:55:33.0255 2712 sbp2port - ok

02:55:33.0317 2712 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

02:55:33.0333 2712 SCardSvr - ok

02:55:33.0380 2712 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

02:55:33.0380 2712 scfilter - ok

02:55:33.0504 2712 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

02:55:33.0536 2712 Schedule - ok

02:55:33.0582 2712 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

02:55:33.0582 2712 SCPolicySvc - ok

02:55:33.0660 2712 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys

02:55:33.0660 2712 sdbus - ok

02:55:33.0692 2712 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

02:55:33.0692 2712 SDRSVC - ok

02:55:33.0738 2712 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

02:55:33.0738 2712 secdrv - ok

02:55:33.0770 2712 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

02:55:33.0770 2712 seclogon - ok

02:55:33.0816 2712 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

02:55:33.0816 2712 SENS - ok

02:55:33.0879 2712 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

02:55:33.0879 2712 SensrSvc - ok

02:55:33.0941 2712 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys

02:55:33.0941 2712 Serenum - ok

02:55:33.0972 2712 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys

02:55:33.0988 2712 Serial - ok

02:55:34.0035 2712 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

02:55:34.0035 2712 sermouse - ok

02:55:34.0097 2712 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

02:55:34.0097 2712 SessionEnv - ok

02:55:34.0128 2712 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

02:55:34.0144 2712 sffdisk - ok

02:55:34.0160 2712 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

02:55:34.0175 2712 sffp_mmc - ok

02:55:34.0191 2712 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

02:55:34.0191 2712 sffp_sd - ok

02:55:34.0206 2712 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

02:55:34.0206 2712 sfloppy - ok

02:55:34.0253 2712 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

02:55:34.0269 2712 SharedAccess - ok

02:55:34.0316 2712 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

02:55:34.0316 2712 ShellHWDetection - ok

02:55:34.0378 2712 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

02:55:34.0378 2712 SiSRaid2 - ok

02:55:34.0409 2712 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

02:55:34.0409 2712 SiSRaid4 - ok

02:55:34.0472 2712 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

02:55:34.0487 2712 Smb - ok

02:55:34.0565 2712 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

02:55:34.0565 2712 SNMPTRAP - ok

02:55:34.0581 2712 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

02:55:34.0581 2712 spldr - ok

02:55:34.0628 2712 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

02:55:34.0643 2712 Spooler - ok

02:55:34.0752 2712 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

02:55:34.0815 2712 sppsvc - ok

02:55:34.0830 2712 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

02:55:34.0846 2712 sppuinotify - ok

02:55:34.0893 2712 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

02:55:34.0893 2712 srv - ok

02:55:34.0924 2712 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

02:55:34.0940 2712 srv2 - ok

02:55:35.0002 2712 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS

02:55:35.0018 2712 SrvHsfHDA - ok

02:55:35.0064 2712 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS

02:55:35.0096 2712 SrvHsfV92 - ok

02:55:35.0142 2712 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

02:55:35.0158 2712 SrvHsfWinac - ok

02:55:35.0189 2712 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

02:55:35.0189 2712 srvnet - ok

02:55:35.0267 2712 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

02:55:35.0267 2712 SSDPSRV - ok

02:55:35.0283 2712 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

02:55:35.0298 2712 SstpSvc - ok

02:55:35.0408 2712 [ E82994866A370A480607637F28B82835 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe

02:55:35.0408 2712 STacSV - ok

02:55:35.0439 2712 Steam Client Service - ok

02:55:35.0470 2712 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

02:55:35.0470 2712 stexstor - ok

02:55:35.0532 2712 [ 3AD0ED8B19CD76D2254DE5FB298E3C26 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys

02:55:35.0548 2712 STHDA - ok

02:55:35.0595 2712 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

02:55:35.0610 2712 stisvc - ok

02:55:35.0642 2712 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

02:55:35.0642 2712 swenum - ok

02:55:35.0673 2712 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

02:55:35.0688 2712 swprv - ok

02:55:35.0782 2712 [ 33E6A285DAA5134D8EA2247914C86C09 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

