Jump to content

Malware Removal Help. Please!


Recommended Posts

The malware or virus has pretty much locked my system down. I am unable to run malwarebytes or install any new applications. Microsoft Security Essentials is supposedly still running but I have no access to it. Ive tried system restore in safe mode but, all my good restore points are gone. In normal mode there is no response when clicking system restore. Cant open IExplorer. I cant attacks files so I have to copy and paste these two DDS logs. Thank you for your time.

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16448 BrowserJavaVersion: 1.6.0_31

Run by Erik at 3:57:30 on 2012-12-28

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2096 [GMT -10:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ActivIdentity\ActivClient\acevents.exe

C:\Program Files\Alienware\Command Center\AlienFusionService.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe

c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

C:\Program Files\Alienware\Command Center\AlienFusionController.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\ActivIdentity\ActivClient\acevents.exe

C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe

C:\Users\Erik\AppData\Local\Facebook\Update\FacebookUpdate.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\ActivIdentity\ActivClient\acsagent.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uRun: [Facebook Update] "C:\Users\Erik\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

mRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [uCam_Menu] "c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACTIVC~1.LNK - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.2.1

TCP: Interfaces\{86325130-D2B8-42A7-BD48-92915EB7637F} : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{86325130-D2B8-42A7-BD48-92915EB7637F}\05F6F6275684F6573756 : DHCPNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{86325130-D2B8-42A7-BD48-92915EB7637F}\25D4 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{86325130-D2B8-42A7-BD48-92915EB7637F}\2656C6B696E6E233564656 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{86325130-D2B8-42A7-BD48-92915EB7637F}\74544597F65727F475E477966696 : DHCPNameServer = 192.168.0.1 205.171.3.25

TCP: Interfaces\{86325130-D2B8-42A7-BD48-92915EB7637F}\D697177756374743530353 : DHCPNameServer = 192.168.0.1 205.171.3.25

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll

AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll

SSODL: WebCheck - <orphaned>

LSA: Notification Packages = scecli FAPassSync

CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - <is not referencing any dll>

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe"

x64-Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe

x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"

x64-Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\tjkohgpn.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Users\Erik\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Users\Erik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\tjkohgpn.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

============= SERVICES / DRIVERS ===============

.

R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 16752]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-10-24 203888]

R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-6-13 28992]

R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdfltn.sys [2010-10-14 21040]

R2 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-6-3 277032]

R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-5-21 14648]

R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.EXE [2012-2-13 193816]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-8-29 2369960]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-14 13336]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-12 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-12 682344]

R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-1-27 226624]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-8-13 3064000]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]

R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2010-10-14 26160]

R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-8-29 158976]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-8-29 271872]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-8-29 67072]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-5-21 24176]

S0 johci;JMicron 1394 Filter Driver;C:\Windows\System32\drivers\johci.sys [2010-8-29 24176]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE [2012-2-13 240408]

S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-10-14 35104]

S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-24 238848]

S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2010-8-29 158320]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 98688]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]

S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\Windows\System32\drivers\S3XXx64.sys [2007-6-21 66816]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-27 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-15 1255736]

S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-8-29 98208]

S4 FAService;FAService;C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2010-4-4 2409800]

S4 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [2010-10-14 60928]

S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\AlienRespawn\SftService.exe [2010-10-14 705856]

.

=============== Created Last 30 ================

.

2012-12-28 13:42:23 -------- d-----w- C:\Windows\pss

2012-12-28 13:36:30 -------- d-sh--w- C:\$RECYCLE.BIN

2012-12-28 13:22:58 972264 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{506747F7-014A-4969-A3D5-1D6D92166375}\gapaengine.dll

2012-12-28 13:21:47 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D4C84349-3346-4460-BD39-1C709CD8EF0F}\mpengine.dll

2012-12-28 13:19:01 208896 ----a-w- C:\Windows\MBR.exe

2012-12-28 13:19:00 98816 ----a-w- C:\Windows\sed.exe

2012-12-28 13:19:00 256000 ----a-w- C:\Windows\PEV.exe

2012-12-28 13:07:47 -------- dc----w- C:\Users\Erik\AppData\Local\MigWiz

2012-12-28 13:02:23 -------- d-----w- C:\Users\Erik\AppData\Local\Programs

.

==================== Find3M ====================

.

2012-12-15 02:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

.

============= FINISH: 3:58:04.45 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 2/14/2011 9:16:06 PM

System Uptime: 12/28/2012 3:45:51 AM (0 hours ago)

.

Motherboard: Alienware | | M11x R2

Processor: Intel® Core i5 CPU U 520 @ 1.07GHz | CPU | 1067/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 218 GiB total, 7.761 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: facap, FastAccess Video Capture

Device ID: ROOT\IMAGE\0000

Manufacturer: Sensible Vision

Name: facap, FastAccess Video Capture

PNP Device ID: ROOT\IMAGE\0000

Service: FACAP

.

Class GUID: {36fc9e60-c465-11cf-8056-444553540000}

Description: Unknown Device

Device ID: USB\VID_0000&PID_0000\6&150DA55D&0&1

Manufacturer: (Standard USB Host Controller)

Name: Unknown Device

PNP Device ID: USB\VID_0000&PID_0000\6&150DA55D&0&1

Service:

.

==== System Restore Points ===================

.

RP207: 12/28/2012 3:19:12 AM - ComboFix created restore point

RP208: 12/28/2012 3:19:28 AM - Windows Update

.

==== Installed Programs ======================

.

AccelerometerP11

ActivClient CAC x64

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.2

Adobe Shockwave Player 11.6

Alarm Clock version 1.0

AlienRespawn

AlienRespawn - Support Software

Alienware On-Screen Display

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ASPCA Reminder by We-Care.com v4.0.19.1

Banctec Service Agreement

Bing Bar

BitTorrent

BookSmart® 3.1.0 3.1.0

Brother MFL-Pro Suite MFC-295CN

CHIPDRIVE extern/intern/micro treiber 3.1

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

ComicRack v0.9.155

Command Center

Corel PaintShop Pro X4

Corel PaintShop Pro X4 Ultimate Bonus Pack

CyberLink YouCam

DW WLAN Card Utility

EMSC

Endless.Space

ESET Online Scanner v3

Facebook Video Calling 1.2.0.159

Fallout: New Vegas

Free RAR Extract Frog

Free Studio version 5.5.0

Google Earth

Google Update Helper

ICA

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Intel® Rapid Storage Technology

IPM_PSP_COM

Java Auto Updater

Java 6 Update 20 (64-bit)

Java 6 Update 31

Java 7 Update 4 (64-bit)

LogMeIn Hamachi

Malwarebytes Anti-Malware version 1.70.0.1100

Medieval II: Total War

Medieval II: Total War Kingdoms

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft XNA Framework Redistributable 4.0

MotoHelper 2.0.45 Driver 5.0.0

MotoHelper MergeModules

Motorola Mobile Drivers Installation 5.0.0

Mozilla Firefox 15.0.1 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Numen: Contest of Heroes

NVIDIA 3D Vision Driver 301.42

NVIDIA Control Panel 301.42

NVIDIA Graphics Driver 301.42

NVIDIA Install Application

NVIDIA Optimus 1.8.15

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0213

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.8.15

NVIDIA Update Components

NVIDIA Updatus

Portal

Prince of Qin

PSPPContent

PSPPHelp

PSPPro64

Realtek High Definition Audio Driver

Red Faction: Guerrilla

RetRO 1.0

RF Uninstall

RIFT

Sacred Gold

Samorost 2

SCR3xxx Smart Card Reader

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Setup

Skype Click to Call

Skype™ 5.10

SoulSeek 157 NS 13e

Steam

Synaptics Pointing Device Driver

Terraria

The Secret World

TurboTax 2010

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 woriper

TurboTax 2010 wrapper

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Vid-Saver

VLC media player 2.0.1

WIDCOMM Bluetooth Software

Windows Live ID Sign-in Assistant

WinRAR 4.00 (64-bit)

.

==== Event Viewer Messages From Past Week ========

.

12/28/2012 3:53:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

12/28/2012 3:48:47 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

12/28/2012 3:48:47 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

12/28/2012 3:37:45 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{87e5d658-d7fe-11df-9aad-806e6f6e6963}\System Volume Information\SystemRestore\New-software' was corrupted and it has been recovered. Some data might have been lost.

