1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help operating memory Win32/Olmarik

Discussion in 'Virus & Other Malware Removal' started by Honeybeelzebub, Dec 29, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Honeybeelzebub

    Honeybeelzebub Thread Starter

    Joined:
    Dec 29, 2012
    Messages:
    26
    Please help me get this trojan out of my system. Eset brought it to my attention, though it has failed to get rid of it. I am not quite computer illiterate, but pretty close. So break it down for me please. If you see anything else wonky let me know. Thank you so much! - Melissa

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz, Intel64 Family 6 Model 42 Stepping 7
    Processor Count: 4
    RAM: 4030 Mb
    Graphics Card: Intel(R) HD Graphics Family, 1791 Mb
    Hard Drives: C: Total - 282515 MB, Free - 200894 MB; E: Total - 17304 MB, Free - 2620 MB;
    Motherboard: Hewlett-Packard, 167C
    Antivirus: ESET Smart Security 5.2, Updated and Enabled

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:03:26 PM, on 12/29/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal
    Running processes:
    c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
    C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
    C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Users\Melissa\Desktop\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/1
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
    O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    O4 - HKLM\..\Run: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
    O4 - HKLM\..\Run: [HPQuickWebProxy] "c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
    O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
    O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: http://www.samsungsetup.com
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    O16 - DPF: {10000000-1000-1000-1000-100000000000} - http://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
    O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Company - c:\Windows\SysWOW64\flcdlock.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
    O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
    O23 - Service: HP Auto (HPAuto) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
    O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
    O23 - Service: HP DayStarter Service (HPDayStarterService) - Hewlett-Packard Company - c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
    O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
    O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: McAfee Endpoint Encryption Agent - Unknown owner - C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
    O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: XobniService - Xobni Corporation - C:\Program Files (x86)\Xobni\XobniService.exe
    --
    End of file - 13518 bytes

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457
    Run by Melissa at 22:04:48 on 2012-12-29
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4030.1232 [GMT -6:00]
    .
    AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\windows\system32\svchost.exe -k GPSvcGroup
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\vcsFPService.exe
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
    C:\windows\system32\svchost.exe -k bthsvcs
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    \\.\globalroot\systemroot\svchost.exe -netsvcs
    C:\windows\system32\taskhost.exe
    c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\igfxtray.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\windows\sysWOW64\wbem\wmiprvse.exe
    C:\windows\system32\SearchIndexer.exe
    c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
    C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
    C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe
    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://search.myheritage.com
    dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    mWinlogon: Userinit = userinit.exe
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: File Sanitizer for HP ProtectTools: {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
    BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    mRun: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
    mRun: [HPQuickWebProxy] "c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
    mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
    mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    DPF: {10000000-1000-1000-1000-100000000000} - hxxp://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{28A4898B-1959-43E3-A0FA-D09D63A3BE5D} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{28A4898B-1959-43E3-A0FA-D09D63A3BE5D}\34C6572686F6573756 : DHCPNameServer = 208.180.42.68 208.180.42.100
    TCP: Interfaces\{28A4898B-1959-43E3-A0FA-D09D63A3BE5D}\84F64735475766668456275623D2437484A7F52374548545 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{28A4898B-1959-43E3-A0FA-D09D63A3BE5D}\84F647354757666684562756537484A7F52374548545 : DHCPNameServer = 192.168.1.1
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Notify: DeviceNP - DeviceNP.dll
    SSODL: WebCheck - <orphaned>
    LSA: Notification Packages = EpePcNp64 DPPassFilter scecli
    x64-mWinlogon: Userinit = C:\windows\System32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 epfwwfp;epfwwfp;C:\windows\System32\drivers\epfwwfp.sys [2012-3-14 62496]
    R0 MfeEpePc;MfeEpePc;C:\windows\System32\drivers\MfeEpePc.sys [2011-2-9 168008]
    R1 eamonm;eamonm;C:\windows\System32\drivers\eamonm.sys [2012-3-14 209768]
    R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\windows\System32\drivers\EpfwLWF.sys [2012-3-14 38288]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-3-7 913144]
    R2 HP Power Assistant Service;HP Power Assistant Service;C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-1-26 131128]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-6-5 197536]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-29 13336]
    R2 vcsFPService;Validity VCS Fingerprint Service;C:\windows\System32\vcsFPService.exe [2011-1-21 3154224]
    R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\windows\System32\drivers\btath_flt.sys [2011-1-6 36000]
    R3 BTATH_BUS;Atheros Bluetooth Bus;C:\windows\System32\drivers\btath_bus.sys [2011-1-6 28832]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\drivers\btath_hcrp.sys [2011-1-6 201376]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\drivers\btath_lwflt.sys [2011-1-6 55456]
    R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\drivers\btath_rcp.sys [2011-1-6 154272]
    R3 BtFilter;BtFilter;C:\windows\System32\drivers\btfilter.sys [2011-1-6 279200]
    R3 HP ProtectTools Service;HP ProtectTools Service;C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2011-1-12 36864]
    R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-5-23 1098296]
    R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-12-30 317440]
    R3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2011-1-31 174168]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2012-2-27 91648]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2012-2-27 208896]
    R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-10-31 565352]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-8-23 89600]
    S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;C:\windows\System32\drivers\ArcSoftVCapture.sys [2011-5-29 32192]
    S3 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-1-6 138400]
    S3 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-1-6 53920]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\drivers\btath_a2dp.sys [2011-1-6 298144]
    S3 DAMDrv;DAMDrv;C:\windows\System32\drivers\DAMDrv64.sys [2011-2-7 63336]
    S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\SysWOW64\flcdlock.exe [2011-2-3 464480]
    S3 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-8-5 681528]
    S3 HPDayStarterService;HP DayStarter Service;C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-1-28 133688]
    S3 HPFSService;File Sanitizer for HP ProtectTools;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-2-7 320000]
    S3 hpHotkeyMonitor;hpHotkeyMonitor;C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2011-7-6 1698360]
    S3 hpsrv;HP Service;C:\windows\System32\hpservice.exe [2011-5-13 30520]
    S3 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
    S3 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2011-2-9 1318912]
    S3 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-5-4 113264]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-11-29 19456]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-11-29 57856]
    S3 uArcCapture;ArcCapture;C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe [2011-5-29 502464]
    S3 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-5-29 2656280]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-8-1 1255736]
    S3 XobniService;XobniService;C:\Program Files (x86)\Xobni\XobniService.exe [2011-3-7 62184]
    S4 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-5-4 1127448]
    .
    =============== File Associations ===============
    .
    ShellExec: DigitalTheatre.exe: open="c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTStart.exe" "%1"
    .
    =============== Created Last 30 ================
    .
    2012-12-22 02:36:24 -------- d-----w- C:\windows\pss
    2012-12-21 09:02:41 46080 ----a-w- C:\windows\System32\atmlib.dll
    2012-12-21 09:02:41 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
    2012-12-21 09:02:36 367616 ----a-w- C:\windows\System32\atmfd.dll
    2012-12-21 09:02:01 295424 ----a-w- C:\windows\SysWow64\atmfd.dll
    2012-12-12 00:14:03 2048 ----a-w- C:\windows\SysWow64\tzres.dll
    2012-12-12 00:14:03 2048 ----a-w- C:\windows\System32\tzres.dll
    2012-12-12 00:12:50 478208 ----a-w- C:\windows\System32\dpnet.dll
    2012-12-12 00:12:49 376832 ----a-w- C:\windows\SysWow64\dpnet.dll
    .
    ==================== Find3M ====================
    .
    2012-11-22 03:26:40 3149824 ----a-w- C:\windows\System32\win32k.sys
    2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2012-11-05 01:30:47 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-11-05 01:30:47 696760 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-16 08:38:37 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38:34 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39:52 561664 ----a-w- C:\windows\apppatch\AcLayers.dll
    2012-10-09 18:17:13 55296 ----a-w- C:\windows\System32\dhcpcsvc6.dll
    2012-10-09 18:17:13 226816 ----a-w- C:\windows\System32\dhcpcore6.dll
    2012-10-09 17:40:31 44032 ----a-w- C:\windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40:31 193536 ----a-w- C:\windows\SysWow64\dhcpcore6.dll
    2012-10-04 17:46:16 362496 ----a-w- C:\windows\System32\wow64win.dll
    2012-10-04 17:46:15 243200 ----a-w- C:\windows\System32\wow64.dll
    2012-10-04 17:46:15 13312 ----a-w- C:\windows\System32\wow64cpu.dll
    2012-10-04 17:45:55 215040 ----a-w- C:\windows\System32\winsrv.dll
    2012-10-04 17:43:28 16384 ----a-w- C:\windows\System32\ntvdm64.dll
    2012-10-04 17:41:16 424960 ----a-w- C:\windows\System32\KernelBase.dll
    2012-10-04 16:47:41 5120 ----a-w- C:\windows\SysWow64\wow32.dll
    2012-10-04 16:47:41 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
    2012-10-04 15:21:55 338432 ----a-w- C:\windows\System32\conhost.exe
    2012-10-04 14:46:46 7680 ----a-w- C:\windows\SysWow64\instnm.exe
    2012-10-04 14:46:46 25600 ----a-w- C:\windows\SysWow64\setup16.exe
    2012-10-04 14:46:44 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
    2012-10-04 14:46:43 2048 ----a-w- C:\windows\SysWow64\user.exe
    2012-10-04 14:41:50 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-10-04 14:41:50 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-04 14:41:50 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-04 14:41:50 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-10-03 17:56:54 1914248 ----a-w- C:\windows\System32\drivers\tcpip.sys
    2012-10-03 17:44:21 70656 ----a-w- C:\windows\System32\nlaapi.dll
    2012-10-03 17:44:21 303104 ----a-w- C:\windows\System32\nlasvc.dll
    2012-10-03 17:44:17 246272 ----a-w- C:\windows\System32\netcorehc.dll
    2012-10-03 17:44:17 18944 ----a-w- C:\windows\System32\netevent.dll
    2012-10-03 17:44:16 216576 ----a-w- C:\windows\System32\ncsi.dll
    2012-10-03 17:42:16 569344 ----a-w- C:\windows\System32\iphlpsvc.dll
    2012-10-03 16:42:24 18944 ----a-w- C:\windows\SysWow64\netevent.dll
    2012-10-03 16:42:24 175104 ----a-w- C:\windows\SysWow64\netcorehc.dll
    2012-10-03 16:42:23 156672 ----a-w- C:\windows\SysWow64\ncsi.dll
    2012-10-03 16:07:26 45568 ----a-w- C:\windows\System32\drivers\tcpipreg.sys
    .
    ============= FINISH: 22:31:22.09 ===============

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/1/2011 4:00:42 PM
    System Uptime: 12/29/2012 9:30:11 PM (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 167C
    Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz | CPU 1 | 2100/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 276 GiB total, 196.188 GiB free.
    E: is FIXED (NTFS) - 17 GiB total, 2.559 GiB free.
    G: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: ArcSoft Webcam Sharing Manager
    Device ID: ROOT\IMAGE\0000
    Manufacturer: ArcSoft
    Name: ArcSoft Webcam Sharing Manager
    PNP Device ID: ROOT\IMAGE\0000
    Service: ARCVCAM
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: HP HD Webcam [Fixed]
    Device ID: USB\VID_0461&PID_4DC7&MI_00\7&2BA4F15A&0&0000
    Manufacturer: Sonix
    Name: HP HD Webcam [Fixed]
    PNP Device ID: USB\VID_0461&PID_4DC7&MI_00\7&2BA4F15A&0&0000
    Service: SNP2UVC
    .
    Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Description: Bluetooth Audio Device
    Device ID: BTHENUM\{61118058-486C-4BB0-B4B8-ACE4DCADEC44}_LOCALMFG&0000\8&255154EC&0&000000000000_00000000
    Manufacturer: Atheros Communications
    Name: Bluetooth Audio Device
    PNP Device ID: BTHENUM\{61118058-486C-4BB0-B4B8-ACE4DCADEC44}_LOCALMFG&0000\8&255154EC&0&000000000000_00000000
    Service: BTATH_A2DP
    .
    ==== System Restore Points ===================
    .
    RP127: 12/21/2012 3:00:23 AM - Windows Update
    RP128: 12/21/2012 8:45:00 PM - Removed SMART Notebook Express.
    RP129: 12/29/2012 3:14:18 AM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Shockwave Player 11.6
    Agatha Christie - Peril at End House
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Archimedes (for Windows PCs) by Skyscape
    ArcSoft TotalMedia
    ArcSoft Webcam Sharing Manager
    Atheros Driver Installation Program
    Bejeweled 2 Deluxe
    Blasterball 3
    Bluetooth Win7 Suite (64)
    Bonjour
    Bounce Symphony
    Build-a-Lot - The Elizabethan Era
    Cake Mania
    Chuzzle Deluxe
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    CME STAT (for Windows PCs) by Skyscape
    CNSkills (for Windows PCs) by Skyscape
    D3DX10
    Device Access Manager for HP ProtectTools
    Diner Dash 2 Restaurant Rescue
    Drive Encryption For HP ProtectTools
    DrugGuide (for Windows PCs) by Skyscape
    Energy Star Digital Logo
    ESET Online Scanner v3
    ESET Smart Security
    Evernote v. 4.2.2
    Face Recognition for HP ProtectTools
    Farm Frenzy
    FATE
    File Sanitizer For HP ProtectTools
    Galeria fotogràfica del Windows Live
    Galerie de photos Windows Live
    Galería fotográfica de Windows Live
    Glary Utilities 2.35.0.1216
    Google Toolbar for Internet Explorer
    Google Update Helper
    HP 3D DriveGuard
    HP Auto
    HP Connection Manager
    HP Customer Experience Enhancements
    HP DayStarter
    HP Documentation
    HP ESU for Microsoft Windows 7
    HP Game Console
    HP Games
    HP HotKey Support
    HP Power Assistant
    HP Product Detection
    HP ProtectTools Security Manager
    HP QuickWeb
    HP Setup
    HP SoftPaq Download Manager
    HP Software Framework
    HP Software Setup
    HP System Default Settings
    HP Wallpaper
    HP Webcam Driver
    HPAsset component for HP Active Support Library
    iCloud
    IDT Audio
    Info Center 1.0.0.5
    Insaniquarium Deluxe
    Intel(R) Identity Protection Technology 1.0.71.0
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    iTunes
    IVMed11 (for Windows PCs) by Skyscape
    Java Auto Updater
    Java(TM) 6 Update 29
    Java(TM) 6 Update 3
    Jewel Quest II
    Jewel Quest Solitaire
    JMicron Flash Media Controller Driver
    John Deere Drive Green
    LaserJet 1020 series
    Maintenance Samsung CLP-320 Series
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft_VC90_CRT_x86
    MSVCRT
    MSXML 4.0 SP2 (KB973688)
    My Web Search (Zwinky)
    PDF Complete Special Edition
    Penguins!
    Plants vs. Zombies
    Polar Bowler
    Privacy Manager for HP ProtectTools
    QuickTime
    Realtek Ethernet Controller All-In-One Windows Driver
    Renesas Electronics USB 3.0 Host Controller Driver
    Rhapsody
    RnDiag9 (for Windows PCs) by Skyscape
    RnDisease4 (for Windows PCs) by Skyscape
    RnDxTests4 (for Windows PCs) by Skyscape
    SDK
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Slingo Deluxe
    SmartDraw VP
    smARTupdate
    swMSM
    Synaptics Pointing Device Driver
    Tabers21 (for Windows PCs) by Skyscape
    Theft Recovery for HP ProtectTools
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Validity Fingerprint Sensor Driver
    VCE 3.0 - Medical Surgical Patient Set
    VIP Access SDK x64(1.0.0.50)
    Virtual Villagers - The Secret City
    Visual Studio 2008 x64 Redistributables
    VLC media player 2.0.2
    Wedding Dash
    Windows Driver Package - Atheros Communications Inc. (athr) Net (11/09/2011 9.2.0.467)
    Windows Driver Package - Intel(R) Corporation (IntcDAud) MEDIA (08/23/2011 6.14.00.3086)
    Windows Driver Package - Realtek (RTL8167) Net (03/21/2011 7.043.0321.2011)
    Windows Driver Package - Realtek (RTL8167) Net (08/23/2011 7.048.0823.2011)
    Windows Live
    Windows Live Argazki Galeria
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Galeria de Fotos
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    WinZip 14.5
    Xobni
    Xobni Core
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/29/2012 9:30:38 PM, Error: Service Control Manager [7000] - The SSPORT service failed to start due to the following error: The system cannot find the file specified.
    12/29/2012 9:30:37 PM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
    12/29/2012 9:30:37 PM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified.
    12/29/2012 7:53:17 PM, Error: Schannel [36870] - A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.
    12/26/2012 10:06:51 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Melissa-HP\Melissa SID (S-1-5-21-3225065892-2875577131-3997705866-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    12/26/2012 10:06:51 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Melissa-HP\Melissa SID (S-1-5-21-3225065892-2875577131-3997705866-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    .

    THANKS AGAIN
     
  2. OCD

    OCD Malware Specialist

    Joined:
    Sep 11, 2012
    Messages:
    273
    Hello Honeybeelzebub,

    My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

    Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advice, this will be a team effort. This may cause a delay, but I will do my best to keep it as short as possible. Please bear with me, I will post back to you as soon as I can.

    • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for the issues on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.

    IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

    Important Note for Vista and Windows 7 users:

    These tools MUST be run from the executable.(.exe) every time you run them with Admin Rights (Right click, choose "Run as Administrator")

    Please stay with this topic until I let you know that your system appears to be "All Clear"
     
  3. OCD

    OCD Malware Specialist

    Joined:
    Sep 11, 2012
    Messages:
    273
    Hi Honeybeelzebub,

    If you have any questions about the steps during the process, please stop and ask for clarification before proceeding.