02:55:35.0798 2712 SynTP - ok

02:55:35.0876 2712 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

02:55:35.0907 2712 SysMain - ok

02:55:35.0938 2712 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

02:55:35.0938 2712 TabletInputService - ok

02:55:35.0969 2712 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

02:55:35.0969 2712 TapiSrv - ok

02:55:36.0000 2712 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

02:55:36.0016 2712 TBS - ok

02:55:36.0125 2712 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

02:55:36.0156 2712 Tcpip - ok

02:55:36.0234 2712 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

02:55:36.0266 2712 TCPIP6 - ok

02:55:36.0297 2712 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

02:55:36.0297 2712 tcpipreg - ok

02:55:36.0312 2712 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

02:55:36.0312 2712 TDPIPE - ok

02:55:36.0344 2712 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

02:55:36.0344 2712 TDTCP - ok

02:55:36.0375 2712 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

02:55:36.0375 2712 tdx - ok

02:55:36.0437 2712 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

02:55:36.0437 2712 TermDD - ok

02:55:36.0484 2712 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

02:55:36.0500 2712 TermService - ok

02:55:36.0515 2712 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

02:55:36.0531 2712 Themes - ok

02:55:36.0546 2712 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

02:55:36.0562 2712 THREADORDER - ok

02:55:36.0578 2712 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

02:55:36.0593 2712 TrkWks - ok

02:55:36.0624 2712 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

02:55:36.0624 2712 TrustedInstaller - ok

02:55:36.0671 2712 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

02:55:36.0671 2712 tssecsrv - ok

02:55:36.0718 2712 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

02:55:36.0718 2712 TsUsbFlt - ok

02:55:36.0749 2712 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

02:55:36.0749 2712 TsUsbGD - ok

02:55:36.0827 2712 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

02:55:36.0827 2712 tunnel - ok

02:55:36.0858 2712 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

02:55:36.0858 2712 uagp35 - ok

02:55:36.0874 2712 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

02:55:36.0890 2712 udfs - ok

02:55:36.0936 2712 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

02:55:36.0952 2712 UI0Detect - ok

02:55:36.0968 2712 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

02:55:36.0983 2712 uliagpkx - ok

02:55:37.0046 2712 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

02:55:37.0046 2712 umbus - ok

02:55:37.0092 2712 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

02:55:37.0092 2712 UmPass - ok

02:55:37.0124 2712 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

02:55:37.0139 2712 upnphost - ok

02:55:37.0202 2712 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

02:55:37.0202 2712 USBAAPL64 - ok

02:55:37.0264 2712 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

02:55:37.0264 2712 usbaudio - ok

02:55:37.0311 2712 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

02:55:37.0311 2712 usbccgp - ok

02:55:37.0373 2712 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

02:55:37.0373 2712 usbcir - ok

02:55:37.0389 2712 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

02:55:37.0404 2712 usbehci - ok

02:55:37.0451 2712 [ 573D192E268F0C5B486B7E96F661E538 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys

02:55:37.0451 2712 usbfilter - ok

02:55:37.0529 2712 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

02:55:37.0545 2712 usbhub - ok

02:55:37.0560 2712 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

02:55:37.0560 2712 usbohci - ok

02:55:37.0592 2712 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys

02:55:37.0592 2712 usbprint - ok

02:55:37.0623 2712 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS

02:55:37.0623 2712 USBSTOR - ok

02:55:37.0638 2712 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

02:55:37.0654 2712 usbuhci - ok

02:55:37.0716 2712 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

02:55:37.0716 2712 usbvideo - ok

02:55:37.0748 2712 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

02:55:37.0748 2712 UxSms - ok

02:55:37.0763 2712 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

02:55:37.0763 2712 VaultSvc - ok

02:55:37.0794 2712 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

02:55:37.0794 2712 vdrvroot - ok

02:55:37.0826 2712 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

02:55:37.0826 2712 vds - ok

02:55:37.0888 2712 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

02:55:37.0888 2712 vga - ok

02:55:37.0919 2712 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

02:55:37.0919 2712 VgaSave - ok

02:55:37.0950 2712 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

02:55:37.0966 2712 vhdmp - ok

02:55:37.0982 2712 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

02:55:37.0982 2712 viaide - ok

02:55:38.0044 2712 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

02:55:38.0044 2712 volmgr - ok

02:55:38.0075 2712 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

02:55:38.0091 2712 volmgrx - ok

02:55:38.0122 2712 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

02:55:38.0122 2712 volsnap - ok

02:55:38.0169 2712 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

02:55:38.0169 2712 vsmraid - ok

02:55:38.0247 2712 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

02:55:38.0278 2712 VSS - ok

02:55:38.0325 2712 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

02:55:38.0325 2712 vwifibus - ok

02:55:38.0340 2712 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

02:55:38.0356 2712 vwififlt - ok

02:55:38.0387 2712 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

02:55:38.0387 2712 W32Time - ok

02:55:38.0418 2712 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

02:55:38.0418 2712 WacomPen - ok

02:55:38.0481 2712 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

02:55:38.0496 2712 WANARP - ok

02:55:38.0496 2712 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

02:55:38.0496 2712 Wanarpv6 - ok

02:55:38.0590 2712 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

02:55:38.0606 2712 WatAdminSvc - ok

02:55:38.0684 2712 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

02:55:38.0715 2712 wbengine - ok

02:55:38.0746 2712 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

02:55:38.0762 2712 WbioSrvc - ok

02:55:38.0793 2712 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

02:55:38.0793 2712 wcncsvc - ok

02:55:38.0824 2712 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

02:55:38.0824 2712 WcsPlugInService - ok

02:55:38.0871 2712 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

02:55:38.0871 2712 Wd - ok

02:55:38.0902 2712 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

02:55:38.0918 2712 Wdf01000 - ok

02:55:38.0949 2712 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

02:55:38.0949 2712 WdiServiceHost - ok

02:55:38.0964 2712 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

02:55:38.0964 2712 WdiSystemHost - ok

02:55:38.0996 2712 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

02:55:39.0011 2712 WebClient - ok

02:55:39.0027 2712 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

02:55:39.0042 2712 Wecsvc - ok

02:55:39.0058 2712 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

02:55:39.0058 2712 wercplsupport - ok

02:55:39.0105 2712 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

02:55:39.0120 2712 WerSvc - ok

02:55:39.0167 2712 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

02:55:39.0183 2712 WfpLwf - ok

02:55:39.0198 2712 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

02:55:39.0198 2712 WIMMount - ok

02:55:39.0230 2712 WinDefend - ok

02:55:39.0245 2712 WinHttpAutoProxySvc - ok

02:55:39.0308 2712 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

02:55:39.0323 2712 Winmgmt - ok

02:55:39.0386 2712 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

02:55:39.0432 2712 WinRM - ok

02:55:39.0510 2712 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys

02:55:39.0510 2712 WinUsb - ok

02:55:39.0557 2712 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

02:55:39.0573 2712 Wlansvc - ok

02:55:39.0651 2712 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

02:55:39.0651 2712 wlcrasvc - ok

02:55:39.0822 2712 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

02:55:39.0854 2712 wlidsvc - ok

02:55:39.0900 2712 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

02:55:39.0900 2712 WmiAcpi - ok

02:55:39.0947 2712 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

02:55:39.0963 2712 wmiApSrv - ok

02:55:40.0010 2712 WMPNetworkSvc - ok

02:55:40.0056 2712 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

02:55:40.0056 2712 WPCSvc - ok

02:55:40.0088 2712 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

02:55:40.0088 2712 WPDBusEnum - ok

02:55:40.0119 2712 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

02:55:40.0119 2712 ws2ifsl - ok

02:55:40.0134 2712 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

02:55:40.0134 2712 wscsvc - ok

02:55:40.0150 2712 WSearch - ok

02:55:40.0306 2712 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

02:55:40.0368 2712 wuauserv - ok

02:55:40.0384 2712 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

02:55:40.0384 2712 WudfPf - ok

02:55:40.0400 2712 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

02:55:40.0415 2712 WUDFRd - ok

02:55:40.0446 2712 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

02:55:40.0446 2712 wudfsvc - ok

02:55:40.0478 2712 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

02:55:40.0478 2712 WwanSvc - ok

02:55:40.0540 2712 ================ Scan global ===============================

02:55:40.0571 2712 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

02:55:40.0602 2712 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

02:55:40.0618 2712 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

02:55:40.0665 2712 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

02:55:40.0696 2712 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

02:55:40.0696 2712 [Global] - ok

02:55:40.0696 2712 ================ Scan MBR ==================================

02:55:40.0712 2712 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

02:55:41.0070 2712 \Device\Harddisk0\DR0 - ok

02:55:41.0070 2712 ================ Scan VBR ==================================

02:55:41.0070 2712 [ 0EDB7A89218BC9088D4EA18B6B5E9C55 ] \Device\Harddisk0\DR0\Partition1