12/28/2012 3:34:00 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

12/28/2012 3:32:33 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

12/28/2012 3:27:22 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.

12/28/2012 3:16:59 AM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).

12/28/2012 3:06:49 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

12/28/2012 3:05:59 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

12/28/2012 3:05:55 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

12/28/2012 3:05:53 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

12/28/2012 3:03:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

12/28/2012 3:01:43 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

12/28/2012 3:01:26 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21

12/28/2012 3:01:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

12/28/2012 3:01:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

12/28/2012 3:01:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/28/2012 3:01:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

12/28/2012 3:01:12 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6

12/28/2012 3:01:08 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

12/28/2012 2:59:49 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

12/28/2012 2:59:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

12/28/2012 2:59:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

12/28/2012 2:57:42 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

12/28/2012 2:57:41 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/28/2012 2:57:41 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

12/28/2012 2:57:41 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

12/28/2012 2:57:41 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

12/28/2012 2:57:41 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/28/2012 2:57:39 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

12/28/2012 2:57:39 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

12/28/2012 2:57:39 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/28/2012 2:57:39 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

.

==== End Of File ===========================

Link to post
Share on other sites

Hello and welcome. Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.

icon11.gif Download Combofix from either of the links below, and save it to your desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.

.

Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:

  • TDSSKiller log
  • ComboFix log

Link to post
Share on other sites

ComboFix 12-12-28.02 - Erik 12/28/2012 3:23.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.1810 [GMT -10:00]

Running from: c:\users\Erik\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\program files (x86)\Vid-Saver

c:\program files (x86)\Vid-Saver\Vid-Saver.exe

c:\program files (x86)\Vid-Saver\Vid-Saver.ico

c:\program files (x86)\Vid-Saver\Vid-Saver.ini

c:\program files (x86)\Vid-Saver\Vid-SaverGui.exe

c:\program files (x86)\Vid-Saver\Vid-SaverInstaller.log

c:\users\Noelle\AppData\Local\Vid-Saver

c:\users\Noelle\AppData\Local\Vid-Saver\Chrome\Vid-Saver.crx

c:\windows\security\Database\tmp.edb

.

.

((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-28 )))))))))))))))))))))))))))))))

.

.

2012-12-28 13:33 . 2012-12-28 13:33 -------- d-----w- c:\users\Noelle\AppData\Local\temp

2012-12-28 13:33 . 2012-12-28 13:33 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-12-28 13:33 . 2012-12-28 13:33 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-12-28 13:33 . 2012-12-28 13:33 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-28 13:22 . 2012-12-28 13:21 972264 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{506747F7-014A-4969-A3D5-1D6D92166375}\gapaengine.dll

2012-12-28 13:21 . 2012-11-08 19:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D4C84349-3346-4460-BD39-1C709CD8EF0F}\mpengine.dll

2012-12-28 13:07 . 2012-12-28 13:07 -------- dc----w- c:\users\Erik\AppData\Local\MigWiz

2012-12-28 13:02 . 2012-12-28 13:02 -------- d-----w- c:\users\Erik\AppData\Local\Programs

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-15 02:49 . 2011-05-22 08:33 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="c:\users\Erik\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]

"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-09-18 205976]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]

"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-19 254696]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-27 1159168]

"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-08-29 1996200]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 164904]

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]

2010-04-04 18:43 144712 ----a-w- c:\program files\Alienware\Command Center\AlienSense\FALogNot.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli FAPassSync

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R0 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [2010-04-16 24176]

R0 TwkMs;CHIPDRIVE Mouse Adapter; [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe [2012-02-14 240408]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-02 35104]

R3 CHIPDRIVE USB SmartCardReader;CHIPDRIVE USB SmartCardReader;c:\windows\system32\DRIVERS\TwkUsb2K.sys [x]

R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys [x]

R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-03-30 158320]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys [2007-06-21 66816]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 TWKSER2K;CHIPDRIVE Serial SmartCardReader;c:\windows\system32\DRIVERS\TWKSER2K.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-15 1255736]

R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2010-04-18 98208]

R4 FAService;FAService;c:\program files\Alienware\Command Center\AlienSense\FAService.exe [2010-04-04 2409800]

R4 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [2010-01-26 60928]

R4 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE [2011-01-13 705856]

S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-05-15 28992]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-08-13 868848]

S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdfltn.sys [2010-01-26 21040]

S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-04 277032]

S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-05-21 14648]

S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe [2012-02-14 193816]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 2369960]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344]

S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-01-27 226624]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-01-26 26160]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-05-03 158976]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-05-03 271872]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-12-28 67072]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1114862642-981339933-1874714411-1002Core.job

- c:\users\Erik\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-02 02:56]

.

2012-09-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1114862642-981339933-1874714411-1002UA.job

- c:\users\Erik\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-02 02:56]

.

2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-16 06:02]

.

2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-16 06:02]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-18 10144288]

"AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-05-21 63304]

"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-12-16 5470208]

"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-04-13 5016112]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-22 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-22 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-22 416024]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]

"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-04 196648]

"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-04 483880]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: intuit.com\ttlc

FF - ProfilePath - c:\users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\tjkohgpn.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp

FF - prefs.js: network.proxy.type - 0

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-FAStartup - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-Vid-Saver - c:\program files (x86)\Vid-Saver\Uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

c:\program files\Alienware\Command Center\AlienFusionController.exe

c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

.

**************************************************************************

.

Completion time: 2012-12-28 03:43:21 - machine was rebooted

ComboFix-quarantined-files.txt 2012-12-28 13:43

.

Pre-Run: 7,000,690,688 bytes free

Post-Run: 8,273,805,312 bytes free

.

- - End Of File - - 8C6E7ABF8716AF154E868298B958BAE0

Link to post
Share on other sites

05:55:10.0846 7012 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

05:55:11.0487 7012 ============================================================

05:55:11.0487 7012 Current date / time: 2012/12/28 05:55:11.0487

05:55:11.0487 7012 SystemInfo:

05:55:11.0487 7012

05:55:11.0488 7012 OS Version: 6.1.7601 ServicePack: 1.0

05:55:11.0488 7012 Product type: Workstation

05:55:11.0488 7012 ComputerName: PIERCY

05:55:11.0488 7012 UserName: Erik

05:55:11.0488 7012 Windows directory: C:\Windows

05:55:11.0488 7012 System windows directory: C:\Windows

05:55:11.0488 7012 Running under WOW64

05:55:11.0488 7012 Processor architecture: Intel x64

05:55:11.0488 7012 Number of processors: 4

05:55:11.0488 7012 Page size: 0x1000

05:55:11.0488 7012 Boot type: Normal boot

05:55:11.0488 7012 ============================================================

05:55:12.0545 7012 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

05:55:12.0560 7012 ============================================================

05:55:12.0560 7012 \Device\Harddisk0\DR0:

05:55:12.0561 7012 MBR partitions:

05:55:12.0561 7012 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000

05:55:12.0561 7012 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B465170

05:55:12.0561 7012 ============================================================

05:55:12.0594 7012 C: <-> \Device\Harddisk0\DR0\Partition2

05:55:12.0594 7012 ============================================================

05:55:12.0595 7012 Initialize success

05:55:12.0595 7012 ============================================================

05:55:14.0445 6216 ============================================================

05:55:14.0445 6216 Scan started

05:55:14.0445 6216 Mode: Manual;

05:55:14.0445 6216 ============================================================

05:55:14.0600 6216 ================ Scan system memory ========================

05:55:14.0600 6216 System memory - ok

05:55:14.0600 6216 ================ Scan services =============================

05:55:14.0878 6216 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

05:55:14.0882 6216 1394ohci - ok

05:55:15.0030 6216 [ 5E8EFEB338DEB1F485420B090FE6C85E ] ac.sharedstore C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe

05:55:15.0034 6216 ac.sharedstore - ok

05:55:15.0107 6216 [ 627371B2D48F64CECC4D019114FB140D ] Acceler C:\Windows\system32\DRIVERS\Accelern.sys

05:55:15.0108 6216 Acceler - ok

05:55:15.0130 6216 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

05:55:15.0134 6216 ACPI - ok

05:55:15.0179 6216 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

05:55:15.0180 6216 AcpiPmi - ok

05:55:15.0266 6216 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

05:55:15.0269 6216 adp94xx - ok

05:55:15.0292 6216 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

05:55:15.0295 6216 adpahci - ok

05:55:15.0313 6216 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

05:55:15.0315 6216 adpu320 - ok

05:55:15.0365 6216 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

05:55:15.0367 6216 AeLookupSvc - ok

05:55:15.0396 6216 Scan interrupted by user!