    The title of your thread, "Help operating memory Win32/Olmarik". Can you explain how you came up with that infection name?

    = = = = = = = = = = = = = = = = = = = =

    Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:


    • [*]My Web Search (Zwinky)
    Next

    Download AdwCleaner to your desktop.

    Right click and select "Run as Administrator".

    • Run AdwCleaner and select Delete
    • Once done it will ask to reboot, allow the reboot
    • On reboot a log will be produced, please attach the content of the log to your next reply
    Next

    [​IMG] Please download Junkware Removal Tool to your desktop.

    Right click and select "Run as Administrator".

    • Shut down your protection software now to avoid potential conflicts.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    In your next post please provide the following:

    • AdwCleaner log
    • JRT.txt
    • How is the computer running?
     
  4. Honeybeelzebub

    Honeybeelzebub Thread Starter

    Joined:
    Dec 29, 2012
    Messages:
    26
    I named the thread according to the threat eset smart security alerted me to. The message was:

    12/28/2012 12:48:30 PM Startup scanner operating memory Operating memory Win32/Olmarik.TDL4 trojan unable to clean Melissa-HP\Melissa

    Here are the requested logs -

    # AdwCleaner v2.104 - Logfile created 12/31/2012 at 17:00:38
    # Updated 29/12/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Melissa - MELISSA-HP
    # Boot Mode : Normal
    # Running from : C:\Users\Melissa\Desktop\adwcleaner.exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****
    Folder Deleted : C:\Users\Melissa\AppData\LocalLow\AVG Security Toolbar
    Folder Deleted : C:\Users\Melissa\AppData\LocalLow\FunWebProducts
    ***** [Registry] *****
    Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
    Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
    Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.MultipleButton
    Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.MultipleButton.1
    Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller
    Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller.1
    Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.UrlAlertButton
    Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.UrlAlertButton.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
    Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
    Key Deleted : HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin
    Key Deleted : HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\mywebsearch bar uninstall
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows Media\Wmsdk\Sources [F3PopularScreenSavers]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform [FunWebProducts]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{07B18EA9-A523-4961-B6BB-170DE4475CCA}]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16457
    [OK] Registry is clean.
    *************************
    AdwCleaner[S1].txt - [6286 octets] - [31/12/2012 17:00:38]
    ########## EOF - C:\AdwCleaner[S1].txt - [6346 octets] ##########


    ~~~ Registry Keys
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}
    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}

    ~~~ Files
    Successfully deleted: [File] C:\eula.1028.txt
    Successfully deleted: [File] C:\eula.1031.txt
    Successfully deleted: [File] C:\eula.1033.txt
    Successfully deleted: [File] C:\eula.1036.txt
    Successfully deleted: [File] C:\eula.1040.txt
    Successfully deleted: [File] C:\eula.1041.txt
    Successfully deleted: [File] C:\eula.1042.txt
    Successfully deleted: [File] C:\eula.2052.txt
    Successfully deleted: [File] C:\install.res.1028.dll
    Successfully deleted: [File] C:\install.res.1031.dll
    Successfully deleted: [File] C:\install.res.1033.dll
    Successfully deleted: [File] C:\install.res.1036.dll
    Successfully deleted: [File] C:\install.res.1040.dll
    Successfully deleted: [File] C:\install.res.1041.dll
    Successfully deleted: [File] C:\install.res.1042.dll
    Successfully deleted: [File] C:\install.res.2052.dll
    Successfully deleted: [File] C:\install.res.3082.dll
    Failed to delete [File] C:\windows\svchost.exe [Check for TDL4 Rootkit!]

    ~~~ Folders

    ~~~ Event Viewer Logs were cleared


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 12/31/2012 at 17:24:54.49
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Thank you, Melissa
     
  5. Honeybeelzebub

    Honeybeelzebub Thread Starter

    Joined:
    Dec 29, 2012
    Messages:
    26
    The computer is running fine. The only problems I have run into are abnormally long shut down, start up, and reboot times. Used to be very quick. A few minutes, now sometimes 5-10 minutes.
     
  6. OCD

    OCD Malware Specialist

    Joined:
    Sep 11, 2012
    Messages:
    273
    Hi Honeybeelzebub,

    IMPORTANT NOTE: Unfortunately, one of the identified infections is a backdoor trojan.

    This allows hackers to remotely control your computer, steal critical system information and download and execute files.
    I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

    Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

    How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
    When Should I Format, How Should I Reinstall

    = = = = = = = = = = = = = = = = = = = =

    Please download TDSSKiller.zip
    • Extract it to your desktop
    • TDSSKiller.exe - Right click and select "Run as Administrator".
    • Press Start Scan
      • Only if Malicious objects are found then ensure Cure is selected
      • Then click Continue > Reboot now
    • Copy and paste the log in your next reply
      • A copy of the log will be saved automatically to the root of the drive (typically C:\)
    Next

    Download aswMBR.exe and save it to your desktop.

    Right click and select "Run as Administrator".

    • When asked if you want to download Avast's virus definitions please select Yes.
    • Click Scan
      • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
      • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.


    In your next post please provide the following:

    • TDSSKiller log
    • aswMBR
     
  7. Honeybeelzebub

    Honeybeelzebub Thread Starter

    Joined:
    Dec 29, 2012
    Messages:
    26
    OCD,

    I ended up with two Tdsskiller logs.

    23:33:25.0669 1036 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    23:33:26.0075 1036 ============================================================
    23:33:26.0075 1036 Current date / time: 2012/12/31 23:33:26.0075
    23:33:26.0075 1036 SystemInfo:
    23:33:26.0075 1036
    23:33:26.0075 1036 OS Version: 6.1.7601 ServicePack: 1.0
    23:33:26.0075 1036 Product type: Workstation
    23:33:26.0075 1036 ComputerName: MELISSA-HP
    23:33:26.0075 1036 UserName: Melissa
    23:33:26.0075 1036 Windows directory: C:\windows
    23:33:26.0075 1036 System windows directory: C:\windows
    23:33:26.0075 1036 Running under WOW64
    23:33:26.0075 1036 Processor architecture: Intel x64
    23:33:26.0075 1036 Number of processors: 4
    23:33:26.0075 1036 Page size: 0x1000
    23:33:26.0075 1036 Boot type: Normal boot
    23:33:26.0075 1036 ============================================================
    23:33:28.0711 1036 BG loaded
    23:33:30.0006 1036 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    23:33:30.0006 1036 ============================================================
    23:33:30.0006 1036 \Device\Harddisk0\DR0:
    23:33:30.0006 1036 MBR partitions:
    23:33:30.0006 1036 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
    23:33:30.0006 1036 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x227CA000
    23:33:30.0006 1036 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x22860800, BlocksNum 0x21CC800
    23:33:30.0006 1036 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x24A2D000, BlocksNum 0x9FD800
    23:33:30.0006 1036 ============================================================
    23:33:30.0053 1036 C: <-> \Device\Harddisk0\DR0\Partition2
    23:33:32.0268 1036 E: <-> \Device\Harddisk0\DR0\Partition3
    23:33:34.0936 1036 F: <-> \Device\Harddisk0\DR0\Partition4
    23:33:34.0936 1036 ============================================================
    23:33:34.0936 1036 Initialize success
    23:33:34.0936 1036 ============================================================

