[A] Help

Inactive
By BlazinGhost
Oct 4, 2012
Topic Status:
Not open for further replies.
  1. I'm afraid to log onto my important accounts or even using my credit card on my computer. Could you guys help me clean my computer?
  2. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    You've been to this forum before so you should know what to do.

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. BlazinGhost

    BlazinGhost Newcomer, in training Topic Starter Posts: 72

    There was no GMER log but here are the other logs,

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.06.05

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    KENT NGUYEN :: KENTNGUYEN-PC [administrator]

    10/6/2012 1:31:09 PM
    mbam-log-2012-10-06 (13-31-09).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 218401
    Time elapsed: 3 minute(s), 45 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows 7 Eternity™ 2009
    Boot Device: \Device\HarddiskVolume2
    Install Date: 7/22/2011 3:06:41 PM
    System Uptime: 10/6/2012 1:15:05 PM (0 hours ago)
    .
    Motherboard: C51PVGM-GB | | C51PVGM-GB
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket M2 | 2000/201mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 228 GiB total, 67.106 GiB free.
    D: is FIXED (FAT32) - 5 GiB total, 2.108 GiB free.
    E: is CDROM (CDFS)
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description:
    Device ID: ACPI\AWY0001\2&DABA3FF&1
    Manufacturer:
    Name:
    PNP Device ID: ACPI\AWY0001\2&DABA3FF&1
    Service:
    .
    ==== System Restore Points ===================
    .
    RP115: 9/28/2012 7:39:59 PM - Removed Skype Click to Call
    RP116: 10/6/2012 12:56:57 PM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.1)
    AIM 7
    Apple Application Support
    Apple Software Update
    avast! Free Antivirus
    Combined Community Codec Pack 2011-06-26
    Counter-Strike: Source
    D3DX10
    Download Updater (AOL LLC)
    Fantapper Browser Plugin
    Fry's Wireless N USB Adapter FR-300USB
    Google Chrome
    Heroes of Newerth
    Itibiti RTC
    Java Auto Updater
    Java(TM) 6 Update 35
    Knctr
    League of Legends
    LogMeIn Hamachi
    Malwarebytes Anti-Malware version 1.65.0.1400
    Messenger Companion
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Excel Viewer
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Mozilla Firefox 13.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP2 Parser and SDK
    Mumble 1.2.3
    Nexon Game Manager
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    ooVoo
    Pando Media Booster
    PhotoScape
    Presentation Assistant Pro V2.3.3
    QuickTime
    Raidcall
    REACTOR
    Skype™ 5.10
    Soldier Front
    Steam
    Survival Project
    System Requirements Lab
    TeamViewer 6
    Unity Web Player
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    WinRAR 4.01 (32-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/6/2012 1:15:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WinDefend service to connect.
    10/6/2012 1:15:54 PM, Error: Service Control Manager [7000] - The WinDefend service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35
    Run by KENT NGUYEN at 13:46:57 on 2012-10-06
    Microsoft® Windows 7 Eternity™ 2009 6.1.7600.0.1252.1.1033.18.3072.1634 [GMT -7:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    C:\Program Files (x86)\FRYS\FR-300USB revA\WlanWpsSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\uTorrent\uTorrent.exe
    C:\Program Files (x86)\RocketDock\RocketDock.exe
    C:\Program Files (x86)\FRYS\FR-300USB revA\wirelesscm.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Users\KENT NGUYEN\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\KENT NGUYEN\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\KENT NGUYEN\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\KENT NGUYEN\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\KENT NGUYEN\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    uRun: [Google Update] "C:\Users\KENT NGUYEN\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    dRun: [Welcome Center] C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
    dRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ROCKET~1.LNK - C:\Program Files (x86)\RocketDock\RocketDock.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WIRELE~1.LNK - C:\Program Files (x86)\FRYS\FR-300USB revA\wirelesscm.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    dPolicies-explorer: NoResolveTrack = 1 (0x1)
    dPolicies-explorer: NoSMBalloonTip = 1 (0x1)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: Interfaces\{31E03527-7ABA-4A1B-937E-456721522840} : DhcpNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\KENT NGUYEN\AppData\Roaming\Mozilla\Firefox\Profiles\ounn8cau.default\
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: C:\Users\KENT NGUYEN\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Users\KENT NGUYEN\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-16 44808]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-8-29 2369960]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-6 399432]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-6 676936]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-4-17 2348352]
    R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-7-27 2337144]
    R2 WlanWpsSvc;WlanWpsSvc;C:\Program Files (x86)\FRYS\FR-300USB revA\WlanWpsSvc.exe [2011-7-22 167936]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
    R3 VST64_DPV;VST64_DPV;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    R3 VST64HWBS2;VST64HWBS2;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-22 250288]
    S3 Gun;Gun;C:\Game\SoftnyxGame\GunboundIS\Gun64.sys [2012-5-3 45176]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-2 113120]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-10-06 20:17:07--------d-----w-C:\Users\KENT NGUYEN\AppData\Local\{8EDE7034-2AB5-42DC-9E8B-CF4CF5325EB2}
    2012-10-06 20:13:27711240----a-w-C:\Windows\isRS-000.tmp
    2012-10-05 14:31:48--------d-----w-C:\Users\KENT NGUYEN\AppData\Local\{1DD9CA8E-0E48-4111-909B-AEA60347646A}
    2012-10-05 00:49:14--------d-----w-C:\Users\KENT NGUYEN\AppData\Local\{144F0013-C095-4A71-B87C-C2C79580A2B8}
    .
    ==================== Find3M ====================
    .
    2012-10-06 20:30:4573136----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-06 20:30:45696240----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-09-08 00:04:4625928----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-09-05 01:16:50477168----a-w-C:\Windows\SysWow64\npdeployJava1.dll
    2012-09-05 01:16:50473072----a-w-C:\Windows\SysWow64\deployJava1.dll
    .
    ============= FINISH: 13:48:20.75 ===============
  4. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    What are the actual computer issues?

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ===================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  5. BlazinGhost

    BlazinGhost Newcomer, in training Topic Starter Posts: 72

    Could I hold this thread? Its finals week and I've been studying lately.
  6. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    No problem.
    Life goes first :)
  7. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Still with me?
  8. BlazinGhost

    BlazinGhost Newcomer, in training Topic Starter Posts: 72

    Yes, I just got done with Finals week yesterday, thank you for waiting.
  9. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    I hope everything went well :)
  10. BlazinGhost

    BlazinGhost Newcomer, in training Topic Starter Posts: 72

    Thank you! :)
    Now where did we leave off at?
  11. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Read my reply #4
  12. BlazinGhost

    BlazinGhost Newcomer, in training Topic Starter Posts: 72

    I get an error like this each time I start up my computer,
    RunDLL
    There was a problem starting NVCPL.DLL
    NVCPL.DLL is not a valid Win32 application.