05:55:15.0396 6216 ================ Scan global ===============================

05:55:15.0396 6216 Scan interrupted by user!

05:55:15.0396 6216 ================ Scan MBR ==================================

05:55:15.0396 6216 Scan interrupted by user!

05:55:15.0396 6216 ================ Scan VBR ==================================

05:55:15.0396 6216 Scan interrupted by user!

05:55:15.0396 6216 ============================================================

05:55:15.0396 6216 Scan finished

05:55:15.0396 6216 ============================================================

05:55:15.0410 6896 Detected object count: 0

05:55:15.0410 6896 Actual detected object count: 0

05:55:19.0300 3416 ============================================================

05:55:19.0300 3416 Scan started

05:55:19.0300 3416 Mode: Manual; TDLFS;

05:55:19.0300 3416 ============================================================

05:55:19.0436 3416 ================ Scan system memory ========================

05:55:19.0436 3416 System memory - ok

05:55:19.0437 3416 ================ Scan services =============================

05:55:19.0640 3416 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

05:55:19.0643 3416 1394ohci - ok

05:55:19.0758 3416 [ 5E8EFEB338DEB1F485420B090FE6C85E ] ac.sharedstore C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe

05:55:19.0762 3416 ac.sharedstore - ok

05:55:19.0786 3416 [ 627371B2D48F64CECC4D019114FB140D ] Acceler C:\Windows\system32\DRIVERS\Accelern.sys

05:55:19.0787 3416 Acceler - ok

05:55:19.0834 3416 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

05:55:19.0837 3416 ACPI - ok

05:55:19.0883 3416 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

05:55:19.0884 3416 AcpiPmi - ok

05:55:19.0980 3416 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

05:55:19.0986 3416 adp94xx - ok

05:55:20.0021 3416 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

05:55:20.0023 3416 adpahci - ok

05:55:20.0041 3416 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

05:55:20.0043 3416 adpu320 - ok

05:55:20.0094 3416 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

05:55:20.0095 3416 AeLookupSvc - ok

05:55:20.0121 3416 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

05:55:20.0123 3416 AERTFilters - ok

05:55:20.0197 3416 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

05:55:20.0203 3416 AFD - ok

05:55:20.0286 3416 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

05:55:20.0288 3416 agp440 - ok

05:55:20.0316 3416 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

05:55:20.0317 3416 ALG - ok

05:55:20.0393 3416 [ A99E57669390F265D25288C8BA042D78 ] AlienFusionService C:\Program Files\Alienware\Command Center\AlienFusionService.exe

05:55:20.0394 3416 AlienFusionService - ok

05:55:20.0478 3416 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

05:55:20.0479 3416 aliide - ok

05:55:20.0508 3416 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

05:55:20.0508 3416 amdide - ok

05:55:20.0580 3416 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

05:55:20.0582 3416 AmdK8 - ok

05:55:20.0589 3416 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

05:55:20.0590 3416 AmdPPM - ok

05:55:20.0693 3416 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

05:55:20.0695 3416 amdsata - ok

05:55:20.0726 3416 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

05:55:20.0728 3416 amdsbs - ok

05:55:20.0745 3416 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

05:55:20.0746 3416 amdxata - ok

05:55:20.0829 3416 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

05:55:20.0830 3416 AppID - ok

05:55:20.0877 3416 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

05:55:20.0878 3416 AppIDSvc - ok

05:55:20.0926 3416 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

05:55:20.0928 3416 Appinfo - ok

05:55:21.0070 3416 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

05:55:21.0072 3416 Apple Mobile Device - ok

05:55:21.0150 3416 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

05:55:21.0151 3416 arc - ok

05:55:21.0170 3416 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

05:55:21.0171 3416 arcsas - ok

05:55:21.0322 3416 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

05:55:21.0324 3416 aspnet_state - ok

05:55:21.0387 3416 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

05:55:21.0388 3416 AsyncMac - ok

05:55:21.0424 3416 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

05:55:21.0424 3416 atapi - ok

05:55:21.0504 3416 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

05:55:21.0513 3416 AudioEndpointBuilder - ok

05:55:21.0534 3416 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

05:55:21.0540 3416 AudioSrv - ok

05:55:21.0616 3416 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

05:55:21.0618 3416 AxInstSV - ok

05:55:21.0659 3416 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

05:55:21.0664 3416 b06bdrv - ok

05:55:21.0704 3416 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

05:55:21.0707 3416 b57nd60a - ok

05:55:21.0809 3416 [ 47480F4260DAE9AA589BCAF924B3767A ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe

05:55:21.0811 3416 BBSvc - ok

05:55:21.0868 3416 [ 6BF743CBF3BCD09DAB79245E60E1AE62 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe

05:55:21.0871 3416 BBUpdate - ok

05:55:21.0895 3416 [ 5C0F919666954885D7760DFFE4B29A25 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys

05:55:21.0896 3416 BCM42RLY - ok

05:55:22.0023 3416 [ BAB887A2B2786310A966881F074F4A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys

05:55:22.0049 3416 BCM43XX - ok

05:55:22.0131 3416 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

05:55:22.0133 3416 BDESVC - ok

05:55:22.0144 3416 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

05:55:22.0144 3416 Beep - ok

05:55:22.0230 3416 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

05:55:22.0238 3416 BFE - ok

05:55:22.0306 3416 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll

05:55:22.0316 3416 BITS - ok

05:55:22.0382 3416 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

05:55:22.0383 3416 blbdrive - ok

05:55:22.0452 3416 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

05:55:22.0453 3416 bowser - ok

05:55:22.0522 3416 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

05:55:22.0522 3416 BrFiltLo - ok

05:55:22.0538 3416 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

05:55:22.0538 3416 BrFiltUp - ok

05:55:22.0577 3416 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

05:55:22.0578 3416 BridgeMP - ok

05:55:22.0620 3416 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll

05:55:22.0623 3416 Browser - ok

05:55:22.0647 3416 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

05:55:22.0650 3416 Brserid - ok

05:55:22.0663 3416 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

05:55:22.0664 3416 BrSerWdm - ok

05:55:22.0688 3416 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

05:55:22.0688 3416 BrUsbMdm - ok

05:55:22.0698 3416 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

05:55:22.0699 3416 BrUsbSer - ok

05:55:22.0785 3416 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys

05:55:22.0786 3416 BthEnum - ok

05:55:22.0798 3416 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

05:55:22.0799 3416 BTHMODEM - ok

05:55:22.0825 3416 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

05:55:22.0826 3416 BthPan - ok

05:55:22.0891 3416 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys

05:55:22.0896 3416 BTHPORT - ok

05:55:22.0953 3416 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

05:55:22.0955 3416 bthserv - ok

05:55:23.0007 3416 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys

05:55:23.0009 3416 BTHUSB - ok

05:55:23.0074 3416 [ 2641A3FE3D7B0646308F33B67F3B5300 ] btusbflt C:\Windows\system32\drivers\btusbflt.sys

05:55:23.0075 3416 btusbflt - ok

05:55:23.0103 3416 [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio C:\Windows\system32\drivers\btwaudio.sys

05:55:23.0104 3416 btwaudio - ok

05:55:23.0169 3416 [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys

05:55:23.0172 3416 btwavdt - ok

05:55:23.0223 3416 [ D65AA164ACD0F6706DBCFBBCC9731584 ] btwdins c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