    23:27:10.0071 1556 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    23:27:10.0726 1556 ============================================================
    23:27:10.0726 1556 Current date / time: 2012/12/31 23:27:10.0726
    23:27:10.0726 1556 SystemInfo:
    23:27:10.0726 1556
    23:27:10.0726 1556 OS Version: 6.1.7601 ServicePack: 1.0
    23:27:10.0726 1556 Product type: Workstation
    23:27:10.0726 1556 ComputerName: MELISSA-HP
    23:27:10.0726 1556 UserName: Melissa
    23:27:10.0726 1556 Windows directory: C:\windows
    23:27:10.0726 1556 System windows directory: C:\windows
    23:27:10.0726 1556 Running under WOW64
    23:27:10.0726 1556 Processor architecture: Intel x64
    23:27:10.0726 1556 Number of processors: 4
    23:27:10.0726 1556 Page size: 0x1000
    23:27:10.0726 1556 Boot type: Normal boot
    23:27:10.0726 1556 ============================================================
    23:27:11.0497 1556 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    23:27:11.0507 1556 ============================================================
    23:27:11.0507 1556 \Device\Harddisk0\DR0:
    23:27:11.0507 1556 MBR partitions:
    23:27:11.0507 1556 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
    23:27:11.0507 1556 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x227CA000
    23:27:11.0507 1556 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x22860800, BlocksNum 0x21CC800
    23:27:11.0507 1556 ============================================================
    23:27:11.0527 1556 C: <-> \Device\Harddisk0\DR0\Partition2
    23:27:11.0567 1556 E: <-> \Device\Harddisk0\DR0\Partition3
    23:27:11.0567 1556 ============================================================
    23:27:11.0567 1556 Initialize success
    23:27:11.0567 1556 ============================================================
    23:27:14.0468 7092 ============================================================
    23:27:14.0468 7092 Scan started
    23:27:14.0468 7092 Mode: Manual;
    23:27:14.0468 7092 ============================================================
    23:27:17.0729 7092 ================ Scan system memory ========================
    23:27:17.0729 7092 System memory - ok
    23:27:17.0729 7092 ================ Scan services =============================
    23:27:17.0919 7092 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
    23:27:17.0929 7092 1394ohci - ok
    23:27:17.0979 7092 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\windows\system32\DRIVERS\Accelerometer.sys
    23:27:17.0989 7092 Accelerometer - ok
    23:27:18.0099 7092 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    23:27:18.0119 7092 ACDaemon - ok
    23:27:18.0169 7092 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
    23:27:18.0169 7092 ACPI - ok
    23:27:18.0219 7092 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
    23:27:18.0219 7092 AcpiPmi - ok
    23:27:18.0269 7092 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
    23:27:18.0279 7092 adp94xx - ok
    23:27:18.0299 7092 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
    23:27:18.0309 7092 adpahci - ok
    23:27:18.0319 7092 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
    23:27:18.0319 7092 adpu320 - ok
    23:27:18.0349 7092 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
    23:27:18.0349 7092 AeLookupSvc - ok
    23:27:18.0439 7092 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
    23:27:18.0449 7092 AESTFilters - ok
    23:27:18.0569 7092 [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc C:\windows\syswow64\drivers\Afc.sys
    23:27:18.0579 7092 Afc - ok
    23:27:18.0639 7092 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
    23:27:18.0649 7092 AFD - ok
    23:27:18.0729 7092 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\windows\system32\DRIVERS\agrsm64.sys
    23:27:18.0739 7092 AgereSoftModem - ok
    23:27:18.0779 7092 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
    23:27:18.0789 7092 agp440 - ok
    23:27:18.0820 7092 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
    23:27:18.0820 7092 ALG - ok
    23:27:18.0850 7092 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
    23:27:18.0850 7092 aliide - ok
    23:27:18.0880 7092 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
    23:27:18.0880 7092 amdide - ok
    23:27:18.0930 7092 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
    23:27:18.0940 7092 AmdK8 - ok
    23:27:18.0940 7092 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
    23:27:18.0940 7092 AmdPPM - ok
    23:27:19.0010 7092 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
    23:27:19.0010 7092 amdsata - ok
    23:27:19.0030 7092 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
    23:27:19.0040 7092 amdsbs - ok
    23:27:19.0060 7092 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
    23:27:19.0060 7092 amdxata - ok
    23:27:19.0110 7092 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
    23:27:19.0120 7092 AppID - ok
    23:27:19.0150 7092 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
    23:27:19.0150 7092 AppIDSvc - ok
    23:27:19.0200 7092 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
    23:27:19.0200 7092 Appinfo - ok
    23:27:19.0290 7092 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    23:27:19.0310 7092 Apple Mobile Device - ok
    23:27:19.0350 7092 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
    23:27:19.0350 7092 arc - ok
    23:27:19.0370 7092 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
    23:27:19.0370 7092 arcsas - ok
    23:27:19.0410 7092 [ 357635F16D28558C50870F4EF8AA4712 ] ARCVCAM C:\windows\system32\DRIVERS\ArcSoftVCapture.sys
    23:27:19.0410 7092 ARCVCAM - ok
    23:27:19.0580 7092 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    23:27:19.0590 7092 aspnet_state - ok
    23:27:19.0640 7092 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
    23:27:19.0640 7092 AsyncMac - ok
    23:27:19.0690 7092 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
    23:27:19.0690 7092 atapi - ok
    23:27:19.0730 7092 [ CBE61B4494165F458BD87E37181EE934 ] AthBTPort C:\windows\system32\DRIVERS\btath_flt.sys
    23:27:19.0730 7092 AthBTPort - ok
    23:27:19.0780 7092 [ 4C4A576818EA028257C624AE36FF7A03 ] Atheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    23:27:19.0790 7092 Atheros Bt&Wlan Coex Agent - ok
    23:27:19.0820 7092 [ 684B36CA4067DA7000CF95771A3CF0E7 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    23:27:19.0820 7092 AtherosSvc - ok
    23:27:20.0030 7092 [ B4421D8CDADC441F76BA39532A3E3414 ] athr C:\windows\system32\DRIVERS\athrx.sys
    23:27:20.0070 7092 athr - ok
    23:27:20.0140 7092 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
    23:27:20.0150 7092 AudioEndpointBuilder - ok
    23:27:20.0160 7092 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
    23:27:20.0170 7092 AudioSrv - ok
    23:27:20.0220 7092 [ BFD698CC6E1DE2E0D23155DECC513D2F ] avgtp C:\windows\system32\drivers\avgtpx64.sys
    23:27:20.0220 7092 avgtp - ok
    23:27:20.0280 7092 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
    23:27:20.0280 7092 AxInstSV - ok
    23:27:20.0320 7092 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
    23:27:20.0330 7092 b06bdrv - ok
    23:27:20.0390 7092 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
    23:27:20.0390 7092 b57nd60a - ok
    23:27:20.0430 7092 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
    23:27:20.0430 7092 BDESVC - ok
    23:27:20.0450 7092 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
    23:27:20.0460 7092 Beep - ok
    23:27:20.0520 7092 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
    23:27:20.0530 7092 BFE - ok
    23:27:20.0580 7092 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
    23:27:20.0590 7092 BITS - ok
    23:27:20.0630 7092 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
    23:27:20.0630 7092 blbdrive - ok
    23:27:20.0700 7092 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    23:27:20.0710 7092 Bonjour Service - ok
    23:27:20.0750 7092 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
    23:27:20.0760 7092 bowser - ok
    23:27:20.0780 7092 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
    23:27:20.0780 7092 BrFiltLo - ok
    23:27:20.0800 7092 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
    23:27:20.0800 7092 BrFiltUp - ok
    23:27:20.0830 7092 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
    23:27:20.0830 7092 Browser - ok
    23:27:20.0850 7092 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
    23:27:20.0860 7092 Brserid - ok
    23:27:20.0880 7092 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
    23:27:20.0880 7092 BrSerWdm - ok
    23:27:20.0900 7092 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
    23:27:20.0900 7092 BrUsbMdm - ok
    23:27:20.0920 7092 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
    23:27:20.0920 7092 BrUsbSer - ok
    23:27:20.0950 7092 [ 227C8F308DE4AF4808E587465CEAB838 ] BTATH_A2DP C:\windows\system32\drivers\btath_a2dp.sys
    23:27:20.0960 7092 BTATH_A2DP - ok
    23:27:21.0020 7092 [ A83A91D07D1FE6BBE7A9DB46CA00434B ] BTATH_BUS C:\windows\system32\DRIVERS\btath_bus.sys
    23:27:21.0020 7092 BTATH_BUS - ok
    23:27:21.0050 7092 [ C864FF85EE16D61C2BDD5EF76824625F ] BTATH_HCRP C:\windows\system32\DRIVERS\btath_hcrp.sys
    23:27:21.0050 7092 BTATH_HCRP - ok
    23:27:21.0090 7092 [ 0DEA505EFB5D771826D177EF8B8A208F ] BTATH_LWFLT C:\windows\system32\DRIVERS\btath_lwflt.sys
    23:27:21.0090 7092 BTATH_LWFLT - ok
    23:27:21.0120 7092 [ 724C8088C96EFE7A3E63FEC21D4681C0 ] BTATH_RCP C:\windows\system32\DRIVERS\btath_rcp.sys
    23:27:21.0130 7092 BTATH_RCP - ok
    23:27:21.0210 7092 [ FF8B065F96E4D9525AA7227299FBD05C ] BtFilter C:\windows\system32\DRIVERS\btfilter.sys
    23:27:21.0220 7092 BtFilter - ok
    23:27:21.0260 7092 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
    23:27:21.0260 7092 BthEnum - ok
    23:27:21.0300 7092 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
    23:27:21.0310 7092 BTHMODEM - ok
    23:27:21.0350 7092 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
    23:27:21.0360 7092 BthPan - ok
    23:27:21.0410 7092 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
    23:27:21.0460 7092 BTHPORT - ok
    23:27:21.0480 7092 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
    23:27:21.0480 7092 bthserv - ok
    23:27:21.0510 7092 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
    23:27:21.0510 7092 BTHUSB - ok
    23:27:21.0540 7092 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
    23:27:21.0540 7092 cdfs - ok
    23:27:21.0570 7092 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\drivers\cdrom.sys
    23:27:21.0580 7092 cdrom - ok
    23:27:21.0620 7092 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
    23:27:21.0620 7092 CertPropSvc - ok
    23:27:21.0660 7092 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
    23:27:21.0660 7092 circlass - ok
    23:27:21.0680 7092 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
    23:27:21.0690 7092 CLFS - ok
    23:27:21.0750 7092 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    23:27:21.0770 7092 clr_optimization_v2.0.50727_32 - ok
    23:27:21.0800 7092 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    23:27:21.0800 7092 clr_optimization_v2.0.50727_64 - ok
    23:27:21.0860 7092 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    23:27:21.0860 7092 clr_optimization_v4.0.30319_32 - ok
    23:27:21.0880 7092 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    23:27:21.0890 7092 clr_optimization_v4.0.30319_64 - ok
    23:27:21.0920 7092 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
    23:27:21.0920 7092 CmBatt - ok
    23:27:21.0960 7092 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
    23:27:21.0970 7092 cmdide - ok
    23:27:22.0020 7092 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\windows\system32\Drivers\cng.sys
    23:27:22.0030 7092 CNG - ok
    23:27:22.0040 7092 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
    23:27:22.0040 7092 Compbatt - ok
    23:27:22.0080 7092 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
    23:27:22.0080 7092 CompositeBus - ok
    23:27:22.0090 7092 COMSysApp - ok
    23:27:22.0110 7092 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
    23:27:22.0110 7092 crcdisk - ok
    23:27:22.0160 7092 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
    23:27:22.0160 7092 CryptSvc - ok
    23:27:22.0200 7092 [ 2E3374F9F0B5A3247B779978980C24CB ] DAMDrv C:\windows\system32\DRIVERS\DAMDrv64.sys
    23:27:22.0210 7092 DAMDrv - ok
    23:27:22.0240 7092 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
    23:27:22.0250 7092 DcomLaunch - ok
    23:27:22.0270 7092 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
    23:27:22.0280 7092 defragsvc - ok
    23:27:22.0320 7092 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
    23:27:22.0320 7092 DfsC - ok
    23:27:22.0340 7092 DgiVecp - ok
    23:27:22.0370 7092 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
    23:27:22.0380 7092 Dhcp - ok
    23:27:22.0400 7092 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
    23:27:22.0410 7092 discache - ok
    23:27:22.0450 7092 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
    23:27:22.0450 7092 Disk - ok
    23:27:22.0510 7092 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
    23:27:22.0510 7092 Dnscache - ok
    23:27:22.0540 7092 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
    23:27:22.0550 7092 dot3svc - ok
    23:27:22.0620 7092 [ AA224B1BA5B2093DE97D6FCDDCF5D13B ] DpHost c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
    23:27:22.0630 7092 DpHost - ok
    23:27:22.0670 7092 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
    23:27:22.0670 7092 DPS - ok
    23:27:22.0700 7092 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
    23:27:22.0700 7092 drmkaud - ok
    23:27:22.0760 7092 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
    23:27:22.0770 7092 DXGKrnl - ok
    23:27:22.0820 7092 [ D00EAE9C735A7DEE8049E50D73D25434 ] eamonm C:\windows\system32\DRIVERS\eamonm.sys
    23:27:22.0830 7092 eamonm - ok
    23:27:22.0840 7092 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
    23:27:22.0840 7092 EapHost - ok
    23:27:22.0920 7092 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
    23:27:22.0960 7092 ebdrv - ok
    23:27:22.0990 7092 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
    23:27:22.0990 7092 EFS - ok
    23:27:23.0050 7092 [ E5EDDE3C8158DD0CBC5812F201DCDED0 ] ehdrv C:\windows\system32\DRIVERS\ehdrv.sys
    23:27:23.0050 7092 ehdrv - ok
    23:27:23.0130 7092 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
    23:27:23.0140 7092 ehRecvr - ok
    23:27:23.0170 7092 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
    23:27:23.0170 7092 ehSched - ok
    23:27:23.0260 7092 [ AD4FAADE819E0DA9933BEA7C01D2C763 ] ekrn C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    23:27:23.0270 7092 ekrn - ok
    23:27:23.0300 7092 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
    23:27:23.0310 7092 elxstor - ok
    23:27:23.0360 7092 [ 587F0F4145A1536A6E37EFD769B7665F ] epfw C:\windows\system32\DRIVERS\epfw.sys
    23:27:23.0360 7092 epfw - ok
    23:27:23.0390 7092 [ D2F812358EE8EE23CBB5C4DAFFB5B819 ] EpfwLWF C:\windows\system32\DRIVERS\EpfwLWF.sys
    23:27:23.0390 7092 EpfwLWF - ok
    23:27:23.0430 7092 [ 34BF55D69AB74D14C7E7A17259CB7DF8 ] epfwwfp C:\windows\system32\DRIVERS\epfwwfp.sys
    23:27:23.0430 7092 epfwwfp - ok
    23:27:23.0440 7092 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
    23:27:23.0450 7092 ErrDev - ok
    23:27:23.0490 7092 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
    23:27:23.0500 7092 EventSystem - ok
    23:27:23.0530 7092 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
    23:27:23.0530 7092 exfat - ok
    23:27:23.0550 7092 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
    23:27:23.0550 7092 fastfat - ok
    23:27:23.0610 7092 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
    23:27:23.0620 7092 Fax - ok
    23:27:23.0650 7092 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
    23:27:23.0650 7092 fdc - ok
    23:27:23.0660 7092 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
    23:27:23.0660 7092 fdPHost - ok
    23:27:23.0680 7092 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
    23:27:23.0680 7092 FDResPub - ok
    23:27:23.0700 7092 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
    23:27:23.0700 7092 FileInfo - ok
    23:27:23.0710 7092 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
    23:27:23.0710 7092 Filetrace - ok
    23:27:23.0790 7092 [ 87B3E5C567509DDF3B124B16A6A3FBB7 ] FLCDLOCK c:\Windows\SysWOW64\flcdlock.exe
    23:27:23.0790 7092 FLCDLOCK - ok
    23:27:23.0821 7092 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
    23:27:23.0821 7092 flpydisk - ok
    23:27:23.0851 7092 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
    23:27:23.0851 7092 FltMgr - ok
    23:27:23.0891 7092 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
    23:27:23.0901 7092 FontCache - ok
    23:27:23.0961 7092 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    23:27:23.0961 7092 FontCache3.0.0.0 - ok
    23:27:23.0991 7092 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
    23:27:23.0991 7092 FsDepends - ok
    23:27:24.0011 7092 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
    23:27:24.0021 7092 Fs_Rec - ok
    23:27:24.0061 7092 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
    23:27:24.0071 7092 fvevol - ok
    23:27:24.0101 7092 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
    23:27:24.0101 7092 gagp30kx - ok
    23:27:24.0201 7092 [ 551D463E4CCEB5240234DA6718C93A44 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    23:27:24.0201 7092 GameConsoleService - ok
    23:27:24.0241 7092 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
    23:27:24.0251 7092 GEARAspiWDM - ok
    23:27:24.0291 7092 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
    23:27:24.0301 7092 gpsvc - ok
    23:27:24.0351 7092 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    23:27:24.0351 7092 gupdate - ok
    23:27:24.0381 7092 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    23:27:24.0381 7092 gupdatem - ok
    23:27:24.0421 7092 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    23:27:24.0421 7092 gusvc - ok
    23:27:24.0431 7092 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
    23:27:24.0431 7092 hcw85cir - ok
    23:27:24.0491 7092 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
    23:27:24.0501 7092 HdAudAddService - ok
    23:27:24.0521 7092 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
    23:27:24.0521 7092 HDAudBus - ok
    23:27:24.0551 7092 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
    23:27:24.0551 7092 HidBatt - ok
    23:27:24.0581 7092 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
    23:27:24.0581 7092 HidBth - ok
    23:27:24.0591 7092 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
    23:27:24.0591 7092 HidIr - ok
    23:27:24.0621 7092 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
    23:27:24.0621 7092 hidserv - ok
    23:27:24.0641 7092 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\drivers\hidusb.sys
    23:27:24.0641 7092 HidUsb - ok
    23:27:24.0681 7092 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
    23:27:24.0691 7092 hkmsvc - ok
    23:27:24.0731 7092 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
    23:27:24.0731 7092 HomeGroupListener - ok
    23:27:24.0761 7092 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
    23:27:24.0771 7092 HomeGroupProvider - ok
    23:27:24.0811 7092 [ 02C2108111D9656A9729995D2219FB99 ] HP Power Assistant Service C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
    23:27:24.0811 7092 HP Power Assistant Service - ok
    23:27:24.0871 7092 [ 37890FDD25BEAC6AEDA3E2D57F2B29EB ] HP ProtectTools Service c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
    23:27:24.0881 7092 HP ProtectTools Service - ok
    23:27:24.0951 7092 [ DA075126F867727810EE9B98B3041C4C ] HPAuto C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
    23:27:24.0961 7092 HPAuto - ok
    23:27:25.0061 7092 [ C5D2F308E1C12A5C328EF549696DBC05 ] hpCMSrv C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
    23:27:25.0071 7092 hpCMSrv - ok
    23:27:25.0161 7092 [ A9FC4D7EA174BBF5A675B299FFAD80A2 ] HPDayStarterService c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
    23:27:25.0161 7092 HPDayStarterService - ok
    23:27:25.0231 7092 [ EE6776254339A725C965E4BCFA437A6D ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    23:27:25.0231 7092 HPDrvMntSvc.exe - ok
    23:27:25.0251 7092 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\windows\system32\DRIVERS\hpdskflt.sys
    23:27:25.0261 7092 hpdskflt - ok
    23:27:25.0311 7092 [ 98FAB0413C7365C9069994D7CE47F3EC ] HPFSService C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
    23:27:25.0331 7092 HPFSService - ok
    23:27:25.0421 7092 [ 7D10E0F2F603A3CE65F0B9750F7ABDB2 ] hpHotkeyMonitor C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
    23:27:25.0441 7092 hpHotkeyMonitor - ok
    23:27:25.0471 7092 [ B98EE5D4535A685634B90F7E04DE0DF7 ] HpqKbFiltr C:\windows\system32\DRIVERS\HpqKbFiltr.sys
    23:27:25.0471 7092 HpqKbFiltr - ok
    23:27:25.0541 7092 [ C41433F596A9A1D5FB094DA32F9A2168 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    23:27:25.0551 7092 hpqwmiex - ok
    23:27:25.0591 7092 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
    23:27:25.0591 7092 HpSAMD - ok
    23:27:25.0621 7092 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\windows\system32\Hpservice.exe
    23:27:25.0631 7092 hpsrv - ok
    23:27:25.0671 7092 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
    23:27:25.0691 7092 HTTP - ok
    23:27:25.0711 7092 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
    23:27:25.0711 7092 hwpolicy - ok
    23:27:25.0751 7092 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
    23:27:25.0751 7092 i8042prt - ok
    23:27:25.0791 7092 [ D469B77687E12FE43E344806740B624D ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
    23:27:25.0791 7092 iaStor - ok
    23:27:25.0861 7092 [ 117FF657E0D9BBD61B5C3E71E63D3919 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    23:27:25.0861 7092 IAStorDataMgrSvc - ok
    23:27:25.0911 7092 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
    23:27:25.0921 7092 iaStorV - ok
    23:27:25.0991 7092 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    23:27:26.0001 7092 idsvc - ok
    23:27:26.0241 7092 [ 795C99DC4F574C97C03D0BB39CF099EE ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
    23:27:26.0431 7092 igfx - ok
    23:27:26.0471 7092 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
    23:27:26.0471 7092 iirsp - ok
    23:27:26.0521 7092 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
    23:27:26.0531 7092 IKEEXT - ok
    23:27:26.0581 7092 [ AE594CC17C33AC146739494615E14851 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
    23:27:26.0581 7092 IntcDAud - ok
    23:27:26.0621 7092 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
    23:27:26.0621 7092 intelide - ok
    23:27:26.0631 7092 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
    23:27:26.0641 7092 intelppm - ok
    23:27:26.0671 7092 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
    23:27:26.0671 7092 IPBusEnum - ok
    23:27:26.0711 7092 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
    23:27:26.0711 7092 IpFilterDriver - ok
    23:27:26.0751 7092 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
    23:27:26.0751 7092 iphlpsvc - ok
    23:27:26.0791 7092 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
    23:27:26.0791 7092 IPMIDRV - ok
    23:27:26.0832 7092 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
    23:27:26.0842 7092 IPNAT - ok
    23:27:26.0892 7092 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    23:27:26.0902 7092 iPod Service - ok
    23:27:26.0912 7092 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
    23:27:26.0922 7092 IRENUM - ok
    23:27:26.0952 7092 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
    23:27:26.0962 7092 isapnp - ok
    23:27:27.0012 7092 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
    23:27:27.0022 7092 iScsiPrt - ok
    23:27:27.0082 7092 [ 3B794CA0DE73790420DEBA3C759F1502 ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    23:27:27.0102 7092 jhi_service - ok
    23:27:27.0132 7092 [ 0B44199365A69696109AB9A5855E0841 ] JMCR C:\windows\system32\DRIVERS\jmcr.sys
    23:27:27.0142 7092 JMCR - ok
    23:27:27.0182 7092 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
    23:27:27.0182 7092 kbdclass - ok
    23:27:27.0222 7092 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
    23:27:27.0252 7092 kbdhid - ok
    23:27:27.0272 7092 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
    23:27:27.0272 7092 KeyIso - ok
    23:27:27.0302 7092 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
    23:27:27.0302 7092 KSecDD - ok
    23:27:27.0342 7092 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
    23:27:27.0342 7092 KSecPkg - ok
    23:27:27.0372 7092 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
    23:27:27.0372 7092 ksthunk - ok
    23:27:27.0412 7092 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
    23:27:27.0422 7092 KtmRm - ok
    23:27:27.0482 7092 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
    23:27:27.0492 7092 LanmanServer - ok
    23:27:27.0522 7092 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
    23:27:27.0522 7092 LanmanWorkstation - ok
    23:27:27.0562 7092 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
    23:27:27.0562 7092 lltdio - ok
    23:27:27.0602 7092 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
    23:27:27.0612 7092 lltdsvc - ok
    23:27:27.0622 7092 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
    23:27:27.0622 7092 lmhosts - ok
    23:27:27.0692 7092 [ 97F9EAAC985A663394CD8F54DCD3E73A ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    23:27:27.0702 7092 LMS - ok
    23:27:27.0762 7092 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
    23:27:27.0762 7092 LSI_FC - ok
    23:27:27.0812 7092 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
    23:27:27.0812 7092 LSI_SAS - ok
    23:27:27.0842 7092 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
    23:27:27.0842 7092 LSI_SAS2 - ok
    23:27:27.0882 7092 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
    23:27:27.0882 7092 LSI_SCSI - ok
    23:27:27.0932 7092 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
    23:27:27.0932 7092 luafv - ok
    23:27:28.0052 7092 [ 80E7E71CAAF758BF084BDF13996D52D0 ] McAfee Endpoint Encryption Agent C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
    23:27:28.0072 7092 McAfee Endpoint Encryption Agent - ok
    23:27:28.0082 7092 MCSTRM - ok
    23:27:28.0122 7092 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
    23:27:28.0132 7092 Mcx2Svc - ok
    23:27:28.0152 7092 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
    23:27:28.0152 7092 megasas - ok
    23:27:28.0192 7092 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
    23:27:28.0192 7092 MegaSR - ok
    23:27:28.0242 7092 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
    23:27:28.0242 7092 MEIx64 - ok
    23:27:28.0282 7092 [ A11F574A809B3751A17815F00C88781F ] MfeEpePc C:\windows\system32\drivers\MfeEpePc.sys
    23:27:28.0292 7092 MfeEpePc - ok
    23:27:28.0312 7092 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
    23:27:28.0322 7092 MMCSS - ok
    23:27:28.0342 7092 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
    23:27:28.0342 7092 Modem - ok
    23:27:28.0372 7092 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
    23:27:28.0372 7092 monitor - ok
    23:27:28.0422 7092 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
    23:27:28.0422 7092 mouclass - ok
    23:27:28.0452 7092 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
    23:27:28.0452 7092 mouhid - ok
    23:27:28.0492 7092 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
    23:27:28.0492 7092 mountmgr - ok
    23:27:28.0542 7092 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
    23:27:28.0542 7092 mpio - ok
    23:27:28.0582 7092 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
    23:27:28.0582 7092 mpsdrv - ok
    23:27:28.0622 7092 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
    23:27:28.0632 7092 MpsSvc - ok
    23:27:28.0672 7092 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
    23:27:28.0672 7092 MRxDAV - ok
    23:27:28.0712 7092 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
    23:27:28.0712 7092 mrxsmb - ok
    23:27:28.0742 7092 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
    23:27:28.0742 7092 mrxsmb10 - ok
    23:27:28.0752 7092 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
    23:27:28.0762 7092 mrxsmb20 - ok
    23:27:28.0792 7092 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
    23:27:28.0802 7092 msahci - ok
    23:27:28.0812 7092 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
    23:27:28.0812 7092 msdsm - ok
    23:27:28.0843 7092 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
    23:27:28.0843 7092 MSDTC - ok
    23:27:28.0873 7092 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
    23:27:28.0873 7092 Msfs - ok
    23:27:28.0903 7092 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