    I just have the fear of losing anything important to me.

    20:17:29.0531 2752 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
    20:17:30.0166 2752 ============================================================
    20:17:30.0166 2752 Current date / time: 2012/10/20 20:17:30.0166
    20:17:30.0166 2752 SystemInfo:
    20:17:30.0166 2752
    20:17:30.0166 2752 OS Version: 6.1.7600 ServicePack: 0.0
    20:17:30.0166 2752 Product type: Workstation
    20:17:30.0166 2752 ComputerName: KENTNGUYEN-PC
    20:17:30.0166 2752 UserName: KENT NGUYEN
    20:17:30.0166 2752 Windows directory: C:\Windows
    20:17:30.0166 2752 System windows directory: C:\Windows
    20:17:30.0166 2752 Running under WOW64
    20:17:30.0166 2752 Processor architecture: Intel x64
    20:17:30.0166 2752 Number of processors: 2
    20:17:30.0166 2752 Page size: 0x1000
    20:17:30.0166 2752 Boot type: Normal boot
    20:17:30.0166 2752 ============================================================
    20:17:31.0345 2752 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    20:17:31.0591 2752 ============================================================
    20:17:31.0591 2752 \Device\Harddisk0\DR0:
    20:17:31.0836 2752 MBR partitions:
    20:17:31.0836 2752 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xABD67D, BlocksNum 0x1C703043
    20:17:31.0836 2752 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xABD63E
    20:17:31.0836 2752 ============================================================
    20:17:31.0924 2752 C: <-> \Device\Harddisk0\DR0\Partition1
    20:17:31.0924 2752 D: <-> \Device\Harddisk0\DR0\Partition2
    20:17:31.0924 2752 ============================================================
    20:17:31.0924 2752 Initialize success
    20:17:31.0924 2752 ============================================================
    20:17:34.0901 2940 ============================================================
    20:17:34.0901 2940 Scan started
    20:17:34.0901 2940 Mode: Manual;
    20:17:34.0901 2940 ============================================================
    20:17:36.0381 2940 ================ Scan system memory ========================
    20:17:36.0381 2940 System memory - ok
    20:17:36.0382 2940 ================ Scan services =============================
    20:17:36.0720 2940 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
    20:17:36.0727 2940 1394ohci - ok
    20:17:36.0766 2940 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
    20:17:36.0774 2940 ACPI - ok
    20:17:36.0805 2940 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
    20:17:36.0807 2940 AcpiPmi - ok
    20:17:36.0920 2940 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    20:17:36.0923 2940 AdobeARMservice - ok
    20:17:37.0074 2940 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    20:17:37.0081 2940 AdobeFlashPlayerUpdateSvc - ok
    20:17:37.0125 2940 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    20:17:37.0136 2940 adp94xx - ok
    20:17:37.0190 2940 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    20:17:37.0199 2940 adpahci - ok
    20:17:37.0222 2940 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    20:17:37.0228 2940 adpu320 - ok
    20:17:37.0286 2940 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    20:17:37.0289 2940 AeLookupSvc - ok
    20:17:37.0343 2940 [ 6EF20DDF3172E97D69F596FB90602F29 ] AFD C:\Windows\system32\drivers\afd.sys
    20:17:37.0356 2940 AFD - ok
    20:17:37.0401 2940 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
    20:17:37.0404 2940 agp440 - ok
    20:17:37.0426 2940 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    20:17:37.0430 2940 ALG - ok
    20:17:37.0454 2940 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
    20:17:37.0456 2940 aliide - ok
    20:17:37.0477 2940 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
    20:17:37.0480 2940 amdide - ok
    20:17:37.0513 2940 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    20:17:37.0516 2940 AmdK8 - ok
    20:17:37.0528 2940 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    20:17:37.0531 2940 AmdPPM - ok
    20:17:37.0578 2940 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    20:17:37.0582 2940 amdsata - ok
    20:17:37.0606 2940 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    20:17:37.0612 2940 amdsbs - ok
    20:17:37.0633 2940 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
    20:17:37.0636 2940 amdxata - ok
    20:17:37.0661 2940 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
    20:17:37.0666 2940 AppID - ok
    20:17:37.0714 2940 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    20:17:37.0717 2940 AppIDSvc - ok
    20:17:37.0736 2940 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
    20:17:37.0739 2940 Appinfo - ok
    20:17:37.0813 2940 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    20:17:37.0817 2940 Apple Mobile Device - ok
    20:17:37.0840 2940 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
    20:17:37.0845 2940 AppMgmt - ok
    20:17:37.0890 2940 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    20:17:37.0894 2940 arc - ok
    20:17:37.0927 2940 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    20:17:37.0931 2940 arcsas - ok
    20:17:38.0125 2940 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    20:17:38.0128 2940 aspnet_state - ok
    20:17:38.0172 2940 [ DF59B8E8DF0BD2E0E303778A3806A17D ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
    20:17:38.0174 2940 aswFsBlk - ok
    20:17:38.0206 2940 [ F8E6AB4F876FEFF69250F2E0C29EF004 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
    20:17:38.0209 2940 aswMonFlt - ok
    20:17:38.0230 2940 [ AA92BC4BCBA40CA3AA3FFD1BE24F0C09 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
    20:17:38.0234 2940 aswRdr - ok
    20:17:38.0288 2940 [ F06E230E1E8CA9437A6474B7B551CD37 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
    20:17:38.0314 2940 aswSnx - ok
    20:17:38.0336 2940 [ 3610CA74A69E380424F0452DEC5C1317 ] aswSP C:\Windows\system32\drivers\aswSP.sys
    20:17:38.0346 2940 aswSP - ok
    20:17:38.0373 2940 [ 87DE3E31CB0091D22351349869324065 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
    20:17:38.0375 2940 aswTdi - ok
    20:17:38.0426 2940 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    20:17:38.0428 2940 AsyncMac - ok
    20:17:38.0448 2940 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
    20:17:38.0450 2940 atapi - ok
    20:17:38.0523 2940 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    20:17:38.0538 2940 AudioEndpointBuilder - ok
    20:17:38.0557 2940 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
    20:17:38.0564 2940 AudioSrv - ok
    20:17:38.0639 2940 [ 2F7C0F3E39C45E0127FB78B2F18A41F3 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    20:17:38.0642 2940 avast! Antivirus - ok
    20:17:38.0667 2940 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
    20:17:38.0671 2940 AxInstSV - ok
    20:17:38.0705 2940 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    20:17:38.0717 2940 b06bdrv - ok
    20:17:38.0742 2940 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    20:17:38.0749 2940 b57nd60a - ok
    20:17:38.0774 2940 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    20:17:38.0779 2940 BDESVC - ok
    20:17:38.0805 2940 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    20:17:38.0832 2940 Beep - ok
    20:17:38.0941 2940 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
    20:17:38.0972 2940 BFE - ok
    20:17:39.0043 2940 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
    20:17:39.0145 2940 BITS - ok
    20:17:39.0167 2940 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    20:17:39.0170 2940 blbdrive - ok
    20:17:39.0228 2940 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    20:17:39.0240 2940 Bonjour Service - ok
    20:17:39.0276 2940 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    20:17:39.0280 2940 bowser - ok
    20:17:39.0302 2940 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    20:17:39.0304 2940 BrFiltLo - ok
    20:17:39.0321 2940 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    20:17:39.0323 2940 BrFiltUp - ok
    20:17:39.0361 2940 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
    20:17:39.0365 2940 BridgeMP - ok
    20:17:39.0408 2940 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
    20:17:39.0413 2940 Browser - ok
    20:17:39.0440 2940 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    20:17:39.0448 2940 Brserid - ok
    20:17:39.0485 2940 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    20:17:39.0487 2940 BrSerWdm - ok
    20:17:39.0503 2940 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    20:17:39.0505 2940 BrUsbMdm - ok
    20:17:39.0527 2940 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    20:17:39.0530 2940 BrUsbSer - ok
    20:17:39.0586 2940 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    20:17:39.0589 2940 BTHMODEM - ok