02:55:41.0086 2712 \Device\Harddisk0\DR0\Partition1 - ok

02:55:41.0102 2712 [ 7F8F8B51F4D22CF5AE50A251D292E1AE ] \Device\Harddisk0\DR0\Partition2

02:55:41.0102 2712 \Device\Harddisk0\DR0\Partition2 - ok

02:55:41.0133 2712 [ 4FC70F36DDC875FF00DD7AFFDB9F8B3D ] \Device\Harddisk0\DR0\Partition3

02:55:41.0180 2712 \Device\Harddisk0\DR0\Partition3 - ok

02:55:41.0211 2712 [ 43D90F51FBDBAC715731015D1C43939B ] \Device\Harddisk0\DR0\Partition4

02:55:41.0211 2712 \Device\Harddisk0\DR0\Partition4 - ok

02:55:41.0211 2712 ============================================================

02:55:41.0211 2712 Scan finished

02:55:41.0211 2712 ============================================================

02:55:41.0242 3020 Detected object count: 0

02:55:41.0242 3020 Actual detected object count: 0

Maurice Naggar · September 13, 2012

By your posting 3 posts in a row and NOT waiting for a helper after the first.... you had made your thread appear to have been helped !

That is breaking a forum principle.

By self-medicating and running tools on your own, you disregarded good help-forum practices !

NO one being helped in malware-removal should copy-cat fixes from someone else's case.

These steps are for boofasten only. If you are a casual viewer, do NOT try this on your system!

If you are not boofasten and have a similar problem, do NOT post here; start your own topic

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to any other system!

You will want to print out or copy these instructions to Notepad for Safe offline reference!

Do not do any websurfing on this system. Only go to this forum and the sites I guide you to for tools or online scans.

Please follow my guidance

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

Close any of your open programs while you run these tools.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

Go to your Desktop
Double-Click the Computer icon.
From the menu options, Select Tools, then Folder Options.
Next click the View tab.
Locate and uncheck Hide file extensions for known file types.
Locate and uncheck Hide protected operating system files (Recommended).
Locate and click Show hidden files and folders and drives.
Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.

Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

Step 4

Download, & save & then run the MS Safety scanner

http://www.microsoft.com/security/scanner/en-us/default.aspx

Let me know the result.

Step 5

Download DDS and save it to your desktop from http://download.bleepingcomputer.com/sUBs/dds.scr here

or http://download.bleepingcomputer.com/sUBs/dds.com or

http://www.infospyware.net/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.

Then double click dds.scr to run the tool.

DDS will run in a command prompt window and will take 3 to 4 minutes or so.

When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop.

Please Copy & Paste contents of the following logs in your next reply:

DDS.txt

Attach.txt

boofasten · September 13, 2012

Thank you for your help, just trying to get a head start on a solution.

Rkill 2.3.14 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/13/2012 09:54:48 AM in x64 mode.

Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Security Center (wscsvc) is not Running.

Startup Type set to: Automatic (Delayed Start)

* Windows Update (wuauserv) is not Running.

Startup Type set to: Automatic (Delayed Start)

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/13/2012 09:54:58 AM

Execution time: 0 hours(s), 0 minute(s), and 10 seconds(s)

boofasten · September 13, 2012

The MS Safety scanner hung after 1:46 on cewmdm.dll

It did not continue after that.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33

Run by Jeff at 10:00:57 on 2012-09-13

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5611.4242 [GMT -4:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\SysWOW64\ezSharedSvcHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\userinit.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Users\Jeff\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

C:\Program Files (x86)\CyberLink\Shared files\brs.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

C:\Program Files (x86)\SecureW2\sw2_tray.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [spotify Web Helper] "C:\Users\Jeff\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart

mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun: [secureW2 Tray] C:\Program Files (x86)\SecureW2\sw2_tray.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\Users\Jeff\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{7183E284-631F-4100-A19E-C1A37DA6ED85} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{7183E284-631F-4100-A19E-C1A37DA6ED85}\2456277656E6 : DhcpNameServer = 172.19.2.10