    23:27:28.0903 7092 mshidkmdf - ok
    23:27:28.0913 7092 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
    23:27:28.0923 7092 msisadrv - ok
    23:27:28.0953 7092 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
    23:27:28.0953 7092 MSiSCSI - ok
    23:27:28.0963 7092 msiserver - ok
    23:27:29.0023 7092 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
    23:27:29.0023 7092 MSKSSRV - ok
    23:27:29.0043 7092 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
    23:27:29.0043 7092 MSPCLOCK - ok
    23:27:29.0063 7092 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
    23:27:29.0063 7092 MSPQM - ok
    23:27:29.0093 7092 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
    23:27:29.0103 7092 MsRPC - ok
    23:27:29.0133 7092 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
    23:27:29.0143 7092 mssmbios - ok
    23:27:29.0163 7092 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
    23:27:29.0163 7092 MSTEE - ok
    23:27:29.0183 7092 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
    23:27:29.0183 7092 MTConfig - ok
    23:27:29.0203 7092 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
    23:27:29.0223 7092 Mup - ok
    23:27:29.0253 7092 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
    23:27:29.0263 7092 napagent - ok
    23:27:29.0313 7092 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
    23:27:29.0313 7092 NativeWifiP - ok
    23:27:29.0423 7092 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
    23:27:29.0443 7092 NDIS - ok
    23:27:29.0463 7092 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
    23:27:29.0463 7092 NdisCap - ok
    23:27:29.0503 7092 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
    23:27:29.0503 7092 NdisTapi - ok
    23:27:29.0533 7092 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
    23:27:29.0543 7092 Ndisuio - ok
    23:27:29.0573 7092 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
    23:27:29.0583 7092 NdisWan - ok
    23:27:29.0593 7092 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
    23:27:29.0593 7092 NDProxy - ok
    23:27:29.0623 7092 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
    23:27:29.0623 7092 NetBIOS - ok
    23:27:29.0663 7092 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
    23:27:29.0663 7092 NetBT - ok
    23:27:29.0663 7092 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
    23:27:29.0673 7092 Netlogon - ok
    23:27:29.0693 7092 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
    23:27:29.0703 7092 Netman - ok
    23:27:29.0773 7092 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    23:27:29.0773 7092 NetMsmqActivator - ok
    23:27:29.0773 7092 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    23:27:29.0773 7092 NetPipeActivator - ok
    23:27:29.0803 7092 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
    23:27:29.0813 7092 netprofm - ok
    23:27:29.0813 7092 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    23:27:29.0813 7092 NetTcpActivator - ok
    23:27:29.0823 7092 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    23:27:29.0823 7092 NetTcpPortSharing - ok
    23:27:29.0853 7092 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
    23:27:29.0853 7092 nfrd960 - ok
    23:27:29.0873 7092 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
    23:27:29.0883 7092 NlaSvc - ok
    23:27:29.0903 7092 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
    23:27:29.0913 7092 Npfs - ok
    23:27:29.0933 7092 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
    23:27:29.0933 7092 nsi - ok
    23:27:29.0943 7092 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
    23:27:29.0943 7092 nsiproxy - ok
    23:27:30.0003 7092 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
    23:27:30.0013 7092 Ntfs - ok
    23:27:30.0033 7092 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
    23:27:30.0033 7092 Null - ok
    23:27:30.0083 7092 [ 9A33100AC62A0463C49E47EE8E77083A ] nusb3hub C:\windows\system32\DRIVERS\nusb3hub.sys
    23:27:30.0083 7092 nusb3hub - ok
    23:27:30.0103 7092 [ 87C321F7BEE646B7EC6EEDD6EB725741 ] nusb3xhc C:\windows\system32\DRIVERS\nusb3xhc.sys
    23:27:30.0113 7092 nusb3xhc - ok
    23:27:30.0143 7092 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
    23:27:30.0143 7092 nvraid - ok
    23:27:30.0163 7092 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
    23:27:30.0163 7092 nvstor - ok
    23:27:30.0203 7092 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
    23:27:30.0203 7092 nv_agp - ok
    23:27:30.0293 7092 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    23:27:30.0303 7092 odserv - ok
    23:27:30.0343 7092 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
    23:27:30.0343 7092 ohci1394 - ok
    23:27:30.0373 7092 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    23:27:30.0383 7092 ose - ok
    23:27:30.0413 7092 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
    23:27:30.0413 7092 p2pimsvc - ok
    23:27:30.0433 7092 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
    23:27:30.0443 7092 p2psvc - ok
    23:27:30.0483 7092 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
    23:27:30.0483 7092 Parport - ok
    23:27:30.0503 7092 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
    23:27:30.0513 7092 partmgr - ok
    23:27:30.0523 7092 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
    23:27:30.0523 7092 PcaSvc - ok
    23:27:30.0543 7092 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
    23:27:30.0543 7092 pci - ok
    23:27:30.0583 7092 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
    23:27:30.0583 7092 pciide - ok
    23:27:30.0613 7092 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
    23:27:30.0613 7092 pcmcia - ok
    23:27:30.0643 7092 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
    23:27:30.0643 7092 pcw - ok
    23:27:30.0683 7092 [ 8F924F00F2F81422FD7C340FDA0E00D8 ] PdiService C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    23:27:30.0693 7092 PdiService - ok
    23:27:30.0713 7092 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
    23:27:30.0723 7092 PEAUTH - ok
    23:27:30.0783 7092 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
    23:27:30.0783 7092 PerfHost - ok
    23:27:30.0843 7092 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
    23:27:30.0853 7092 pla - ok
    23:27:30.0903 7092 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
    23:27:30.0913 7092 PlugPlay - ok
    23:27:30.0933 7092 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
    23:27:30.0933 7092 PNRPAutoReg - ok
    23:27:30.0953 7092 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
    23:27:30.0953 7092 PNRPsvc - ok
    23:27:31.0053 7092 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
    23:27:31.0063 7092 PolicyAgent - ok
    23:27:31.0093 7092 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
    23:27:31.0103 7092 Power - ok
    23:27:31.0143 7092 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
    23:27:31.0143 7092 PptpMiniport - ok
    23:27:31.0173 7092 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
    23:27:31.0173 7092 Processor - ok
    23:27:31.0203 7092 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
    23:27:31.0213 7092 ProfSvc - ok
    23:27:31.0233 7092 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
    23:27:31.0233 7092 ProtectedStorage - ok
    23:27:31.0273 7092 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
    23:27:31.0283 7092 Psched - ok
    23:27:31.0343 7092 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
    23:27:31.0353 7092 ql2300 - ok
    23:27:31.0383 7092 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
    23:27:31.0383 7092 ql40xx - ok
    23:27:31.0433 7092 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
    23:27:31.0433 7092 QWAVE - ok
    23:27:31.0483 7092 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
    23:27:31.0483 7092 QWAVEdrv - ok
    23:27:31.0523 7092 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
    23:27:31.0533 7092 RasAcd - ok
    23:27:31.0573 7092 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
    23:27:31.0573 7092 RasAgileVpn - ok
    23:27:31.0583 7092 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
    23:27:31.0583 7092 RasAuto - ok
    23:27:31.0623 7092 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
    23:27:31.0623 7092 Rasl2tp - ok
    23:27:31.0673 7092 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
    23:27:31.0673 7092 RasMan - ok
    23:27:31.0693 7092 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
    23:27:31.0693 7092 RasPppoe - ok
    23:27:31.0713 7092 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
    23:27:31.0723 7092 RasSstp - ok
    23:27:31.0753 7092 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
    23:27:31.0763 7092 rdbss - ok
    23:27:31.0783 7092 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
    23:27:31.0783 7092 rdpbus - ok
    23:27:31.0793 7092 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
    23:27:31.0793 7092 RDPCDD - ok
    23:27:31.0813 7092 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
    23:27:31.0813 7092 RDPENCDD - ok
    23:27:31.0823 7092 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
    23:27:31.0823 7092 RDPREFMP - ok
    23:27:31.0884 7092 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
    23:27:31.0884 7092 RdpVideoMiniport - ok
    23:27:31.0914 7092 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
    23:27:31.0914 7092 RDPWD - ok
    23:27:31.0964 7092 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
    23:27:31.0964 7092 rdyboost - ok
    23:27:32.0004 7092 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
    23:27:32.0014 7092 RemoteAccess - ok
    23:27:32.0034 7092 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
    23:27:32.0044 7092 RemoteRegistry - ok
    23:27:32.0074 7092 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
    23:27:32.0084 7092 RFCOMM - ok
    23:27:32.0094 7092 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
    23:27:32.0094 7092 RpcEptMapper - ok
    23:27:32.0124 7092 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
    23:27:32.0124 7092 RpcLocator - ok
    23:27:32.0164 7092 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
    23:27:32.0174 7092 RpcSs - ok
    23:27:32.0204 7092 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
    23:27:32.0214 7092 rspndr - ok
    23:27:32.0234 7092 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
    23:27:32.0244 7092 RTL8167 - ok
    23:27:32.0254 7092 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
    23:27:32.0254 7092 SamSs - ok
    23:27:32.0294 7092 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
    23:27:32.0294 7092 sbp2port - ok
    23:27:32.0324 7092 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
    23:27:32.0334 7092 SCardSvr - ok
    23:27:32.0364 7092 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
    23:27:32.0364 7092 scfilter - ok
    23:27:32.0414 7092 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
    23:27:32.0424 7092 Schedule - ok
    23:27:32.0464 7092 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
    23:27:32.0464 7092 SCPolicySvc - ok
    23:27:32.0494 7092 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\windows\system32\drivers\sdbus.sys
    23:27:32.0494 7092 sdbus - ok
    23:27:32.0534 7092 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
    23:27:32.0534 7092 SDRSVC - ok
    23:27:32.0574 7092 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
    23:27:32.0574 7092 secdrv - ok
    23:27:32.0604 7092 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
    23:27:32.0614 7092 seclogon - ok
    23:27:32.0634 7092 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
    23:27:32.0634 7092 SENS - ok
    23:27:32.0644 7092 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
    23:27:32.0644 7092 SensrSvc - ok
    23:27:32.0674 7092 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
    23:27:32.0674 7092 Serenum - ok
    23:27:32.0694 7092 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
    23:27:32.0704 7092 Serial - ok
    23:27:32.0764 7092 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
    23:27:32.0764 7092 sermouse - ok
    23:27:32.0834 7092 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
    23:27:32.0834 7092 SessionEnv - ok
    23:27:32.0864 7092 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
    23:27:32.0864 7092 sffdisk - ok
    23:27:32.0874 7092 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
    23:27:32.0874 7092 sffp_mmc - ok
    23:27:32.0894 7092 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
    23:27:32.0894 7092 sffp_sd - ok
    23:27:32.0914 7092 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
    23:27:32.0914 7092 sfloppy - ok
    23:27:33.0004 7092 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
    23:27:33.0004 7092 SharedAccess - ok
    23:27:33.0074 7092 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
    23:27:33.0084 7092 ShellHWDetection - ok
    23:27:33.0134 7092 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
    23:27:33.0134 7092 SiSRaid2 - ok
    23:27:33.0154 7092 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
    23:27:33.0164 7092 SiSRaid4 - ok
    23:27:33.0214 7092 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
    23:27:33.0214 7092 Smb - ok
    23:27:33.0284 7092 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
    23:27:33.0284 7092 SNMPTRAP - ok
    23:27:33.0364 7092 [ 3325D6E50E52CC05C5F8228288DF2A4C ] SNP2UVC C:\windows\system32\DRIVERS\snp2uvc.sys
    23:27:33.0384 7092 SNP2UVC - ok
    23:27:33.0404 7092 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
    23:27:33.0404 7092 spldr - ok
    23:27:33.0464 7092 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
    23:27:33.0474 7092 Spooler - ok
    23:27:33.0564 7092 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
    23:27:33.0604 7092 sppsvc - ok
    23:27:33.0634 7092 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
    23:27:33.0644 7092 sppuinotify - ok
    23:27:33.0684 7092 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
    23:27:33.0684 7092 srv - ok
    23:27:33.0704 7092 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
    23:27:33.0704 7092 srv2 - ok
    23:27:33.0724 7092 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
    23:27:33.0724 7092 srvnet - ok
    23:27:33.0734 7092 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
    23:27:33.0744 7092 SSDPSRV - ok
    23:27:33.0754 7092 SSPORT - ok
    23:27:33.0774 7092 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
    23:27:33.0774 7092 SstpSvc - ok
    23:27:33.0854 7092 [ A6B2EC3A2B6AD7C3F7B2F3495CADE4C0 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
    23:27:33.0864 7092 STacSV - ok
    23:27:33.0884 7092 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
    23:27:33.0884 7092 stexstor - ok
    23:27:33.0924 7092 [ EBA98394A7D58F7552C52192BD8FA7E6 ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys
    23:27:33.0924 7092 STHDA - ok
    23:27:33.0984 7092 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
    23:27:33.0984 7092 stisvc - ok
    23:27:34.0014 7092 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
    23:27:34.0014 7092 swenum - ok
    23:27:34.0044 7092 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
    23:27:34.0054 7092 swprv - ok
    23:27:34.0084 7092 [ 0B0AE2373FF3B31CD02F30BD71C7D14C ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
    23:27:34.0094 7092 SynTP - ok
    23:27:34.0174 7092 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
    23:27:34.0194 7092 SysMain - ok
    23:27:34.0224 7092 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
    23:27:34.0234 7092 TabletInputService - ok
    23:27:34.0254 7092 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
    23:27:34.0254 7092 TapiSrv - ok
    23:27:34.0284 7092 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
    23:27:34.0284 7092 TBS - ok
    23:27:34.0374 7092 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
    23:27:34.0394 7092 Tcpip - ok
    23:27:34.0424 7092 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
    23:27:34.0434 7092 TCPIP6 - ok
    23:27:34.0454 7092 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
    23:27:34.0454 7092 tcpipreg - ok
    23:27:34.0484 7092 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
    23:27:34.0494 7092 TDPIPE - ok
    23:27:34.0514 7092 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
    23:27:34.0514 7092 TDTCP - ok
    23:27:34.0544 7092 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
    23:27:34.0554 7092 tdx - ok
    23:27:34.0594 7092 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
    23:27:34.0594 7092 TermDD - ok
    23:27:34.0614 7092 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
    23:27:34.0624 7092 TermService - ok
    23:27:34.0644 7092 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
    23:27:34.0654 7092 Themes - ok
    23:27:34.0674 7092 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
    23:27:34.0674 7092 THREADORDER - ok
    23:27:34.0714 7092 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\windows\system32\drivers\tpm.sys
    23:27:34.0714 7092 TPM - ok
    23:27:34.0724 7092 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
    23:27:34.0734 7092 TrkWks - ok
    23:27:34.0784 7092 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
    23:27:34.0784 7092 TrustedInstaller - ok
    23:27:34.0824 7092 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
    23:27:34.0824 7092 tssecsrv - ok
    23:27:34.0865 7092 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
    23:27:34.0865 7092 TsUsbFlt - ok
    23:27:34.0925 7092 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
    23:27:34.0925 7092 tunnel - ok
    23:27:34.0945 7092 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
    23:27:34.0945 7092 uagp35 - ok
    23:27:35.0065 7092 [ D5994AB5C2B2D72D6320A7004D52617C ] uArcCapture C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
    23:27:35.0075 7092 uArcCapture - ok
    23:27:35.0115 7092 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
    23:27:35.0115 7092 udfs - ok
    23:27:35.0155 7092 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
    23:27:35.0165 7092 UI0Detect - ok
    23:27:35.0195 7092 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
    23:27:35.0205 7092 uliagpkx - ok
    23:27:35.0245 7092 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys
    23:27:35.0245 7092 umbus - ok
    23:27:35.0285 7092 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
    23:27:35.0285 7092 UmPass - ok
    23:27:35.0395 7092 [ A69CD6BDB82872999D2E46F9324ADA83 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    23:27:35.0425 7092 UNS - ok
    23:27:35.0475 7092 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
    23:27:35.0475 7092 upnphost - ok
    23:27:35.0545 7092 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
    23:27:35.0545 7092 USBAAPL64 - ok
    23:27:35.0575 7092 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
    23:27:35.0575 7092 usbccgp - ok
    23:27:35.0615 7092 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
    23:27:35.0615 7092 usbcir - ok
    23:27:35.0655 7092 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
    23:27:35.0665 7092 usbehci - ok
    23:27:36.0025 7092 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
    23:27:36.0035 7092 usbhub - ok
    23:27:36.0075 7092 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
    23:27:36.0075 7092 usbohci - ok
    23:27:36.0165 7092 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
    23:27:36.0165 7092 usbprint - ok
    23:27:36.0195 7092 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
    23:27:36.0195 7092 USBSTOR - ok
    23:27:36.0215 7092 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
    23:27:36.0215 7092 usbuhci - ok
    23:27:36.0265 7092 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
    23:27:36.0265 7092 usbvideo - ok
    23:27:36.0305 7092 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
    23:27:36.0305 7092 UxSms - ok
    23:27:36.0315 7092 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
    23:27:36.0315 7092 VaultSvc - ok
    23:27:36.0425 7092 [ 41EEF971DD82A3674D07F275A4DEF702 ] vcsFPService C:\windows\system32\vcsFPService.exe
    23:27:36.0465 7092 vcsFPService - ok
    23:27:36.0495 7092 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
    23:27:36.0495 7092 vdrvroot - ok
    23:27:36.0535 7092 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
    23:27:36.0545 7092 vds - ok
    23:27:36.0575 7092 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
    23:27:36.0585 7092 vga - ok
    23:27:36.0595 7092 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
    23:27:36.0605 7092 VgaSave - ok
    23:27:36.0635 7092 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
    23:27:36.0635 7092 vhdmp - ok
    23:27:36.0655 7092 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
    23:27:36.0655 7092 viaide - ok
    23:27:36.0675 7092 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
    23:27:36.0675 7092 volmgr - ok
    23:27:36.0715 7092 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
    23:27:36.0725 7092 volmgrx - ok
    23:27:36.0735 7092 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
    23:27:36.0745 7092 volsnap - ok
    23:27:36.0785 7092 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
    23:27:36.0785 7092 vsmraid - ok
    23:27:36.0845 7092 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
    23:27:36.0865 7092 VSS - ok
    23:27:37.0015 7092 [ 7DB85B78309C05C9F06F469ED976DC9E ] vToolbarUpdater13.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    23:27:37.0015 7092 vToolbarUpdater13.2.0 - ok
    23:27:37.0075 7092 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
    23:27:37.0085 7092 vwifibus - ok
    23:27:37.0115 7092 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
    23:27:37.0115 7092 vwififlt - ok
    23:27:37.0155 7092 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
    23:27:37.0155 7092 vwifimp - ok
    23:27:37.0185 7092 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
    23:27:37.0205 7092 W32Time - ok
    23:27:37.0235 7092 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
    23:27:37.0235 7092 WacomPen - ok
    23:27:37.0295 7092 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
    23:27:37.0295 7092 WANARP - ok
    23:27:37.0305 7092 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
    23:27:37.0305 7092 Wanarpv6 - ok
    23:27:37.0405 7092 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
    23:27:37.0445 7092 WatAdminSvc - ok
    23:27:37.0545 7092 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
    23:27:37.0565 7092 wbengine - ok
    23:27:37.0585 7092 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
    23:27:37.0595 7092 WbioSrvc - ok
    23:27:37.0635 7092 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
    23:27:37.0635 7092 wcncsvc - ok
    23:27:37.0655 7092 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
    23:27:37.0655 7092 WcsPlugInService - ok
    23:27:37.0685 7092 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
    23:27:37.0685 7092 Wd - ok
    23:27:37.0725 7092 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
    23:27:37.0735 7092 Wdf01000 - ok
    23:27:37.0755 7092 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
    23:27:37.0765 7092 WdiServiceHost - ok
    23:27:37.0765 7092 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
    23:27:37.0765 7092 WdiSystemHost - ok
    23:27:37.0795 7092 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
    23:27:37.0795 7092 WebClient - ok
    23:27:37.0835 7092 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
    23:27:37.0835 7092 Wecsvc - ok
    23:27:37.0845 7092 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
    23:27:37.0855 7092 wercplsupport - ok
    23:27:37.0875 7092 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
    23:27:37.0875 7092 WerSvc - ok
    23:27:37.0915 7092 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
    23:27:37.0915 7092 WfpLwf - ok
    23:27:37.0925 7092 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
    23:27:37.0925 7092 WIMMount - ok
    23:27:37.0955 7092 WinDefend - ok
    23:27:37.0965 7092 WinHttpAutoProxySvc - ok
    23:27:38.0025 7092 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
    23:27:38.0035 7092 Winmgmt - ok
    23:27:38.0115 7092 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
    23:27:38.0135 7092 WinRM - ok
    23:27:38.0195 7092 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\windows\system32\DRIVERS\WinUSB.sys
    23:27:38.0195 7092 WinUSB - ok
    23:27:38.0245 7092 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
    23:27:38.0255 7092 Wlansvc - ok
    23:27:38.0355 7092 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    23:27:38.0385 7092 wlidsvc - ok
    23:27:38.0435 7092 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
    23:27:38.0435 7092 WmiAcpi - ok
    23:27:38.0475 7092 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
    23:27:38.0485 7092 wmiApSrv - ok
    23:27:38.0505 7092 WMPNetworkSvc - ok
    23:27:38.0525 7092 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
    23:27:38.0525 7092 WPCSvc - ok
    23:27:38.0565 7092 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
    23:27:38.0575 7092 WPDBusEnum - ok
    23:27:38.0625 7092 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
    23:27:38.0635 7092 ws2ifsl - ok
    23:27:38.0655 7092 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
    23:27:38.0655 7092 wscsvc - ok
    23:27:38.0665 7092 WSearch - ok
    23:27:38.0815 7092 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
    23:27:38.0845 7092 wuauserv - ok
    23:27:38.0895 7092 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
    23:27:38.0905 7092 WudfPf - ok
    23:27:38.0939 7092 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
    23:27:38.0946 7092 WUDFRd - ok
    23:27:38.0987 7092 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
    23:27:38.0987 7092 wudfsvc - ok
    23:27:39.0027 7092 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
    23:27:39.0027 7092 WwanSvc - ok
    23:27:39.0127 7092 [ A35820791F940822C31908F58F91D973 ] XobniService C:\Program Files (x86)\Xobni\XobniService.exe
    23:27:39.0127 7092 XobniService - ok
    23:27:39.0167 7092 ================ Scan global ===============================
    23:27:39.0207 7092 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
    23:27:39.0327 7092 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll
    23:27:39.0337 7092 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll
    23:27:39.0357 7092 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
    23:27:39.0387 7092 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
    23:27:39.0397 7092 [Global] - ok
    23:27:39.0397 7092 ================ Scan MBR ==================================
    23:27:39.0397 7092 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    23:27:39.0397 7092 Suspicious mbr (Forged): \Device\Harddisk0\DR0
    23:27:39.0447 7092 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    23:27:39.0447 7092 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    23:27:39.0457 7092 ================ Scan VBR ==================================
    23:27:39.0457 7092 [ 6BAD7B7D957D5E6CBD001111FA35BD48 ] \Device\Harddisk0\DR0\Partition1
    23:27:39.0457 7092 \Device\Harddisk0\DR0\Partition1 - ok
    23:27:39.0467 7092 [ A8D1879A1716EFE4516DD35AE123AD2D ] \Device\Harddisk0\DR0\Partition2
    23:27:39.0467 7092 \Device\Harddisk0\DR0\Partition2 - ok
    23:27:39.0497 7092 [ CA768F2526164F0EE223AC381FAE6D0F ] \Device\Harddisk0\DR0\Partition3
    23:27:39.0507 7092 \Device\Harddisk0\DR0\Partition3 - ok
    23:27:39.0507 7092 ============================================================
    23:27:39.0507 7092 Scan finished
    23:27:39.0507 7092 ============================================================
    23:27:39.0517 10300 Detected object count: 1
    23:27:39.0517 10300 Actual detected object count: 1
    23:29:53.0326 10300 \Device\Harddisk0\DR0\# - copied to quarantine
    23:29:53.0333 10300 \Device\Harddisk0\DR0 - copied to quarantine
    23:29:53.0386 10300 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    23:29:53.0686 10300 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    23:29:54.0076 10300 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    23:29:54.0428 10300 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    23:29:54.0793 10300 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    23:29:54.0801 10300 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    23:29:54.0808 10300 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    23:29:54.0818 10300 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    23:29:55.0108 10300 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    23:29:55.0418 10300 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    23:29:55.0426 10300 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    23:29:55.0433 10300 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    23:29:55.0511 10300 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    23:29:55.0548 10300 \Device\Harddisk0\DR0 - ok
    23:29:56.0041 10300 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    23:30:33.0455 4992 Deinitialize success