    20:17:39.0614 2940 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    20:17:39.0618 2940 bthserv - ok
    20:17:39.0639 2940 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    20:17:39.0643 2940 cdfs - ok
    20:17:39.0657 2940 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    20:17:39.0662 2940 cdrom - ok
    20:17:39.0680 2940 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
    20:17:39.0683 2940 CertPropSvc - ok
    20:17:39.0706 2940 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    20:17:39.0708 2940 circlass - ok
    20:17:39.0766 2940 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    20:17:39.0776 2940 CLFS - ok
    20:17:39.0870 2940 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    20:17:39.0875 2940 clr_optimization_v2.0.50727_32 - ok
    20:17:39.0920 2940 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    20:17:39.0926 2940 clr_optimization_v2.0.50727_64 - ok
    20:17:40.0022 2940 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    20:17:40.0076 2940 clr_optimization_v4.0.30319_32 - ok
    20:17:40.0124 2940 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    20:17:40.0128 2940 clr_optimization_v4.0.30319_64 - ok
    20:17:40.0177 2940 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    20:17:40.0179 2940 CmBatt - ok
    20:17:40.0187 2940 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
    20:17:40.0191 2940 cmdide - ok
    20:17:40.0221 2940 [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG C:\Windows\system32\Drivers\cng.sys
    20:17:40.0232 2940 CNG - ok
    20:17:40.0255 2940 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    20:17:40.0258 2940 Compbatt - ok
    20:17:40.0278 2940 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
    20:17:40.0281 2940 CompositeBus - ok
    20:17:40.0290 2940 COMSysApp - ok
    20:17:40.0305 2940 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    20:17:40.0307 2940 crcdisk - ok
    20:17:40.0361 2940 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    20:17:40.0366 2940 CryptSvc - ok
    20:17:40.0393 2940 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
    20:17:40.0406 2940 CSC - ok
    20:17:40.0435 2940 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
    20:17:40.0461 2940 CscService - ok
    20:17:40.0524 2940 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
    20:17:40.0550 2940 DcomLaunch - ok
    20:17:40.0600 2940 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    20:17:40.0609 2940 defragsvc - ok
    20:17:40.0639 2940 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    20:17:40.0642 2940 DfsC - ok
    20:17:40.0665 2940 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
    20:17:40.0674 2940 Dhcp - ok
    20:17:40.0696 2940 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    20:17:40.0699 2940 discache - ok
    20:17:40.0719 2940 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    20:17:40.0722 2940 Disk - ok
    20:17:40.0769 2940 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
    20:17:40.0775 2940 Dnscache - ok
    20:17:40.0819 2940 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
    20:17:40.0826 2940 dot3svc - ok
    20:17:40.0850 2940 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
    20:17:40.0856 2940 DPS - ok
    20:17:40.0908 2940 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    20:17:40.0910 2940 drmkaud - ok
    20:17:40.0957 2940 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    20:17:40.0992 2940 DXGKrnl - ok
    20:17:41.0010 2940 EagleX64 - ok
    20:17:41.0041 2940 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    20:17:41.0046 2940 EapHost - ok
    20:17:41.0167 2940 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    20:17:41.0253 2940 ebdrv - ok
    20:17:41.0304 2940 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
    20:17:41.0308 2940 EFS - ok
    20:17:41.0404 2940 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    20:17:41.0432 2940 ehRecvr - ok
    20:17:41.0473 2940 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    20:17:41.0477 2940 ehSched - ok
    20:17:41.0542 2940 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    20:17:41.0560 2940 elxstor - ok
    20:17:41.0578 2940 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
    20:17:41.0580 2940 ErrDev - ok
    20:17:41.0670 2940 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    20:17:41.0688 2940 EventSystem - ok
    20:17:41.0715 2940 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    20:17:41.0741 2940 exfat - ok
    20:17:41.0774 2940 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    20:17:41.0780 2940 fastfat - ok
    20:17:41.0818 2940 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
    20:17:41.0854 2940 Fax - ok
    20:17:41.0884 2940 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    20:17:41.0887 2940 fdc - ok
    20:17:41.0901 2940 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    20:17:41.0904 2940 fdPHost - ok
    20:17:41.0929 2940 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    20:17:41.0933 2940 FDResPub - ok
    20:17:41.0962 2940 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    20:17:41.0966 2940 FileInfo - ok
    20:17:41.0992 2940 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    20:17:41.0994 2940 Filetrace - ok
    20:17:42.0030 2940 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    20:17:42.0032 2940 flpydisk - ok
    20:17:42.0053 2940 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    20:17:42.0060 2940 FltMgr - ok
    20:17:42.0122 2940 [ BC00505CFDA789ED3BE95D2FF38C4875 ] FontCache C:\Windows\system32\FntCache.dll
    20:17:42.0165 2940 FontCache - ok
    20:17:42.0235 2940 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    20:17:42.0239 2940 FontCache3.0.0.0 - ok
    20:17:42.0282 2940 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    20:17:42.0285 2940 FsDepends - ok
    20:17:42.0329 2940 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    20:17:42.0332 2940 Fs_Rec - ok
    20:17:42.0381 2940 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    20:17:42.0387 2940 fvevol - ok
    20:17:42.0436 2940 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    20:17:42.0439 2940 gagp30kx - ok
    20:17:42.0468 2940 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    20:17:42.0471 2940 GEARAspiWDM - ok
    20:17:42.0534 2940 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
    20:17:42.0552 2940 gpsvc - ok
    20:17:42.0646 2940 [ 721CE1551F8198714F3CABFE2147939B ] Gun C:\Game\SoftnyxGame\GunBoundIS\Gun64.sys
    20:17:42.0649 2940 Gun - ok
    20:17:42.0678 2940 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
    20:17:42.0681 2940 hamachi - ok
    20:17:42.0801 2940 [ F10C3F2E002100BF8B797DCF283FEA7D ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    20:17:42.0871 2940 Hamachi2Svc - ok
    20:17:42.0896 2940 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    20:17:42.0899 2940 hcw85cir - ok
    20:17:42.0958 2940 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    20:17:42.0968 2940 HdAudAddService - ok
    20:17:43.0033 2940 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    20:17:43.0038 2940 HDAudBus - ok
    20:17:43.0077 2940 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    20:17:43.0080 2940 HidBatt - ok
    20:17:43.0102 2940 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    20:17:43.0106 2940 HidBth - ok
    20:17:43.0147 2940 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    20:17:43.0150 2940 HidIr - ok
    20:17:43.0194 2940 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
    20:17:43.0199 2940 hidserv - ok
    20:17:43.0237 2940 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    20:17:43.0239 2940 HidUsb - ok
    20:17:43.0289 2940 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
    20:17:43.0293 2940 hkmsvc - ok
    20:17:43.0325 2940 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    20:17:43.0333 2940 HomeGroupListener - ok
    20:17:43.0373 2940 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    20:17:43.0380 2940 HomeGroupProvider - ok
    20:17:43.0413 2940 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
    20:17:43.0416 2940 HpSAMD - ok
    20:17:43.0458 2940 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    20:17:43.0481 2940 HTTP - ok
    20:17:43.0523 2940 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    20:17:43.0525 2940 hwpolicy - ok
    20:17:43.0546 2940 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    20:17:43.0550 2940 i8042prt - ok
    20:17:43.0579 2940 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    20:17:43.0589 2940 iaStorV - ok
    20:17:43.0663 2940 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    20:17:43.0682 2940 idsvc - ok
    20:17:43.0706 2940 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    20:17:43.0711 2940 iirsp - ok