05:55:23.0231 3416 btwdins - ok

05:55:23.0257 3416 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys

05:55:23.0259 3416 btwl2cap - ok

05:55:23.0319 3416 [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys

05:55:23.0320 3416 btwrchid - ok

05:55:23.0324 3416 catchme - ok

05:55:23.0378 3416 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

05:55:23.0379 3416 cdfs - ok

05:55:23.0461 3416 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

05:55:23.0463 3416 cdrom - ok

05:55:23.0538 3416 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

05:55:23.0540 3416 CertPropSvc - ok

05:55:23.0545 3416 CHIPDRIVE USB SmartCardReader - ok

05:55:23.0607 3416 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

05:55:23.0608 3416 circlass - ok

05:55:23.0664 3416 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

05:55:23.0670 3416 CLFS - ok

05:55:23.0778 3416 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

05:55:23.0779 3416 clr_optimization_v2.0.50727_32 - ok

05:55:23.0843 3416 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

05:55:23.0845 3416 clr_optimization_v2.0.50727_64 - ok

05:55:24.0005 3416 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

05:55:24.0007 3416 clr_optimization_v4.0.30319_32 - ok

05:55:24.0061 3416 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

05:55:24.0064 3416 clr_optimization_v4.0.30319_64 - ok

05:55:24.0115 3416 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

05:55:24.0116 3416 CmBatt - ok

05:55:24.0167 3416 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

05:55:24.0168 3416 cmdide - ok

05:55:24.0232 3416 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

05:55:24.0237 3416 CNG - ok

05:55:24.0303 3416 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

05:55:24.0304 3416 Compbatt - ok

05:55:24.0412 3416 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

05:55:24.0413 3416 CompositeBus - ok

05:55:24.0420 3416 COMSysApp - ok

05:55:24.0442 3416 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

05:55:24.0443 3416 crcdisk - ok

05:55:24.0497 3416 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll

05:55:24.0500 3416 CryptSvc - ok

05:55:24.0562 3416 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

05:55:24.0568 3416 DcomLaunch - ok

05:55:24.0623 3416 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

05:55:24.0628 3416 defragsvc - ok

05:55:24.0683 3416 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

05:55:24.0684 3416 DfsC - ok

05:55:24.0704 3416 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

05:55:24.0708 3416 Dhcp - ok

05:55:24.0771 3416 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

05:55:24.0772 3416 discache - ok

05:55:24.0824 3416 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

05:55:24.0825 3416 Disk - ok

05:55:24.0879 3416 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

05:55:24.0883 3416 Dnscache - ok

05:55:24.0933 3416 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

05:55:24.0936 3416 dot3svc - ok

05:55:24.0992 3416 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

05:55:24.0995 3416 DPS - ok

05:55:25.0068 3416 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

05:55:25.0069 3416 drmkaud - ok

05:55:25.0125 3416 dump_wmimmc - ok

05:55:25.0184 3416 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

05:55:25.0196 3416 DXGKrnl - ok

05:55:25.0241 3416 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

05:55:25.0243 3416 EapHost - ok

05:55:25.0355 3416 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

05:55:25.0383 3416 ebdrv - ok

05:55:25.0441 3416 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

05:55:25.0444 3416 EFS - ok

05:55:25.0524 3416 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

05:55:25.0532 3416 ehRecvr - ok

05:55:25.0589 3416 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

05:55:25.0591 3416 ehSched - ok

05:55:25.0654 3416 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

05:55:25.0658 3416 elxstor - ok

05:55:25.0714 3416 [ E47D9D7E6E53892FC97282482F4AE307 ] EMSC C:\Windows\system32\DRIVERS\EMSC.SYS

05:55:25.0715 3416 EMSC - ok

05:55:25.0732 3416 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

05:55:25.0733 3416 ErrDev - ok

05:55:25.0792 3416 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

05:55:25.0795 3416 EventSystem - ok

05:55:25.0858 3416 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

05:55:25.0861 3416 exfat - ok

05:55:25.0939 3416 [ 2C1D443E14F376E8331F52F135DCA9EF ] FACAP C:\Windows\system32\DRIVERS\facap.sys

05:55:25.0941 3416 FACAP - ok

05:55:26.0023 3416 [ 53E30A6E86AA93C0FFC0BC0439E3E636 ] FAService C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe

05:55:26.0045 3416 FAService - ok

05:55:26.0066 3416 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

05:55:26.0067 3416 fastfat - ok

05:55:26.0191 3416 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

05:55:26.0199 3416 Fax - ok

05:55:26.0255 3416 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

05:55:26.0256 3416 fdc - ok

05:55:26.0313 3416 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

05:55:26.0315 3416 fdPHost - ok

05:55:26.0330 3416 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

05:55:26.0332 3416 FDResPub - ok

05:55:26.0341 3416 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

05:55:26.0342 3416 FileInfo - ok

05:55:26.0351 3416 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

05:55:26.0351 3416 Filetrace - ok

05:55:26.0368 3416 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

05:55:26.0368 3416 flpydisk - ok

05:55:26.0421 3416 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

05:55:26.0425 3416 FltMgr - ok

05:55:26.0494 3416 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

05:55:26.0505 3416 FontCache - ok

05:55:26.0611 3416 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

05:55:26.0613 3416 FontCache3.0.0.0 - ok

05:55:26.0649 3416 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

05:55:26.0651 3416 FsDepends - ok

05:55:26.0705 3416 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

05:55:26.0706 3416 Fs_Rec - ok

05:55:26.0763 3416 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

05:55:26.0766 3416 fvevol - ok

05:55:26.0785 3416 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

05:55:26.0787 3416 gagp30kx - ok

05:55:26.0853 3416 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

05:55:26.0860 3416 gpsvc - ok

05:55:27.0034 3416 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

05:55:27.0036 3416 gupdate - ok

05:55:27.0108 3416 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

05:55:27.0110 3416 gupdatem - ok

05:55:27.0172 3416 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys

05:55:27.0173 3416 hamachi - ok

05:55:27.0345 3416 [ F10C3F2E002100BF8B797DCF283FEA7D ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

05:55:27.0367 3416 Hamachi2Svc - ok

05:55:27.0429 3416 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

05:55:27.0430 3416 hcw85cir - ok

05:55:27.0493 3416 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

05:55:27.0496 3416 HDAudBus - ok

05:55:27.0515 3416 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

05:55:27.0515 3416 HidBatt - ok

05:55:27.0533 3416 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

05:55:27.0535 3416 HidBth - ok

05:55:27.0550 3416 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

05:55:27.0551 3416 HidIr - ok

05:55:27.0601 3416 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

05:55:27.0603 3416 hidserv - ok

05:55:27.0672 3416 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

05:55:27.0673 3416 HidUsb - ok

05:55:27.0720 3416 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

05:55:27.0723 3416 hkmsvc - ok

05:55:27.0773 3416 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

05:55:27.0778 3416 HomeGroupListener - ok

05:55:27.0835 3416 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

05:55:27.0840 3416 HomeGroupProvider - ok

05:55:27.0896 3416 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

05:55:27.0897 3416 HpSAMD - ok

05:55:27.0957 3416 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

05:55:27.0967 3416 HTTP - ok

05:55:27.0984 3416 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

05:55:27.0985 3416 hwpolicy - ok

05:55:28.0052 3416 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

05:55:28.0053 3416 i8042prt - ok

05:55:28.0114 3416 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

05:55:28.0118 3416 iaStor - ok

05:55:28.0223 3416 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

05:55:28.0224 3416 IAStorDataMgrSvc - ok

05:55:28.0296 3416 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

05:55:28.0302 3416 iaStorV - ok

05:55:28.0383 3416 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

05:55:28.0384 3416 IDriverT - ok

05:55:28.0463 3416 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

05:55:28.0474 3416 idsvc - ok

05:55:28.0838 3416 [ 0089B53F1BEFD34B7D8CA4AB021335FA ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

05:55:28.0949 3416 igfx - ok

05:55:29.0002 3416 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

05:55:29.0003 3416 iirsp - ok

05:55:29.0091 3416 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

05:55:29.0098 3416 IKEEXT - ok

05:55:29.0150 3416 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys

05:55:29.0152 3416 Impcd - ok

05:55:29.0177 3416 [ A4A87C2F228DD2AC93DAE94E103792D3 ] InstallFilterService C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe

05:55:29.0178 3416 InstallFilterService - ok

05:55:29.0249 3416 [ 0ADF714079AE174A39D69036143E4C50 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