TCP: Interfaces\{7183E284-631F-4100-A19E-C1A37DA6ED85}\255575962756C6563737F5355636572756 : DhcpNameServer = 165.230.79.226 165.230.81.226

TCP: Interfaces\{7183E284-631F-4100-A19E-C1A37DA6ED85}\E4A49445 : DhcpNameServer = 128.235.251.109 128.235.252.140

TCP: Interfaces\{7183E284-631F-4100-A19E-C1A37DA6ED85}\E6A69647 : DhcpNameServer = 128.235.251.109 128.235.252.140

TCP: Interfaces\{7183E284-631F-4100-A19E-C1A37DA6ED85}\F43657C657371303 : DhcpNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

mRun-x64: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun-x64: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart

mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun-x64: [secureW2 Tray] C:\Program Files (x86)\SecureW2\sw2_tray.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\mfiwjxxl.default\

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]

R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-10-4 89600]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-4-5 361984]

R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]

R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-5-8 514232]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-7-5 227384]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-9-17 2375168]

R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\amdhub30.sys --> C:\Windows\system32\DRIVERS\amdhub30.sys [?]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\amdxhc.sys --> C:\Windows\system32\DRIVERS\amdxhc.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

S2 CLKMSVC10_38F51D56;CyberLink Product - 2011/09/17 02:06:19;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-1-25 241648]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-11 250056]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-24 113120]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

boofasten · September 13, 2012

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 9/23/2011 7:25:30 PM

System Uptime: 9/13/2012 9:59:49 AM (1 hours ago)

.

Motherboard: Hewlett-Packard | | 358B

Processor: AMD A6-3400M APU with Radeon HD Graphics | Socket FS1 | 1400/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 581 GiB total, 256.579 GiB free.

D: is FIXED (NTFS) - 15 GiB total, 1.627 GiB free.

E: is CDROM ()

F: is FIXED (FAT32) - 0 GiB total, 0.089 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP60: 7/14/2012 11:16:57 PM - Scheduled Checkpoint

RP61: 7/15/2012 1:20:31 AM - HPSF Restore Point

RP62: 7/15/2012 3:00:14 AM - Windows Update

RP63: 7/15/2012 6:53:31 PM - Installed Foxit Reader

RP64: 7/24/2012 2:54:07 AM - Scheduled Checkpoint

RP66: 8/21/2012 12:56:49 PM - Windows Modules Installer

RP67: 9/5/2012 9:48:26 PM - Scheduled Checkpoint

RP68: 9/13/2012 12:04:49 AM - Removed Java 6 Update 24 (64-bit)

RP69: 9/13/2012 12:21:27 AM - Windows Update

RP71: 9/13/2012 1:17:34 AM - Windows Update

RP72: 9/13/2012 2:10:52 AM - Windows Update

RP73: 9/13/2012 2:21:39 AM - Windows Update

RP74: 9/13/2012 2:31:19 AM - Windows Update

RP75: 9/13/2012 2:44:25 AM - Windows Update

RP76: 9/13/2012 2:56:03 AM - Windows Update

.

==== Installed Programs ======================

.

µTorrent

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4) MUI

Adobe Shockwave Player 11.6

Agatha Christie - Peril at End House

Amazon Kindle

AMD System Monitor

AMD VISION Engine Control Center

Apple Application Support

Apple Software Update

Bejeweled 2 Deluxe

Bejeweled 3

Blackhawk Striker 2

Blasterball 3

Bounce Symphony

Build-a-lot 2

Cake Mania

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Chuzzle Deluxe

Cool Edit Pro 2.1

CyberLink PowerDVD 10

CyberLink YouCam

D3DX10

Diablo III

Diner Dash 2 Restaurant Rescue

Dora's World Adventure

Dropbox

Energy Star Digital Logo

ERUNT 1.1j

ESU for Microsoft Windows 7

Evernote v. 4.5.1

Farm Frenzy

FATE - The Traitor Soul

Foxit Reader

FreeRIP v3.6

Google Chrome

Google Talk (remove only)

Google Talk Plugin

Hewlett-Packard ACLM.NET v1.1.1.0

HP Connection Manager

HP Customer Experience Enhancements

HP Documentation

HP DVB-T TV Tuner 8.0.64.43

HP Games

HP MovieStore

HP On Screen Display

HP Power Manager

HP Quick Launch

HP Setup

HP Setup Manager

HP Software Framework

HP Support Assistant

Hulu Desktop

IDT Audio

ImgBurn

Java Auto Updater

Java 6 Update 33

Junk Mail filter update

Last.fm 1.5.4.27091

Magic Desktop

Mah Jong Medley

Mesh Runtime

Microsoft Office 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft WSE 3.0 Runtime

Mozilla Firefox 13.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mystery P.I. - Stolen in San Francisco

Namco All-Stars PAC-MAN

Notepad++

Penguins!