    20:17:44.0008 2940 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
    20:17:44.0076 2940 IKEEXT - ok
    20:17:44.0108 2940 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
    20:17:44.0111 2940 intelide - ok
    20:17:44.0139 2940 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    20:17:44.0142 2940 intelppm - ok
    20:17:44.0167 2940 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    20:17:44.0172 2940 IPBusEnum - ok
    20:17:44.0192 2940 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    20:17:44.0196 2940 IpFilterDriver - ok
    20:17:44.0227 2940 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    20:17:44.0241 2940 iphlpsvc - ok
    20:17:44.0268 2940 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
    20:17:44.0271 2940 IPMIDRV - ok
    20:17:44.0291 2940 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    20:17:44.0295 2940 IPNAT - ok
    20:17:44.0362 2940 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    20:17:44.0396 2940 iPod Service - ok
    20:17:44.0443 2940 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    20:17:44.0445 2940 IRENUM - ok
    20:17:44.0473 2940 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
    20:17:44.0475 2940 isapnp - ok
    20:17:44.0525 2940 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    20:17:44.0532 2940 iScsiPrt - ok
    20:17:44.0547 2940 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    20:17:44.0549 2940 kbdclass - ok
    20:17:44.0568 2940 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    20:17:44.0570 2940 kbdhid - ok
    20:17:44.0593 2940 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
    20:17:44.0597 2940 KeyIso - ok
    20:17:44.0614 2940 [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    20:17:44.0618 2940 KSecDD - ok
    20:17:44.0652 2940 [ A8C63880EF6F4D3FEC7B616B9C060215 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    20:17:44.0657 2940 KSecPkg - ok
    20:17:44.0680 2940 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    20:17:44.0683 2940 ksthunk - ok
    20:17:44.0737 2940 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    20:17:44.0759 2940 KtmRm - ok
    20:17:44.0796 2940 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
    20:17:44.0807 2940 LanmanServer - ok
    20:17:44.0856 2940 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    20:17:44.0882 2940 LanmanWorkstation - ok
    20:17:44.0928 2940 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    20:17:44.0932 2940 lltdio - ok
    20:17:45.0024 2940 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    20:17:45.0042 2940 lltdsvc - ok
    20:17:45.0077 2940 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    20:17:45.0081 2940 lmhosts - ok
    20:17:45.0110 2940 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    20:17:45.0114 2940 LSI_FC - ok
    20:17:45.0159 2940 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    20:17:45.0163 2940 LSI_SAS - ok
    20:17:45.0196 2940 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    20:17:45.0199 2940 LSI_SAS2 - ok
    20:17:45.0239 2940 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    20:17:45.0244 2940 LSI_SCSI - ok
    20:17:45.0281 2940 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    20:17:45.0285 2940 luafv - ok
    20:17:45.0362 2940 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    20:17:45.0366 2940 MBAMProtector - ok
    20:17:45.0431 2940 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    20:17:45.0440 2940 MBAMScheduler - ok
    20:17:45.0522 2940 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    20:17:45.0573 2940 MBAMService - ok
    20:17:45.0614 2940 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    20:17:45.0620 2940 Mcx2Svc - ok
    20:17:45.0663 2940 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    20:17:45.0666 2940 megasas - ok
    20:17:45.0696 2940 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    20:17:45.0705 2940 MegaSR - ok
    20:17:45.0799 2940 Microsoft SharePoint Workspace Audit Service - ok
    20:17:45.0821 2940 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    20:17:45.0826 2940 MMCSS - ok
    20:17:45.0844 2940 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    20:17:45.0847 2940 Modem - ok
    20:17:45.0859 2940 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    20:17:45.0862 2940 monitor - ok
    20:17:45.0879 2940 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    20:17:45.0883 2940 mouclass - ok
    20:17:45.0899 2940 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    20:17:45.0902 2940 mouhid - ok
    20:17:45.0914 2940 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    20:17:45.0917 2940 mountmgr - ok
    20:17:45.0992 2940 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    20:17:45.0997 2940 MozillaMaintenance - ok
    20:17:46.0022 2940 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
    20:17:46.0027 2940 mpio - ok
    20:17:46.0048 2940 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    20:17:46.0052 2940 mpsdrv - ok
    20:17:46.0110 2940 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
    20:17:46.0138 2940 MpsSvc - ok
    20:17:46.0165 2940 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    20:17:46.0168 2940 MRxDAV - ok
    20:17:46.0200 2940 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    20:17:46.0205 2940 mrxsmb - ok
    20:17:46.0233 2940 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    20:17:46.0241 2940 mrxsmb10 - ok
    20:17:46.0259 2940 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    20:17:46.0263 2940 mrxsmb20 - ok
    20:17:46.0303 2940 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
    20:17:46.0306 2940 msahci - ok
    20:17:46.0323 2940 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
    20:17:46.0328 2940 msdsm - ok
    20:17:46.0356 2940 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    20:17:46.0364 2940 MSDTC - ok
    20:17:46.0397 2940 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    20:17:46.0399 2940 Msfs - ok
    20:17:46.0413 2940 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    20:17:46.0416 2940 mshidkmdf - ok
    20:17:46.0429 2940 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
    20:17:46.0432 2940 msisadrv - ok
    20:17:46.0479 2940 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    20:17:46.0486 2940 MSiSCSI - ok
    20:17:46.0494 2940 msiserver - ok
    20:17:46.0534 2940 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    20:17:46.0536 2940 MSKSSRV - ok
    20:17:46.0555 2940 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    20:17:46.0557 2940 MSPCLOCK - ok
    20:17:46.0569 2940 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    20:17:46.0571 2940 MSPQM - ok
    20:17:46.0597 2940 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    20:17:46.0607 2940 MsRPC - ok
    20:17:46.0628 2940 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    20:17:46.0631 2940 mssmbios - ok
    20:17:46.0651 2940 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    20:17:46.0653 2940 MSTEE - ok
    20:17:46.0669 2940 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    20:17:46.0671 2940 MTConfig - ok
    20:17:46.0690 2940 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    20:17:46.0693 2940 Mup - ok
    20:17:46.0764 2940 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
    20:17:46.0798 2940 napagent - ok
    20:17:46.0859 2940 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    20:17:46.0867 2940 NativeWifiP - ok
    20:17:46.0927 2940 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
    20:17:46.0978 2940 NDIS - ok
    20:17:47.0013 2940 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    20:17:47.0044 2940 NdisCap - ok
    20:17:47.0076 2940 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    20:17:47.0080 2940 NdisTapi - ok
    20:17:47.0100 2940 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    20:17:47.0103 2940 Ndisuio - ok
    20:17:47.0134 2940 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    20:17:47.0140 2940 NdisWan - ok
    20:17:47.0163 2940 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    20:17:47.0166 2940 NDProxy - ok
    20:17:47.0193 2940 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    20:17:47.0196 2940 NetBIOS - ok
    20:17:47.0231 2940 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    20:17:47.0238 2940 NetBT - ok
    20:17:47.0299 2940 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
    20:17:47.0303 2940 Netlogon - ok
    20:17:47.0350 2940 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    20:17:47.0362 2940 Netman - ok
    20:17:47.0429 2940 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    20:17:47.0434 2940 NetMsmqActivator - ok
    20:17:47.0442 2940 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator
  13. BlazinGhost