    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-12-31 23:38:44
    -----------------------------
    23:38:44.680 OS Version: Windows x64 6.1.7601 Service Pack 1
    23:38:44.680 Number of processors: 4 586 0x2A07
    23:38:44.680 ComputerName: MELISSA-HP UserName: Melissa
    23:38:45.756 Initialize success
    23:39:40.215 AVAST engine defs: 12123101
    23:39:58.509 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    23:39:58.509 Disk 0 Vendor: TOSHIBA_ MH00 Size: 305245MB BusType: 3
    23:39:58.525 Disk 0 MBR read successfully
    23:39:58.540 Disk 0 MBR scan
    23:39:58.540 Disk 0 Windows 7 default MBR code
    23:39:58.556 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 2048
    23:39:58.556 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 282516 MB offset 616448
    23:39:58.587 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17305 MB offset 579209216
    23:39:58.618 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 5115 MB offset 614649856
    23:39:58.649 Disk 0 scanning C:\windows\system32\drivers
    23:40:19.431 Service scanning
    23:41:02.067 Modules scanning
    23:41:02.082 Disk 0 trace - called modules:
    23:41:02.659 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys hal.dll
    23:41:02.659 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800668f060]
    23:41:02.675 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa8004c5fb10]
    23:41:02.691 5 hpdskflt.sys[fffff88001bb4189] -> nt!IofCallDriver -> [0xfffffa80048948c0]
    23:41:02.706 7 ACPI.sys[fffff88000fa57a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b74050]
    23:41:03.439 AVAST engine scan C:\windows
    23:41:07.651 AVAST engine scan C:\windows\system32
    23:45:56.160 AVAST engine scan C:\windows\system32\drivers
    23:46:14.245 AVAST engine scan C:\Users\Melissa
    23:47:30.293 Disk 0 MBR has been saved successfully to "C:\Users\Melissa\Desktop\MBR.dat"
    23:47:30.293 The log file has been saved successfully to "C:\Users\Melissa\Desktop\aswMBR.txt"