Picasa 3

Plants vs. Zombies - Game of the Year

PlayReady PC Runtime x86

Poker Superstars III

Polar Bowler

Polar Golfer

QuickTime

Realtek Ethernet Controller Driver

Realtek PCIE Card Reader

Recovery Manager

RoxioNow Player

SecureW2 Enterprise Client 3.5.5

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Skype™ 5.5

Slingo Supreme

Spotify

Steam

System Requirements Lab CYRI

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update Installer for WildTangent Games App

Virtual Villagers 4 - The Tree of Life

VLC media player 2.0.1

Wheel of Fortune 2

WildTangent Games App (HP Games)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

9/9/2012 9:37:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.

9/13/2012 9:01:08 AM, Error: Microsoft-Windows-CorruptedFileRecovery-Server [10] - The system file C:\Windows\System32\NlsData000c.dll may be corrupted, but Windows could not determine if the file was actually damaged (error code 2147956481). No repair action was taken. Run the command "sfc /scannow" at an administrative command prompt to check for errors and to repair the file if necessary.

9/13/2012 9:01:07 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 5 time(s).

9/13/2012 8:54:10 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 4 time(s).

9/13/2012 8:28:16 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 3 time(s).

9/13/2012 8:24:03 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

9/13/2012 8:19:52 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

9/13/2012 7:54:42 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Peer Networking Identity Manager service to connect.

9/13/2012 7:54:42 AM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Networking Identity Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

9/13/2012 7:54:42 AM, Error: Service Control Manager [7001] - The Peer Name Resolution Protocol service depends on the Peer Networking Identity Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

9/13/2012 7:54:42 AM, Error: Service Control Manager [7000] - The Peer Networking Identity Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/13/2012 7:43:25 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

9/13/2012 7:43:25 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/13/2012 5:51:18 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

9/13/2012 4:40:11 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

9/13/2012 3:47:26 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Flash Player Update Service service to connect.

9/13/2012 3:47:26 AM, Error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/13/2012 3:33:28 AM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: A device attached to the system is not functioning.

9/13/2012 12:23:53 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wbengine service.

9/13/2012 12:13:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

9/13/2012 12:12:13 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

9/13/2012 12:12:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

9/13/2012 12:12:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

9/13/2012 12:11:56 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

9/13/2012 12:11:53 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

9/13/2012 12:11:53 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

9/13/2012 12:11:53 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

9/13/2012 12:11:53 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

9/13/2012 12:11:53 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

9/13/2012 12:11:53 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

9/13/2012 12:11:51 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

9/13/2012 12:11:51 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

9/13/2012 12:11:51 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

9/13/2012 12:11:51 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

9/13/2012 10:00:08 AM, Error: Service Control Manager [7023] - The Microsoft Antimalware Service service terminated with the following error: %%-2147024894

9/13/2012 1:49:48 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

9/13/2012 1:49:33 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

9/13/2012 1:49:30 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21

9/13/2012 1:49:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

9/13/2012 1:49:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

9/13/2012 1:49:23 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

9/13/2012 1:49:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

9/13/2012 1:49:12 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6

9/13/2012 1:28:47 AM, Error: Service Control Manager [7022] - The Windows Defender service hung on starting.

9/13/2012 1:12:32 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

9/13/2012 1:11:57 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Defender service to connect.

9/13/2012 1:11:57 AM, Error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/13/2012 1:11:27 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

9/13/2012 1:11:27 AM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/13/2012 1:10:57 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.

9/13/2012 1:10:57 AM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/13/2012 1:10:27 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.

9/13/2012 1:09:57 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

9/13/2012 1:04:24 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HP Support Assistant Service service.

9/11/2012 9:02:10 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IconMan_R service.

9/11/2012 12:56:41 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.

.

==== End Of File ===========================

Maurice Naggar · September 13, 2012

Your logs showed some peer-to-peer filesharing apps: µTorrent

You must de-install it as well as any other peer-to-peer program :excl:

Filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

Confirm that you have removed all

boofasten · September 13, 2012

I have removed it, but I haven't used in it months. I must have gotten the virus in just the last day or two.

Maurice Naggar · September 13, 2012

Download and Save McAfee Stinger to your Desktop

http://www.mcafee.com/us/downloads/free-tools/stinger.aspx

Close all browsers before starting. Disable your antivirus program and anti-malware,if any.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

On Windows 7 & Vista systems, Right Click and select Run as Administrator.

On XP, double-click to start it.

The GUI interface will look like this

The C drive is the default for scanning.

Press the Preferences button. In the top right-block "On virus detection", click Rename

In the bottom block "Heuristic network check for suspicious files" select High

Click the Scan Now button.

When done, use the File menu and select Save report to file

Stinger.txt is the log report and will be saved to your Desktop. I will need a copy of that log.

Stinger is a standalone utility used to detect and remove specific malware. It is not a full scan for all types of malware or viruses.

It is not intended as virus protection.

Step 2

Download Dr.Web CureIt to the desktop.

Turn OFF your antivirus program.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, chose the Complete Scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look and see if you can click the following icon next to the files found:
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer to allow files that were in use to be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Step 3

Temporarily disable your antivirus so that it does not interfere.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Save and close any work documents, close any apps that you started.

Please download & save Malwarebytes Anti-Malware from

http://www.malwarebytes.org/mbam-download.php

Right Click mbam-setup.exe and select Run As Administrator to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a FULL Scan. :excl:

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy and Paste the MBAM scan log.

Re-enable your antivirus.

Edited September 13, 2012 by Maurice Naggar

boofasten · September 13, 2012

I have to head to class now, but Stinger has been running for over an hour and seems to be stuck on CALC.EXE. It scanned the boot record and found no possible infections in the boot record or boot sectors. I will leave it running while I'm gone but it doesn't seem like it is going to make any more progress. It was running very slowly and pausing for a while on other .exe files, but now it has been on CALC.EXE for well over 40 minutes.

When I get back I will run the other program.

Thanks again for your help.

Maurice Naggar · September 13, 2012

Have lots of patience, always.

IF Stinger is still running after the 40 minutes, then you can stop/close it.

On the DrWeb Cure-It have lots & lots of patience. It may run for 2 or more hours.

boofasten · September 14, 2012

DrWeb Cure-It has been running for over 12 hours now (just on the express scan). It looks like its about 75% done, but it hasn't found anything. It is still chugging along very slowly. Should I let it keep running? Or try something else?

Thanks.

Maurice Naggar · September 14, 2012

Please let it finish.

When done, copy and paste the log for my review.

And proceed next with the MBAM procedure.

Maurice Naggar · September 17, 2012

{{{ ping }}}

How's it going ? Please provide a status update.

boofasten · September 17, 2012

Hello. I let the quick scan run all the way. It took 22 hours and didn't find anything. I was letting the longer scan run over the weekend but it froze completely sometime on Saturday night/early Sunday morning. As such, I am unable to run MBAM still and my computer is definitely still infected.

The biggest problem right now is that it is unbearably slow to do anything. Even those quick scans took 10-20 times as long as it should have. Opening My Computer takes minutes if not longer.

I am also operating under the assumption that what I got was a very new strain of virus that does not show up in most virus definitions yet. Do you know of a program that has been updated very recently that might be able to run?

Thank you for your help Maurice

boofasten · September 17, 2012

Especially something that I can do off of a flash drive or something, so I don't have to load up WIndows and deal with everything being so painfully slow.

Maurice Naggar · September 17, 2012

There is not a magic bullet. But try the following procedure.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select English as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select English as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
- System Restore
- Windows Complete PC Restore
- Windows Memory Diagnostic Tool
- Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

boofasten · September 17, 2012

Game over, the hard drive is now failing the SMART check in the BIOS. ordering a new HDD and installing MB first thing I do

Thanks for your attempts to help Maurice, keep fighting the good fight

Maurice Naggar · September 18, 2012

Ouch, sorry to hear about that.

If you can, backup your personal files & documents to offline media (external drive, USB-flash-thumb, DVD, CD).

Windows 64, All Anti-Malware Programs Freeze

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information