    BlazinGhost Newcomer, in training Topic Starter Posts: 72

    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    20:17:47.0445 2940 NetPipeActivator - ok
    20:17:47.0469 2940 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    20:17:47.0483 2940 netprofm - ok
    20:17:47.0500 2940 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    20:17:47.0503 2940 NetTcpActivator - ok
    20:17:47.0520 2940 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    20:17:47.0523 2940 NetTcpPortSharing - ok
    20:17:47.0569 2940 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    20:17:47.0572 2940 nfrd960 - ok
    20:17:47.0599 2940 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
    20:17:47.0610 2940 NlaSvc - ok
    20:17:47.0623 2940 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    20:17:47.0625 2940 Npfs - ok
    20:17:47.0643 2940 npggsvc - ok
    20:17:47.0655 2940 NPPTNT2 - ok
    20:17:47.0707 2940 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    20:17:47.0713 2940 nsi - ok
    20:17:47.0730 2940 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    20:17:47.0733 2940 nsiproxy - ok
    20:17:47.0826 2940 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    20:17:47.0870 2940 Ntfs - ok
    20:17:47.0909 2940 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    20:17:47.0911 2940 Null - ok
    20:17:47.0979 2940 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
    20:17:47.0989 2940 NVENETFD - ok
    20:17:48.0027 2940 [ 8D4AAC74B571FC356560E5B308955E93 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
    20:17:48.0033 2940 NVHDA - ok
    20:17:48.0382 2940 [ 0EB204639119370F5F8F2871FBF4E14B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    20:17:48.0720 2940 nvlddmkm - ok
    20:17:48.0771 2940 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    20:17:48.0776 2940 nvraid - ok
    20:17:48.0799 2940 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    20:17:48.0804 2940 nvstor - ok
    20:17:48.0871 2940 [ 32FF8EE6DCEE5C0CB91FF892FB1CA364 ] nvsvc C:\Windows\system32\nvvsvc.exe
    20:17:48.0906 2940 nvsvc - ok
    20:17:49.0028 2940 [ BD012DC22C78BE1071BC21EB125D782F ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    20:17:49.0098 2940 nvUpdatusService - ok
    20:17:49.0139 2940 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
    20:17:49.0170 2940 nv_agp - ok
    20:17:49.0215 2940 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
    20:17:49.0246 2940 ohci1394 - ok
    20:17:49.0339 2940 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    20:17:49.0344 2940 ose - ok
    20:17:49.0557 2940 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    20:17:49.0703 2940 osppsvc - ok
    20:17:49.0761 2940 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    20:17:49.0773 2940 p2pimsvc - ok
    20:17:49.0820 2940 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    20:17:49.0833 2940 p2psvc - ok
    20:17:49.0901 2940 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    20:17:49.0904 2940 Parport - ok
    20:17:49.0942 2940 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    20:17:49.0947 2940 partmgr - ok
    20:17:49.0963 2940 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    20:17:49.0971 2940 PcaSvc - ok
    20:17:50.0019 2940 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
    20:17:50.0025 2940 pci - ok
    20:17:50.0065 2940 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
    20:17:50.0068 2940 pciide - ok
    20:17:50.0115 2940 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    20:17:50.0174 2940 pcmcia - ok
    20:17:50.0196 2940 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    20:17:50.0200 2940 pcw - ok
    20:17:50.0260 2940 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    20:17:50.0312 2940 PEAUTH - ok
    20:17:50.0431 2940 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    20:17:50.0475 2940 PeerDistSvc - ok
    20:17:50.0571 2940 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    20:17:50.0577 2940 PerfHost - ok
    20:17:50.0647 2940 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
    20:17:50.0691 2940 pla - ok
    20:17:50.0735 2940 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    20:17:50.0749 2940 PlugPlay - ok
    20:17:50.0844 2940 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    20:17:50.0849 2940 PNRPAutoReg - ok
    20:17:50.0885 2940 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    20:17:50.0892 2940 PNRPsvc - ok
    20:17:50.0951 2940 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    20:17:50.0965 2940 PolicyAgent - ok
    20:17:51.0016 2940 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    20:17:51.0025 2940 Power - ok
    20:17:51.0093 2940 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    20:17:51.0107 2940 PptpMiniport - ok
    20:17:51.0147 2940 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    20:17:51.0166 2940 Processor - ok
    20:17:51.0264 2940 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
    20:17:51.0290 2940 ProfSvc - ok
    20:17:51.0321 2940 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
    20:17:51.0324 2940 ProtectedStorage - ok
    20:17:51.0352 2940 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    20:17:51.0364 2940 Psched - ok
    20:17:51.0596 2940 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    20:17:51.0682 2940 ql2300 - ok
    20:17:51.0710 2940 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    20:17:51.0728 2940 ql40xx - ok
    20:17:51.0848 2940 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    20:17:51.0872 2940 QWAVE - ok
    20:17:51.0899 2940 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    20:17:51.0902 2940 QWAVEdrv - ok
    20:17:51.0924 2940 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    20:17:51.0939 2940 RasAcd - ok
    20:17:51.0996 2940 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    20:17:52.0008 2940 RasAgileVpn - ok
    20:17:52.0064 2940 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    20:17:52.0075 2940 RasAuto - ok
    20:17:52.0148 2940 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    20:17:52.0158 2940 Rasl2tp - ok
    20:17:52.0226 2940 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
    20:17:52.0244 2940 RasMan - ok
    20:17:52.0271 2940 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    20:17:52.0276 2940 RasPppoe - ok
    20:17:52.0324 2940 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    20:17:52.0335 2940 RasSstp - ok
    20:17:52.0397 2940 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    20:17:52.0422 2940 rdbss - ok
    20:17:52.0486 2940 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    20:17:52.0506 2940 rdpbus - ok
    20:17:52.0530 2940 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    20:17:52.0540 2940 RDPCDD - ok
    20:17:52.0583 2940 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    20:17:52.0593 2940 RDPDR - ok
    20:17:52.0642 2940 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    20:17:52.0652 2940 RDPENCDD - ok
    20:17:52.0680 2940 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    20:17:52.0692 2940 RDPREFMP - ok
    20:17:52.0736 2940 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    20:17:52.0805 2940 RDPWD - ok
    20:17:52.0854 2940 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    20:17:52.0880 2940 rdyboost - ok
    20:17:52.0949 2940 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    20:17:52.0963 2940 RemoteAccess - ok
    20:17:53.0045 2940 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    20:17:53.0064 2940 RemoteRegistry - ok
    20:17:53.0122 2940 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    20:17:53.0131 2940 RpcEptMapper - ok
    20:17:53.0177 2940 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    20:17:53.0189 2940 RpcLocator - ok
    20:17:53.0288 2940 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
    20:17:53.0297 2940 RpcSs - ok
    20:17:53.0343 2940 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    20:17:53.0349 2940 rspndr - ok
    20:17:53.0404 2940 [ 3C85058541D55BFCEFD9177A68A507C6 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
    20:17:53.0438 2940 RTL8192su - ok
    20:17:53.0487 2940 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
    20:17:53.0489 2940 s3cap - ok