    Can you please tell me what all of these logs are showing? Thank you and happy new year.
     

    Attached Files:

    • MBR.zip
      File size:
      580 bytes
      Views:
      1
  8. OCD

    OCD Malware Specialist

    Joined:
    Sep 11, 2012
    Messages:
    273
    Hi Honeybeelzebub,

    The tools we use have various malware detection / removal capabilities.

    1. TDSSKiller is a utility created by Kaspersky Labs that is designed to identify and remove the TDSS rootkit.
    2. aswMBR is a anti-rootkit scanner that searches your computer for Rootkits that infect the Master Boot Record, or MBR, of your computer.
    = = = = = = = = = = = = = = = = = = = =

    Refer to the ComboFix User's Guide


    1. Download ComboFix from the following location:

      Link

      * IMPORTANT !!! Place ComboFix.exe on your Desktop
    2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
      You can get help on disabling your protection programs here
    3. Double click on ComboFix.exe & follow the prompts.
    4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
    5. When finished, it shall produce a log for you. Post that log in your next reply

      Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

      ---------------------------------------------------------------------------------------------
    6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

      ---------------------------------------------------------------------------------------------

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

    In your next post please provide the following:

    • ComboFix.txt
    • How is the computer running?
     
  9. Honeybeelzebub

    Honeybeelzebub Thread Starter

    Joined:
    Dec 29, 2012
    Messages:
    26
    OCD,

    Here is the combofix log.

    ComboFix 13-01-01.02 - Melissa 01/01/2013 17:32:38.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4030.2012 [GMT -6:00]
    Running from: c:\users\Melissa\Desktop\ComboFix.exe
    AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\programdata\Microsoft\Windows\DRM\FA46.tmp
    c:\programdata\Microsoft\Windows\DRM\FA76.tmp
    c:\users\Melissa\AppData\Roaming\D2835F
    c:\windows\iun6002.exe
    c:\windows\svchost.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-01 to 2013-01-01 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-01 05:29 . 2013-01-01 05:29 -------- d-----w- C:\TDSSKiller_Quarantine
    2013-01-01 05:25 . 2013-01-01 05:25 -------- d-----w- c:\users\Melissa\AppData\Local\WinZip
    2013-01-01 05:24 . 2013-01-01 05:25 -------- d-----w- c:\program files\WinZip
    2012-12-31 23:09 . 2012-12-31 23:09 -------- d-----w- c:\windows\ERUNT
    2012-12-31 23:09 . 2012-12-31 23:09 -------- d-----w- C:\JRT
    2012-12-30 05:23 . 2012-12-30 05:23 -------- d-----w- c:\program files (x86)\Glary Utilities
    2012-12-30 04:40 . 2012-12-30 04:40 -------- d-----w- c:\programdata\PDFC
    2012-12-21 09:02 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-21 09:02 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-21 09:02 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-21 09:02 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-12 00:14 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-12-12 00:14 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-12-12 00:12 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
    2012-12-12 00:12 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-12 09:05 . 2011-08-01 22:04 67413224 ----a-w- c:\windows\system32\MRT.exe
    2012-11-05 01:30 . 2012-05-12 18:23 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-11-05 01:30 . 2011-08-03 01:23 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-16 08:38 . 2012-11-28 10:53 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38 . 2012-11-28 10:53 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39 . 2012-11-28 10:53 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
    2012-10-09 18:17 . 2012-11-16 06:38 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
    2012-10-09 18:17 . 2012-11-16 06:38 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
    2012-10-09 17:40 . 2012-11-16 06:38 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40 . 2012-11-16 06:38 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
    2012-10-04 16:40 . 2012-12-12 00:13 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-25 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2011-02-07 12274688]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-26 283160]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2012-02-27 113288]
    "DTRun"="c:\program files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2010-11-24 517456]
    "HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-02-11 76344]
    "QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-07-07 323128]
    "HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-05-23 103992]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
    2011-02-03 22:09 75360 ----a-w- c:\windows\System32\DeviceNP.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ DPPassFilter scecli
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
    R3 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-08-23 89600]
    R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2010-11-11 32192]
    R3 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-01-07 138400]
    R3 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-01-07 53920]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-01-07 298144]
    R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2011-02-07 63336]
    R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2011-02-03 464480]
    R3 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-08-06 681528]
    R3 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-01-28 133688]
    R3 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-02-07 320000]
    R3 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2011-07-07 1698360]
    R3 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-14 30520]
    R3 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
    R3 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2011-02-09 1318912]
    R3 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-01-18 113264]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2010-11-11 502464]
    R3 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-01 1255736]
    R3 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2011-03-07 62184]
    S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 62496]
    S0 MfeEpePc;MfeEpePc; [x]
    S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
    S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 38288]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144]
    S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-01-27 131128]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-06-06 197536]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-26 13336]
    S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2011-01-22 3154224]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-01-07 36000]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-01-07 28832]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-01-07 201376]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-01-07 55456]
    S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-01-07 154272]
    S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-01-07 279200]
    S3 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2011-01-12 36864]
    S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-05-23 1098296]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-01-31 174168]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2012-02-27 91648]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2012-02-27 208896]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-24 565352]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-01 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files (x86)\Glary Utilities\initialize.exe [2012-12-30 07:22]
    .
    2013-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-01 19:44]
    .
    2013-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-01 19:44]
    .
    2012-12-12 c:\windows\Tasks\HPCeeScheduleForMelissa.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    2013-01-01 c:\windows\Tasks\SDMsgUpdate (TE).job
    - c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2011-09-06 17:29]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-01-27 13880]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-31 167960]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-08-23 1128448]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 4081008]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://search.myheritage.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    Trusted Zone: rhapsody.com\rhap-app-4-0
    Trusted Zone: rhapsody.com\rhapreg
    Trusted Zone: samsungsetup.com\www
    TCP: DhcpNameServer = 192.168.1.1
    DPF: {10000000-1000-1000-1000-100000000000} - hxxp://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    SafeBoot-64018839.sys
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-smARTupdate - c:\windows\iun6002.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
    27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
    "{3134413B-49B4-425C-98A5-893C1F195601}"=hex:51,66,7a,6c,4c,1d,38,12,55,42,27,
    35,86,07,32,07,e7,b3,ca,7c,1a,47,12,15
    "{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}"=hex:51,66,7a,6c,4c,1d,38,12,aa,f5,03,
    89,33,40,ba,0e,f9,17,52,ec,1a,81,c5,32
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
    ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:24,62,82,68,0c,df,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
    c:\windows\SysWOW64\DllHost.exe
    .
    **************************************************************************
    .
    Completion time: 2013-01-01 17:50:53 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-01-01 23:50
    .
    Pre-Run: 210,451,501,056 bytes free
    Post-Run: 210,352,820,224 bytes free
    .
    - - End Of File - - 0E8FD9909497C9C481E0CA11DF04E66D

    I am also including a screen shot of my quarantine folder within Eset, it shows several files with the olmarik trojan. Shall I delete them from quarantine?

    Computer is running fine. No changes noted. - Melissa
     

    Attached Files:

  10. Honeybeelzebub

    Honeybeelzebub Thread Starter

    Joined:
    Dec 29, 2012
    Messages:
    26
    OCD, I have a new problem. I have a finger print scanner that is used to sign into the computer and also to sign into certain websites. Well, the sign on finger print scan works as normal---but when I go to a website and atempt to sign in with my finger print nothing happens. There is usually a ding or somthing. That sounds lame. Can you help? Is one of the programs you have asked me to run the problem.
    :confused::confused::confused::confused::confused::confused::confused:
     
  11. Honeybeelzebub

    Honeybeelzebub Thread Starter

    Joined:
    Dec 29, 2012
    Messages:
    26
    WELL...I did a restore to a point right before combofix and my finger print scanner is working great. SO. Not sure where to go from here, but I needed the password manager to work. I know you are busy. Please tell me whats next, combofix is gone from my desktop now. I still have the quarantined items from the screen shot I sent you. I'm getting a little antsy. Please help. - Melissa
     
  12. Honeybeelzebub

    Honeybeelzebub Thread Starter

    Joined:
    Dec 29, 2012
    Messages:
    26
    Are you still there? I'm trying to be patient. I know you are busy. Don't forget about me.
     
  13. OCD

    OCD Malware Specialist

    Joined:
    Sep 11, 2012
    Messages:
    273
    Hi Honeybeelzebub,

    I can understand how you would like to resolve this issue as quickly as possible, but making changes to your system while we are trying to remove the malware may actually delay the process. The absence of symptoms does not mean the malware has been completely removed. Please try and be patient.

    You don't need to delete them. They are located in the TDSSKiller quarantine folder and we will remove them during the clean up process when we are finished.

    = = = = = = = = = = = = = = = = = = = =

    Locate TDSSKiller.exe (it should be on your desktop) if not follow the instructions to download it again.

    Please download TDSSKiller.zip
    • Extract it to your desktop
    • TDSSKiller.exe - Right click and select "Run as Administrator".
    • Press Start Scan
      • Only if Malicious objects are found then ensure Cure is selected
      • Then click Continue > Reboot now
    • Copy and paste the log in your next reply
      • A copy of the log will be saved automatically to the root of the drive (typically C:\)
    Next

    Please download Malwarebytes' Anti-Malware to your desktop.

    Right click and select "Run as Administrator"

    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan as shown below.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

    In your next post please provide the following:

    • TDSSKiller log
    • MBAM log
    • How is the computer running?
     