05:55:29.0271 3416 IntcAzAudAddService - ok

05:55:29.0329 3416 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys

05:55:29.0332 3416 IntcDAud - ok

05:55:29.0392 3416 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

05:55:29.0393 3416 intelide - ok

05:55:29.0462 3416 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

05:55:29.0463 3416 intelppm - ok

05:55:29.0578 3416 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

05:55:29.0579 3416 IntuitUpdateService - ok

05:55:29.0629 3416 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

05:55:29.0632 3416 IPBusEnum - ok

05:55:29.0680 3416 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

05:55:29.0681 3416 IpFilterDriver - ok

05:55:29.0766 3416 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

05:55:29.0776 3416 iphlpsvc - ok

05:55:29.0826 3416 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

05:55:29.0827 3416 IPMIDRV - ok

05:55:29.0884 3416 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

05:55:29.0886 3416 IPNAT - ok

05:55:29.0938 3416 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

05:55:29.0939 3416 IRENUM - ok

05:55:29.0988 3416 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

05:55:29.0988 3416 isapnp - ok

05:55:30.0015 3416 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

05:55:30.0017 3416 iScsiPrt - ok

05:55:30.0098 3416 [ 1EA84FC4DF200FF77A823078532123BF ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys

05:55:30.0101 3416 JMCR - ok

05:55:30.0169 3416 [ 0B585D18C93379227FA2A645181A6DA2 ] johci C:\Windows\system32\DRIVERS\johci.sys

05:55:30.0170 3416 johci - ok

05:55:30.0189 3416 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys

05:55:30.0190 3416 kbdclass - ok

05:55:30.0202 3416 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

05:55:30.0203 3416 kbdhid - ok

05:55:30.0218 3416 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

05:55:30.0220 3416 KeyIso - ok

05:55:30.0273 3416 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

05:55:30.0275 3416 KSecDD - ok

05:55:30.0325 3416 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

05:55:30.0326 3416 KSecPkg - ok

05:55:30.0369 3416 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

05:55:30.0369 3416 ksthunk - ok

05:55:30.0425 3416 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

05:55:30.0431 3416 KtmRm - ok

05:55:30.0486 3416 [ 9C46A5421DE9D116C47155317CABB522 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys

05:55:30.0487 3416 L1C - ok

05:55:30.0588 3416 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll

05:55:30.0592 3416 LanmanServer - ok

05:55:30.0644 3416 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

05:55:30.0649 3416 LanmanWorkstation - ok

05:55:30.0711 3416 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

05:55:30.0712 3416 lltdio - ok

05:55:30.0766 3416 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

05:55:30.0770 3416 lltdsvc - ok

05:55:30.0787 3416 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

05:55:30.0789 3416 lmhosts - ok

05:55:30.0850 3416 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

05:55:30.0852 3416 LSI_FC - ok

05:55:30.0861 3416 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

05:55:30.0862 3416 LSI_SAS - ok

05:55:30.0868 3416 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

05:55:30.0869 3416 LSI_SAS2 - ok

05:55:30.0883 3416 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

05:55:30.0885 3416 LSI_SCSI - ok

05:55:30.0944 3416 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

05:55:30.0946 3416 luafv - ok

05:55:31.0035 3416 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

05:55:31.0036 3416 MBAMProtector - ok

05:55:31.0150 3416 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

05:55:31.0155 3416 MBAMScheduler - ok

05:55:31.0236 3416 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

05:55:31.0242 3416 MBAMService - ok

05:55:31.0288 3416 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

05:55:31.0291 3416 Mcx2Svc - ok

05:55:31.0311 3416 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

05:55:31.0311 3416 megasas - ok

05:55:31.0330 3416 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

05:55:31.0332 3416 MegaSR - ok

05:55:31.0386 3416 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

05:55:31.0389 3416 MMCSS - ok

05:55:31.0411 3416 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

05:55:31.0412 3416 Modem - ok

05:55:31.0430 3416 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

05:55:31.0431 3416 monitor - ok

05:55:31.0551 3416 [ 2443B978E80F8A3D1F39855AA25882AF ] MotoHelper C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

05:55:31.0554 3416 MotoHelper - ok

05:55:31.0620 3416 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

05:55:31.0621 3416 mouclass - ok

05:55:31.0686 3416 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

05:55:31.0687 3416 mouhid - ok

05:55:31.0742 3416 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

05:55:31.0743 3416 mountmgr - ok

05:55:31.0882 3416 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

05:55:31.0884 3416 MozillaMaintenance - ok

05:55:31.0988 3416 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys

05:55:31.0993 3416 MpFilter - ok

05:55:32.0013 3416 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

05:55:32.0014 3416 mpio - ok

05:55:32.0033 3416 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

05:55:32.0034 3416 mpsdrv - ok

05:55:32.0147 3416 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

05:55:32.0156 3416 MpsSvc - ok

05:55:32.0214 3416 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

05:55:32.0216 3416 MRxDAV - ok

05:55:32.0272 3416 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

05:55:32.0274 3416 mrxsmb - ok

05:55:32.0327 3416 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

05:55:32.0329 3416 mrxsmb10 - ok

05:55:32.0347 3416 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

05:55:32.0348 3416 mrxsmb20 - ok

05:55:32.0395 3416 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

05:55:32.0396 3416 msahci - ok

05:55:32.0450 3416 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

05:55:32.0453 3416 msdsm - ok

05:55:32.0507 3416 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

05:55:32.0511 3416 MSDTC - ok

05:55:32.0563 3416 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

05:55:32.0565 3416 Msfs - ok

05:55:32.0638 3416 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

05:55:32.0639 3416 mshidkmdf - ok

05:55:32.0651 3416 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

05:55:32.0652 3416 msisadrv - ok

05:55:32.0709 3416 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

05:55:32.0712 3416 MSiSCSI - ok

05:55:32.0719 3416 msiserver - ok

05:55:32.0784 3416 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

05:55:32.0785 3416 MSKSSRV - ok

05:55:32.0902 3416 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe

05:55:32.0903 3416 MsMpSvc - ok

05:55:32.0959 3416 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

05:55:32.0960 3416 MSPCLOCK - ok

05:55:32.0977 3416 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

05:55:32.0977 3416 MSPQM - ok

05:55:33.0032 3416 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

05:55:33.0035 3416 MsRPC - ok

05:55:33.0052 3416 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

05:55:33.0053 3416 mssmbios - ok

05:55:33.0066 3416 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

05:55:33.0067 3416 MSTEE - ok

05:55:33.0080 3416 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

05:55:33.0080 3416 MTConfig - ok

05:55:33.0092 3416 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

05:55:33.0093 3416 Mup - ok

05:55:33.0167 3416 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

05:55:33.0172 3416 napagent - ok

05:55:33.0240 3416 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

05:55:33.0244 3416 NativeWifiP - ok

05:55:33.0328 3416 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys

05:55:33.0336 3416 NDIS - ok

05:55:33.0391 3416 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

05:55:33.0392 3416 NdisCap - ok

05:55:33.0447 3416 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

05:55:33.0448 3416 NdisTapi - ok

05:55:33.0494 3416 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

05:55:33.0495 3416 Ndisuio - ok

05:55:33.0549 3416 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

05:55:33.0551 3416 NdisWan - ok

05:55:33.0598 3416 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

05:55:33.0600 3416 NDProxy - ok

05:55:33.0616 3416 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

05:55:33.0617 3416 NetBIOS - ok

05:55:33.0670 3416 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

05:55:33.0674 3416 NetBT - ok

05:55:33.0691 3416 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

05:55:33.0693 3416 Netlogon - ok

05:55:33.0765 3416 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

05:55:33.0771 3416 Netman - ok

05:55:33.0823 3416 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

05:55:33.0826 3416 NetMsmqActivator - ok

05:55:33.0833 3416 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

05:55:33.0834 3416 NetPipeActivator - ok

05:55:33.0860 3416 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

05:55:33.0865 3416 netprofm - ok

05:55:33.0871 3416 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

05:55:33.0873 3416 NetTcpActivator - ok

05:55:33.0878 3416 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

05:55:33.0880 3416 NetTcpPortSharing - ok

05:55:33.0899 3416 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

05:55:33.0899 3416 nfrd960 - ok

05:55:33.0979 3416 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys

05:55:33.0983 3416 NisDrv - ok

05:55:34.0053 3416 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe

05:55:34.0058 3416 NisSrv - ok

05:55:34.0125 3416 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

05:55:34.0130 3416 NlaSvc - ok

05:55:34.0144 3416 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

05:55:34.0145 3416 Npfs - ok

05:55:34.0186 3416 npggsvc - ok

05:55:34.0192 3416 NPPTNT2 - ok

05:55:34.0235 3416 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

05:55:34.0237 3416 nsi - ok

05:55:34.0252 3416 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

05:55:34.0253 3416 nsiproxy - ok

05:55:34.0335 3416 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

05:55:34.0351 3416 Ntfs - ok

05:55:34.0397 3416 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

05:55:34.0398 3416 Null - ok

05:55:34.0751 3416 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

05:55:34.0890 3416 nvlddmkm - ok

05:55:34.0954 3416 [ 715D45ED30003FC70CFA0D9C6DD0B538 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys

05:55:34.0956 3416 nvpciflt - ok

05:55:35.0014 3416 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

05:55:35.0017 3416 nvraid - ok

05:55:35.0088 3416 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

05:55:35.0089 3416 nvstor - ok

05:55:35.0149 3416 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\Windows\system32\nvvsvc.exe

05:55:35.0157 3416 nvsvc - ok

05:55:35.0269 3416 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

05:55:35.0278 3416 nvUpdatusService - ok

05:55:35.0341 3416 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

05:55:35.0343 3416 nv_agp - ok

05:55:35.0393 3416 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

05:55:35.0394 3416 ohci1394 - ok

05:55:35.0451 3416 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

05:55:35.0457 3416 p2pimsvc - ok

05:55:35.0479 3416 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

05:55:35.0484 3416 p2psvc - ok

05:55:35.0537 3416 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

05:55:35.0538 3416 Parport - ok

05:55:35.0589 3416 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

05:55:35.0591 3416 partmgr - ok

05:55:35.0612 3416 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

05:55:35.0615 3416 PcaSvc - ok

05:55:35.0632 3416 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

05:55:35.0634 3416 pci - ok

05:55:35.0692 3416 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

05:55:35.0692 3416 pciide - ok

05:55:35.0704 3416 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

05:55:35.0706 3416 pcmcia - ok

05:55:35.0721 3416 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

05:55:35.0722 3416 pcw - ok

05:55:35.0748 3416 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

05:55:35.0753 3416 PEAUTH - ok

05:55:35.0893 3416 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

05:55:35.0895 3416 PerfHost - ok

05:55:35.0983 3416 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

05:55:35.0997 3416 pla - ok

05:55:36.0070 3416 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

05:55:36.0075 3416 PlugPlay - ok

05:55:36.0120 3416 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

05:55:36.0123 3416 PNRPAutoReg - ok

05:55:36.0168 3416 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

05:55:36.0174 3416 PNRPsvc - ok

05:55:36.0211 3416 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

05:55:36.0217 3416 PolicyAgent - ok

05:55:36.0268 3416 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

05:55:36.0273 3416 Power - ok

05:55:36.0347 3416 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

05:55:36.0349 3416 PptpMiniport - ok

05:55:36.0366 3416 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

05:55:36.0367 3416 Processor - ok

05:55:36.0387 3416 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll

05:55:36.0390 3416 ProfSvc - ok

05:55:36.0405 3416 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

05:55:36.0407 3416 ProtectedStorage - ok

05:55:36.0473 3416 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

05:55:36.0475 3416 Psched - ok

05:55:36.0611 3416 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

05:55:36.0614 3416 PSI_SVC_2 - ok

05:55:36.0713 3416 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

05:55:36.0726 3416 ql2300 - ok

05:55:36.0763 3416 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

05:55:36.0765 3416 ql40xx - ok

05:55:36.0817 3416 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

05:55:36.0823 3416 QWAVE - ok

05:55:36.0840 3416 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

05:55:36.0841 3416 QWAVEdrv - ok

05:55:36.0860 3416 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

05:55:36.0861 3416 RasAcd - ok

05:55:36.0928 3416 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

05:55:36.0929 3416 RasAgileVpn - ok

05:55:36.0975 3416 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

05:55:36.0979 3416 RasAuto - ok

05:55:37.0024 3416 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

05:55:37.0026 3416 Rasl2tp - ok

05:55:37.0078 3416 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

05:55:37.0082 3416 RasMan - ok

05:55:37.0096 3416 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

05:55:37.0097 3416 RasPppoe - ok

05:55:37.0113 3416 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

05:55:37.0114 3416 RasSstp - ok

05:55:37.0171 3416 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

05:55:37.0175 3416 rdbss - ok

05:55:37.0192 3416 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

05:55:37.0193 3416 rdpbus - ok

05:55:37.0214 3416 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

05:55:37.0215 3416 RDPCDD - ok

05:55:37.0274 3416 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

05:55:37.0275 3416 RDPENCDD - ok

05:55:37.0296 3416 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

05:55:37.0296 3416 RDPREFMP - ok

05:55:37.0350 3416 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

05:55:37.0353 3416 RDPWD - ok

05:55:37.0400 3416 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

05:55:37.0402 3416 rdyboost - ok

05:55:37.0470 3416 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

05:55:37.0474 3416 RemoteAccess - ok

05:55:37.0524 3416 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

05:55:37.0529 3416 RemoteRegistry - ok

05:55:37.0600 3416 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

05:55:37.0602 3416 RFCOMM - ok

05:55:37.0617 3416 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

05:55:37.0620 3416 RpcEptMapper - ok

05:55:37.0646 3416 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

05:55:37.0648 3416 RpcLocator - ok

05:55:37.0691 3416 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

05:55:37.0701 3416 RpcSs - ok

05:55:37.0749 3416 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

05:55:37.0751 3416 rspndr - ok

05:55:37.0812 3416 [ CA9C2A75C2AC1787C807DC72068BF5B7 ] S3XXx64 C:\Windows\system32\DRIVERS\S3XXx64.sys

05:55:37.0814 3416 S3XXx64 - ok

05:55:37.0850 3416 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

05:55:37.0853 3416 SamSs - ok

05:55:37.0901 3416 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

05:55:37.0903 3416 sbp2port - ok

05:55:37.0923 3416 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

05:55:37.0926 3416 SCardSvr - ok

05:55:37.0974 3416 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

05:55:37.0975 3416 scfilter - ok

05:55:38.0046 3416 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

05:55:38.0059 3416 Schedule - ok

05:55:38.0109 3416 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

05:55:38.0111 3416 SCPolicySvc - ok

05:55:38.0168 3416 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

05:55:38.0173 3416 SDRSVC - ok

05:55:38.0235 3416 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

05:55:38.0236 3416 secdrv - ok

05:55:38.0251 3416 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

05:55:38.0253 3416 seclogon - ok

05:55:38.0265 3416 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

05:55:38.0268 3416 SENS - ok

05:55:38.0322 3416 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

05:55:38.0325 3416 SensrSvc - ok

05:55:38.0397 3416 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

05:55:38.0398 3416 Serenum - ok

05:55:38.0425 3416 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

05:55:38.0427 3416 Serial - ok

05:55:38.0460 3416 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

05:55:38.0461 3416 sermouse - ok

05:55:38.0521 3416 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

05:55:38.0525 3416 SessionEnv - ok

05:55:38.0578 3416 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

05:55:38.0579 3416 sffdisk - ok

05:55:38.0597 3416 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

05:55:38.0597 3416 sffp_mmc - ok

05:55:38.0610 3416 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

05:55:38.0611 3416 sffp_sd - ok

05:55:38.0631 3416 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

05:55:38.0632 3416 sfloppy - ok

05:55:38.0719 3416 [ 38F88F0DF46C4D42125EF721ABD7F6B9 ] SftService C:\Program Files (x86)\AlienRespawn\sftservice.EXE