    20:17:53.0519 2940 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
    20:17:53.0522 2940 SamSs - ok
    20:17:53.0566 2940 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
    20:17:53.0572 2940 sbp2port - ok
    20:17:53.0625 2940 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    20:17:53.0635 2940 SCardSvr - ok
    20:17:53.0694 2940 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    20:17:53.0697 2940 scfilter - ok
    20:17:53.0800 2940 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
    20:17:53.0838 2940 Schedule - ok
    20:17:53.0892 2940 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
    20:17:53.0895 2940 SCPolicySvc - ok
    20:17:53.0925 2940 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    20:17:53.0935 2940 SDRSVC - ok
    20:17:53.0959 2940 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    20:17:53.0962 2940 secdrv - ok
    20:17:54.0010 2940 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
    20:17:54.0016 2940 seclogon - ok
    20:17:54.0038 2940 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    20:17:54.0044 2940 SENS - ok
    20:17:54.0074 2940 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    20:17:54.0081 2940 SensrSvc - ok
    20:17:54.0105 2940 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    20:17:54.0108 2940 Serenum - ok
    20:17:54.0128 2940 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    20:17:54.0133 2940 Serial - ok
    20:17:54.0158 2940 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    20:17:54.0161 2940 sermouse - ok
    20:17:54.0206 2940 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
    20:17:54.0213 2940 SessionEnv - ok
    20:17:54.0238 2940 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
    20:17:54.0241 2940 sffdisk - ok
    20:17:54.0291 2940 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
    20:17:54.0292 2940 sffp_mmc - ok
    20:17:54.0329 2940 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
    20:17:54.0337 2940 sffp_sd - ok
    20:17:54.0352 2940 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    20:17:54.0355 2940 sfloppy - ok
    20:17:54.0400 2940 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    20:17:54.0411 2940 SharedAccess - ok
    20:17:54.0475 2940 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    20:17:54.0488 2940 ShellHWDetection - ok
    20:17:54.0521 2940 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    20:17:54.0524 2940 SiSRaid2 - ok
    20:17:54.0553 2940 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    20:17:54.0557 2940 SiSRaid4 - ok
    20:17:54.0651 2940 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    20:17:54.0656 2940 SkypeUpdate - ok
    20:17:54.0680 2940 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    20:17:54.0685 2940 Smb - ok
    20:17:54.0765 2940 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    20:17:54.0771 2940 SNMPTRAP - ok
    20:17:54.0798 2940 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    20:17:54.0801 2940 spldr - ok
    20:17:54.0849 2940 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
    20:17:54.0883 2940 Spooler - ok
    20:17:55.0008 2940 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
    20:17:55.0107 2940 sppsvc - ok
    20:17:55.0161 2940 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    20:17:55.0167 2940 sppuinotify - ok
    20:17:55.0214 2940 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
    20:17:55.0226 2940 srv - ok
    20:17:55.0258 2940 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    20:17:55.0268 2940 srv2 - ok
    20:17:55.0309 2940 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    20:17:55.0315 2940 srvnet - ok
    20:17:55.0375 2940 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    20:17:55.0383 2940 SSDPSRV - ok
    20:17:55.0404 2940 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    20:17:55.0411 2940 SstpSvc - ok
    20:17:55.0439 2940 Steam Client Service - ok
    20:17:55.0484 2940 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    20:17:55.0487 2940 stexstor - ok
    20:17:55.0543 2940 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
    20:17:55.0570 2940 stisvc - ok
    20:17:55.0591 2940 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
    20:17:55.0594 2940 storflt - ok
    20:17:55.0631 2940 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
    20:17:55.0635 2940 storvsc - ok
    20:17:55.0663 2940 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    20:17:55.0666 2940 swenum - ok
    20:17:55.0722 2940 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    20:17:55.0739 2940 swprv - ok
    20:17:55.0806 2940 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
    20:17:55.0860 2940 SysMain - ok
    20:17:55.0891 2940 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
    20:17:55.0900 2940 TabletInputService - ok
    20:17:55.0927 2940 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
    20:17:55.0940 2940 TapiSrv - ok
    20:17:55.0973 2940 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    20:17:55.0981 2940 TBS - ok
    20:17:56.0061 2940 [ B9D87C7707F058AC652A398CD28DE14B ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    20:17:56.0116 2940 Tcpip - ok
    20:17:56.0187 2940 [ B9D87C7707F058AC652A398CD28DE14B ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    20:17:56.0204 2940 TCPIP6 - ok
    20:17:56.0259 2940 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    20:17:56.0262 2940 tcpipreg - ok
    20:17:56.0288 2940 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    20:17:56.0290 2940 TDPIPE - ok
    20:17:56.0306 2940 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    20:17:56.0308 2940 TDTCP - ok
    20:17:56.0335 2940 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    20:17:56.0340 2940 tdx - ok
    20:17:56.0463 2940 [ 8A9828975A857E477EFEF5A61BA45AC0 ] TeamViewer6 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    20:17:56.0527 2940 TeamViewer6 - ok
    20:17:56.0548 2940 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    20:17:56.0552 2940 TermDD - ok
    20:17:56.0622 2940 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
    20:17:56.0648 2940 TermService - ok
    20:17:56.0675 2940 [ 45B3E14C535C9CC862A969511464B352 ] Themes C:\Windows\system32\themeservice.dll
    20:17:56.0682 2940 Themes - ok
    20:17:56.0695 2940 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    20:17:56.0699 2940 THREADORDER - ok
    20:17:56.0734 2940 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    20:17:56.0742 2940 TrkWks - ok
    20:17:56.0825 2940 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    20:17:56.0831 2940 TrustedInstaller - ok
    20:17:56.0890 2940 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    20:17:56.0893 2940 tssecsrv - ok
    20:17:56.0931 2940 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    20:17:56.0935 2940 tunnel - ok
    20:17:56.0973 2940 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    20:17:56.0976 2940 uagp35 - ok
    20:17:57.0003 2940 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    20:17:57.0013 2940 udfs - ok
    20:17:57.0074 2940 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    20:17:57.0081 2940 UI0Detect - ok
    20:17:57.0104 2940 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
    20:17:57.0108 2940 uliagpkx - ok
    20:17:57.0135 2940 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    20:17:57.0137 2940 umbus - ok
    20:17:57.0162 2940 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    20:17:57.0165 2940 UmPass - ok
    20:17:57.0195 2940 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
    20:17:57.0206 2940 UmRdpService - ok
    20:17:57.0267 2940 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    20:17:57.0281 2940 upnphost - ok
    20:17:57.0310 2940 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    20:17:57.0314 2940 USBAAPL64 - ok
    20:17:57.0346 2940 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    20:17:57.0350 2940 usbaudio - ok
    20:17:57.0407 2940 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    20:17:57.0412 2940 usbccgp - ok
    20:17:57.0456 2940 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
    20:17:57.0459 2940 usbcir - ok
    20:17:57.0503 2940 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    20:17:57.0507 2940 usbehci - ok

    20:17:57.0534 2940 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    20:17:57.0542 2940 usbhub - ok
    20:17:57.0559 2940 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    20:17:57.0561 2940 usbohci - ok
    20:17:57.0581 2940 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    20:17:57.0583 2940 usbprint - ok
    20:17:57.0622 2940 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    20:17:57.0625 2940 USBSTOR - ok
    20:17:57.0650 2940 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    20:17:57.0653 2940 usbuhci - ok
    20:17:57.0698 2940 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    20:17:57.0705 2940 UxSms - ok
    20:17:57.0723 2940 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
    20:17:57.0727 2940 VaultSvc - ok
    20:17:57.0737 2940 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
    20:17:57.0740 2940 vdrvroot - ok
    20:17:57.0775 2940 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
    20:17:57.0791 2940 vds - ok
    20:17:57.0806 2940 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    20:17:57.0810 2940 vga - ok
    20:17:57.0849 2940 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    20:17:57.0852 2940 VgaSave - ok
    20:17:57.0895 2940 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
    20:17:57.0901 2940 vhdmp - ok
    20:17:57.0924 2940 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
    20:17:57.0927 2940 viaide - ok
    20:17:57.0952 2940 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
    20:17:57.0958 2940 vmbus - ok
    20:17:57.0974 2940 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
    20:17:57.0977 2940 VMBusHID - ok
    20:17:58.0026 2940 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
    20:17:58.0029 2940 volmgr - ok
    20:17:58.0056 2940 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    20:17:58.0066 2940 volmgrx - ok
    20:17:58.0095 2940 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
    20:17:58.0103 2940 volsnap - ok
    20:17:58.0130 2940 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    20:17:58.0135 2940 vsmraid - ok
    20:17:58.0216 2940 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
    20:17:58.0268 2940 VSS - ok
    20:17:58.0338 2940 [ 93132C69394A99D992095D8CFE464801 ] VST64HWBS2 C:\Windows\system32\DRIVERS\VSTBS26.SYS
    20:17:58.0349 2940 VST64HWBS2 - ok
    20:17:58.0399 2940 [ 02071D207A9858FBE3A48CBFD59C4A04 ] VST64_DPV C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    20:17:58.0444 2940 VST64_DPV - ok
    20:17:58.0467 2940 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    20:17:58.0470 2940 vwifibus - ok
    20:17:58.0494 2940 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    20:17:58.0497 2940 vwififlt - ok
    20:17:58.0535 2940 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    20:17:58.0547 2940 W32Time - ok
    20:17:58.0581 2940 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    20:17:58.0583 2940 WacomPen - ok
    20:17:58.0601 2940 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    20:17:58.0606 2940 WANARP - ok
    20:17:58.0616 2940 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    20:17:58.0618 2940 Wanarpv6 - ok
    20:17:58.0687 2940 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    20:17:58.0725 2940 WatAdminSvc - ok
    20:17:58.0792 2940 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
    20:17:58.0845 2940 wbengine - ok
    20:17:58.0886 2940 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    20:17:58.0896 2940 WbioSrvc - ok
    20:17:58.0954 2940 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
    20:17:58.0967 2940 wcncsvc - ok
    20:17:58.0997 2940 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    20:17:59.0003 2940 WcsPlugInService - ok
    20:17:59.0047 2940 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    20:17:59.0050 2940 Wd - ok
    20:17:59.0085 2940 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    20:17:59.0103 2940 Wdf01000 - ok
    20:17:59.0124 2940 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    20:17:59.0131 2940 WdiServiceHost - ok
    20:17:59.0146 2940 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    20:17:59.0152 2940 WdiSystemHost - ok
    20:17:59.0207 2940 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
    20:17:59.0218 2940 WebClient - ok
    20:17:59.0244 2940 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    20:17:59.0254 2940 Wecsvc - ok
    20:17:59.0279 2940 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    20:17:59.0287 2940 wercplsupport - ok
    20:17:59.0301 2940 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    20:17:59.0308 2940 WerSvc - ok
    20:17:59.0329 2940 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    20:17:59.0332 2940 WfpLwf - ok
    20:17:59.0354 2940 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    20:17:59.0381 2940 WIMMount - ok
    20:17:59.0438 2940 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    20:17:59.0481 2940 winachsf - ok
    20:17:59.0513 2940 WinDefend - ok
    20:17:59.0538 2940 WinHttpAutoProxySvc - ok
    20:17:59.0622 2940 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    20:17:59.0631 2940 Winmgmt - ok
    20:17:59.0727 2940 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
    20:17:59.0796 2940 WinRM - ok
    20:17:59.0857 2940 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    20:17:59.0860 2940 WinUsb - ok
    20:17:59.0908 2940 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    20:17:59.0967 2940 Wlansvc - ok
    20:18:00.0026 2940 [ C71EE856C4F5B52E2D094F494CEE4936 ] WlanWpsSvc C:\Program Files (x86)\FRYS\FR-300USB revA\WlanWpsSvc.exe
    20:18:00.0031 2940 WlanWpsSvc - ok
    20:18:00.0171 2940 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    20:18:00.0250 2940 wlidsvc - ok
    20:18:00.0296 2940 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
    20:18:00.0299 2940 WmiAcpi - ok
    20:18:00.0355 2940 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    20:18:00.0361 2940 wmiApSrv - ok
    20:18:00.0403 2940 WMPNetworkSvc - ok
    20:18:00.0443 2940 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    20:18:00.0450 2940 WPCSvc - ok
    20:18:00.0479 2940 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    20:18:00.0487 2940 WPDBusEnum - ok
    20:18:00.0513 2940 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    20:18:00.0516 2940 ws2ifsl - ok
    20:18:00.0558 2940 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll
    20:18:00.0566 2940 wscsvc - ok
    20:18:00.0576 2940 WSearch - ok
    20:18:00.0677 2940 [ 38340204A2D0228F1E87740FC5E554A7 ] wuauserv C:\Windows\system32\wuaueng.dll
    20:18:00.0809 2940 wuauserv - ok
    20:18:00.0866 2940 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    20:18:00.0871 2940 WudfPf - ok
    20:18:00.0912 2940 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    20:18:00.0917 2940 WUDFRd - ok
    20:18:00.0943 2940 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    20:18:00.0951 2940 wudfsvc - ok
    20:18:00.0985 2940 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    20:18:00.0997 2940 WwanSvc - ok
    20:18:01.0023 2940 ================ Scan global ===============================
    20:18:01.0080 2940 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    20:18:01.0114 2940 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
    20:18:01.0139 2940 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
    20:18:01.0198 2940 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    20:18:01.0226 2940 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    20:18:01.0238 2940 [Global] - ok
    20:18:01.0238 2940 ================ Scan MBR ==================================
    20:18:01.0252 2940 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    20:18:01.0721 2940 \Device\Harddisk0\DR0 - ok
    20:18:01.0728 2940 ================ Scan VBR ==================================
    20:18:01.0732 2940 [ 0049256376BC397159D8F434C7B8367B ] \Device\Harddisk0\DR0\Partition1
    20:18:01.0734 2940 \Device\Harddisk0\DR0\Partition1 - ok
    20:18:01.0741 2940 [ 4509FCB51B11F6D916EE8B18A4DD8C78 ] \Device\Harddisk0\DR0\Partition2
    20:18:01.0742 2940 \Device\Harddisk0\DR0\Partition2 - ok
    20:18:01.0751 2940 ============================================================
    20:18:01.0752 2940 Scan finished
    20:18:01.0752 2940 ============================================================
    20:18:01.0774 1296 Detected object count: 0
    20:18:01.0774 1296 Actual detected object count: 0
     
  14. BlazinGhost

    BlazinGhost Newcomer, in training Topic Starter Posts: 72

    Rogue Killer Log,
    RogueKiller V8.1.1 [10/01/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7600 ) 64 bits version
    Started in : Normal mode
    User : KENT NGUYEN [Admin rights]
    Mode : Scan -- Date : 10/20/2012 20:19:49
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 5 ¤¤¤
    [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
    [HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts
    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: ST3250824A ATA Device +++++
    --- User ---
    [MBR] 59185432201731811da4948aa9c718ac
    [BSP] b52da85d5cfa29e18f18656d438ee0ab : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 11261565 | Size: 232966 Mo
    1 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 5498 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[1].txt >>
    RKreport[1].txt
    RogueKiller V8.1.1 [10/01/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7600 ) 64 bits version
    Started in : Normal mode
    User : KENT NGUYEN [Admin rights]
    Mode : Remove -- Date : 10/20/2012 20:20:03
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 5 ¤¤¤
    [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts
    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: ST3250824A ATA Device +++++
    --- User ---
    [MBR] 59185432201731811da4948aa9c718ac
    [BSP] b52da85d5cfa29e18f18656d438ee0ab : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 11261565 | Size: 232966 Mo
    1 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 5498 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
    ASWMBR:
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-20 20:20:52
    -----------------------------
    20:20:52.254 OS Version: Windows x64 6.1.7600
    20:20:52.255 Number of processors: 2 586 0x4B02
    20:20:52.256 ComputerName: KENTNGUYEN-PC UserName: KENT NGUYEN
    20:20:53.891 Initialize success
    20:20:55.177 AVAST engine defs: 12102001
    20:21:00.030 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    20:21:00.033 Disk 0 Vendor: ST3250824A 3.AAE Size: 238475MB BusType: 3
    20:21:00.060 Disk 0 MBR read successfully
    20:21:00.064 Disk 0 MBR scan
    20:21:00.068 Disk 0 Windows 7 default MBR code
    20:21:00.084 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 232966 MB offset 11261565
    20:21:00.089 Disk 0 Partition 2 00 0B FAT32 RECOVERY 5498 MB offset 63
    20:21:00.112 Disk 0 scanning C:\Windows\system32\drivers
    20:21:14.303 Service scanning
    20:21:42.855 Modules scanning
    20:21:42.917 Disk 0 trace - called modules:
    20:21:42.963 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
    20:21:42.970 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003231060]
    20:21:43.358 3 CLASSPNP.SYS[fffff8800199743f] -> nt!IofCallDriver -> [0xfffffa8002e8c520]
    20:21:43.371 5 ACPI.sys[fffff88000eca781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002e92060]
    20:21:44.363 AVAST engine scan C:\Windows
    20:21:46.844 AVAST engine scan C:\Windows\system32
    20:25:15.342 AVAST engine scan C:\Windows\system32\drivers
    20:25:26.257 AVAST engine scan C:\Users\KENT NGUYEN
    20:31:36.250 AVAST engine scan C:\ProgramData
    20:33:08.170 Scan finished successfully
    20:36:58.849 Disk 0 MBR has been saved successfully to "C:\Users\KENT NGUYEN\Desktop\MBR.dat"
    20:36:58.857 The log file has been saved successfully to "C:\User
  15. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    It looks like a part of your video driver but we'll take a closer look.

    ===========================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  16. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.