  14. Honeybeelzebub

    Honeybeelzebub Thread Starter

    Joined:
    Dec 29, 2012
    Messages:
    26
    OCD,

    21:41:35.0257 7740 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    21:41:35.0615 7740 ============================================================
    21:41:35.0615 7740 Current date / time: 2013/01/02 21:41:35.0615
    21:41:35.0615 7740 SystemInfo:
    21:41:35.0615 7740
    21:41:35.0615 7740 OS Version: 6.1.7601 ServicePack: 1.0
    21:41:35.0615 7740 Product type: Workstation
    21:41:35.0615 7740 ComputerName: MELISSA-HP
    21:41:35.0615 7740 UserName: Melissa
    21:41:35.0615 7740 Windows directory: C:\windows
    21:41:35.0615 7740 System windows directory: C:\windows
    21:41:35.0615 7740 Running under WOW64
    21:41:35.0615 7740 Processor architecture: Intel x64
    21:41:35.0615 7740 Number of processors: 4
    21:41:35.0615 7740 Page size: 0x1000
    21:41:35.0615 7740 Boot type: Normal boot
    21:41:35.0615 7740 ============================================================
    21:41:36.0271 7740 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    21:41:36.0286 7740 ============================================================
    21:41:36.0286 7740 \Device\Harddisk0\DR0:
    21:41:36.0286 7740 MBR partitions:
    21:41:36.0286 7740 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
    21:41:36.0286 7740 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x227CA000
    21:41:36.0286 7740 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x22860800, BlocksNum 0x21CC800
    21:41:36.0286 7740 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x24A2D000, BlocksNum 0x9FD800
    21:41:36.0286 7740 ============================================================
    21:41:36.0317 7740 C: <-> \Device\Harddisk0\DR0\Partition2
    21:41:36.0349 7740 E: <-> \Device\Harddisk0\DR0\Partition3
    21:41:36.0364 7740 F: <-> \Device\Harddisk0\DR0\Partition4
    21:41:36.0364 7740 ============================================================
    21:41:36.0364 7740 Initialize success
    21:41:36.0364 7740 ============================================================
    21:41:44.0495 6844 ============================================================
    21:41:44.0495 6844 Scan started
    21:41:44.0495 6844 Mode: Manual;
    21:41:44.0495 6844 ============================================================
    21:41:45.0946 6844 ================ Scan system memory ========================
    21:41:45.0946 6844 System memory - ok
    21:41:45.0946 6844 ================ Scan services =============================
    21:41:46.0180 6844 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
    21:41:46.0211 6844 1394ohci - ok
    21:41:46.0273 6844 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\windows\system32\DRIVERS\Accelerometer.sys
    21:41:46.0273 6844 Accelerometer - ok
    21:41:46.0367 6844 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    21:41:46.0398 6844 ACDaemon - ok
    21:41:46.0429 6844 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
    21:41:46.0445 6844 ACPI - ok
    21:41:46.0492 6844 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
    21:41:46.0492 6844 AcpiPmi - ok
    21:41:46.0554 6844 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
    21:41:46.0554 6844 adp94xx - ok
    21:41:46.0601 6844 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
    21:41:46.0601 6844 adpahci - ok
    21:41:46.0617 6844 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
    21:41:46.0617 6844 adpu320 - ok
    21:41:46.0663 6844 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
    21:41:46.0663 6844 AeLookupSvc - ok
    21:41:46.0773 6844 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
    21:41:46.0788 6844 AESTFilters - ok
    21:41:46.0913 6844 [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc C:\windows\syswow64\drivers\Afc.sys
    21:41:46.0929 6844 Afc - ok
    21:41:46.0991 6844 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
    21:41:47.0007 6844 AFD - ok
    21:41:47.0100 6844 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\windows\system32\DRIVERS\agrsm64.sys
    21:41:47.0131 6844 AgereSoftModem - ok
    21:41:47.0178 6844 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
    21:41:47.0178 6844 agp440 - ok
    21:41:47.0241 6844 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
    21:41:47.0241 6844 ALG - ok
    21:41:47.0287 6844 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
    21:41:47.0287 6844 aliide - ok
    21:41:47.0319 6844 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
    21:41:47.0319 6844 amdide - ok
    21:41:47.0365 6844 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
    21:41:47.0365 6844 AmdK8 - ok
    21:41:47.0381 6844 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
    21:41:47.0381 6844 AmdPPM - ok
    21:41:47.0428 6844 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
    21:41:47.0428 6844 amdsata - ok
    21:41:47.0459 6844 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
    21:41:47.0459 6844 amdsbs - ok
    21:41:47.0475 6844 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
    21:41:47.0475 6844 amdxata - ok
    21:41:47.0521 6844 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
    21:41:47.0521 6844 AppID - ok
    21:41:47.0553 6844 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
    21:41:47.0553 6844 AppIDSvc - ok
    21:41:47.0584 6844 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
    21:41:47.0584 6844 Appinfo - ok
    21:41:47.0678 6844 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    21:41:47.0678 6844 Apple Mobile Device - ok
    21:41:47.0710 6844 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
    21:41:47.0710 6844 arc - ok
    21:41:47.0741 6844 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
    21:41:47.0741 6844 arcsas - ok
    21:41:47.0772 6844 [ 357635F16D28558C50870F4EF8AA4712 ] ARCVCAM C:\windows\system32\DRIVERS\ArcSoftVCapture.sys
    21:41:47.0788 6844 ARCVCAM - ok
    21:41:47.0928 6844 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    21:41:47.0959 6844 aspnet_state - ok
    21:41:47.0990 6844 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
    21:41:48.0022 6844 AsyncMac - ok
    21:41:48.0068 6844 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
    21:41:48.0084 6844 atapi - ok
    21:41:48.0131 6844 [ CBE61B4494165F458BD87E37181EE934 ] AthBTPort C:\windows\system32\DRIVERS\btath_flt.sys
    21:41:48.0131 6844 AthBTPort - ok
    21:41:48.0193 6844 [ 4C4A576818EA028257C624AE36FF7A03 ] Atheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    21:41:48.0193 6844 Atheros Bt&Wlan Coex Agent - ok
    21:41:48.0209 6844 [ 684B36CA4067DA7000CF95771A3CF0E7 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    21:41:48.0224 6844 AtherosSvc - ok
    21:41:48.0334 6844 [ B4421D8CDADC441F76BA39532A3E3414 ] athr C:\windows\system32\DRIVERS\athrx.sys
    21:41:48.0365 6844 athr - ok
    21:41:48.0427 6844 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
    21:41:48.0443 6844 AudioEndpointBuilder - ok
    21:41:48.0458 6844 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
    21:41:48.0458 6844 AudioSrv - ok
    21:41:48.0505 6844 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
    21:41:48.0505 6844 AxInstSV - ok
    21:41:48.0552 6844 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
    21:41:48.0568 6844 b06bdrv - ok
    21:41:48.0614 6844 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
    21:41:48.0614 6844 b57nd60a - ok
    21:41:48.0661 6844 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
    21:41:48.0661 6844 BDESVC - ok
    21:41:48.0677 6844 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
    21:41:48.0677 6844 Beep - ok
    21:41:48.0755 6844 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
    21:41:48.0770 6844 BFE - ok
    21:41:48.0802 6844 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
    21:41:48.0833 6844 BITS - ok
    21:41:48.0848 6844 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
    21:41:48.0848 6844 blbdrive - ok
    21:41:48.0926 6844 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    21:41:48.0942 6844 Bonjour Service - ok
    21:41:48.0973 6844 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
    21:41:48.0973 6844 bowser - ok
    21:41:49.0004 6844 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
    21:41:49.0020 6844 BrFiltLo - ok
    21:41:49.0036 6844 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
    21:41:49.0036 6844 BrFiltUp - ok
    21:41:49.0067 6844 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
    21:41:49.0067 6844 Browser - ok
    21:41:49.0082 6844 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
    21:41:49.0098 6844 Brserid - ok
    21:41:49.0114 6844 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
    21:41:49.0114 6844 BrSerWdm - ok
    21:41:49.0129 6844 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
    21:41:49.0129 6844 BrUsbMdm - ok
    21:41:49.0145 6844 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
    21:41:49.0160 6844 BrUsbSer - ok
    21:41:49.0192 6844 [ 227C8F308DE4AF4808E587465CEAB838 ] BTATH_A2DP C:\windows\system32\drivers\btath_a2dp.sys
    21:41:49.0192 6844 BTATH_A2DP - ok
    21:41:49.0223 6844 [ A83A91D07D1FE6BBE7A9DB46CA00434B ] BTATH_BUS C:\windows\system32\DRIVERS\btath_bus.sys
    21:41:49.0238 6844 BTATH_BUS - ok
    21:41:49.0254 6844 [ C864FF85EE16D61C2BDD5EF76824625F ] BTATH_HCRP C:\windows\system32\DRIVERS\btath_hcrp.sys
    21:41:49.0254 6844 BTATH_HCRP - ok
    21:41:49.0270 6844 [ 0DEA505EFB5D771826D177EF8B8A208F ] BTATH_LWFLT C:\windows\system32\DRIVERS\btath_lwflt.sys
    21:41:49.0285 6844 BTATH_LWFLT - ok
    21:41:49.0301 6844 [ 724C8088C96EFE7A3E63FEC21D4681C0 ] BTATH_RCP C:\windows\system32\DRIVERS\btath_rcp.sys
    21:41:49.0301 6844 BTATH_RCP - ok
    21:41:49.0348 6844 [ FF8B065F96E4D9525AA7227299FBD05C ] BtFilter C:\windows\system32\DRIVERS\btfilter.sys
    21:41:49.0363 6844 BtFilter - ok
    21:41:49.0379 6844 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
    21:41:49.0394 6844 BthEnum - ok
    21:41:49.0410 6844 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
    21:41:49.0410 6844 BTHMODEM - ok
    21:41:49.0441 6844 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
    21:41:49.0441 6844 BthPan - ok
    21:41:49.0488 6844 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
    21:41:49.0519 6844 BTHPORT - ok
    21:41:49.0550 6844 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
    21:41:49.0550 6844 bthserv - ok
    21:41:49.0582 6844 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
    21:41:49.0597 6844 BTHUSB - ok
    21:41:49.0628 6844 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
    21:41:49.0628 6844 cdfs - ok
    21:41:49.0691 6844 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\drivers\cdrom.sys
    21:41:49.0691 6844 cdrom - ok
    21:41:49.0738 6844 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
    21:41:49.0753 6844 CertPropSvc - ok
    21:41:49.0769 6844 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
    21:41:49.0769 6844 circlass - ok
    21:41:49.0816 6844 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
    21:41:49.0816 6844 CLFS - ok
    21:41:49.0878 6844 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    21:41:49.0894 6844 clr_optimization_v2.0.50727_32 - ok
    21:41:49.0925 6844 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    21:41:49.0940 6844 clr_optimization_v2.0.50727_64 - ok
    21:41:50.0018 6844 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    21:41:50.0081 6844 clr_optimization_v4.0.30319_32 - ok
    21:41:50.0112 6844 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    21:41:50.0112 6844 clr_optimization_v4.0.30319_64 - ok
    21:41:50.0143 6844 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
    21:41:50.0159 6844 CmBatt - ok
    21:41:50.0190 6844 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
    21:41:50.0206 6844 cmdide - ok
    21:41:50.0268 6844 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\windows\system32\Drivers\cng.sys
    21:41:50.0268 6844 CNG - ok
    21:41:50.0299 6844 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
    21:41:50.0299 6844 Compbatt - ok
    21:41:50.0330 6844 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
    21:41:50.0330 6844 CompositeBus - ok
    21:41:50.0346 6844 COMSysApp - ok
    21:41:50.0362 6844 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
    21:41:50.0362 6844 crcdisk - ok
    21:41:50.0408 6844 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
    21:41:50.0408 6844 CryptSvc - ok
    21:41:50.0440 6844 [ 2E3374F9F0B5A3247B779978980C24CB ] DAMDrv C:\windows\system32\DRIVERS\DAMDrv64.sys
    21:41:50.0440 6844 DAMDrv - ok
    21:41:50.0502 6844 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
    21:41:50.0502 6844 DcomLaunch - ok
    21:41:50.0533 6844 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
    21:41:50.0549 6844 defragsvc - ok
    21:41:50.0580 6844 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
    21:41:50.0580 6844 DfsC - ok
    21:41:50.0596 6844 DgiVecp - ok
    21:41:50.0642 6844 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
    21:41:50.0642 6844 Dhcp - ok
    21:41:50.0674 6844 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
    21:41:50.0674 6844 discache - ok
    21:41:50.0721 6844 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
    21:41:50.0721 6844 Disk - ok
    21:41:50.0768 6844 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
    21:41:50.0768 6844 Dnscache - ok
    21:41:50.0815 6844 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
    21:41:50.0815 6844 dot3svc - ok
    21:41:50.0893 6844 [ AA224B1BA5B2093DE97D6FCDDCF5D13B ] DpHost c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
    21:41:50.0909 6844 DpHost - ok
    21:41:50.0924 6844 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
    21:41:50.0924 6844 DPS - ok
    21:41:50.0955 6844 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
    21:41:50.0971 6844 drmkaud - ok
    21:41:51.0033 6844 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
    21:41:51.0049 6844 DXGKrnl - ok
    21:41:51.0111 6844 [ D00EAE9C735A7DEE8049E50D73D25434 ] eamonm C:\windows\system32\DRIVERS\eamonm.sys
    21:41:51.0111 6844 eamonm - ok
    21:41:51.0127 6844 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
    21:41:51.0127 6844 EapHost - ok
    21:41:51.0221 6844 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
    21:41:51.0267 6844 ebdrv - ok
    21:41:51.0299 6844 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
    21:41:51.0299 6844 EFS - ok
    21:41:51.0345 6844 [ E5EDDE3C8158DD0CBC5812F201DCDED0 ] ehdrv C:\windows\system32\DRIVERS\ehdrv.sys
    21:41:51.0345 6844 ehdrv - ok
    21:41:51.0423 6844 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
    21:41:51.0439 6844 ehRecvr - ok
    21:41:51.0470 6844 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
    21:41:51.0470 6844 ehSched - ok
    21:41:51.0548 6844 [ AD4FAADE819E0DA9933BEA7C01D2C763 ] ekrn C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    21:41:51.0579 6844 ekrn - ok
    21:41:51.0611 6844 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
    21:41:51.0611 6844 elxstor - ok
    21:41:51.0673 6844 [ 587F0F4145A1536A6E37EFD769B7665F ] epfw C:\windows\system32\DRIVERS\epfw.sys
    21:41:51.0673 6844 epfw - ok
    21:41:51.0704 6844 [ D2F812358EE8EE23CBB5C4DAFFB5B819 ] EpfwLWF C:\windows\system32\DRIVERS\EpfwLWF.sys
    21:41:51.0704 6844 EpfwLWF - ok
    21:41:51.0751 6844 [ 34BF55D69AB74D14C7E7A17259CB7DF8 ] epfwwfp C:\windows\system32\DRIVERS\epfwwfp.sys
    21:41:51.0751 6844 epfwwfp - ok
    21:41:51.0767 6844 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
    21:41:51.0767 6844 ErrDev - ok
    21:41:51.0813 6844 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
    21:41:51.0829 6844 EventSystem - ok
    21:41:51.0845 6844 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
    21:41:51.0845 6844 exfat - ok
    21:41:51.0876 6844 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
    21:41:51.0876 6844 fastfat - ok
    21:41:51.0923 6844 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
    21:41:51.0938 6844 Fax - ok
    21:41:51.0954 6844 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
    21:41:51.0969 6844 fdc - ok
    21:41:51.0985 6844 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
    21:41:51.0985 6844 fdPHost - ok
    21:41:52.0016 6844 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
    21:41:52.0016 6844 FDResPub - ok
    21:41:52.0047 6844 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
    21:41:52.0047 6844 FileInfo - ok
    21:41:52.0079 6844 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
    21:41:52.0079 6844 Filetrace - ok
    21:41:52.0157 6844 [ 87B3E5C567509DDF3B124B16A6A3FBB7 ] FLCDLOCK c:\Windows\SysWOW64\flcdlock.exe
    21:41:52.0203 6844 FLCDLOCK - ok
    21:41:52.0219 6844 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
    21:41:52.0219 6844 flpydisk - ok
    21:41:52.0281 6844 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
    21:41:52.0281 6844 FltMgr - ok
    21:41:52.0344 6844 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
    21:41:52.0359 6844 FontCache - ok
    21:41:52.0437 6844 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    21:41:52.0437 6844 FontCache3.0.0.0 - ok
    21:41:52.0469 6844 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
    21:41:52.0469 6844 FsDepends - ok
    21:41:52.0500 6844 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
    21:41:52.0500 6844 Fs_Rec - ok
    21:41:52.0531 6844 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
    21:41:52.0531 6844 fvevol - ok
    21:41:52.0562 6844 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
    21:41:52.0578 6844 gagp30kx - ok
    21:41:52.0671 6844 [ 551D463E4CCEB5240234DA6718C93A44 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    21:41:52.0687 6844 GameConsoleService - ok
    21:41:52.0735 6844 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
    21:41:52.0750 6844 GEARAspiWDM - ok
    21:41:52.0813 6844 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
    21:41:52.0828 6844 gpsvc - ok
    21:41:52.0891 6844 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    21:41:52.0891 6844 gupdate - ok
    21:41:52.0906 6844 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    21:41:52.0922 6844 gupdatem - ok
    21:41:52.0969 6844 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    21:41:52.0969 6844 gusvc - ok
    21:41:52.0984 6844 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
    21:41:53.0000 6844 hcw85cir - ok
    21:41:53.0062 6844 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
    21:41:53.0062 6844 HdAudAddService - ok
    21:41:53.0078 6844 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
    21:41:53.0094 6844 HDAudBus - ok
    21:41:53.0125 6844 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
    21:41:53.0125 6844 HidBatt - ok
    21:41:53.0140 6844 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
    21:41:53.0140 6844 HidBth - ok
    21:41:53.0156 6844 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
    21:41:53.0156 6844 HidIr - ok
    21:41:53.0187 6844 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
    21:41:53.0187 6844 hidserv - ok
    21:41:53.0218 6844 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\drivers\hidusb.sys
    21:41:53.0234 6844 HidUsb - ok
    21:41:53.0265 6844 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
    21:41:53.0265 6844 hkmsvc - ok
    21:41:53.0312 6844 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
    21:41:53.0312 6844 HomeGroupListener - ok
    21:41:53.0359 6844 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
    21:41:53.0374 6844 HomeGroupProvider - ok
    21:41:53.0421 6844 [ 02C2108111D9656A9729995D2219FB99 ] HP Power Assistant Service C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
    21:41:53.0421 6844 HP Power Assistant Service - ok
    21:41:53.0484 6844 [ 37890FDD25BEAC6AEDA3E2D57F2B29EB ] HP ProtectTools Service c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
    21:41:53.0499 6844 HP ProtectTools Service - ok
    21:41:53.0562 6844 [ DA075126F867727810EE9B98B3041C4C ] HPAuto C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
    21:41:53.0593 6844 HPAuto - ok
    21:41:53.0686 6844 [ C5D2F308E1C12A5C328EF549696DBC05 ] hpCMSrv C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
    21:41:53.0718 6844 hpCMSrv - ok
    21:41:53.0796 6844 [ A9FC4D7EA174BBF5A675B299FFAD80A2 ] HPDayStarterService c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
    21:41:53.0811 6844 HPDayStarterService - ok
    21:41:53.0889 6844 [ EE6776254339A725C965E4BCFA437A6D ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    21:41:53.0889 6844 HPDrvMntSvc.exe - ok
    21:41:53.0936 6844 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\windows\system32\DRIVERS\hpdskflt.sys
    21:41:53.0936 6844 hpdskflt - ok
    21:41:53.0998 6844 [ 98FAB0413C7365C9069994D7CE47F3EC ] HPFSService C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
    21:41:54.0014 6844 HPFSService - ok
    21:41:54.0123 6844 [ 7D10E0F2F603A3CE65F0B9750F7ABDB2 ] hpHotkeyMonitor C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
    21:41:54.0154 6844 hpHotkeyMonitor - ok
    21:41:54.0186 6844 [ B98EE5D4535A685634B90F7E04DE0DF7 ] HpqKbFiltr C:\windows\system32\DRIVERS\HpqKbFiltr.sys
    21:41:54.0186 6844 HpqKbFiltr - ok
    21:41:54.0264 6844 [ C41433F596A9A1D5FB094DA32F9A2168 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    21:41:54.0279 6844 hpqwmiex - ok
    21:41:54.0326 6844 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
    21:41:54.0342 6844 HpSAMD - ok
    21:41:54.0373 6844 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\windows\system32\Hpservice.exe
    21:41:54.0388 6844 hpsrv - ok
    21:41:54.0451 6844 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
    21:41:54.0466 6844 HTTP - ok
    21:41:54.0498 6844 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
    21:41:54.0498 6844 hwpolicy - ok
    21:41:54.0529 6844 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
    21:41:54.0529 6844 i8042prt - ok
    21:41:54.0560 6844 [ D469B77687E12FE43E344806740B624D ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
    21:41:54.0576 6844 iaStor - ok
    21:41:54.0638 6844 [ 117FF657E0D9BBD61B5C3E71E63D3919 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    21:41:54.0654 6844 IAStorDataMgrSvc - ok
    21:41:54.0700 6844 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
    21:41:54.0700 6844 iaStorV - ok
    21:41:54.0763 6844 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    21:41:54.0794 6844 idsvc - ok
    21:41:55.0059 6844 [ 795C99DC4F574C97C03D0BB39CF099EE ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
    21:41:55.0293 6844 igfx - ok
    21:41:55.0324 6844 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
    21:41:55.0324 6844 iirsp - ok
    21:41:55.0371 6844 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
    21:41:55.0387 6844 IKEEXT - ok
    21:41:55.0418 6844 [ AE594CC17C33AC146739494615E14851 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
    21:41:55.0434 6844 IntcDAud - ok
    21:41:55.0449 6844 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
    21:41:55.0449 6844 intelide - ok
    21:41:55.0480 6844 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
    21:41:55.0480 6844 intelppm - ok
    21:41:55.0496 6844 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
    21:41:55.0512 6844 IPBusEnum - ok
    21:41:55.0543 6844 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
    21:41:55.0543 6844 IpFilterDriver - ok
    21:41:55.0590 6844 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
    21:41:55.0621 6844 iphlpsvc - ok
    21:41:55.0652 6844 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
    21:41:55.0652 6844 IPMIDRV - ok
    21:41:55.0683 6844 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
    21:41:55.0683 6844 IPNAT - ok
    21:41:55.0730 6844 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    21:41:55.0761 6844 iPod Service - ok
    21:41:55.0777 6844 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
    21:41:55.0777 6844 IRENUM - ok
    21:41:55.0808 6844 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
    21:41:55.0808 6844 isapnp - ok
    21:41:55.0824 6844 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
    21:41:55.0839 6844 iScsiPrt - ok
    21:41:55.0917 6844 [ 3B794CA0DE73790420DEBA3C759F1502 ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    21:41:55.0933 6844 jhi_service - ok
    21:41:55.0980 6844 [ 0B44199365A69696109AB9A5855E0841 ] JMCR C:\windows\system32\DRIVERS\jmcr.sys
    21:41:55.0995 6844 JMCR - ok
    21:41:56.0042 6844 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
    21:41:56.0042 6844 kbdclass - ok
    21:41:56.0089 6844 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
    21:41:56.0089 6844 kbdhid - ok
    21:41:56.0120 6844 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
    21:41:56.0120 6844 KeyIso - ok
    21:41:56.0151 6844 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
    21:41:56.0167 6844 KSecDD - ok
    21:41:56.0198 6844 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
    21:41:56.0214 6844 KSecPkg - ok
    21:41:56.0229 6844 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
    21:41:56.0229 6844 ksthunk - ok
    21:41:56.0260 6844 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
    21:41:56.0276 6844 KtmRm - ok
    21:41:56.0307 6844 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
    21:41:56.0323 6844 LanmanServer - ok
    21:41:56.0354 6844 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
    21:41:56.0354 6844 LanmanWorkstation - ok
    21:41:56.0401 6844 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
    21:41:56.0401 6844 lltdio - ok
    21:41:56.0448 6844 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
    21:41:56.0463 6844 lltdsvc - ok
    21:41:56.0479 6844 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
    21:41:56.0479 6844 lmhosts - ok
    21:41:56.0557 6844 [ 97F9EAAC985A663394CD8F54DCD3E73A ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    21:41:56.0572 6844 LMS - ok
    21:41:56.0619 6844 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
    21:41:56.0619 6844 LSI_FC - ok
    21:41:56.0650 6844 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
    21:41:56.0650 6844 LSI_SAS - ok
    21:41:56.0666 6844 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
    21:41:56.0666 6844 LSI_SAS2 - ok
    21:41:56.0682 6844 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
    21:41:56.0682 6844 LSI_SCSI - ok
    21:41:56.0713 6844 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
    21:41:56.0713 6844 luafv - ok
    21:41:56.0806 6844 [ 80E7E71CAAF758BF084BDF13996D52D0 ] McAfee Endpoint Encryption Agent C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
    21:41:56.0822 6844 McAfee Endpoint Encryption Agent - ok
    21:41:56.0853 6844 MCSTRM - ok
    21:41:56.0884 6844 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
    21:41:56.0900 6844 Mcx2Svc - ok
    21:41:56.0931 6844 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
    21:41:56.0947 6844 megasas - ok
    21:41:56.0978 6844 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
    21:41:56.0978 6844 MegaSR - ok
    21:41:57.0025 6844 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
    21:41:57.0025 6844 MEIx64 - ok
    21:41:57.0072 6844 [ A11F574A809B3751A17815F00C88781F ] MfeEpePc C:\windows\system32\drivers\MfeEpePc.sys
    21:41:57.0072 6844 MfeEpePc - ok
    21:41:57.0103 6844 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
    21:41:57.0118 6844 MMCSS - ok
    21:41:57.0134 6844 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
    21:41:57.0150 6844 Modem - ok
    21:41:57.0181 6844 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
    21:41:57.0181 6844 monitor - ok
    21:41:57.0243 6844 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
    21:41:57.0243 6844 mouclass - ok
    21:41:57.0274 6844 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
    21:41:57.0274 6844 mouhid - ok
    21:41:57.0321 6844 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
    21:41:57.0321 6844 mountmgr - ok
    21:41:57.0368 6844 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
    21:41:57.0384 6844 mpio - ok
    21:41:57.0415 6844 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
    21:41:57.0415 6844 mpsdrv - ok
    21:41:57.0462 6844 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
    21:41:57.0493 6844 MpsSvc - ok
    21:41:57.0524 6844 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
    21:41:57.0524 6844 MRxDAV - ok
    21:41:57.0555 6844 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
    21:41:57.0571 6844 mrxsmb - ok
    21:41:57.0586 6844 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
    21:41:57.0602 6844 mrxsmb10 - ok
    21:41:57.0602 6844 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
    21:41:57.0602 6844 mrxsmb20 - ok
    21:41:57.0633 6844 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
    21:41:57.0633 6844 msahci - ok
    21:41:57.0649 6844 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
    21:41:57.0649 6844 msdsm - ok
    21:41:57.0680 6844 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
    21:41:57.0680 6844 MSDTC - ok
    21:41:57.0711 6844 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
    21:41:57.0711 6844 Msfs - ok
    21:41:57.0727 6844 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
    21:41:57.0727 6844 mshidkmdf - ok
    21:41:57.0742 6844 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
    21:41:57.0758 6844 msisadrv - ok
    21:41:57.0789 6844 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
    21:41:57.0789 6844 MSiSCSI - ok
    21:41:57.0789 6844 msiserver - ok
    21:41:57.0820 6844 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
    21:41:57.0820 6844 MSKSSRV - ok
    21:41:57.0836 6844 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
    21:41:57.0836 6844 MSPCLOCK - ok
    21:41:57.0852 6844 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
    21:41:57.0852 6844 MSPQM - ok
    21:41:57.0883 6844 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
    21:41:57.0898 6844 MsRPC - ok
    21:41:57.0930 6844 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
    21:41:57.0930 6844 mssmbios - ok
    21:41:57.0961 6844 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
    21:41:57.0961 6844 MSTEE - ok
    21:41:57.0976 6844 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
    21:41:57.0976 6844 MTConfig - ok
    21:41:58.0008 6844 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
    21:41:58.0008 6844 Mup - ok
    21:41:58.0023 6844 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
    21:41:58.0039 6844 napagent - ok
    21:41:58.0086 6844 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
    21:41:58.0101 6844 NativeWifiP - ok
    21:41:58.0164 6844 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
    21:41:58.0179 6844 NDIS - ok
    21:41:58.0195 6844 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
    21:41:58.0210 6844 NdisCap - ok
    21:41:58.0242 6844 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
    21:41:58.0242 6844 NdisTapi - ok
    21:41:58.0273 6844 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
    21:41:58.0273 6844 Ndisuio - ok
    21:41:58.0304 6844 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
    21:41:58.0320 6844 NdisWan - ok
    21:41:58.0366 6844 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
    21:41:58.0366 6844 NDProxy - ok
    21:41:58.0398 6844 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
    21:41:58.0398 6844 NetBIOS - ok
    21:41:58.0444 6844 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
    21:41:58.0444 6844 NetBT - ok
    21:41:58.0460 6844 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
    21:41:58.0460 6844 Netlogon - ok
    21:41:58.0507 6844 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
    21:41:58.0522 6844 Netman - ok
    21:41:58.0600 6844 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:41:58.0600 6844 NetMsmqActivator - ok
    21:41:58.0600 6844 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:41:58.0616 6844 NetPipeActivator - ok
    21:41:58.0632 6844 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
    21:41:58.0647 6844 netprofm - ok
    21:41:58.0647 6844 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:41:58.0647 6844 NetTcpActivator - ok
    21:41:58.0663 6844 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:41:58.0663 6844 NetTcpPortSharing - ok
    21:41:58.0678 6844 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
    21:41:58.0678 6844 nfrd960 - ok
    21:41:58.0694 6844 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
    21:41:58.0694 6844 NlaSvc - ok
    21:41:58.0725 6844 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
    21:41:58.0725 6844 Npfs - ok
    21:41:58.0741 6844 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
    21:41:58.0741 6844 nsi - ok
    21:41:58.0756 6844 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
    21:41:58.0756 6844 nsiproxy - ok
    21:41:58.0850 6844 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
    21:41:58.0881 6844 Ntfs - ok
    21:41:58.0897 6844 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
    21:41:58.0897 6844 Null - ok
    21:41:58.0928 6844 [ 9A33100AC62A0463C49E47EE8E77083A ] nusb3hub C:\windows\system32\DRIVERS\nusb3hub.sys
    21:41:58.0928 6844 nusb3hub - ok
    21:41:58.0959 6844 [ 87C321F7BEE646B7EC6EEDD6EB725741 ] nusb3xhc C:\windows\system32\DRIVERS\nusb3xhc.sys
    21:41:58.0975 6844 nusb3xhc - ok
    21:41:59.0006 6844 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
    21:41:59.0006 6844 nvraid - ok
    21:41:59.0022 6844 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
    21:41:59.0037 6844 nvstor - ok
    21:41:59.0053 6844 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
    21:41:59.0068 6844 nv_agp - ok
    21:41:59.0162 6844 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    21:41:59.0178 6844 odserv - ok
    21:41:59.0209 6844 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
    21:41:59.0209 6844 ohci1394 - ok
    21:41:59.0240 6844 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    21:41:59.0240 6844 ose - ok
    21:41:59.0271 6844 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
    21:41:59.0287 6844 p2pimsvc - ok
    21:41:59.0302 6844 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
    21:41:59.0318 6844 p2psvc - ok
    21:41:59.0349 6844 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
    21:41:59.0349 6844 Parport - ok
    21:41:59.0365 6844 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
    21:41:59.0380 6844 partmgr - ok
    21:41:59.0396 6844 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
    21:41:59.0396 6844 PcaSvc - ok
    21:41:59.0412 6844 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
    21:41:59.0412 6844 pci - ok
    21:41:59.0443 6844 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
    21:41:59.0443 6844 pciide - ok
    21:41:59.0458 6844 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
    21:41:59.0458 6844 pcmcia - ok
    21:41:59.0490 6844 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
    21:41:59.0490 6844 pcw - ok
    21:41:59.0536 6844 [ 8F924F00F2F81422FD7C340FDA0E00D8 ] PdiService C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    21:41:59.0536 6844 PdiService - ok
    21:41:59.0568 6844 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
    21:41:59.0583 6844 PEAUTH - ok
    21:41:59.0646 6844 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
    21:41:59.0646 6844 PerfHost - ok
    21:41:59.0724 6844 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
    21:41:59.0739 6844 pla - ok
    21:41:59.0802 6844 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
    21:41:59.0817 6844 PlugPlay - ok
    21:41:59.0833 6844 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
    21:41:59.0833 6844 PNRPAutoReg - ok
    21:41:59.0864 6844 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
    21:41:59.0864 6844 PNRPsvc - ok
    21:41:59.0880 6844 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
    21:41:59.0895 6844 PolicyAgent - ok
    21:41:59.0911 6844 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
    21:41:59.0911 6844 Power - ok
    21:41:59.0958 6844 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
    21:41:59.0958 6844 PptpMiniport - ok
    21:41:59.0989 6844 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
    21:41:59.0989 6844 Processor - ok
    21:42:00.0020 6844 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
    21:42:00.0020 6844 ProfSvc - ok
    21:42:00.0036 6844 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
    21:42:00.0036 6844 ProtectedStorage - ok
    21:42:00.0082 6844 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
    21:42:00.0082 6844 Psched - ok
    21:42:00.0145 6844 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
    21:42:00.0160 6844 ql2300 - ok
    21:42:00.0176 6844 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
    21:42:00.0192 6844 ql40xx - ok
    21:42:00.0207 6844 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
    21:42:00.0223 6844 QWAVE - ok
    21:42:00.0254 6844 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
    21:42:00.0254 6844 QWAVEdrv - ok
    21:42:00.0270 6844 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
    21:42:00.0270 6844 RasAcd - ok
    21:42:00.0301 6844 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
    21:42:00.0301 6844 RasAgileVpn - ok
    21:42:00.0316 6844 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
    21:42:00.0316 6844 RasAuto - ok
    21:42:00.0348 6844 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
    21:42:00.0348 6844 Rasl2tp - ok
    21:42:00.0379 6844 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
    21:42:00.0410 6844 RasMan - ok
    21:42:00.0426 6844 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
    21:42:00.0426 6844 RasPppoe - ok
    21:42:00.0457 6844 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
    21:42:00.0457 6844 RasSstp - ok
    21:42:00.0457 6844 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
    21:42:00.0472 6844 rdbss - ok
    21:42:00.0488 6844 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
    21:42:00.0488 6844 rdpbus - ok
    21:42:00.0519 6844 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
    21:42:00.0519 6844 RDPCDD - ok
    21:42:00.0535 6844 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
    21:42:00.0535 6844 RDPENCDD - ok
    21:42:00.0535 6844 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
    21:42:00.0535 6844 RDPREFMP - ok
    21:42:00.0613 6844 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
    21:42:00.0613 6844 RdpVideoMiniport - ok
    21:42:00.0628 6844 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
    21:42:00.0644 6844 RDPWD - ok
    21:42:00.0691 6844 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
    21:42:00.0691 6844 rdyboost - ok
    21:42:00.0738 6844 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
    21:42:00.0738 6844 RemoteAccess - ok
    21:42:00.0769 6844 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
    21:42:00.0784 6844 RemoteRegistry - ok
    21:42:00.0816 6844 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
    21:42:00.0816 6844 RFCOMM - ok
    21:42:00.0831 6844 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
    21:42:00.0831 6844 RpcEptMapper - ok
    21:42:00.0862 6844 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
    21:42:00.0862 6844 RpcLocator - ok
    21:42:00.0909 6844 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
    21:42:00.0909 6844 RpcSs - ok
    21:42:00.0956 6844 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
    21:42:00.0956 6844 rspndr - ok
    21:42:00.0972 6844 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
    21:42:00.0987 6844 RTL8167 - ok
    21:42:01.0003 6844 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
    21:42:01.0003 6844 SamSs - ok
    21:42:01.0034 6844 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
    21:42:01.0034 6844 sbp2port - ok
    21:42:01.0065 6844 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
    21:42:01.0065 6844 SCardSvr - ok
    21:42:01.0096 6844 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
    21:42:01.0096 6844 scfilter - ok
    21:42:01.0143 6844 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
    21:42:01.0159 6844 Schedule - ok
    21:42:01.0190 6844 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
    21:42:01.0190 6844 SCPolicySvc - ok
    21:42:01.0221 6844 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\windows\system32\drivers\sdbus.sys
    21:42:01.0237 6844 sdbus - ok
    21:42:01.0252 6844 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
    21:42:01.0268 6844 SDRSVC - ok
    21:42:01.0299 6844 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
    21:42:01.0299 6844 secdrv - ok
    21:42:01.0330 6844 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
    21:42:01.0330 6844 seclogon - ok
    21:42:01.0362 6844 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
    21:42:01.0362 6844 SENS - ok
    21:42:01.0377 6844 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
    21:42:01.0377 6844 SensrSvc - ok
    21:42:01.0408 6844 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
    21:42:01.0408 6844 Serenum - ok
    21:42:01.0424 6844 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
    21:42:01.0440 6844 Serial - ok
    21:42:01.0455 6844 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
    21:42:01.0471 6844 sermouse - ok
    21:42:01.0518 6844 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
    21:42:01.0518 6844 SessionEnv - ok
    21:42:01.0549 6844 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
    21:42:01.0564 6844 sffdisk - ok
    21:42:01.0564 6844 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
    21:42:01.0564 6844 sffp_mmc - ok
    21:42:01.0596 6844 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
    21:42:01.0596 6844 sffp_sd - ok
    21:42:01.0596 6844 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
    21:42:01.0611 6844 sfloppy - ok
    21:42:01.0658 6844 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
    21:42:01.0674 6844 SharedAccess - ok
    21:42:01.0720 6844 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
    21:42:01.0720 6844 ShellHWDetection - ok
    21:42:01.0752 6844 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
    21:42:01.0752 6844 SiSRaid2 - ok
    21:42:01.0767 6844 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
    21:42:01.0767 6844 SiSRaid4 - ok
    21:42:01.0814 6844 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
    21:42:01.0814 6844 Smb - ok
    21:42:01.0876 6844 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
    21:42:01.0876 6844 SNMPTRAP - ok
    21:42:01.0939 6844 [ 3325D6E50E52CC05C5F8228288DF2A4C ] SNP2UVC C:\windows\system32\DRIVERS\snp2uvc.sys
    21:42:01.0954 6844 SNP2UVC - ok
    21:42:01.0986 6844 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
    21:42:01.0986 6844 spldr - ok
    21:42:02.0017 6844 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
    21:42:02.0032 6844 Spooler - ok
    21:42:02.0110 6844 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
    21:42:02.0142 6844 sppsvc - ok
    21:42:02.0173 6844 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
    21:42:02.0188 6844 sppuinotify - ok
    21:42:02.0220 6844 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
    21:42:02.0220 6844 srv - ok
    21:42:02.0235 6844 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
    21:42:02.0235 6844 srv2 - ok
    21:42:02.0251 6844 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
    21:42:02.0266 6844 srvnet - ok
    21:42:02.0282 6844 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
    21:42:02.0298 6844 SSDPSRV - ok
    21:42:02.0313 6844 SSPORT - ok
    21:42:02.0329 6844 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
    21:42:02.0329 6844 SstpSvc - ok
    21:42:02.0422 6844 [ A6B2EC3A2B6AD7C3F7B2F3495CADE4C0 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
    21:42:02.0438 6844 STacSV - ok
    21:42:02.0454 6844 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
    21:42:02.0469 6844 stexstor - ok
    21:42:02.0516 6844 [ EBA98394A7D58F7552C52192BD8FA7E6 ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys
    21:42:02.0516 6844 STHDA - ok
    21:42:02.0578 6844 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
    21:42:02.0594 6844 stisvc - ok
    21:42:02.0625 6844 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
    21:42:02.0625 6844 swenum - ok
    21:42:02.0656 6844 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
    21:42:02.0656 6844 swprv - ok
    21:42:02.0688 6844 [ 0B0AE2373FF3B31CD02F30BD71C7D14C ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
    21:42:02.0703 6844 SynTP - ok
    21:42:02.0766 6844 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
    21:42:02.0781 6844 SysMain - ok
    21:42:02.0812 6844 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
    21:42:02.0828 6844 TabletInputService - ok
    21:42:02.0828 6844 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
    21:42:02.0844 6844 TapiSrv - ok
    21:42:02.0859 6844 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
    21:42:02.0875 6844 TBS - ok
    21:42:02.0953 6844 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
    21:42:02.0984 6844 Tcpip - ok
    21:42:03.0015 6844 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
    21:42:03.0031 6844 TCPIP6 - ok
    21:42:03.0062 6844 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
    21:42:03.0062 6844 tcpipreg - ok
    21:42:03.0093 6844 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
    21:42:03.0093 6844 TDPIPE - ok
    21:42:03.0124 6844 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
    21:42:03.0124 6844 TDTCP - ok
    21:42:03.0156 6844 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
    21:42:03.0156 6844 tdx - ok
    21:42:03.0202 6844 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
    21:42:03.0202 6844 TermDD - ok
    21:42:03.0234 6844 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
    21:42:03.0249 6844 TermService - ok
    21:42:03.0280 6844 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
    21:42:03.0280 6844 Themes - ok
    21:42:03.0312 6844 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
    21:42:03.0312 6844 THREADORDER - ok
    21:42:03.0358 6844 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\windows\system32\drivers\tpm.sys
    21:42:03.0358 6844 TPM - ok
    21:42:03.0390 6844 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
    21:42:03.0390 6844 TrkWks - ok
    21:42:03.0436 6844 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
    21:42:03.0452 6844 TrustedInstaller - ok
    21:42:03.0483 6844 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
    21:42:03.0483 6844 tssecsrv - ok
    21:42:03.0546 6844 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
    21:42:03.0546 6844 TsUsbFlt - ok
    21:42:03.0608 6844 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
    21:42:03.0624 6844 tunnel - ok
    21:42:03.0639 6844 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
    21:42:03.0655 6844 uagp35 - ok
    21:42:03.0717 6844 [ D5994AB5C2B2D72D6320A7004D52617C ] uArcCapture C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
    21:42:03.0733 6844 uArcCapture - ok
    21:42:03.0780 6844 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
    21:42:03.0795 6844 udfs - ok
    21:42:03.0826 6844 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
    21:42:03.0842 6844 UI0Detect - ok
    21:42:03.0873 6844 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
    21:42:03.0873 6844 uliagpkx - ok
    21:42:03.0920 6844 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys
    21:42:03.0920 6844 umbus - ok
    21:42:03.0951 6844 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
    21:42:03.0951 6844 UmPass - ok
    21:42:04.0092 6844 [ A69CD6BDB82872999D2E46F9324ADA83 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    21:42:04.0138 6844 UNS - ok
    21:42:04.0170 6844 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
    21:42:04.0170 6844 upnphost - ok
    21:42:04.0216 6844 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
    21:42:04.0263 6844 USBAAPL64 - ok
    21:42:04.0294 6844 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
    21:42:04.0310 6844 usbccgp - ok
    21:42:04.0341 6844 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
    21:42:04.0341 6844 usbcir - ok
    21:42:04.0372 6844 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
    21:42:04.0372 6844 usbehci - ok
    21:42:04.0404 6844 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
    21:42:04.0419 6844 usbhub - ok
    21:42:04.0435 6844 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
    21:42:04.0450 6844 usbohci - ok
    21:42:04.0482 6844 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
    21:42:04.0482 6844 usbprint - ok
    21:42:04.0497 6844 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
    21:42:04.0497 6844 USBSTOR - ok
    21:42:04.0528 6844 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
    21:42:04.0528 6844 usbuhci - ok
    21:42:04.0560 6844 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
    21:42:04.0560 6844 usbvideo - ok
    21:42:04.0591 6844 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
    21:42:04.0591 6844 UxSms - ok
    21:42:04.0606 6844 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
    21:42:04.0606 6844 VaultSvc - ok
    21:42:04.0716 6844 [ 41EEF971DD82A3674D07F275A4DEF702 ] vcsFPService C:\windows\system32\vcsFPService.exe
    21:42:04.0762 6844 vcsFPService - ok
    21:42:04.0794 6844 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
    21:42:04.0794 6844 vdrvroot - ok
    21:42:04.0840 6844 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
    21:42:04.0856 6844 vds - ok
    21:42:04.0887 6844 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
    21:42:04.0903 6844 vga - ok
    21:42:04.0918 6844 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
    21:42:04.0918 6844 VgaSave - ok
    21:42:04.0950 6844 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
    21:42:04.0950 6844 vhdmp - ok
    21:42:04.0965 6844 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
    21:42:04.0965 6844 viaide - ok
    21:42:04.0996 6844 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
    21:42:04.0996 6844 volmgr - ok
    21:42:05.0028 6844 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
    21:42:05.0028 6844 volmgrx - ok
    21:42:05.0043 6844 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
    21:42:05.0059 6844 volsnap - ok
    21:42:05.0074 6844 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
    21:42:05.0090 6844 vsmraid - ok
    21:42:05.0168 6844 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
    21:42:05.0184 6844 VSS - ok
    21:42:05.0199 6844 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
    21:42:05.0199 6844 vwifibus - ok
    21:42:05.0230 6844 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
    21:42:05.0230 6844 vwififlt - ok
    21:42:05.0246 6844 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
    21:42:05.0246 6844 vwifimp - ok
    21:42:05.0277 6844 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
    21:42:05.0293 6844 W32Time - ok
    21:42:05.0308 6844 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
    21:42:05.0308 6844 WacomPen - ok
    21:42:05.0355 6844 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
    21:42:05.0355 6844 WANARP - ok
    21:42:05.0371 6844 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
    21:42:05.0371 6844 Wanarpv6 - ok
    21:42:05.0449 6844 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
    21:42:05.0464 6844 WatAdminSvc - ok
    21:42:05.0511 6844 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
    21:42:05.0527 6844 wbengine - ok
    21:42:05.0558 6844 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
    21:42:05.0558 6844 WbioSrvc - ok
    21:42:05.0605 6844 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
    21:42:05.0605 6844 wcncsvc - ok
    21:42:05.0620 6844 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
    21:42:05.0620 6844 WcsPlugInService - ok
    21:42:05.0652 6844 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
    21:42:05.0652 6844 Wd - ok
    21:42:05.0683 6844 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
    21:42:05.0683 6844 Wdf01000 - ok
    21:42:05.0698 6844 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
    21:42:05.0698 6844 WdiServiceHost - ok
    21:42:05.0698 6844 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
    21:42:05.0714 6844 WdiSystemHost - ok
    21:42:05.0745 6844 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
    21:42:05.0745 6844 WebClient - ok
    21:42:05.0776 6844 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
    21:42:05.0776 6844 Wecsvc - ok
    21:42:05.0792 6844 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
    21:42:05.0792 6844 wercplsupport - ok
    21:42:05.0823 6844 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
    21:42:05.0823 6844 WerSvc - ok
    21:42:05.0854 6844 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
    21:42:05.0854 6844 WfpLwf - ok
    21:42:05.0870 6844 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
    21:42:05.0870 6844 WIMMount - ok
    21:42:05.0902 6844 WinDefend - ok
    21:42:05.0902 6844 WinHttpAutoProxySvc - ok
    21:42:05.0949 6844 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
    21:42:05.0965 6844 Winmgmt - ok
    21:42:06.0058 6844 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
    21:42:06.0105 6844 WinRM - ok
    21:42:06.0167 6844 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\windows\system32\DRIVERS\WinUSB.sys
    21:42:06.0167 6844 WinUSB - ok
    21:42:06.0214 6844 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
    21:42:06.0245 6844 Wlansvc - ok
    21:42:06.0355 6844 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    21:42:06.0401 6844 wlidsvc - ok
    21:42:06.0433 6844 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
    21:42:06.0448 6844 WmiAcpi - ok
    21:42:06.0464 6844 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
    21:42:06.0479 6844 wmiApSrv - ok
    21:42:06.0495 6844 WMPNetworkSvc - ok
    21:42:06.0511 6844 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
    21:42:06.0511 6844 WPCSvc - ok
    21:42:06.0557 6844 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
    21:42:06.0557 6844 WPDBusEnum - ok
    21:42:06.0573 6844 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
    21:42:06.0573 6844 ws2ifsl - ok
    21:42:06.0589 6844 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
    21:42:06.0604 6844 wscsvc - ok
    21:42:06.0604 6844 WSearch - ok
    21:42:06.0682 6844 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
    21:42:06.0729 6844 wuauserv - ok
    21:42:06.0776 6844 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
    21:42:06.0791 6844 WudfPf - ok
    21:42:06.0823 6844 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
    21:42:06.0838 6844 WUDFRd - ok
    21:42:06.0885 6844 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
    21:42:06.0885 6844 wudfsvc - ok
    21:42:06.0917 6844 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
    21:42:06.0933 6844 WwanSvc - ok
    21:42:06.0980 6844 [ A35820791F940822C31908F58F91D973 ] XobniService C:\Program Files (x86)\Xobni\XobniService.exe
    21:42:06.0995 6844 XobniService - ok
    21:42:07.0042 6844 ================ Scan global ===============================
    21:42:07.0073 6844 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
    21:42:07.0120 6844 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll
    21:42:07.0151 6844 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll
    21:42:07.0182 6844 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
    21:42:07.0214 6844 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
    21:42:07.0229 6844 [Global] - ok
    21:42:07.0229 6844 ================ Scan MBR ==================================
    21:42:07.0245 6844 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    21:42:07.0416 6844 \Device\Harddisk0\DR0 - ok
    21:42:07.0416 6844 ================ Scan VBR ==================================
    21:42:07.0416 6844 [ 6BAD7B7D957D5E6CBD001111FA35BD48 ] \Device\Harddisk0\DR0\Partition1
    21:42:07.0432 6844 \Device\Harddisk0\DR0\Partition1 - ok
    21:42:07.0448 6844 [ A8D1879A1716EFE4516DD35AE123AD2D ] \Device\Harddisk0\DR0\Partition2
    21:42:07.0448 6844 \Device\Harddisk0\DR0\Partition2 - ok
    21:42:07.0479 6844 [ CA768F2526164F0EE223AC381FAE6D0F ] \Device\Harddisk0\DR0\Partition3
    21:42:07.0479 6844 \Device\Harddisk0\DR0\Partition3 - ok
    21:42:07.0494 6844 [ BAFE40B6FB11CB6D697B2988A0C9E4AE ] \Device\Harddisk0\DR0\Partition4
    21:42:07.0494 6844 \Device\Harddisk0\DR0\Partition4 - ok
    21:42:07.0494 6844 ============================================================
    21:42:07.0494 6844 Scan finished
    21:42:07.0494 6844 ============================================================
    21:42:07.0510 6576 Detected object count: 0
    21:42:07.0510 6576 Actual detected object count: 0
    21:42:38.0741 0884 Deinitialize success