05:55:38.0724 3416 SftService - ok

05:55:38.0813 3416 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

05:55:38.0819 3416 SharedAccess - ok

05:55:38.0840 3416 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

05:55:38.0844 3416 ShellHWDetection - ok

05:55:38.0851 3416 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

05:55:38.0852 3416 SiSRaid2 - ok

05:55:38.0858 3416 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

05:55:38.0859 3416 SiSRaid4 - ok

05:55:39.0033 3416 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

05:55:39.0061 3416 Skype C2C Service - ok

05:55:39.0189 3416 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

05:55:39.0192 3416 SkypeUpdate - ok

05:55:39.0247 3416 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

05:55:39.0249 3416 Smb - ok

05:55:39.0331 3416 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

05:55:39.0333 3416 SNMPTRAP - ok

05:55:39.0350 3416 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

05:55:39.0351 3416 spldr - ok

05:55:39.0402 3416 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe

05:55:39.0408 3416 Spooler - ok

05:55:39.0526 3416 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

05:55:39.0558 3416 sppsvc - ok

05:55:39.0577 3416 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

05:55:39.0580 3416 sppuinotify - ok

05:55:39.0669 3416 [ 4C33F139236FD9BD14A920F60C1CB072 ] sptd C:\Windows\system32\Drivers\sptd.sys

05:55:39.0670 3416 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 4C33F139236FD9BD14A920F60C1CB072

05:55:39.0672 3416 sptd ( LockedFile.Multi.Generic ) - warning

05:55:39.0672 3416 sptd - detected LockedFile.Multi.Generic (1)

05:55:39.0734 3416 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

05:55:39.0739 3416 srv - ok

05:55:39.0759 3416 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

05:55:39.0762 3416 srv2 - ok

05:55:39.0779 3416 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

05:55:39.0780 3416 srvnet - ok

05:55:39.0842 3416 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

05:55:39.0845 3416 SSDPSRV - ok

05:55:39.0861 3416 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

05:55:39.0864 3416 SstpSvc - ok

05:55:39.0940 3416 [ C568FDB21CE77A44FD166F28F104AC46 ] stdflt C:\Windows\system32\DRIVERS\stdfltn.sys

05:55:39.0941 3416 stdflt - ok

05:55:39.0966 3416 Steam Client Service - ok

05:55:40.0056 3416 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

05:55:40.0061 3416 Stereo Service - ok

05:55:40.0113 3416 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

05:55:40.0113 3416 stexstor - ok

05:55:40.0173 3416 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

05:55:40.0180 3416 stisvc - ok

05:55:40.0223 3416 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

05:55:40.0224 3416 swenum - ok

05:55:40.0249 3416 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

05:55:40.0255 3416 swprv - ok

05:55:40.0309 3416 [ BE2B928DE9AF2848289DB7A54C7E2398 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

05:55:40.0313 3416 SynTP - ok

05:55:40.0392 3416 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

05:55:40.0408 3416 SysMain - ok

05:55:40.0449 3416 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

05:55:40.0453 3416 TabletInputService - ok

05:55:40.0509 3416 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

05:55:40.0517 3416 TapiSrv - ok

05:55:40.0531 3416 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

05:55:40.0534 3416 TBS - ok

05:55:40.0639 3416 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

05:55:40.0656 3416 Tcpip - ok

05:55:40.0708 3416 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

05:55:40.0724 3416 TCPIP6 - ok

05:55:40.0775 3416 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

05:55:40.0776 3416 tcpipreg - ok

05:55:40.0826 3416 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

05:55:40.0827 3416 TDPIPE - ok

05:55:40.0878 3416 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

05:55:40.0879 3416 TDTCP - ok

05:55:40.0933 3416 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

05:55:40.0935 3416 tdx - ok

05:55:40.0982 3416 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

05:55:40.0984 3416 TermDD - ok

05:55:41.0049 3416 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

05:55:41.0060 3416 TermService - ok

05:55:41.0076 3416 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

05:55:41.0078 3416 Themes - ok

05:55:41.0130 3416 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

05:55:41.0133 3416 THREADORDER - ok

05:55:41.0150 3416 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

05:55:41.0153 3416 TrkWks - ok

05:55:41.0248 3416 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

05:55:41.0251 3416 TrustedInstaller - ok

05:55:41.0305 3416 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

05:55:41.0306 3416 tssecsrv - ok

05:55:41.0381 3416 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

05:55:41.0382 3416 TsUsbFlt - ok

05:55:41.0451 3416 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

05:55:41.0453 3416 tunnel - ok

05:55:41.0496 3416 TwkMs - ok

05:55:41.0505 3416 TWKSER2K - ok

05:55:41.0547 3416 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

05:55:41.0548 3416 uagp35 - ok

05:55:41.0577 3416 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

05:55:41.0580 3416 udfs - ok

05:55:41.0604 3416 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

05:55:41.0607 3416 UI0Detect - ok

05:55:41.0667 3416 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

05:55:41.0669 3416 uliagpkx - ok

05:55:41.0736 3416 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys

05:55:41.0737 3416 umbus - ok

05:55:41.0760 3416 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

05:55:41.0760 3416 UmPass - ok

05:55:41.0785 3416 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

05:55:41.0789 3416 upnphost - ok

05:55:41.0868 3416 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

05:55:41.0870 3416 usbaudio - ok

05:55:41.0923 3416 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

05:55:41.0925 3416 usbccgp - ok

05:55:41.0974 3416 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

05:55:41.0976 3416 usbcir - ok

05:55:41.0997 3416 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys

05:55:41.0998 3416 usbehci - ok

05:55:42.0018 3416 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

05:55:42.0021 3416 usbhub - ok

05:55:42.0042 3416 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

05:55:42.0043 3416 usbohci - ok

05:55:42.0116 3416 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

05:55:42.0117 3416 usbprint - ok

05:55:42.0188 3416 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

05:55:42.0189 3416 usbscan - ok

05:55:42.0200 3416 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

05:55:42.0202 3416 USBSTOR - ok

05:55:42.0222 3416 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

05:55:42.0223 3416 usbuhci - ok

05:55:42.0288 3416 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

05:55:42.0290 3416 usbvideo - ok

05:55:42.0333 3416 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

05:55:42.0335 3416 UxSms - ok

05:55:42.0379 3416 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

05:55:42.0382 3416 VaultSvc - ok

05:55:42.0437 3416 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

05:55:42.0438 3416 vdrvroot - ok

05:55:42.0498 3416 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

05:55:42.0504 3416 vds - ok

05:55:42.0527 3416 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

05:55:42.0528 3416 vga - ok

05:55:42.0549 3416 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

05:55:42.0550 3416 VgaSave - ok

05:55:42.0570 3416 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

05:55:42.0572 3416 vhdmp - ok

05:55:42.0608 3416 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

05:55:42.0609 3416 viaide - ok

05:55:42.0642 3416 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

05:55:42.0643 3416 volmgr - ok

05:55:42.0694 3416 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

05:55:42.0698 3416 volmgrx - ok

05:55:42.0713 3416 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

05:55:42.0715 3416 volsnap - ok

05:55:42.0741 3416 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

05:55:42.0744 3416 vsmraid - ok

05:55:42.0830 3416 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

05:55:42.0846 3416 VSS - ok

05:55:42.0864 3416 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

05:55:42.0865 3416 vwifibus - ok

05:55:42.0928 3416 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

05:55:42.0929 3416 vwififlt - ok

05:55:42.0991 3416 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

05:55:42.0998 3416 W32Time - ok

05:55:43.0022 3416 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

05:55:43.0023 3416 WacomPen - ok

05:55:43.0082 3416 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

05:55:43.0083 3416 WANARP - ok

05:55:43.0089 3416 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

05:55:43.0091 3416 Wanarpv6 - ok

05:55:43.0195 3416 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

05:55:43.0205 3416 WatAdminSvc - ok

05:55:43.0283 3416 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

05:55:43.0297 3416 wbengine - ok

05:55:43.0316 3416 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

05:55:43.0319 3416 WbioSrvc - ok

05:55:43.0377 3416 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

05:55:43.0386 3416 wcncsvc - ok

05:55:43.0398 3416 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

05:55:43.0400 3416 WcsPlugInService - ok

05:55:43.0453 3416 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

05:55:43.0454 3416 Wd - ok

05:55:43.0482 3416 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

05:55:43.0487 3416 Wdf01000 - ok

05:55:43.0502 3416 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

05:55:43.0505 3416 WdiServiceHost - ok

05:55:43.0511 3416 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

05:55:43.0514 3416 WdiSystemHost - ok

05:55:43.0533 3416 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

05:55:43.0537 3416 WebClient - ok

05:55:43.0554 3416 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

05:55:43.0558 3416 Wecsvc - ok

05:55:43.0575 3416 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

05:55:43.0577 3416 wercplsupport - ok

05:55:43.0631 3416 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

05:55:43.0635 3416 WerSvc - ok

05:55:43.0692 3416 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

05:55:43.0693 3416 WfpLwf - ok

05:55:43.0764 3416 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys

05:55:43.0767 3416 WimFltr - ok

05:55:43.0784 3416 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

05:55:43.0784 3416 WIMMount - ok

05:55:43.0843 3416 WinDefend - ok

05:55:43.0851 3416 WinHttpAutoProxySvc - ok

05:55:43.0939 3416 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

05:55:43.0942 3416 Winmgmt - ok

05:55:44.0034 3416 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

05:55:44.0055 3416 WinRM - ok

05:55:44.0139 3416 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys

05:55:44.0141 3416 WinUsb - ok

05:55:44.0240 3416 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

05:55:44.0248 3416 Wlansvc - ok

05:55:44.0428 3416 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

05:55:44.0450 3416 wlidsvc - ok

05:55:44.0479 3416 [ A96D6C0613DCF84F2D07FAEB75663072 ] wltrysvc C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

05:55:44.0480 3416 wltrysvc - ok

05:55:44.0547 3416 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

05:55:44.0548 3416 WmiAcpi - ok

05:55:44.0614 3416 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

05:55:44.0616 3416 wmiApSrv - ok

05:55:44.0666 3416 WMPNetworkSvc - ok

05:55:44.0712 3416 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

05:55:44.0715 3416 WPCSvc - ok

05:55:44.0749 3416 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

05:55:44.0754 3416 WPDBusEnum - ok

05:55:44.0801 3416 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

05:55:44.0801 3416 ws2ifsl - ok

05:55:44.0882 3416 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

05:55:44.0885 3416 wscsvc - ok

05:55:44.0890 3416 WSearch - ok

05:55:44.0995 3416 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

05:55:45.0019 3416 wuauserv - ok

05:55:45.0066 3416 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

05:55:45.0068 3416 WudfPf - ok

05:55:45.0093 3416 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

05:55:45.0095 3416 WUDFRd - ok

05:55:45.0145 3416 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

05:55:45.0150 3416 wudfsvc - ok

05:55:45.0170 3416 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

05:55:45.0174 3416 WwanSvc - ok

05:55:45.0222 3416 ================ Scan global ===============================

05:55:45.0260 3416 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

05:55:45.0308 3416 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

05:55:45.0324 3416 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

05:55:45.0366 3416 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

05:55:45.0422 3416 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

05:55:45.0427 3416 [Global] - ok

05:55:45.0427 3416 ================ Scan MBR ==================================

05:55:45.0440 3416 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0

05:55:45.0906 3416 \Device\Harddisk0\DR0 - ok

05:55:45.0910 3416 ================ Scan VBR ==================================

05:55:45.0911 3416 [ 0C8F1D469FE55511B23C144C4F279F42 ] \Device\Harddisk0\DR0\Partition1

05:55:45.0914 3416 \Device\Harddisk0\DR0\Partition1 - ok

05:55:45.0955 3416 [ 3B0D3FC9F4D80C0F5B74137AF6D4051A ] \Device\Harddisk0\DR0\Partition2

05:55:45.0959 3416 \Device\Harddisk0\DR0\Partition2 - ok

05:55:45.0960 3416 ============================================================

05:55:45.0960 3416 Scan finished

05:55:45.0960 3416 ============================================================

05:55:45.0971 5812 Detected object count: 1

05:55:45.0971 5812 Actual detected object count: 1

05:55:50.0200 5812 sptd ( LockedFile.Multi.Generic ) - skipped by user

05:55:50.0201 5812 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites

Please do this next:

icon11.gif Go to this page and download Malwarebytes Anti-Rootkit (MBAR)

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • MBAR will create logs that you will find in the same folder you found MBAR.exe. Please copy/paste the contents of those into your next post for me to review.

Please include the following in your next post:

  • MBAR logs

Link to post
Share on other sites

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_31

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 1.064000 GHz

Memory total: 4083007488, free: 2552766464

------------ Kernel report ------------

12/28/2012 12:45:36

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\System32\Drivers\spse.sys

\SystemRoot\System32\Drivers\WMILIB.SYS

\SystemRoot\System32\Drivers\SCSIPORT.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\DRIVERS\MpFilter.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\wd.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\system32\DRIVERS\stdfltn.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\system32\DRIVERS\nvpciflt.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\EMSC.SYS

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\nvlddmkm.sys

\SystemRoot\System32\Drivers\nvBridge.kmd

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\L1C62x64.sys

\SystemRoot\system32\DRIVERS\bcmwl664.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\drivers\i8042prt.sys

\SystemRoot\system32\drivers\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\Impcd.sys

\SystemRoot\System32\Drivers\aesl7kw5.SYS

\SystemRoot\system32\DRIVERS\Accelern.sys

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\hamachi.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\IntcDAud.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\drivers\luafv.sys

\??\C:\Windows\system32\drivers\mbam.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\system32\drivers\BCM42RLY.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\shell32.dll

\Windows\System32\usp10.dll

\Windows\System32\imagehlp.dll

\Windows\System32\iertutil.dll

\Windows\System32\wininet.dll

\Windows\System32\ole32.dll

\Windows\System32\lpk.dll

\Windows\System32\imm32.dll

\Windows\System32\gdi32.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\psapi.dll

\Windows\System32\msvcrt.dll

\Windows\System32\setupapi.dll

\Windows\System32\oleaut32.dll

\Windows\System32\shlwapi.dll

\Windows\System32\sechost.dll

\Windows\System32\ws2_32.dll

\Windows\System32\nsi.dll

\Windows\System32\msctf.dll

\Windows\System32\Wldap32.dll

\Windows\System32\user32.dll

\Windows\System32\clbcatq.dll

\Windows\System32\kernel32.dll

\Windows\System32\urlmon.dll

\Windows\System32\advapi32.dll

\Windows\System32\comdlg32.dll

\Windows\System32\difxapi.dll

\Windows\System32\normaliz.dll

\Windows\System32\comctl32.dll

\Windows\System32\crypt32.dll

\Windows\System32\wintrust.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\KernelBase.dll

\Windows\System32\devobj.dll

\Windows\System32\msasn1.dll

\Windows\SysWOW64\normaliz.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8007694060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-0\

Lower Device Object: 0xfffffa800569a050

Lower Device Driver Name: \Driver\iaStor\

Driver name found: iaStor

DriverEntry returned 0x0

Function returned 0x0

Downloaded database version: v2012.12.28.12

Downloaded database version: v2012.12.27.02

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 3

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8007694060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80075408b0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8007694060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800753f870, DeviceName: Unknown, DriverName: \Driver\stdflt\

DevicePointer: 0xfffffa8005699a00, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa800569a050, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\

------------ End ----------

Upper DeviceData: 0xfffff8a0023a31a0, 0xfffffa8007694060, 0xfffffa800a366790

Lower DeviceData: 0xfffff8a00b8d86c0, 0xfffffa800569a050, 0xfffffa8004c9be40

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\Windows\system32\drivers...

File user open failed: C:\Windows\system32\drivers\sptd.sys (0x00000020)

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: F68BE595

Partition information:

Partition 0 type is Other (0xde)

Partition is NOT ACTIVE.

Partition starts at LBA: 63 Numsec = 80262

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 81920 Numsec = 30720000

Partition file system is NTFS

Partition is bootable

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 30801920 Numsec = 457593200

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 250059350016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...

Done!

Performing system, memory and registry scan...

Done!

Scan finished

=======================================

Link to post
Share on other sites

Please do this next:

icon11.gif Uninstall Malwarebytes via Control Panel > Add/Remove Programs

  • Reboot
  • Download the Malwarebytes Removal Tool
  • Double click on the utility to run it
  • It will ask to restart your computer (please allow it to).
  • After the computer restarts, install the latest version from here
  • Install it, update it and run a full scan

icon11.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Please include the following in your next post:

  • MBAM log
  • JRT log

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.