    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org
    Database version: v2013.01.02.10
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Melissa :: MELISSA-HP [administrator]
    1/2/2013 9:46:41 PM
    mbam-log-2013-01-02 (21-46-41).txt
    Scan type: Full scan (C:\|E:\|F:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 480740
    Time elapsed: 1 hour(s), 27 minute(s), 20 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 2
    C:\ProgramData\Adobe\AIH.30d2b0dc4b94a9cb13e05daee2c1edd7f476adb6\install_flash_player.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    (end)

    Thanks, Melissa
     
  15. OCD

    OCD Malware Specialist

    Joined:
    Sep 11, 2012
    Messages:
    273
    Hi Honeybeelzebub,

    Re-run aswMBR should be on your desktop.

    Right click and select "Run as Administrator".

    • When asked if you want to download Avast's virus definitions please select Yes.
    • Click Scan
      • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
      • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
    Next

    Please run Eset Online Scanner

    Administrator rights are required to run ESET Online Scanner

    • Place a check mark in the box YES, I accept the Terms Of Use
    • Click the Start button.
    • Now click the Install button.
    • Click Start. The scanner engine will initialize and update.
    • Do Not place a check mark in the box beside Remove found threats.
    • Click the Scan button. The scan will now run, please be patient.
    • When the scan finishes click the Details tab.
    • Copy and paste the contents of the C:\Program Files\ESET\log.txt into your next reply.

    In your next post please provide the following:

    • aswMBR log
    • ESET log.txt
    • How is the computer running at the moment?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1082965

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice