Jump to content


Photo
- - - - -

svchost trojan - search redirects


  • This topic is locked This topic is locked
60 replies to this topic

#1 headinhome

headinhome

    New Member

  • Members
  • Pip
  • 39 posts

Posted 31 March 2012 - 09:46 PM

can't seem to remove svchost trojan. along with seeming to be running slower all my google and bing searches get redirected. please help. below are dds, mbam and roguekiller logs. THANKS!



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22
Run by Aug-11 at 21:35:33 on 2012-03-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.1609 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
-netsvcs
C:\Windows\system32\conhost.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: AVG Do-Not-Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
dRun: [SysVer] "C:\Windows\system32\config\systemprofile\AppData\Local\MSRebar\SysVer\SysVer.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B1FB28BE-9E27-4566-B7C3-E818386505AD} : DhcpNameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO-X64: Conduit Engine - No File
BHO-X64: AVG Do-Not-Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do-Not-Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO-X64: Vuze Remote - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
Hosts: 94.63.147.22 www.google.com
Hosts: 94.63.147.23 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Aug-11\AppData\Roaming\Mozilla\Firefox\Profiles\t5h1wh4w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B524cc4d6-b3ab-4a88-9d73-cc368777775d%7D&mid=740066f430df47d1abb6ed906db4abbc-ebe5aca7cfd32f9faede2535b753341eef991577&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2012-03-28%2007%3A57%3A09&sap=ku&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\drivers\amd_sata.sys --> C:\Windows\system32\drivers\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\drivers\amd_xata.sys --> C:\Windows\system32\drivers\amd_xata.sys [?]
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\avgidseha.sys --> C:\Windows\system32\DRIVERS\avgidseha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-2-14 5104992]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-6-1 1127448]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-3-28 918880]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\drivers\usbfilter.sys --> C:\Windows\system32\drivers\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-01 02:25:25 -------- d-----w- C:\Users\Aug-11\AppData\Local\{5A6D2003-7B79-11E1-826D-B8AC6F996F26}
2012-03-31 20:02:01 20480 ----a-w- C:\Windows\svchost.exe
2012-03-31 13:36:43 -------- d-----w- C:\Users\Aug-11\AppData\Local\{CC8E1090-3A7E-4916-90BA-992BC03E943C}
2012-03-30 12:01:41 -------- d-----w- C:\Users\Aug-11\AppData\Local\{36052974-B56F-4D69-98CD-ABA4EB4EDCC5}
2012-03-29 23:43:05 -------- d-----w- C:\Users\Aug-11\AppData\Local\{1989AC9F-2FF3-4D5A-9F50-FD329BD2E4F6}
2012-03-29 21:06:45 -------- d-----w- C:\Users\Aug-11\AppData\Local\{F6072F4B-C1C8-4E3D-A5A6-C78973F8A40B}
2012-03-29 02:45:26 -------- d-----w- C:\Users\Aug-11\AppData\Local\{4757459F-2128-4A65-89F2-31D0F8414701}
2012-03-29 01:06:58 -------- d-----w- C:\Users\Aug-11\AppData\Roaming\SUPERAntiSpyware.com
2012-03-29 01:06:22 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-03-29 01:06:22 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-03-29 00:19:57 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-03-29 00:16:42 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-03-29 00:16:41 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-03-29 00:16:07 -------- d-----w- C:\Users\Aug-11\AppData\Roaming\TestApp
2012-03-29 00:16:07 -------- d-----w- C:\ProgramData\PC Tools
2012-03-28 23:55:04 -------- d-----w- C:\Users\Aug-11\AppData\Roaming\AVG2012
2012-03-28 12:57:07 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-03-28 12:57:04 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-03-28 12:57:04 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-03-28 12:55:58 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-03-28 12:55:23 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-03-28 12:28:46 -------- d-----w- C:\Users\Aug-11\AppData\Local\{EB65F8D6-B9E9-4E9B-89ED-E7E8EA545D88}
2012-03-28 12:28:35 -------- d-----w- C:\Users\Aug-11\AppData\Local\{3DE67B08-976C-46B4-B511-12BE03117840}
2012-03-28 04:07:12 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-28 03:15:00 98816 ----a-w- C:\Windows\sed.exe
2012-03-28 03:15:00 518144 ----a-w- C:\Windows\SWREG.exe
2012-03-28 03:15:00 256000 ----a-w- C:\Windows\PEV.exe
2012-03-28 03:15:00 208896 ----a-w- C:\Windows\MBR.exe
2012-03-28 02:10:49 -------- d-----w- C:\Users\Aug-11\AppData\Local\{543A1248-BA24-4DD7-8D52-F9F1BAA246A6}
2012-03-28 02:10:38 -------- d-----w- C:\Users\Aug-11\AppData\Local\{F6019DD5-2DF0-44B8-B6AE-91148238F8B2}
2012-03-27 22:40:34 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-27 22:40:34 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-27 22:28:59 -------- d-----w- C:\Users\Aug-11\AppData\Roaming\Xaest
2012-03-27 22:28:59 -------- d-----w- C:\Users\Aug-11\AppData\Roaming\Quensi
2012-03-24 15:31:54 -------- d-----w- C:\Users\Aug-11\AppData\Local\{3F0B8F00-E9E8-4B79-9D34-8FF319577888}
2012-03-24 15:31:43 -------- d-----w- C:\Users\Aug-11\AppData\Local\{5EBF3213-C140-465B-97A9-335A706D5700}
2012-03-21 02:10:35 -------- d-----w- C:\Users\Aug-11\AppData\Local\{A4AA4B41-6D80-4123-8B79-81AC44AE4809}
2012-03-21 02:10:25 -------- d-----w- C:\Users\Aug-11\AppData\Local\{26D79D2A-EC60-4D64-90E4-C151E4EBFB04}
2012-03-18 03:07:56 -------- d-----w- C:\Users\Aug-11\AppData\Local\{464D1096-6E7B-40C2-BFA2-849780B1D289}
2012-03-18 03:07:44 -------- d-----w- C:\Users\Aug-11\AppData\Local\{22200AA3-8B88-4F1D-9157-D12C88CDDD8C}
2012-03-17 21:49:43 -------- d-----w- C:\Program Files (x86)\ESET
2012-03-17 15:03:15 -------- d-----w- C:\Users\Aug-11\AppData\Local\{D6B864A0-CC2B-4B1D-BFE4-EB7232611086}
2012-03-17 15:03:04 -------- d-----w- C:\Users\Aug-11\AppData\Local\{ED4D0DD1-82C6-41B2-BD4B-312EE14A99C6}
2012-03-17 03:48:16 200976 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2012-03-17 03:30:51 -------- d-----w- C:\Users\Aug-11\AppData\Roaming\Malwarebytes
2012-03-17 03:30:47 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-17 03:30:47 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-17 03:30:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-16 17:59:55 -------- d-----w- C:\Users\Aug-11\AppData\Local\{C11CE875-C519-4F0A-8A10-ED9EDBFC9C94}
2012-03-16 17:59:42 -------- d-----w- C:\Users\Aug-11\AppData\Local\{AB5517E7-89C4-430A-805E-66A9D50B6BC4}
2012-03-14 08:21:39 -------- d-----w- C:\Users\Aug-11\AppData\Local\{1EE1E69C-D5BD-4953-9F53-653A5C261B6A}
2012-03-14 08:21:28 -------- d-----w- C:\Users\Aug-11\AppData\Local\{B1E71EC1-A841-43C3-9F1D-219451F6119C}
2012-03-14 08:03:14 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 08:03:13 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 08:03:13 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 03:02:31 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 03:02:26 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 03:02:26 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 03:00:58 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 03:00:58 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 03:00:58 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 03:00:50 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-14 03:00:49 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 03:00:49 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 03:00:49 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-12 12:32:30 -------- d-----w- C:\Users\Aug-11\AppData\Local\{B192DEF9-034F-4E10-A902-8CB661D4C479}
2012-03-12 12:32:19 -------- d-----w- C:\Users\Aug-11\AppData\Local\{D72C8EC2-59B3-42C3-A629-72D86B56FF77}
2012-03-09 13:28:08 -------- d-----w- C:\Users\Aug-11\AppData\Local\{3C839183-38A6-4207-A614-1D962455BC60}
2012-03-09 13:27:58 -------- d-----w- C:\Users\Aug-11\AppData\Local\{000D904D-75E0-49B3-B685-D80B53F38680}
2012-03-04 15:05:13 -------- d-----w- C:\Users\Aug-11\AppData\Local\{EE55F82A-2FE8-4AF0-B07C-7056374ED595}
2012-03-04 15:05:04 -------- d-----w- C:\Users\Aug-11\AppData\Local\{ED47A238-9C94-47FF-B360-7820F18828B0}
2012-03-04 06:36:15 -------- d-----w- C:\Users\Aug-11\AppData\Local\Amazon
.
==================== Find3M ====================
.
2012-02-22 10:25:50 382032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-02-22 10:25:32 289872 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-02-16 02:54:40 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-31 09:46:48 36944 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
.
============= FINISH: 21:36:28.27 ===============






Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.27.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Aug-11 :: AUG-11-HP [administrator]

3/31/2012 9:37:59 PM
mbam-log-2012-03-31 (21-41-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195206
Time elapsed: 3 minute(s), 23 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 5496 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)






RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Aug-11 [Admin rights]
Mode: Scan -- Date: 03/31/2012 16:13:33

¤¤¤ Bad processes: 1 ¤¤¤
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 3 ¤¤¤
[SUSP PATH] winupd.job @ : C:\Users\Aug-11\AppData\Local\Temp:winupd.exe -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
94.63.147.22 www.google.com
94.63.147.23 www.bing.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST310005 28AS SATA Disk Device +++++
--- User ---
[MBR] 4664794ea9b3e1381cc1903ffa268820
[BSP] 4380b6c166e94d201c68450087fc3aec : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942339 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930117120 | Size: 11428 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 58e87bbccbddc74daba40b61bbf22a8a
[BSP] 774670e719613688107af143ed71084f : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 217933824 | Size: 300 Mo

Finished : << RKreport[1].txt >>
RKreport[1].txt

#2 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,196 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 03 April 2012 - 08:02 AM

Welcome to the forum and sorry for the delay, do you still need help?

If so Update and run a Quick scan with MB, post the log.

Then run and post a fresh RogueKiller scan.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3 headinhome

headinhome

    New Member

  • Members
  • Pip
  • 39 posts

Posted 03 April 2012 - 05:49 PM

definitely still need help. here are the new logs. thanks!

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.03.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Aug-11 :: AUG-11-HP [administrator]

4/3/2012 5:32:57 PM
mbam-log-2012-04-03 (17-35-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196769
Time elapsed: 2 minute(s), 23 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 4620 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)




RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Aug-11 [Admin rights]
Mode: Scan -- Date: 04/03/2012 17:46:27

¤¤¤ Bad processes: 1 ¤¤¤
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 4 ¤¤¤
[SUSP PATH] winupd.job @ : C:\Users\Aug-11\AppData\Local\Temp:winupd.exe -> FOUND
[SUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}.job @ : C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST310005 28AS SATA Disk Device +++++
--- User ---
[MBR] 4664794ea9b3e1381cc1903ffa268820
[BSP] 4380b6c166e94d201c68450087fc3aec : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942339 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930117120 | Size: 11428 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 58e87bbccbddc74daba40b61bbf22a8a
[BSP] 774670e719613688107af143ed71084f : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 217933824 | Size: 300 Mo

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

#4 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,196 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 03 April 2012 - 05:57 PM

Please make sure system restore is running and create a new restore point before continuing.

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

Posted Image

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

Posted Image

------------------------

Click the Start Scan button.

Posted Image

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Posted Image

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


Posted Image


--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#5 headinhome

headinhome

    New Member

  • Members
  • Pip
  • 39 posts

Posted 03 April 2012 - 06:40 PM

18:33:13.0280 3928 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
18:33:13.0639 3928 ============================================================
18:33:13.0639 3928 Current date / time: 2012/04/03 18:33:13.0639
18:33:13.0639 3928 SystemInfo:
18:33:13.0639 3928
18:33:13.0639 3928 OS Version: 6.1.7601 ServicePack: 1.0
18:33:13.0639 3928 Product type: Workstation
18:33:13.0639 3928 ComputerName: AUG-11-HP
18:33:13.0639 3928 UserName: Aug-11
18:33:13.0639 3928 Windows directory: C:\Windows
18:33:13.0639 3928 System windows directory: C:\Windows
18:33:13.0639 3928 Running under WOW64
18:33:13.0639 3928 Processor architecture: Intel x64
18:33:13.0639 3928 Number of processors: 4
18:33:13.0639 3928 Page size: 0x1000
18:33:13.0639 3928 Boot type: Normal boot
18:33:13.0639 3928 ============================================================
18:33:15.0262 3928 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:33:15.0355 3928 \Device\Harddisk0\DR0:
18:33:15.0355 3928 MBR used
18:33:15.0355 3928 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:33:15.0355 3928 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x73081800
18:33:15.0355 3928 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x730B4000, BlocksNum 0x1652000
18:33:15.0418 3928 Initialize success
18:33:15.0418 3928 ============================================================
18:33:22.0110 1328 ============================================================
18:33:22.0110 1328 Scan started
18:33:22.0110 1328 Mode: Manual; SigCheck; TDLFS;
18:33:22.0110 1328 ============================================================
18:33:26.0353 1328 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:33:26.0431 1328 1394ohci - ok
18:33:26.0462 1328 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:33:26.0478 1328 ACPI - ok
18:33:26.0494 1328 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:33:26.0556 1328 AcpiPmi - ok
18:33:26.0587 1328 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
18:33:26.0603 1328 adp94xx - ok
18:33:26.0634 1328 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
18:33:26.0650 1328 adpahci - ok
18:33:26.0665 1328 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
18:33:26.0681 1328 adpu320 - ok
18:33:26.0696 1328 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:33:26.0774 1328 AeLookupSvc - ok
18:33:26.0821 1328 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:33:26.0852 1328 AFD - ok
18:33:26.0946 1328 AffinegyService (b29bc445561f1ac7b1daf67af954c36b) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
18:33:26.0962 1328 AffinegyService - ok
18:33:26.0993 1328 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:33:26.0993 1328 agp440 - ok
18:33:27.0024 1328 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:33:27.0071 1328 ALG - ok
18:33:27.0086 1328 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:33:27.0102 1328 aliide - ok
18:33:27.0118 1328 AMD External Events Utility (ca0d6c1390f4b3baf2a0a69d1a7f8332) C:\Windows\system32\atiesrxx.exe
18:33:27.0164 1328 AMD External Events Utility - ok
18:33:27.0164 1328 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:33:27.0180 1328 amdide - ok
18:33:27.0196 1328 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
18:33:27.0227 1328 AmdK8 - ok
18:33:27.0320 1328 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys
18:33:27.0461 1328 amdkmdag - ok
18:33:27.0523 1328 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys
18:33:27.0523 1328 amdkmdap - ok
18:33:27.0788 1328 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
18:33:27.0804 1328 AmdPPM - ok
18:33:27.0898 1328 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:33:27.0913 1328 amdsata - ok
18:33:28.0756 1328 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
18:33:28.0771 1328 amdsbs - ok
18:33:28.0865 1328 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:33:28.0880 1328 amdxata - ok
18:33:28.0927 1328 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\Windows\system32\drivers\amd_sata.sys
18:33:28.0943 1328 amd_sata - ok
18:33:28.0974 1328 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\Windows\system32\drivers\amd_xata.sys
18:33:28.0974 1328 amd_xata - ok
18:33:29.0021 1328 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:33:29.0114 1328 AppID - ok
18:33:29.0146 1328 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:33:29.0177 1328 AppIDSvc - ok
18:33:29.0208 1328 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:33:29.0239 1328 Appinfo - ok
18:33:29.0286 1328 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
18:33:29.0302 1328 arc - ok
18:33:29.0317 1328 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
18:33:29.0333 1328 arcsas - ok
18:33:29.0395 1328 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:33:29.0426 1328 aspnet_state - ok
18:33:29.0442 1328 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:33:29.0489 1328 AsyncMac - ok
18:33:29.0520 1328 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:33:29.0520 1328 atapi - ok
18:33:29.0551 1328 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\drivers\AtiPcie64.sys
18:33:29.0567 1328 AtiPcie - ok
18:33:29.0582 1328 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:33:29.0629 1328 AudioEndpointBuilder - ok
18:33:29.0645 1328 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:33:29.0660 1328 AudioSrv - ok
18:33:29.0692 1328 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:33:29.0770 1328 AxInstSV - ok
18:33:29.0801 1328 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
18:33:29.0832 1328 b06bdrv - ok
18:33:29.0863 1328 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:33:29.0894 1328 b57nd60a - ok
18:33:29.0926 1328 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:33:29.0972 1328 BDESVC - ok
18:33:29.0988 1328 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:33:30.0019 1328 Beep - ok
18:33:30.0066 1328 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
18:33:30.0113 1328 BITS - ok
18:33:30.0144 1328 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
18:33:30.0160 1328 blbdrive - ok
18:33:30.0191 1328 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:33:30.0238 1328 bowser - ok
18:33:30.0253 1328 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
18:33:30.0253 1328 BrFiltLo - ok
18:33:30.0269 1328 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
18:33:30.0284 1328 BrFiltUp - ok
18:33:30.0331 1328 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:33:30.0378 1328 BridgeMP - ok
18:33:30.0425 1328 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:33:30.0456 1328 Browser - ok
18:33:30.0472 1328 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:33:30.0518 1328 Brserid - ok
18:33:30.0550 1328 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:33:30.0565 1328 BrSerWdm - ok
18:33:30.0581 1328 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:33:30.0612 1328 BrUsbMdm - ok
18:33:30.0643 1328 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:33:30.0643 1328 BrUsbSer - ok
18:33:30.0674 1328 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
18:33:30.0690 1328 BTHMODEM - ok
18:33:30.0721 1328 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:33:30.0752 1328 bthserv - ok
18:33:31.0033 1328 CarboniteService (9da7d983b4e9ea2d065edf566ca64fc8) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
18:33:31.0111 1328 CarboniteService - ok
18:33:31.0158 1328 catchme - ok
18:33:31.0298 1328 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:33:31.0345 1328 cdfs - ok
18:33:31.0392 1328 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:33:31.0423 1328 cdrom - ok
18:33:31.0486 1328 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:33:31.0517 1328 CertPropSvc - ok
18:33:31.0549 1328 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
18:33:31.0565 1328 circlass - ok
18:33:31.0596 1328 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:33:31.0611 1328 CLFS - ok
18:33:31.0658 1328 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:33:31.0674 1328 clr_optimization_v2.0.50727_32 - ok
18:33:31.0721 1328 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:33:31.0736 1328 clr_optimization_v2.0.50727_64 - ok
18:33:31.0783 1328 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:33:31.0892 1328 clr_optimization_v4.0.30319_32 - ok
18:33:32.0095 1328 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:33:32.0126 1328 clr_optimization_v4.0.30319_64 - ok
18:33:32.0220 1328 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
18:33:32.0251 1328 CmBatt - ok
18:33:32.0282 1328 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:33:32.0298 1328 cmdide - ok
18:33:32.0345 1328 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:33:32.0376 1328 CNG - ok
18:33:32.0407 1328 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
18:33:32.0423 1328 Compbatt - ok
18:33:32.0438 1328 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:33:32.0469 1328 CompositeBus - ok
18:33:32.0485 1328 COMSysApp - ok
18:33:32.0501 1328 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
18:33:32.0516 1328 crcdisk - ok
18:33:32.0532 1328 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
18:33:32.0579 1328 CryptSvc - ok
18:33:32.0657 1328 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:33:32.0672 1328 cvhsvc - ok
18:33:32.0719 1328 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:33:32.0750 1328 DcomLaunch - ok
18:33:32.0781 1328 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:33:32.0813 1328 defragsvc - ok
18:33:32.0859 1328 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:33:32.0906 1328 DfsC - ok
18:33:32.0937 1328 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:33:32.0969 1328 Dhcp - ok
18:33:32.0984 1328 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:33:33.0031 1328 discache - ok
18:33:33.0062 1328 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
18:33:33.0078 1328 Disk - ok
18:33:33.0109 1328 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:33:33.0140 1328 Dnscache - ok
18:33:33.0156 1328 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:33:33.0187 1328 dot3svc - ok
18:33:33.0218 1328 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:33:33.0249 1328 DPS - ok
18:33:33.0281 1328 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:33:33.0296 1328 drmkaud - ok
18:33:33.0327 1328 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:33:33.0343 1328 DXGKrnl - ok
18:33:33.0359 1328 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:33:33.0390 1328 EapHost - ok
18:33:33.0483 1328 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
18:33:33.0561 1328 ebdrv - ok
18:33:33.0608 1328 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:33:33.0624 1328 EFS - ok
18:33:33.0671 1328 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:33:33.0702 1328 ehRecvr - ok
18:33:33.0733 1328 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:33:33.0749 1328 ehSched - ok
18:33:33.0827 1328 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
18:33:33.0842 1328 elxstor - ok
18:33:33.0873 1328 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:33:33.0889 1328 ErrDev - ok
18:33:33.0967 1328 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:33:34.0029 1328 EventSystem - ok
18:33:34.0139 1328 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:33:34.0170 1328 exfat - ok
18:33:34.0232 1328 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:33:34.0279 1328 fastfat - ok
18:33:34.0404 1328 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:33:34.0482 1328 Fax - ok
18:33:34.0544 1328 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
18:33:34.0575 1328 fdc - ok
18:33:34.0685 1328 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:33:34.0731 1328 fdPHost - ok
18:33:34.0778 1328 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:33:34.0809 1328 FDResPub - ok
18:33:34.0919 1328 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:33:34.0934 1328 FileInfo - ok
18:33:35.0012 1328 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:33:35.0090 1328 Filetrace - ok
18:33:35.0199 1328 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
18:33:35.0215 1328 flpydisk - ok
18:33:35.0293 1328 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:33:35.0309 1328 FltMgr - ok
18:33:35.0433 1328 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:33:35.0511 1328 FontCache - ok
18:33:35.0652 1328 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:33:35.0667 1328 FontCache3.0.0.0 - ok
18:33:35.0745 1328 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:33:35.0761 1328 FsDepends - ok
18:33:35.0839 1328 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:33:35.0839 1328 Fs_Rec - ok
18:33:35.0933 1328 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:33:35.0948 1328 fvevol - ok
18:33:36.0026 1328 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
18:33:36.0042 1328 gagp30kx - ok
18:33:36.0167 1328 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
18:33:36.0182 1328 GamesAppService - ok
18:33:36.0323 1328 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:33:36.0369 1328 gpsvc - ok
18:33:36.0463 1328 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:33:36.0525 1328 hcw85cir - ok
18:33:36.0635 1328 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:33:36.0666 1328 HdAudAddService - ok
18:33:36.0775 1328 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:33:36.0806 1328 HDAudBus - ok
18:33:36.0884 1328 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
18:33:36.0915 1328 HidBatt - ok
18:33:36.0993 1328 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
18:33:37.0025 1328 HidBth - ok
18:33:37.0290 1328 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
18:33:37.0321 1328 HidIr - ok
18:33:37.0493 1328 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
18:33:37.0539 1328 hidserv - ok
18:33:37.0727 1328 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:33:37.0742 1328 HidUsb - ok
18:33:37.0976 1328 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:33:38.0054 1328 hkmsvc - ok
18:33:38.0085 1328 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:33:38.0163 1328 HomeGroupListener - ok
18:33:38.0351 1328 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:33:38.0397 1328 HomeGroupProvider - ok
18:33:38.0585 1328 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
18:33:38.0616 1328 HP Support Assistant Service - ok
18:33:38.0772 1328 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
18:33:38.0803 1328 HPClientSvc - ok
18:33:38.0928 1328 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
18:33:38.0959 1328 HPDrvMntSvc.exe - ok
18:33:39.0021 1328 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
18:33:39.0053 1328 hpqwmiex - ok
18:33:39.0209 1328 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:33:39.0224 1328 HpSAMD - ok
18:33:39.0287 1328 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:33:39.0333 1328 HTTP - ok
18:33:39.0427 1328 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:33:39.0427 1328 hwpolicy - ok
18:33:39.0458 1328 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:33:39.0474 1328 i8042prt - ok
18:33:39.0536 1328 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:33:39.0552 1328 iaStorV - ok
18:33:39.0692 1328 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:33:39.0723 1328 idsvc - ok
18:33:40.0098 1328 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:33:40.0269 1328 igfx - ok
18:33:40.0347 1328 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
18:33:40.0379 1328 iirsp - ok
18:33:40.0519 1328 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:33:40.0659 1328 IKEEXT - ok
18:33:40.0815 1328 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
18:33:40.0862 1328 IntcAzAudAddService - ok
18:33:40.0956 1328 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:33:40.0987 1328 intelide - ok
18:33:41.0065 1328 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
18:33:41.0096 1328 intelppm - ok
18:33:41.0174 1328 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:33:41.0268 1328 IPBusEnum - ok
18:33:41.0315 1328 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:33:41.0377 1328 IpFilterDriver - ok
18:33:41.0439 1328 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:33:41.0502 1328 IPMIDRV - ok
18:33:41.0549 1328 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:33:41.0627 1328 IPNAT - ok
18:33:41.0673 1328 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:33:41.0705 1328 IRENUM - ok
18:33:41.0767 1328 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:33:41.0798 1328 isapnp - ok
18:33:41.0861 1328 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:33:41.0892 1328 iScsiPrt - ok
18:33:41.0923 1328 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:33:41.0954 1328 kbdclass - ok
18:33:42.0001 1328 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:33:42.0048 1328 kbdhid - ok
18:33:42.0110 1328 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:33:42.0141 1328 KeyIso - ok
18:33:42.0188 1328 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:33:42.0219 1328 KSecDD - ok
18:33:42.0266 1328 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:33:42.0282 1328 KSecPkg - ok
18:33:42.0329 1328 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:33:42.0407 1328 ksthunk - ok
18:33:42.0500 1328 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:33:42.0578 1328 KtmRm - ok
18:33:42.0687 1328 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
18:33:42.0765 1328 LanmanServer - ok
18:33:42.0797 1328 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:33:42.0890 1328 LanmanWorkstation - ok
18:33:42.0999 1328 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:33:43.0093 1328 lltdio - ok
18:33:43.0218 1328 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:33:43.0296 1328 lltdsvc - ok
18:33:43.0374 1328 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:33:43.0436 1328 lmhosts - ok
18:33:43.0623 1328 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
18:33:43.0655 1328 LSI_FC - ok
18:33:43.0951 1328 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
18:33:43.0982 1328 LSI_SAS - ok
18:33:44.0076 1328 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
18:33:44.0107 1328 LSI_SAS2 - ok
18:33:44.0201 1328 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
18:33:44.0247 1328 LSI_SCSI - ok
18:33:44.0325 1328 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:33:44.0419 1328 luafv - ok
18:33:44.0481 1328 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:33:44.0513 1328 Mcx2Svc - ok
18:33:44.0684 1328 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
18:33:44.0715 1328 megasas - ok
18:33:44.0809 1328 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
18:33:44.0825 1328 MegaSR - ok
18:33:44.0887 1328 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:33:44.0918 1328 MMCSS - ok
18:33:44.0996 1328 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:33:45.0027 1328 Modem - ok
18:33:45.0137 1328 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:33:45.0183 1328 monitor - ok
18:33:45.0230 1328 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:33:45.0230 1328 mouclass - ok
18:33:45.0261 1328 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:33:45.0293 1328 mouhid - ok
18:33:45.0371 1328 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:33:45.0386 1328 mountmgr - ok
18:33:45.0464 1328 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:33:45.0511 1328 mpio - ok
18:33:45.0542 1328 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:33:45.0573 1328 mpsdrv - ok
18:33:45.0605 1328 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:33:45.0683 1328 MRxDAV - ok
18:33:45.0729 1328 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:33:45.0807 1328 mrxsmb - ok
18:33:45.0885 1328 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:33:45.0901 1328 mrxsmb10 - ok
18:33:45.0932 1328 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:33:45.0948 1328 mrxsmb20 - ok
18:33:46.0041 1328 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:33:46.0057 1328 msahci - ok
18:33:46.0088 1328 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:33:46.0104 1328 msdsm - ok
18:33:46.0151 1328 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:33:46.0197 1328 MSDTC - ok
18:33:46.0338 1328 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:33:46.0385 1328 Msfs - ok
18:33:46.0447 1328 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:33:46.0556 1328 mshidkmdf - ok
18:33:46.0650 1328 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:33:46.0650 1328 msisadrv - ok
18:33:46.0697 1328 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:33:46.0743 1328 MSiSCSI - ok
18:33:46.0790 1328 msiserver - ok
18:33:46.0977 1328 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:33:47.0102 1328 MSKSSRV - ok
18:33:47.0196 1328 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:33:47.0289 1328 MSPCLOCK - ok
18:33:47.0336 1328 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:33:47.0430 1328 MSPQM - ok
18:33:47.0492 1328 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:33:47.0539 1328 MsRPC - ok
18:33:47.0586 1328 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:33:47.0601 1328 mssmbios - ok
18:33:47.0633 1328 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:33:47.0711 1328 MSTEE - ok
18:33:47.0742 1328 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
18:33:47.0757 1328 MTConfig - ok
18:33:47.0773 1328 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:33:47.0773 1328 Mup - ok
18:33:47.0898 1328 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:33:47.0991 1328 napagent - ok
18:33:48.0116 1328 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:33:48.0194 1328 NativeWifiP - ok
18:33:48.0397 1328 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:33:48.0444 1328 NDIS - ok
18:33:48.0491 1328 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:33:48.0537 1328 NdisCap - ok
18:33:48.0569 1328 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:33:48.0631 1328 NdisTapi - ok
18:33:48.0647 1328 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:33:48.0693 1328 Ndisuio - ok
18:33:48.0756 1328 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:33:48.0787 1328 NdisWan - ok
18:33:48.0834 1328 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:33:48.0865 1328 NDProxy - ok
18:33:48.0881 1328 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:33:48.0912 1328 NetBIOS - ok
18:33:48.0974 1328 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:33:49.0006 1328 NetBT - ok
18:33:49.0037 1328 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:33:49.0052 1328 Netlogon - ok
18:33:49.0130 1328 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:33:49.0240 1328 Netman - ok
18:33:49.0567 1328 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:33:49.0583 1328 NetMsmqActivator - ok
18:33:49.0598 1328 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:33:49.0598 1328 NetPipeActivator - ok
18:33:49.0614 1328 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:33:49.0676 1328 netprofm - ok
18:33:49.0676 1328 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:33:49.0692 1328 NetTcpActivator - ok
18:33:49.0692 1328 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:33:49.0708 1328 NetTcpPortSharing - ok
18:33:49.0770 1328 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
18:33:49.0786 1328 nfrd960 - ok
18:33:49.0864 1328 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:33:49.0957 1328 NlaSvc - ok
18:33:50.0020 1328 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:33:50.0082 1328 Npfs - ok
18:33:50.0160 1328 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:33:50.0238 1328 nsi - ok
18:33:50.0285 1328 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:33:50.0347 1328 nsiproxy - ok
18:33:50.0441 1328 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:33:50.0519 1328 Ntfs - ok
18:33:50.0566 1328 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:33:50.0612 1328 Null - ok
18:33:50.0675 1328 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:33:50.0690 1328 nvraid - ok
18:33:50.0753 1328 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:33:50.0768 1328 nvstor - ok
18:33:50.0815 1328 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:33:50.0878 1328 nv_agp - ok
18:33:50.0987 1328 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:33:51.0034 1328 ohci1394 - ok
18:33:51.0439 1328 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:33:51.0470 1328 ose - ok
18:33:51.0673 1328 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:33:51.0829 1328 osppsvc - ok
18:33:51.0892 1328 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:33:51.0970 1328 p2pimsvc - ok
18:33:52.0016 1328 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:33:52.0032 1328 p2psvc - ok
18:33:52.0079 1328 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
18:33:52.0094 1328 Parport - ok
18:33:52.0141 1328 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:33:52.0157 1328 partmgr - ok
18:33:52.0172 1328 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:33:52.0204 1328 PcaSvc - ok
18:33:52.0250 1328 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:33:52.0250 1328 pci - ok
18:33:52.0328 1328 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:33:52.0360 1328 pciide - ok
18:33:52.0406 1328 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
18:33:52.0438 1328 pcmcia - ok
18:33:52.0516 1328 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:33:52.0547 1328 pcw - ok
18:33:52.0609 1328 pdfcDispatcher - ok
18:33:52.0687 1328 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:33:52.0812 1328 PEAUTH - ok
18:33:52.0906 1328 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:33:52.0952 1328 PerfHost - ok
18:33:53.0077 1328 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:33:53.0171 1328 pla - ok
18:33:53.0218 1328 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:33:53.0280 1328 PlugPlay - ok
18:33:53.0311 1328 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:33:53.0358 1328 PNRPAutoReg - ok
18:33:53.0389 1328 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:33:53.0405 1328 PNRPsvc - ok
18:33:53.0483 1328 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:33:53.0545 1328 PolicyAgent - ok
18:33:53.0576 1328 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:33:53.0623 1328 Power - ok
18:33:53.0686 1328 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:33:53.0717 1328 PptpMiniport - ok
18:33:53.0764 1328 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
18:33:53.0795 1328 Processor - ok
18:33:53.0826 1328 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
18:33:53.0857 1328 ProfSvc - ok
18:33:53.0904 1328 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:33:53.0920 1328 ProtectedStorage - ok
18:33:53.0951 1328 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:33:53.0982 1328 Psched - ok
18:33:54.0091 1328 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
18:33:54.0138 1328 ql2300 - ok
18:33:54.0185 1328 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
18:33:54.0185 1328 ql40xx - ok
18:33:54.0216 1328 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:33:54.0232 1328 QWAVE - ok
18:33:54.0263 1328 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:33:54.0310 1328 QWAVEdrv - ok
18:33:54.0356 1328 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:33:54.0372 1328 RasAcd - ok
18:33:54.0419 1328 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:33:54.0450 1328 RasAgileVpn - ok
18:33:54.0481 1328 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:33:54.0512 1328 RasAuto - ok
18:33:54.0559 1328 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:33:54.0606 1328 Rasl2tp - ok
18:33:54.0684 1328 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:33:54.0715 1328 RasMan - ok
18:33:54.0762 1328 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:33:54.0809 1328 RasPppoe - ok
18:33:54.0824 1328 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:33:54.0856 1328 RasSstp - ok
18:33:54.0918 1328 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:33:54.0965 1328 rdbss - ok
18:33:55.0012 1328 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
18:33:55.0058 1328 rdpbus - ok
18:33:55.0090 1328 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:33:55.0121 1328 RDPCDD - ok
18:33:55.0168 1328 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:33:55.0214 1328 RDPENCDD - ok
18:33:55.0292 1328 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:33:55.0308 1328 RDPREFMP - ok
18:33:55.0386 1328 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
18:33:55.0448 1328 RDPWD - ok
18:33:55.0480 1328 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:33:55.0495 1328 rdyboost - ok
18:33:55.0526 1328 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:33:55.0542 1328 RemoteAccess - ok
18:33:55.0573 1328 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:33:55.0620 1328 RemoteRegistry - ok
18:33:55.0807 1328 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
18:33:55.0823 1328 RoxioNow Service - ok
18:33:55.0854 1328 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:33:55.0901 1328 RpcEptMapper - ok
18:33:55.0948 1328 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:33:55.0948 1328 RpcLocator - ok
18:33:55.0979 1328 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:33:56.0010 1328 RpcSs - ok
18:33:56.0041 1328 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:33:56.0072 1328 rspndr - ok
18:33:56.0104 1328 RTL8167 (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:33:56.0119 1328 RTL8167 - ok
18:33:56.0150 1328 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:33:56.0166 1328 SamSs - ok
18:33:56.0213 1328 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:33:56.0213 1328 sbp2port - ok
18:33:56.0244 1328 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:33:56.0275 1328 SCardSvr - ok
18:33:56.0322 1328 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:33:56.0353 1328 scfilter - ok
18:33:56.0400 1328 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:33:56.0462 1328 Schedule - ok
18:33:56.0509 1328 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:33:56.0540 1328 SCPolicySvc - ok
18:33:56.0556 1328 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:33:56.0572 1328 SDRSVC - ok
18:33:56.0618 1328 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
18:33:56.0618 1328 SeaPort - ok
18:33:56.0634 1328 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:33:56.0681 1328 secdrv - ok
18:33:56.0696 1328 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:33:56.0743 1328 seclogon - ok
18:33:56.0759 1328 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
18:33:56.0790 1328 SENS - ok
18:33:56.0806 1328 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:33:56.0837 1328 SensrSvc - ok
18:33:56.0884 1328 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
18:33:56.0915 1328 Serenum - ok
18:33:56.0946 1328 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
18:33:56.0977 1328 Serial - ok
18:33:56.0993 1328 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
18:33:57.0008 1328 sermouse - ok
18:33:57.0040 1328 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:33:57.0086 1328 SessionEnv - ok
18:33:57.0118 1328 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:33:57.0133 1328 sffdisk - ok
18:33:57.0133 1328 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:33:57.0149 1328 sffp_mmc - ok
18:33:57.0164 1328 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:33:57.0180 1328 sffp_sd - ok
18:33:57.0211 1328 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
18:33:57.0227 1328 sfloppy - ok
18:33:57.0258 1328 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
18:33:57.0274 1328 Sftfs - ok
18:33:57.0383 1328 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
18:33:57.0398 1328 sftlist - ok
18:33:57.0414 1328 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
18:33:57.0430 1328 Sftplay - ok
18:33:57.0445 1328 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
18:33:57.0445 1328 Sftredir - ok
18:33:57.0461 1328 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
18:33:57.0476 1328 Sftvol - ok
18:33:57.0492 1328 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
18:33:57.0492 1328 sftvsa - ok
18:33:57.0539 1328 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:33:57.0570 1328 SharedAccess - ok
18:33:57.0601 1328 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:33:57.0648 1328 ShellHWDetection - ok
18:33:57.0679 1328 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
18:33:57.0679 1328 SiSRaid2 - ok
18:33:57.0695 1328 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
18:33:57.0710 1328 SiSRaid4 - ok
18:33:57.0742 1328 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:33:57.0788 1328 Smb - ok
18:33:57.0804 1328 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:33:57.0820 1328 SNMPTRAP - ok
18:33:57.0851 1328 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:33:57.0851 1328 spldr - ok
18:33:57.0882 1328 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:33:57.0913 1328 Spooler - ok
18:33:57.0976 1328 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:33:58.0100 1328 sppsvc - ok
18:33:58.0116 1328 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:33:58.0147 1328 sppuinotify - ok
18:33:58.0178 1328 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:33:58.0225 1328 srv - ok
18:33:58.0272 1328 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:33:58.0303 1328 srv2 - ok
18:33:58.0334 1328 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:33:58.0350 1328 srvnet - ok
18:33:58.0381 1328 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:33:58.0428 1328 SSDPSRV - ok
18:33:58.0444 1328 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:33:58.0475 1328 SstpSvc - ok
18:33:58.0522 1328 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
18:33:58.0537 1328 stexstor - ok
18:33:58.0584 1328 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:33:58.0615 1328 stisvc - ok
18:33:58.0631 1328 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:33:58.0646 1328 swenum - ok
18:33:58.0678 1328 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:33:58.0740 1328 swprv - ok
18:33:58.0896 1328 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:33:58.0974 1328 SysMain - ok
18:33:59.0005 1328 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:33:59.0021 1328 TabletInputService - ok
18:33:59.0083 1328 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:33:59.0146 1328 TapiSrv - ok
18:33:59.0192 1328 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:33:59.0224 1328 TBS - ok
18:33:59.0302 1328 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:33:59.0364 1328 Tcpip - ok
18:33:59.0426 1328 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:33:59.0442 1328 TCPIP6 - ok
18:33:59.0489 1328 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:33:59.0536 1328 tcpipreg - ok
18:33:59.0567 1328 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:33:59.0582 1328 TDPIPE - ok
18:33:59.0660 1328 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:33:59.0692 1328 TDTCP - ok
18:33:59.0707 1328 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:33:59.0738 1328 tdx - ok
18:33:59.0879 1328 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:33:59.0894 1328 TermDD - ok
18:33:59.0941 1328 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:34:00.0019 1328 TermService - ok
18:34:00.0066 1328 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:34:00.0082 1328 Themes - ok
18:34:00.0144 1328 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:34:00.0175 1328 THREADORDER - ok
18:34:00.0206 1328 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:34:00.0253 1328 TrkWks - ok
18:34:00.0284 1328 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:34:00.0331 1328 TrustedInstaller - ok
18:34:00.0362 1328 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:34:00.0394 1328 tssecsrv - ok
18:34:00.0440 1328 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:34:00.0456 1328 TsUsbFlt - ok
18:34:00.0487 1328 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
18:34:00.0503 1328 TsUsbGD - ok
18:34:00.0534 1328 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:34:00.0565 1328 tunnel - ok
18:34:00.0596 1328 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
18:34:00.0596 1328 uagp35 - ok
18:34:00.0643 1328 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:34:00.0659 1328 udfs - ok
18:34:00.0690 1328 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:34:00.0706 1328 UI0Detect - ok
18:34:00.0721 1328 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:34:00.0737 1328 uliagpkx - ok
18:34:00.0752 1328 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
18:34:00.0752 1328 umbus - ok
18:34:00.0784 1328 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
18:34:00.0799 1328 UmPass - ok
18:34:00.0846 1328 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:34:00.0924 1328 upnphost - ok
18:34:00.0955 1328 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:34:01.0002 1328 usbccgp - ok
18:34:01.0018 1328 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:34:01.0049 1328 usbcir - ok
18:34:01.0064 1328 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:34:01.0096 1328 usbehci - ok
18:34:01.0127 1328 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\drivers\usbfilter.sys
18:34:01.0127 1328 usbfilter - ok
18:34:01.0158 1328 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:34:01.0189 1328 usbhub - ok
18:34:01.0236 1328 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
18:34:01.0298 1328 usbohci - ok
18:34:01.0330 1328 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:34:01.0376 1328 usbprint - ok
18:34:01.0408 1328 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:34:01.0439 1328 usbscan - ok
18:34:01.0470 1328 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:34:01.0532 1328 USBSTOR - ok
18:34:01.0548 1328 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:34:01.0564 1328 usbuhci - ok
18:34:01.0626 1328 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:34:01.0673 1328 UxSms - ok
18:34:01.0704 1328 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:34:01.0720 1328 VaultSvc - ok
18:34:01.0735 1328 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:34:01.0735 1328 vdrvroot - ok
18:34:01.0766 1328 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:34:01.0813 1328 vds - ok
18:34:01.0844 1328 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:34:01.0876 1328 vga - ok
18:34:01.0891 1328 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:34:01.0922 1328 VgaSave - ok
18:34:01.0954 1328 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:34:01.0969 1328 vhdmp - ok
18:34:01.0985 1328 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:34:02.0000 1328 viaide - ok
18:34:02.0016 1328 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:34:02.0032 1328 volmgr - ok
18:34:02.0047 1328 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:34:02.0063 1328 volmgrx - ok
18:34:02.0078 1328 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:34:02.0094 1328 volsnap - ok
18:34:02.0094 1328 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
18:34:02.0110 1328 vsmraid - ok
18:34:02.0250 1328 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:34:02.0359 1328 VSS - ok
18:34:02.0406 1328 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:34:02.0453 1328 vwifibus - ok
18:34:02.0484 1328 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:34:02.0546 1328 W32Time - ok
18:34:02.0609 1328 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
18:34:02.0640 1328 WacomPen - ok
18:34:02.0671 1328 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:34:02.0702 1328 WANARP - ok
18:34:02.0718 1328 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:34:02.0749 1328 Wanarpv6 - ok
18:34:02.0796 1328 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:34:02.0827 1328 WatAdminSvc - ok
18:34:02.0858 1328 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:34:02.0921 1328 wbengine - ok
18:34:02.0936 1328 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:34:02.0952 1328 WbioSrvc - ok
18:34:02.0968 1328 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:34:02.0999 1328 wcncsvc - ok
18:34:03.0046 1328 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:34:03.0108 1328 WcsPlugInService - ok
18:34:03.0124 1328 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
18:34:03.0139 1328 Wd - ok
18:34:03.0170 1328 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:34:03.0186 1328 Wdf01000 - ok
18:34:03.0217 1328 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:34:03.0280 1328 WdiServiceHost - ok
18:34:03.0295 1328 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:34:03.0311 1328 WdiSystemHost - ok
18:34:03.0342 1328 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:34:03.0389 1328 WebClient - ok
18:34:03.0420 1328 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:34:03.0467 1328 Wecsvc - ok
18:34:03.0498 1328 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:34:03.0529 1328 wercplsupport - ok
18:34:03.0545 1328 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:34:03.0576 1328 WerSvc - ok
18:34:03.0592 1328 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:34:03.0607 1328 WfpLwf - ok
18:34:03.0638 1328 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:34:03.0638 1328 WIMMount - ok
18:34:03.0638 1328 WinHttpAutoProxySvc - ok
18:34:03.0685 1328 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:34:03.0763 1328 Winmgmt - ok
18:34:03.0841 1328 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:34:03.0982 1328 WinRM - ok
18:34:04.0044 1328 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:34:04.0044 1328 WinUsb - ok
18:34:04.0106 1328 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:34:04.0184 1328 Wlansvc - ok
18:34:04.0216 1328 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:34:04.0247 1328 wlcrasvc - ok
18:34:04.0294 1328 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:34:04.0387 1328 wlidsvc - ok
18:34:04.0418 1328 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:34:04.0465 1328 WmiAcpi - ok
18:34:04.0528 1328 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:34:04.0543 1328 wmiApSrv - ok
18:34:04.0559 1328 WMPNetworkSvc - ok
18:34:04.0590 1328 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:34:04.0606 1328 WPCSvc - ok
18:34:04.0652 1328 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:34:04.0699 1328 WPDBusEnum - ok
18:34:04.0793 1328 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:34:04.0855 1328 ws2ifsl - ok
18:34:04.0871 1328 WSearch - ok
18:34:04.0933 1328 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
18:34:05.0011 1328 wuauserv - ok
18:34:05.0042 1328 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:34:05.0089 1328 WudfPf - ok
18:34:05.0120 1328 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:34:05.0198 1328 WUDFRd - ok
18:34:05.0230 1328 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:34:05.0261 1328 wudfsvc - ok
18:34:05.0292 1328 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:34:05.0323 1328 WwanSvc - ok
18:34:05.0339 1328 MBR (0x1B8) (22a989b08cd088728d4e9fc470755d79) \Device\Harddisk0\DR0
18:34:05.0354 1328 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
18:34:05.0354 1328 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
18:34:05.0464 1328 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:34:05.0464 1328 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:34:05.0464 1328 Boot (0x1200) (b920e4bc4db2a2f85672de53afd62e83) \Device\Harddisk0\DR0\Partition0
18:34:05.0464 1328 \Device\Harddisk0\DR0\Partition0 - ok
18:34:05.0479 1328 Boot (0x1200) (6c565c6c6da482cbbc6f595924924585) \Device\Harddisk0\DR0\Partition1
18:34:05.0479 1328 \Device\Harddisk0\DR0\Partition1 - ok
18:34:05.0510 1328 Boot (0x1200) (bff80509c2c7cfccb6c9f2aed897ec2b) \Device\Harddisk0\DR0\Partition2
18:34:05.0510 1328 \Device\Harddisk0\DR0\Partition2 - ok
18:34:05.0510 1328 ============================================================
18:34:05.0510 1328 Scan finished
18:34:05.0510 1328 ============================================================
18:34:05.0526 2532 Detected object count: 2
18:34:05.0526 2532 Actual detected object count: 2
18:35:44.0742 2532 \Device\Harddisk0\DR0\# - copied to quarantine
18:35:44.0742 2532 \Device\Harddisk0\DR0 - copied to quarantine
18:35:44.0789 2532 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
18:35:44.0789 2532 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
18:35:44.0789 2532 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
18:35:44.0805 2532 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
18:35:44.0820 2532 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
18:35:44.0820 2532 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
18:35:44.0820 2532 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
18:35:44.0820 2532 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
18:35:44.0820 2532 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
18:35:44.0836 2532 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
18:35:44.0836 2532 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
18:35:44.0836 2532 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
18:35:44.0867 2532 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
18:35:44.0867 2532 \Device\Harddisk0\DR0 - ok
18:35:45.0304 2532 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
18:35:45.0304 2532 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:35:45.0304 2532 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
18:36:03.0228 3068 Deinitialize success

#6 headinhome

headinhome

    New Member

  • Members
  • Pip
  • 39 posts

Posted 03 April 2012 - 06:46 PM

i had an issue the 1st time i tried to run it. before i hit scan something called internet security popped up and started scanning. to my knowledge that is not something i put on my computer. it shut down tdsskiller and firefox and would not let me open the task manager. i have to shut down the computer and when i restarted i was able to run tdsskiller. i now have a new icon on my desktop labeled internet security.

thanks.

#7 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,196 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 03 April 2012 - 06:54 PM

Sounds like a rogue/fake antivirus program:

http://www.bleepingc...t-security-2012

---------------------------------

Please download and run ComboFix.
The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#8 headinhome

headinhome

    New Member

  • Members
  • Pip
  • 39 posts

Posted 03 April 2012 - 08:22 PM

after running combofix, nothing on my computer would work - everything i clicked gave me an error message. i shut down and restarted and got blue screen telling me windows could not load and needed to do system restore. finally after several attempts windows did finally work. here is the log from combofix...


ComboFix 12-04-03.02 - Aug-11 04/03/2012 19:28:27.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.2081 [GMT -5:00]
Running from: c:\users\Aug-11\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Aug-11\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\users\Public\Desktop\Internet Security.lnk
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
.
.
2012-04-04 00:32 . 2012-04-04 00:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-03 23:35 . 2012-04-03 23:35 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-03 10:46 . 2012-04-03 10:46 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F89A2F2-CE23-4A69-AFE1-7358AC940FE3}\offreg.dll
2012-04-03 07:01 . 2012-03-20 08:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F89A2F2-CE23-4A69-AFE1-7358AC940FE3}\mpengine.dll
2012-04-01 19:24 . 2012-04-01 19:24 -------- d-----w- c:\program files\Carbonite
2012-04-01 19:24 . 2012-04-01 19:24 -------- d-----w- c:\programdata\Carbonite
2012-04-01 19:24 . 2012-04-01 19:24 -------- d-----w- c:\program files (x86)\Carbonite
2012-04-01 02:25 . 2012-04-01 17:40 -------- d-----w- c:\users\Aug-11\AppData\Local\{5A6D2003-7B79-11E1-826D-B8AC6F996F26}
2012-03-29 01:06 . 2012-03-29 01:06 -------- d-----w- c:\users\Aug-11\AppData\Roaming\SUPERAntiSpyware.com
2012-03-29 01:06 . 2012-04-01 17:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-29 01:06 . 2012-03-29 01:06 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-29 00:19 . 2012-03-29 00:19 -------- d-----w- c:\program files (x86)\PC Tools
2012-03-29 00:16 . 2012-03-29 00:47 -------- d-----w- c:\programdata\PC Tools
2012-03-29 00:16 . 2012-03-29 00:16 -------- d-----w- c:\users\Aug-11\AppData\Roaming\TestApp
2012-03-28 12:57 . 2012-03-28 12:57 -------- d-----w- c:\programdata\AVG Secure Search
2012-03-28 12:57 . 2012-04-01 17:40 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-03-28 12:57 . 2012-04-01 17:40 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-03-27 22:40 . 2012-03-13 04:39 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-27 22:40 . 2012-03-13 04:39 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-27 22:28 . 2012-03-27 22:29 -------- d-----w- c:\users\Aug-11\AppData\Roaming\Xaest
2012-03-27 22:28 . 2012-03-27 22:29 -------- d-----w- c:\users\Aug-11\AppData\Roaming\Quensi
2012-03-17 21:49 . 2012-03-17 21:49 -------- d-----w- c:\program files (x86)\ESET
2012-03-17 03:48 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-03-17 03:30 . 2012-04-01 17:33 -------- d-----w- c:\users\Aug-11\AppData\Roaming\Malwarebytes
2012-03-17 03:30 . 2012-04-01 17:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-17 03:30 . 2012-03-28 02:33 -------- d-----w- c:\programdata\Malwarebytes
2012-03-17 03:30 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-14 08:03 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 08:03 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 08:03 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 03:02 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 03:02 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 03:02 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 03:00 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 03:00 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 03:00 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 03:00 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 03:00 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 03:00 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 03:00 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 14:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-16 02:54 . 2011-08-13 06:23 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-28_03.43.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-04 00:33 . 2012-04-04 00:33 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-03-28 03:41 . 2012-03-28 03:41 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-03-16 18:02 . 2012-03-28 03:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-03-16 18:02 . 2012-04-04 00:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-04-03 22:50 . 2012-04-03 23:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040320120404\index.dat
+ 2012-04-03 22:50 . 2012-04-03 22:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012032620120402\index.dat
- 2012-03-16 18:02 . 2012-03-28 03:27 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-03-16 18:02 . 2012-04-04 00:28 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-11-21 03:09 . 2012-04-04 00:08 48364 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-04 00:08 35270 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-13 07:15 . 2012-04-04 00:08 10090 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2443618145-3234143949-2320547976-1000_UserData.bin
+ 2012-04-01 17:42 . 2012-04-01 05:36 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2011-02-11 19:25 . 2012-03-28 03:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-11 19:25 . 2012-04-03 23:37 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-11 19:25 . 2012-03-28 03:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-11 19:25 . 2012-04-03 23:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-03 23:37 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-28 03:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-13 05:36 . 2012-04-04 00:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-13 05:36 . 2012-03-28 03:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-03-16 17:58 . 2012-03-28 03:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-16 17:58 . 2012-04-03 23:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-16 17:58 . 2012-04-03 23:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2012-03-16 17:58 . 2012-03-28 03:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2012-03-16 17:58 . 2012-04-03 23:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2012-03-16 17:58 . 2012-03-28 03:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2011-08-13 05:36 . 2012-04-04 00:07 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-08-13 05:36 . 2012-03-28 03:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-13 05:36 . 2012-04-04 00:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-13 05:36 . 2012-03-28 03:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-13 07:15 . 2012-03-28 03:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-13 07:15 . 2012-04-04 00:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-13 07:15 . 2012-03-28 03:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-13 07:15 . 2012-04-04 00:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-14 03:44 . 2012-03-29 02:34 5414 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2009-07-13 23:31 . 2009-07-14 01:39 6656 c:\windows\system32\adsservice.dll
+ 2012-04-04 00:34 . 2012-04-04 00:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-28 03:42 . 2012-03-28 03:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-04-04 00:34 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-11 18:41 . 2012-04-02 22:50 327602 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2012-04-04 00:11 660520 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-28 03:27 660520 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-28 03:27 121190 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-04 00:11 121190 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-04-04 00:33 277296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-28 03:41 277296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-04-04 00:34 5177344 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-28 03:42 1458176 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-04 00:34 1458176 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-13 07:12 . 2012-03-28 03:09 1627496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-08-13 07:12 . 2012-03-29 00:48 1627496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-08-13 07:12 . 2012-03-28 03:41 1989984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2443618145-3234143949-2320547976-1000-8192.dat
+ 2011-08-13 07:12 . 2012-04-04 00:33 1989984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2443618145-3234143949-2320547976-1000-8192.dat
+ 2012-03-28 12:54 . 2012-03-28 12:54 2872832 c:\windows\Installer\1e32a47.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 21:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 21:54 175912 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-03-17 02:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-03-17 02:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-03-17 02:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-02-01 656920]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-03-17 1059984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-03 c:\windows\Tasks\HPCeeScheduleForAug-11.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-03-17 01:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-03-17 01:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-03-17 01:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"combofix"="c:\combofix\CF9611.3XE" [2010-11-21 345088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
alertservice
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Aug-11\AppData\Roaming\Mozilla\Firefox\Profiles\t5h1wh4w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Be379abac-22b4-479e-921f-fec664619ae5%7D&mid=740066f430df47d1abb6ed906db4abbc-ebe5aca7cfd32f9faede2535b753341eef991577&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2011-10-24%2023%3A59%3A26&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\08\06\0d\0f2\04v"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2012-04-03 19:37:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-04 00:37
ComboFix2.txt 2012-03-28 04:04
.
Pre-Run: 774,580,187,136 bytes free
Post-Run: 774,357,270,528 bytes free
.
- - End Of File - - 5A20CECBB369F4A23C8A2C199AE7D2AB

#9 headinhome

headinhome

    New Member

  • Members
  • Pip
  • 39 posts

Posted 03 April 2012 - 08:40 PM

now i am getting an untrusted connection warning from firefox when i try to go to google, bing, facebook, yahoo, msn.
i can get on foxnews, hulu, speedtest, netflix.

#10 headinhome

headinhome

    New Member

  • Members
  • Pip
  • 39 posts

Posted 03 April 2012 - 08:42 PM

ok, i'm getting website security issues on ie on my wife's laptop with those sites as well, so not sure that it has anything to do with this other stuff we've been working on.

thanks.

#11 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,196 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 03 April 2012 - 08:56 PM

Please Update and run a Quick Scan with MBAM, post the report.


Make sure that everything is checked, and click Remove Selected.

I'm gone for tonight, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#12 headinhome

headinhome

    New Member

  • Members
  • Pip
  • 39 posts

Posted 03 April 2012 - 09:10 PM

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.04.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Aug-11 :: AUG-11-HP [administrator]

4/3/2012 9:01:53 PM
mbam-log-2012-04-03 (21-01-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196133
Time elapsed: 2 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Aug-11\AppData\Local\Temp\ch8l0.exe (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

#13 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,196 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 04 April 2012 - 07:37 AM

Please download OTL from one of the links below:
http://oldtimer.geekstogo.com/OTL.exe
http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Run OTL
Under the Custom Scans/Fixes
Copy and paste this in: netsvcs
Click the None button on top
Now click on the blue Run Scan button
Post the log it creates.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#14 headinhome

headinhome

    New Member

  • Members
  • Pip
  • 39 posts

Posted 04 April 2012 - 07:47 AM

OTL logfile created on: 4/4/2012 7:47:22 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Aug-11\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 35.60% Memory free
11.50 Gb Paging File | 7.22 Gb Available in Paging File | 62.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.25 Gb Total Space | 720.64 Gb Free Space | 78.31% Space Free | Partition Type: NTFS
Drive D: | 11.16 Gb Total Space | 1.36 Gb Free Space | 12.21% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: AUG-11-HP | User Name: Aug-11 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days


< End of report >

#15 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,196 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 04 April 2012 - 07:55 AM

Delete your copy of TDSSKiller and download and run a fresh copy as before.

Post the log, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#16 headinhome

headinhome

    New Member

  • Members
  • Pip
  • 39 posts

Posted 04 April 2012 - 08:04 AM

08:02:15.0155 2360 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
08:02:15.0541 2360 ============================================================
08:02:15.0541 2360 Current date / time: 2012/04/04 08:02:15.0541
08:02:15.0541 2360 SystemInfo:
08:02:15.0541 2360
08:02:15.0541 2360 OS Version: 6.1.7601 ServicePack: 1.0
08:02:15.0541 2360 Product type: Workstation
08:02:15.0541 2360 ComputerName: AUG-11-HP
08:02:15.0541 2360 UserName: Aug-11
08:02:15.0541 2360 Windows directory: C:\Windows
08:02:15.0541 2360 System windows directory: C:\Windows
08:02:15.0541 2360 Running under WOW64
08:02:15.0541 2360 Processor architecture: Intel x64
08:02:15.0541 2360 Number of processors: 4
08:02:15.0541 2360 Page size: 0x1000
08:02:15.0541 2360 Boot type: Normal boot
08:02:15.0541 2360 ============================================================
08:02:17.0283 2360 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:02:17.0379 2360 \Device\Harddisk0\DR0:
08:02:17.0380 2360 MBR used
08:02:17.0380 2360 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:02:17.0380 2360 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x73081800
08:02:17.0380 2360 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x730B4000, BlocksNum 0x1652000
08:02:17.0523 2360 Initialize success
08:02:17.0523 2360 ============================================================
08:02:50.0347 5100 ============================================================
08:02:50.0347 5100 Scan started
08:02:50.0347 5100 Mode: Manual; SigCheck; TDLFS;
08:02:50.0347 5100 ============================================================
08:02:50.0784 5100 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:02:50.0846 5100 1394ohci - ok
08:02:50.0893 5100 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:02:50.0908 5100 ACPI - ok
08:02:50.0924 5100 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:02:50.0955 5100 AcpiPmi - ok
08:02:50.0986 5100 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
08:02:51.0002 5100 adp94xx - ok
08:02:51.0033 5100 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
08:02:51.0049 5100 adpahci - ok
08:02:51.0064 5100 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
08:02:51.0080 5100 adpu320 - ok
08:02:51.0096 5100 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
08:02:51.0174 5100 AeLookupSvc - ok
08:02:51.0205 5100 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
08:02:51.0236 5100 AFD - ok
08:02:51.0345 5100 AffinegyService (b29bc445561f1ac7b1daf67af954c36b) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
08:02:51.0361 5100 AffinegyService - ok
08:02:51.0408 5100 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:02:51.0408 5100 agp440 - ok
08:02:51.0439 5100 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
08:02:51.0454 5100 ALG - ok
08:02:51.0470 5100 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:02:51.0486 5100 aliide - ok
08:02:51.0501 5100 AMD External Events Utility (ca0d6c1390f4b3baf2a0a69d1a7f8332) C:\Windows\system32\atiesrxx.exe
08:02:51.0532 5100 AMD External Events Utility - ok
08:02:51.0548 5100 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:02:51.0548 5100 amdide - ok
08:02:51.0564 5100 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
08:02:51.0595 5100 AmdK8 - ok
08:02:51.0688 5100 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys
08:02:51.0829 5100 amdkmdag - ok
08:02:51.0860 5100 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys
08:02:51.0876 5100 amdkmdap - ok
08:02:51.0922 5100 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
08:02:51.0954 5100 AmdPPM - ok
08:02:51.0969 5100 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:02:51.0985 5100 amdsata - ok
08:02:52.0016 5100 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
08:02:52.0032 5100 amdsbs - ok
08:02:52.0047 5100 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:02:52.0063 5100 amdxata - ok
08:02:52.0078 5100 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\Windows\system32\drivers\amd_sata.sys
08:02:52.0094 5100 amd_sata - ok
08:02:52.0141 5100 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\Windows\system32\drivers\amd_xata.sys
08:02:52.0141 5100 amd_xata - ok
08:02:52.0203 5100 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:02:52.0297 5100 AppID - ok
08:02:52.0328 5100 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
08:02:52.0359 5100 AppIDSvc - ok
08:02:52.0375 5100 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
08:02:52.0406 5100 Appinfo - ok
08:02:52.0468 5100 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
08:02:52.0468 5100 arc - ok
08:02:52.0500 5100 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
08:02:52.0515 5100 arcsas - ok
08:02:52.0578 5100 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:02:52.0578 5100 aspnet_state - ok
08:02:52.0609 5100 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:02:52.0656 5100 AsyncMac - ok
08:02:52.0702 5100 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:02:52.0718 5100 atapi - ok
08:02:52.0765 5100 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\drivers\AtiPcie64.sys
08:02:52.0780 5100 AtiPcie - ok
08:02:52.0796 5100 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:02:52.0843 5100 AudioEndpointBuilder - ok
08:02:52.0843 5100 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:02:52.0874 5100 AudioSrv - ok
08:02:52.0968 5100 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
08:02:52.0999 5100 AxInstSV - ok
08:02:53.0030 5100 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
08:02:53.0061 5100 b06bdrv - ok
08:02:53.0077 5100 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:02:53.0108 5100 b57nd60a - ok
08:02:53.0139 5100 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
08:02:53.0155 5100 BDESVC - ok
08:02:53.0170 5100 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:02:53.0217 5100 Beep - ok
08:02:53.0264 5100 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
08:02:53.0311 5100 BFE - ok
08:02:53.0342 5100 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
08:02:53.0389 5100 BITS - ok
08:02:53.0451 5100 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
08:02:53.0467 5100 blbdrive - ok
08:02:53.0498 5100 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:02:53.0514 5100 bowser - ok
08:02:53.0545 5100 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
08:02:53.0560 5100 BrFiltLo - ok
08:02:53.0576 5100 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
08:02:53.0576 5100 BrFiltUp - ok
08:02:53.0638 5100 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
08:02:53.0670 5100 BridgeMP - ok
08:02:53.0701 5100 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
08:02:53.0732 5100 Browser - ok
08:02:53.0763 5100 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:02:53.0794 5100 Brserid - ok
08:02:53.0826 5100 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:02:53.0857 5100 BrSerWdm - ok
08:02:53.0872 5100 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:02:53.0888 5100 BrUsbMdm - ok
08:02:53.0919 5100 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:02:53.0919 5100 BrUsbSer - ok
08:02:53.0950 5100 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
08:02:53.0966 5100 BTHMODEM - ok
08:02:53.0997 5100 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
08:02:54.0028 5100 bthserv - ok
08:02:54.0200 5100 CarboniteService (9da7d983b4e9ea2d065edf566ca64fc8) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
08:02:54.0325 5100 CarboniteService - ok
08:02:54.0340 5100 catchme - ok
08:02:54.0372 5100 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:02:54.0403 5100 cdfs - ok
08:02:54.0450 5100 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
08:02:54.0465 5100 cdrom - ok
08:02:54.0496 5100 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:02:54.0528 5100 CertPropSvc - ok
08:02:54.0543 5100 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
08:02:54.0543 5100 circlass - ok
08:02:54.0574 5100 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:02:54.0590 5100 CLFS - ok
08:02:54.0621 5100 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:02:54.0637 5100 clr_optimization_v2.0.50727_32 - ok
08:02:54.0668 5100 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:02:54.0684 5100 clr_optimization_v2.0.50727_64 - ok
08:02:54.0730 5100 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:02:54.0730 5100 clr_optimization_v4.0.30319_32 - ok
08:02:54.0777 5100 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:02:54.0777 5100 clr_optimization_v4.0.30319_64 - ok
08:02:54.0808 5100 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
08:02:54.0824 5100 CmBatt - ok
08:02:54.0855 5100 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:02:54.0855 5100 cmdide - ok
08:02:54.0886 5100 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
08:02:54.0902 5100 CNG - ok
08:02:54.0918 5100 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
08:02:54.0918 5100 Compbatt - ok
08:02:54.0964 5100 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
08:02:54.0996 5100 CompositeBus - ok
08:02:54.0996 5100 COMSysApp - ok
08:02:55.0011 5100 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
08:02:55.0027 5100 crcdisk - ok
08:02:55.0042 5100 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
08:02:55.0074 5100 CryptSvc - ok
08:02:55.0167 5100 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
08:02:55.0183 5100 cvhsvc - ok
08:02:55.0214 5100 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:02:55.0261 5100 DcomLaunch - ok
08:02:55.0276 5100 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
08:02:55.0308 5100 defragsvc - ok
08:02:55.0339 5100 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:02:55.0370 5100 DfsC - ok
08:02:55.0386 5100 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
08:02:55.0432 5100 Dhcp - ok
08:02:55.0448 5100 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:02:55.0479 5100 discache - ok
08:02:55.0542 5100 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
08:02:55.0557 5100 Disk - ok
08:02:55.0588 5100 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
08:02:55.0588 5100 Dnscache - ok
08:02:55.0620 5100 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
08:02:55.0651 5100 dot3svc - ok
08:02:55.0666 5100 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
08:02:55.0713 5100 DPS - ok
08:02:55.0760 5100 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:02:55.0776 5100 drmkaud - ok
08:02:55.0807 5100 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:02:55.0822 5100 DXGKrnl - ok
08:02:55.0869 5100 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
08:02:55.0900 5100 EapHost - ok
08:02:55.0963 5100 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
08:02:56.0025 5100 ebdrv - ok
08:02:56.0072 5100 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
08:02:56.0088 5100 EFS - ok
08:02:56.0134 5100 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
08:02:56.0150 5100 ehRecvr - ok
08:02:56.0166 5100 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
08:02:56.0181 5100 ehSched - ok
08:02:56.0228 5100 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
08:02:56.0244 5100 elxstor - ok
08:02:56.0275 5100 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:02:56.0306 5100 ErrDev - ok
08:02:56.0322 5100 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
08:02:56.0368 5100 EventSystem - ok
08:02:56.0431 5100 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:02:56.0462 5100 exfat - ok
08:02:56.0478 5100 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:02:56.0509 5100 fastfat - ok
08:02:56.0540 5100 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
08:02:56.0571 5100 Fax - ok
08:02:56.0587 5100 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
08:02:56.0602 5100 fdc - ok
08:02:56.0618 5100 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
08:02:56.0649 5100 fdPHost - ok
08:02:56.0665 5100 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
08:02:56.0696 5100 FDResPub - ok
08:02:56.0712 5100 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:02:56.0712 5100 FileInfo - ok
08:02:56.0727 5100 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:02:56.0758 5100 Filetrace - ok
08:02:56.0774 5100 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
08:02:56.0790 5100 flpydisk - ok
08:02:56.0805 5100 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:02:56.0821 5100 FltMgr - ok
08:02:56.0868 5100 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
08:02:56.0899 5100 FontCache - ok
08:02:56.0946 5100 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:02:56.0961 5100 FontCache3.0.0.0 - ok
08:02:56.0977 5100 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:02:56.0977 5100 FsDepends - ok
08:02:56.0992 5100 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
08:02:57.0008 5100 Fs_Rec - ok
08:02:57.0024 5100 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:02:57.0039 5100 fvevol - ok
08:02:57.0070 5100 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
08:02:57.0070 5100 gagp30kx - ok
08:02:57.0148 5100 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
08:02:57.0148 5100 GamesAppService - ok
08:02:57.0195 5100 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
08:02:57.0226 5100 gpsvc - ok
08:02:57.0242 5100 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:02:57.0273 5100 hcw85cir - ok
08:02:57.0304 5100 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
08:02:57.0336 5100 HdAudAddService - ok
08:02:57.0382 5100 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:02:57.0398 5100 HDAudBus - ok
08:02:57.0414 5100 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
08:02:57.0445 5100 HidBatt - ok
08:02:57.0460 5100 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
08:02:57.0476 5100 HidBth - ok
08:02:57.0507 5100 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
08:02:57.0507 5100 HidIr - ok
08:02:57.0538 5100 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
08:02:57.0570 5100 hidserv - ok
08:02:57.0601 5100 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
08:02:57.0616 5100 HidUsb - ok
08:02:57.0632 5100 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
08:02:57.0679 5100 hkmsvc - ok
08:02:57.0710 5100 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
08:02:57.0726 5100 HomeGroupListener - ok
08:02:57.0741 5100 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
08:02:57.0772 5100 HomeGroupProvider - ok
08:02:57.0866 5100 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
08:02:57.0866 5100 HP Support Assistant Service - ok
08:02:57.0928 5100 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
08:02:57.0928 5100 HPClientSvc - ok
08:02:58.0006 5100 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
08:02:58.0022 5100 HPDrvMntSvc.exe - ok
08:02:58.0256 5100 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
08:02:58.0287 5100 hpqwmiex - ok
08:02:58.0350 5100 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:02:58.0365 5100 HpSAMD - ok
08:02:58.0396 5100 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:02:58.0443 5100 HTTP - ok
08:02:58.0459 5100 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:02:58.0474 5100 hwpolicy - ok
08:02:58.0506 5100 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
08:02:58.0521 5100 i8042prt - ok
08:02:58.0552 5100 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:02:58.0568 5100 iaStorV - ok
08:02:58.0630 5100 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:02:58.0646 5100 idsvc - ok
08:02:58.0755 5100 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
08:02:58.0880 5100 igfx - ok
08:02:58.0927 5100 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
08:02:58.0942 5100 iirsp - ok
08:02:58.0974 5100 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
08:02:59.0020 5100 IKEEXT - ok
08:02:59.0067 5100 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
08:02:59.0098 5100 IntcAzAudAddService - ok
08:02:59.0145 5100 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:02:59.0161 5100 intelide - ok
08:02:59.0176 5100 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
08:02:59.0192 5100 intelppm - ok
08:02:59.0239 5100 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
08:02:59.0286 5100 IPBusEnum - ok
08:02:59.0301 5100 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:02:59.0332 5100 IpFilterDriver - ok
08:02:59.0348 5100 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
08:02:59.0395 5100 iphlpsvc - ok
08:02:59.0410 5100 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:02:59.0426 5100 IPMIDRV - ok
08:02:59.0442 5100 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:02:59.0473 5100 IPNAT - ok
08:02:59.0504 5100 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:02:59.0520 5100 IRENUM - ok
08:02:59.0535 5100 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:02:59.0535 5100 isapnp - ok
08:02:59.0566 5100 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:02:59.0582 5100 iScsiPrt - ok
08:02:59.0598 5100 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
08:02:59.0613 5100 kbdclass - ok
08:02:59.0644 5100 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
08:02:59.0660 5100 kbdhid - ok
08:02:59.0707 5100 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:02:59.0722 5100 KeyIso - ok
08:02:59.0738 5100 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
08:02:59.0738 5100 KSecDD - ok
08:02:59.0754 5100 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
08:02:59.0769 5100 KSecPkg - ok
08:02:59.0785 5100 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:02:59.0832 5100 ksthunk - ok
08:02:59.0847 5100 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
08:02:59.0894 5100 KtmRm - ok
08:02:59.0941 5100 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
08:02:59.0988 5100 LanmanServer - ok
08:03:00.0003 5100 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
08:03:00.0034 5100 LanmanWorkstation - ok
08:03:00.0097 5100 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:03:00.0128 5100 lltdio - ok
08:03:00.0159 5100 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
08:03:00.0190 5100 lltdsvc - ok
08:03:00.0206 5100 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
08:03:00.0237 5100 lmhosts - ok
08:03:00.0284 5100 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
08:03:00.0300 5100 LSI_FC - ok
08:03:00.0315 5100 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
08:03:00.0331 5100 LSI_SAS - ok
08:03:00.0346 5100 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
08:03:00.0362 5100 LSI_SAS2 - ok
08:03:00.0393 5100 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
08:03:00.0409 5100 LSI_SCSI - ok
08:03:00.0424 5100 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:03:00.0456 5100 luafv - ok
08:03:00.0471 5100 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
08:03:00.0487 5100 Mcx2Svc - ok
08:03:00.0518 5100 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
08:03:00.0518 5100 megasas - ok
08:03:00.0549 5100 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
08:03:00.0549 5100 MegaSR - ok
08:03:00.0612 5100 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
08:03:00.0627 5100 mfeapfk - ok
08:03:00.0690 5100 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
08:03:00.0705 5100 mfehidk - ok
08:03:00.0721 5100 mfevtp (3ed58a36f7f7d60f0ef44d29810b0b80) C:\Windows\system32\mfevtps.exe
08:03:00.0736 5100 mfevtp - ok
08:03:00.0752 5100 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:03:00.0783 5100 MMCSS - ok
08:03:00.0799 5100 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:03:00.0846 5100 Modem - ok
08:03:00.0892 5100 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:03:00.0908 5100 monitor - ok
08:03:00.0939 5100 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:03:00.0955 5100 mouclass - ok
08:03:00.0970 5100 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:03:00.0986 5100 mouhid - ok
08:03:01.0017 5100 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:03:01.0033 5100 mountmgr - ok
08:03:01.0064 5100 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:03:01.0064 5100 mpio - ok
08:03:01.0080 5100 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:03:01.0111 5100 mpsdrv - ok
08:03:01.0142 5100 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
08:03:01.0173 5100 MpsSvc - ok
08:03:01.0189 5100 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:03:01.0220 5100 MRxDAV - ok
08:03:01.0267 5100 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:03:01.0282 5100 mrxsmb - ok
08:03:01.0314 5100 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:03:01.0329 5100 mrxsmb10 - ok
08:03:01.0345 5100 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:03:01.0360 5100 mrxsmb20 - ok
08:03:01.0376 5100 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:03:01.0376 5100 msahci - ok
08:03:01.0407 5100 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:03:01.0407 5100 msdsm - ok
08:03:01.0423 5100 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
08:03:01.0438 5100 MSDTC - ok
08:03:01.0485 5100 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:03:01.0501 5100 Msfs - ok
08:03:01.0516 5100 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:03:01.0548 5100 mshidkmdf - ok
08:03:01.0563 5100 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:03:01.0579 5100 msisadrv - ok
08:03:01.0641 5100 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
08:03:01.0672 5100 MSiSCSI - ok
08:03:01.0688 5100 msiserver - ok
08:03:01.0719 5100 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:03:01.0750 5100 MSKSSRV - ok
08:03:01.0766 5100 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:03:01.0797 5100 MSPCLOCK - ok
08:03:01.0813 5100 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:03:01.0860 5100 MSPQM - ok
08:03:01.0875 5100 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:03:01.0891 5100 MsRPC - ok
08:03:01.0906 5100 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
08:03:01.0922 5100 mssmbios - ok
08:03:01.0969 5100 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:03:02.0000 5100 MSTEE - ok
08:03:02.0016 5100 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
08:03:02.0016 5100 MTConfig - ok
08:03:02.0031 5100 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:03:02.0047 5100 Mup - ok
08:03:02.0062 5100 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
08:03:02.0109 5100 napagent - ok
08:03:02.0140 5100 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:03:02.0172 5100 NativeWifiP - ok
08:03:02.0234 5100 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:03:02.0265 5100 NDIS - ok
08:03:02.0312 5100 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:03:02.0328 5100 NdisCap - ok
08:03:02.0359 5100 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:03:02.0390 5100 NdisTapi - ok
08:03:02.0406 5100 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:03:02.0421 5100 Ndisuio - ok
08:03:02.0437 5100 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:03:02.0484 5100 NdisWan - ok
08:03:02.0499 5100 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:03:02.0530 5100 NDProxy - ok
08:03:02.0530 5100 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:03:02.0577 5100 NetBIOS - ok
08:03:02.0593 5100 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:03:02.0624 5100 NetBT - ok
08:03:02.0640 5100 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:03:02.0655 5100 Netlogon - ok
08:03:02.0702 5100 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
08:03:02.0749 5100 Netman - ok
08:03:02.0827 5100 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:03:02.0827 5100 NetMsmqActivator - ok
08:03:02.0842 5100 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:03:02.0842 5100 NetPipeActivator - ok
08:03:02.0858 5100 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
08:03:02.0905 5100 netprofm - ok
08:03:02.0920 5100 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:03:02.0920 5100 NetTcpActivator - ok
08:03:02.0920 5100 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:03:02.0936 5100 NetTcpPortSharing - ok
08:03:03.0014 5100 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
08:03:03.0014 5100 nfrd960 - ok
08:03:03.0061 5100 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
08:03:03.0108 5100 NlaSvc - ok
08:03:03.0139 5100 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:03:03.0154 5100 Npfs - ok
08:03:03.0170 5100 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
08:03:03.0201 5100 nsi - ok
08:03:03.0232 5100 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:03:03.0248 5100 nsiproxy - ok
08:03:03.0310 5100 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:03:03.0357 5100 Ntfs - ok
08:03:03.0373 5100 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:03:03.0404 5100 Null - ok
08:03:03.0451 5100 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:03:03.0451 5100 nvraid - ok
08:03:03.0466 5100 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:03:03.0482 5100 nvstor - ok
08:03:03.0513 5100 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:03:03.0513 5100 nv_agp - ok
08:03:03.0529 5100 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:03:03.0544 5100 ohci1394 - ok
08:03:03.0622 5100 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:03:03.0622 5100 ose - ok
08:03:03.0716 5100 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:03:03.0825 5100 osppsvc - ok
08:03:03.0872 5100 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:03:03.0903 5100 p2pimsvc - ok
08:03:03.0934 5100 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
08:03:03.0966 5100 p2psvc - ok
08:03:03.0997 5100 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
08:03:04.0012 5100 Parport - ok
08:03:04.0059 5100 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
08:03:04.0059 5100 partmgr - ok
08:03:04.0075 5100 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
08:03:04.0106 5100 PcaSvc - ok
08:03:04.0122 5100 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:03:04.0137 5100 pci - ok
08:03:04.0153 5100 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:03:04.0168 5100 pciide - ok
08:03:04.0184 5100 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
08:03:04.0200 5100 pcmcia - ok
08:03:04.0215 5100 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:03:04.0231 5100 pcw - ok
08:03:04.0309 5100 pdfcDispatcher - ok
08:03:04.0324 5100 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:03:04.0371 5100 PEAUTH - ok
08:03:04.0418 5100 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
08:03:04.0434 5100 PerfHost - ok
08:03:04.0496 5100 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
08:03:04.0543 5100 pla - ok
08:03:04.0605 5100 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
08:03:04.0636 5100 PlugPlay - ok
08:03:04.0636 5100 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
08:03:04.0668 5100 PNRPAutoReg - ok
08:03:04.0683 5100 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:03:04.0699 5100 PNRPsvc - ok
08:03:04.0730 5100 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
08:03:04.0777 5100 PolicyAgent - ok
08:03:04.0808 5100 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
08:03:04.0839 5100 Power - ok
08:03:04.0902 5100 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:03:04.0933 5100 PptpMiniport - ok
08:03:04.0964 5100 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
08:03:04.0995 5100 Processor - ok
08:03:05.0042 5100 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
08:03:05.0073 5100 ProfSvc - ok
08:03:05.0089 5100 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:03:05.0104 5100 ProtectedStorage - ok
08:03:05.0120 5100 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:03:05.0151 5100 Psched - ok
08:03:05.0214 5100 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
08:03:05.0260 5100 ql2300 - ok
08:03:05.0276 5100 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
08:03:05.0292 5100 ql40xx - ok
08:03:05.0307 5100 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
08:03:05.0338 5100 QWAVE - ok
08:03:05.0354 5100 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:03:05.0370 5100 QWAVEdrv - ok
08:03:05.0385 5100 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:03:05.0416 5100 RasAcd - ok
08:03:05.0463 5100 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:03:05.0494 5100 RasAgileVpn - ok
08:03:05.0494 5100 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
08:03:05.0526 5100 RasAuto - ok
08:03:05.0541 5100 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:03:05.0588 5100 Rasl2tp - ok
08:03:05.0619 5100 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
08:03:05.0650 5100 RasMan - ok
08:03:05.0666 5100 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:03:05.0713 5100 RasPppoe - ok
08:03:05.0728 5100 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:03:05.0760 5100 RasSstp - ok
08:03:05.0775 5100 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:03:05.0806 5100 rdbss - ok
08:03:05.0822 5100 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
08:03:05.0838 5100 rdpbus - ok
08:03:05.0853 5100 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:03:05.0884 5100 RDPCDD - ok
08:03:05.0900 5100 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:03:05.0931 5100 RDPENCDD - ok
08:03:05.0947 5100 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:03:05.0978 5100 RDPREFMP - ok
08:03:05.0994 5100 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
08:03:06.0025 5100 RDPWD - ok
08:03:06.0040 5100 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:03:06.0056 5100 rdyboost - ok
08:03:06.0072 5100 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
08:03:06.0103 5100 RemoteAccess - ok
08:03:06.0134 5100 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
08:03:06.0165 5100 RemoteRegistry - ok
08:03:06.0228 5100 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
08:03:06.0228 5100 RoxioNow Service - ok
08:03:06.0259 5100 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
08:03:06.0290 5100 RpcEptMapper - ok
08:03:06.0290 5100 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
08:03:06.0306 5100 RpcLocator - ok
08:03:06.0321 5100 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:03:06.0352 5100 RpcSs - ok
08:03:06.0384 5100 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:03:06.0399 5100 rspndr - ok
08:03:06.0462 5100 RTL8167 (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys
08:03:06.0462 5100 RTL8167 - ok
08:03:06.0493 5100 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:03:06.0508 5100 SamSs - ok
08:03:06.0524 5100 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:03:06.0540 5100 sbp2port - ok
08:03:06.0571 5100 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
08:03:06.0602 5100 SCardSvr - ok
08:03:06.0618 5100 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:03:06.0649 5100 scfilter - ok
08:03:06.0680 5100 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
08:03:06.0727 5100 Schedule - ok
08:03:06.0758 5100 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:03:06.0789 5100 SCPolicySvc - ok
08:03:06.0805 5100 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
08:03:06.0820 5100 SDRSVC - ok
08:03:06.0867 5100 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
08:03:06.0883 5100 SeaPort - ok
08:03:06.0930 5100 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:03:06.0961 5100 secdrv - ok
08:03:06.0992 5100 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
08:03:07.0008 5100 seclogon - ok
08:03:07.0054 5100 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
08:03:07.0086 5100 SENS - ok
08:03:07.0101 5100 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
08:03:07.0117 5100 SensrSvc - ok
08:03:07.0179 5100 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
08:03:07.0195 5100 Serenum - ok
08:03:07.0242 5100 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
08:03:07.0257 5100 Serial - ok
08:03:07.0288 5100 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
08:03:07.0304 5100 sermouse - ok
08:03:07.0335 5100 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
08:03:07.0366 5100 SessionEnv - ok
08:03:07.0382 5100 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:03:07.0398 5100 sffdisk - ok
08:03:07.0413 5100 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:03:07.0429 5100 sffp_mmc - ok
08:03:07.0444 5100 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:03:07.0460 5100 sffp_sd - ok
08:03:07.0476 5100 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
08:03:07.0491 5100 sfloppy - ok
08:03:07.0554 5100 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
08:03:07.0569 5100 Sftfs - ok
08:03:07.0616 5100 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
08:03:07.0632 5100 sftlist - ok
08:03:07.0647 5100 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
08:03:07.0663 5100 Sftplay - ok
08:03:07.0678 5100 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
08:03:07.0678 5100 Sftredir - ok
08:03:07.0710 5100 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
08:03:07.0710 5100 Sftvol - ok
08:03:07.0756 5100 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
08:03:07.0772 5100 sftvsa - ok
08:03:07.0788 5100 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
08:03:07.0834 5100 SharedAccess - ok
08:03:07.0866 5100 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
08:03:07.0912 5100 ShellHWDetection - ok
08:03:07.0959 5100 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
08:03:07.0975 5100 SiSRaid2 - ok
08:03:07.0990 5100 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
08:03:08.0006 5100 SiSRaid4 - ok
08:03:08.0053 5100 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:03:08.0100 5100 Smb - ok
08:03:08.0146 5100 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
08:03:08.0162 5100 SNMPTRAP - ok
08:03:08.0178 5100 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:03:08.0193 5100 spldr - ok
08:03:08.0224 5100 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
08:03:08.0256 5100 Spooler - ok
08:03:08.0318 5100 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
08:03:08.0427 5100 sppsvc - ok
08:03:08.0458 5100 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
08:03:08.0474 5100 sppuinotify - ok
08:03:08.0521 5100 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:03:08.0536 5100 srv - ok
08:03:08.0583 5100 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:03:08.0614 5100 srv2 - ok
08:03:08.0630 5100 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:03:08.0646 5100 srvnet - ok
08:03:08.0692 5100 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
08:03:08.0724 5100 SSDPSRV - ok
08:03:08.0739 5100 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
08:03:08.0770 5100 SstpSvc - ok
08:03:08.0786 5100 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
08:03:08.0802 5100 stexstor - ok
08:03:08.0864 5100 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
08:03:08.0880 5100 stisvc - ok
08:03:08.0911 5100 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
08:03:08.0911 5100 swenum - ok
08:03:08.0926 5100 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
08:03:08.0973 5100 swprv - ok
08:03:09.0004 5100 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
08:03:09.0067 5100 SysMain - ok
08:03:09.0082 5100 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
08:03:09.0098 5100 TabletInputService - ok
08:03:09.0114 5100 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
08:03:09.0160 5100 TapiSrv - ok
08:03:09.0176 5100 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
08:03:09.0207 5100 TBS - ok
08:03:09.0410 5100 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
08:03:09.0472 5100 Tcpip - ok
08:03:09.0535 5100 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
08:03:09.0566 5100 TCPIP6 - ok
08:03:09.0582 5100 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:03:09.0613 5100 tcpipreg - ok
08:03:09.0628 5100 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:03:09.0644 5100 TDPIPE - ok
08:03:09.0675 5100 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
08:03:09.0675 5100 TDTCP - ok
08:03:09.0691 5100 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:03:09.0722 5100 tdx - ok
08:03:09.0769 5100 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
08:03:09.0769 5100 TermDD - ok
08:03:09.0800 5100 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
08:03:09.0847 5100 TermService - ok
08:03:09.0862 5100 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
08:03:09.0894 5100 Themes - ok
08:03:09.0909 5100 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:03:09.0940 5100 THREADORDER - ok
08:03:09.0956 5100 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
08:03:09.0987 5100 TrkWks - ok
08:03:10.0003 5100 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
08:03:10.0034 5100 TrustedInstaller - ok
08:03:10.0065 5100 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:03:10.0096 5100 tssecsrv - ok
08:03:10.0143 5100 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:03:10.0143 5100 TsUsbFlt - ok
08:03:10.0159 5100 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
08:03:10.0174 5100 TsUsbGD - ok
08:03:10.0221 5100 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:03:10.0252 5100 tunnel - ok
08:03:10.0268 5100 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
08:03:10.0284 5100 uagp35 - ok
08:03:10.0299 5100 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:03:10.0346 5100 udfs - ok
08:03:10.0362 5100 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
08:03:10.0377 5100 UI0Detect - ok
08:03:10.0393 5100 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:03:10.0408 5100 uliagpkx - ok
08:03:10.0455 5100 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
08:03:10.0471 5100 umbus - ok
08:03:10.0502 5100 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
08:03:10.0518 5100 UmPass - ok
08:03:10.0533 5100 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
08:03:10.0580 5100 upnphost - ok
08:03:10.0627 5100 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
08:03:10.0642 5100 usbccgp - ok
08:03:10.0658 5100 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:03:10.0674 5100 usbcir - ok
08:03:10.0689 5100 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
08:03:10.0720 5100 usbehci - ok
08:03:10.0736 5100 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\drivers\usbfilter.sys
08:03:10.0752 5100 usbfilter - ok
08:03:10.0767 5100 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
08:03:10.0783 5100 usbhub - ok
08:03:10.0814 5100 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
08:03:10.0830 5100 usbohci - ok
08:03:10.0876 5100 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:03:10.0892 5100 usbprint - ok
08:03:10.0908 5100 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
08:03:10.0923 5100 usbscan - ok
08:03:10.0939 5100 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:03:10.0954 5100 USBSTOR - ok
08:03:10.0970 5100 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
08:03:10.0986 5100 usbuhci - ok
08:03:11.0017 5100 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
08:03:11.0048 5100 UxSms - ok
08:03:11.0064 5100 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:03:11.0079 5100 VaultSvc - ok
08:03:11.0126 5100 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:03:11.0126 5100 vdrvroot - ok
08:03:11.0142 5100 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
08:03:11.0188 5100 vds - ok
08:03:11.0220 5100 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:03:11.0235 5100 vga - ok
08:03:11.0251 5100 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:03:11.0298 5100 VgaSave - ok
08:03:11.0313 5100 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:03:11.0313 5100 vhdmp - ok
08:03:11.0344 5100 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:03:11.0360 5100 viaide - ok
08:03:11.0376 5100 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:03:11.0376 5100 volmgr - ok
08:03:11.0407 5100 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:03:11.0422 5100 volmgrx - ok
08:03:11.0438 5100 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:03:11.0438 5100 volsnap - ok
08:03:11.0485 5100 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
08:03:11.0500 5100 vsmraid - ok
08:03:11.0547 5100 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
08:03:11.0610 5100 VSS - ok
08:03:11.0625 5100 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
08:03:11.0641 5100 vwifibus - ok
08:03:11.0688 5100 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
08:03:11.0719 5100 W32Time - ok
08:03:11.0750 5100 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
08:03:11.0766 5100 WacomPen - ok
08:03:11.0812 5100 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:03:11.0844 5100 WANARP - ok
08:03:11.0844 5100 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:03:11.0875 5100 Wanarpv6 - ok
08:03:11.0937 5100 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
08:03:11.0968 5100 WatAdminSvc - ok
08:03:12.0000 5100 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
08:03:12.0062 5100 wbengine - ok
08:03:12.0093 5100 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
08:03:12.0109 5100 WbioSrvc - ok
08:03:12.0124 5100 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
08:03:12.0156 5100 wcncsvc - ok
08:03:12.0187 5100 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
08:03:12.0187 5100 WcsPlugInService - ok
08:03:12.0218 5100 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
08:03:12.0234 5100 Wd - ok
08:03:12.0265 5100 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:03:12.0280 5100 Wdf01000 - ok
08:03:12.0296 5100 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:03:12.0327 5100 WdiServiceHost - ok
08:03:12.0327 5100 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:03:12.0343 5100 WdiSystemHost - ok
08:03:12.0358 5100 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
08:03:12.0374 5100 WebClient - ok
08:03:12.0390 5100 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
08:03:12.0436 5100 Wecsvc - ok
08:03:12.0452 5100 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
08:03:12.0483 5100 wercplsupport - ok
08:03:12.0499 5100 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
08:03:12.0530 5100 WerSvc - ok
08:03:12.0561 5100 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:03:12.0592 5100 WfpLwf - ok
08:03:12.0608 5100 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:03:12.0608 5100 WIMMount - ok
08:03:12.0624 5100 WinDefend - ok
08:03:12.0639 5100 WinHttpAutoProxySvc - ok
08:03:12.0670 5100 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
08:03:12.0702 5100 Winmgmt - ok
08:03:12.0748 5100 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
08:03:12.0811 5100 WinRM - ok
08:03:12.0873 5100 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
08:03:12.0889 5100 WinUsb - ok
08:03:12.0904 5100 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
08:03:12.0936 5100 Wlansvc - ok
08:03:12.0998 5100 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:03:13.0014 5100 wlcrasvc - ok
08:03:13.0092 5100 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:03:13.0123 5100 wlidsvc - ok
08:03:13.0170 5100 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
08:03:13.0201 5100 WmiAcpi - ok
08:03:13.0216 5100 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
08:03:13.0248 5100 wmiApSrv - ok
08:03:13.0294 5100 WMPNetworkSvc - ok
08:03:13.0294 5100 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
08:03:13.0310 5100 WPCSvc - ok
08:03:13.0326 5100 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
08:03:13.0341 5100 WPDBusEnum - ok
08:03:13.0357 5100 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:03:13.0388 5100 ws2ifsl - ok
08:03:13.0435 5100 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
08:03:13.0450 5100 wscsvc - ok
08:03:13.0466 5100 WSearch - ok
08:03:13.0497 5100 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
08:03:13.0575 5100 wuauserv - ok
08:03:13.0606 5100 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:03:13.0653 5100 WudfPf - ok
08:03:13.0700 5100 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:03:13.0731 5100 WUDFRd - ok
08:03:13.0778 5100 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
08:03:13.0809 5100 wudfsvc - ok
08:03:13.0825 5100 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
08:03:13.0856 5100 WwanSvc - ok
08:03:13.0903 5100 MBR (0x1B8) (6f9dd6ab827c8b46cad334291946f201) \Device\Harddisk0\DR0
08:03:14.0074 5100 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
08:03:14.0074 5100 \Device\Harddisk0\DR0 - detected TDSS File System (1)
08:03:14.0074 5100 Boot (0x1200) (b920e4bc4db2a2f85672de53afd62e83) \Device\Harddisk0\DR0\Partition0
08:03:14.0074 5100 \Device\Harddisk0\DR0\Partition0 - ok
08:03:14.0106 5100 Boot (0x1200) (6c565c6c6da482cbbc6f595924924585) \Device\Harddisk0\DR0\Partition1
08:03:14.0106 5100 \Device\Harddisk0\DR0\Partition1 - ok
08:03:14.0137 5100 Boot (0x1200) (bff80509c2c7cfccb6c9f2aed897ec2b) \Device\Harddisk0\DR0\Partition2
08:03:14.0137 5100 \Device\Harddisk0\DR0\Partition2 - ok
08:03:14.0137 5100 ============================================================
08:03:14.0137 5100 Scan finished
08:03:14.0137 5100 ============================================================
08:03:14.0137 5052 Detected object count: 1
08:03:14.0137 5052 Actual detected object count: 1
08:03:28.0899 5052 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
08:03:28.0899 5052 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

#17 headinhome

headinhome

    New Member

  • Members
  • Pip
  • 39 posts

Posted 04 April 2012 - 08:05 AM

gotta get to work. will check back this evening. thanks for you continued help!

#18 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,196 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 04 April 2012 - 08:08 AM

08:03:28.0899 5052 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
08:03:28.0899 5052 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip



Run it again and delete these two.

------------------------------------

Delete your copy of ComboFix and download and run a fresh copy as before, post back the log.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#19 headinhome

headinhome

    New Member

  • Members
  • Pip
  • 39 posts

Posted 04 April 2012 - 06:31 PM

ran tdsskiller again and deleted... here's that log. will run combofix again as well.



18:29:19.0109 4108 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
18:29:19.0488 4108 ============================================================
18:29:19.0488 4108 Current date / time: 2012/04/04 18:29:19.0488
18:29:19.0488 4108 SystemInfo:
18:29:19.0488 4108
18:29:19.0488 4108 OS Version: 6.1.7601 ServicePack: 1.0
18:29:19.0488 4108 Product type: Workstation
18:29:19.0488 4108 ComputerName: AUG-11-HP
18:29:19.0489 4108 UserName: Aug-11
18:29:19.0489 4108 Windows directory: C:\Windows
18:29:19.0489 4108 System windows directory: C:\Windows
18:29:19.0489 4108 Running under WOW64
18:29:19.0489 4108 Processor architecture: Intel x64
18:29:19.0489 4108 Number of processors: 4
18:29:19.0489 4108 Page size: 0x1000
18:29:19.0489 4108 Boot type: Normal boot
18:29:19.0489 4108 ============================================================
18:29:22.0254 4108 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:29:22.0350 4108 \Device\Harddisk0\DR0:
18:29:22.0350 4108 MBR used
18:29:22.0350 4108 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:29:22.0350 4108 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x73081800
18:29:22.0350 4108 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x730B4000, BlocksNum 0x1652000
18:29:22.0461 4108 Initialize success
18:29:22.0461 4108 ============================================================
18:29:29.0126 3584 ============================================================
18:29:29.0126 3584 Scan started
18:29:29.0126 3584 Mode: Manual; SigCheck; TDLFS;
18:29:29.0126 3584 ============================================================
18:29:30.0434 3584 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:29:30.0508 3584 1394ohci - ok
18:29:30.0535 3584 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:29:30.0549 3584 ACPI - ok
18:29:30.0570 3584 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:29:30.0605 3584 AcpiPmi - ok
18:29:30.0630 3584 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
18:29:30.0647 3584 adp94xx - ok
18:29:30.0721 3584 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
18:29:30.0739 3584 adpahci - ok
18:29:30.0754 3584 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
18:29:30.0765 3584 adpu320 - ok
18:29:30.0789 3584 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:29:30.0862 3584 AeLookupSvc - ok
18:29:30.0918 3584 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:29:30.0949 3584 AFD - ok
18:29:31.0109 3584 AffinegyService (b29bc445561f1ac7b1daf67af954c36b) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
18:29:31.0149 3584 AffinegyService - ok
18:29:31.0193 3584 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:29:31.0203 3584 agp440 - ok
18:29:31.0220 3584 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:29:31.0245 3584 ALG - ok
18:29:31.0293 3584 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:29:31.0302 3584 aliide - ok
18:29:31.0354 3584 AMD External Events Utility (ca0d6c1390f4b3baf2a0a69d1a7f8332) C:\Windows\system32\atiesrxx.exe
18:29:31.0397 3584 AMD External Events Utility - ok
18:29:31.0416 3584 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:29:31.0425 3584 amdide - ok
18:29:31.0488 3584 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
18:29:31.0538 3584 AmdK8 - ok
18:29:31.0660 3584 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys
18:29:31.0830 3584 amdkmdag - ok
18:29:31.0868 3584 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys
18:29:31.0890 3584 amdkmdap - ok
18:29:31.0931 3584 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
18:29:31.0963 3584 AmdPPM - ok
18:29:32.0004 3584 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:29:32.0027 3584 amdsata - ok
18:29:32.0112 3584 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
18:29:32.0136 3584 amdsbs - ok
18:29:32.0161 3584 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:29:32.0182 3584 amdxata - ok
18:29:32.0207 3584 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\Windows\system32\drivers\amd_sata.sys
18:29:32.0269 3584 amd_sata - ok
18:29:32.0343 3584 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\Windows\system32\drivers\amd_xata.sys
18:29:32.0350 3584 amd_xata - ok
18:29:32.0414 3584 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:29:32.0524 3584 AppID - ok
18:29:32.0620 3584 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:29:32.0673 3584 AppIDSvc - ok
18:29:32.0687 3584 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:29:32.0718 3584 Appinfo - ok
18:29:32.0775 3584 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
18:29:32.0785 3584 arc - ok
18:29:32.0823 3584 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
18:29:32.0833 3584 arcsas - ok
18:29:32.0923 3584 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:29:32.0950 3584 aspnet_state - ok
18:29:32.0992 3584 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:29:33.0035 3584 AsyncMac - ok
18:29:33.0082 3584 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:29:33.0091 3584 atapi - ok
18:29:33.0145 3584 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\drivers\AtiPcie64.sys
18:29:33.0153 3584 AtiPcie - ok
18:29:33.0175 3584 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:29:33.0215 3584 AudioEndpointBuilder - ok
18:29:33.0225 3584 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:29:33.0256 3584 AudioSrv - ok
18:29:33.0277 3584 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:29:33.0305 3584 AxInstSV - ok
18:29:33.0333 3584 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
18:29:33.0387 3584 b06bdrv - ok
18:29:33.0418 3584 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:29:33.0446 3584 b57nd60a - ok
18:29:33.0486 3584 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:29:33.0509 3584 BDESVC - ok
18:29:33.0526 3584 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:29:33.0574 3584 Beep - ok
18:29:33.0633 3584 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:29:33.0678 3584 BFE - ok
18:29:33.0835 3584 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
18:29:33.0897 3584 BITS - ok
18:29:33.0943 3584 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
18:29:33.0955 3584 blbdrive - ok
18:29:34.0037 3584 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:29:34.0072 3584 bowser - ok
18:29:34.0095 3584 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
18:29:34.0108 3584 BrFiltLo - ok
18:29:34.0123 3584 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
18:29:34.0137 3584 BrFiltUp - ok
18:29:34.0203 3584 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:29:34.0240 3584 BridgeMP - ok
18:29:34.0265 3584 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:29:34.0301 3584 Browser - ok
18:29:34.0317 3584 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:29:34.0351 3584 Brserid - ok
18:29:34.0378 3584 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:29:34.0404 3584 BrSerWdm - ok
18:29:34.0417 3584 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:29:34.0440 3584 BrUsbMdm - ok
18:29:34.0459 3584 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:29:34.0470 3584 BrUsbSer - ok
18:29:34.0482 3584 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
18:29:34.0510 3584 BTHMODEM - ok
18:29:34.0554 3584 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:29:34.0605 3584 bthserv - ok
18:29:35.0130 3584 CarboniteService (9da7d983b4e9ea2d065edf566ca64fc8) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
18:29:35.0302 3584 CarboniteService - ok
18:29:35.0334 3584 catchme - ok
18:29:35.0403 3584 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:29:35.0443 3584 cdfs - ok
18:29:35.0495 3584 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:29:35.0517 3584 cdrom - ok
18:29:35.0560 3584 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:29:35.0601 3584 CertPropSvc - ok
18:29:35.0664 3584 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
18:29:35.0694 3584 circlass - ok
18:29:35.0710 3584 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:29:35.0727 3584 CLFS - ok
18:29:35.0767 3584 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:29:35.0776 3584 clr_optimization_v2.0.50727_32 - ok
18:29:35.0813 3584 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:29:35.0823 3584 clr_optimization_v2.0.50727_64 - ok
18:29:35.0873 3584 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:29:35.0924 3584 clr_optimization_v4.0.30319_32 - ok
18:29:35.0968 3584 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:29:35.0979 3584 clr_optimization_v4.0.30319_64 - ok
18:29:36.0028 3584 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
18:29:36.0051 3584 CmBatt - ok
18:29:36.0069 3584 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:29:36.0078 3584 cmdide - ok
18:29:36.0127 3584 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:29:36.0147 3584 CNG - ok
18:29:36.0168 3584 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
18:29:36.0177 3584 Compbatt - ok
18:29:36.0224 3584 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:29:36.0242 3584 CompositeBus - ok
18:29:36.0261 3584 COMSysApp - ok
18:29:36.0296 3584 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
18:29:36.0306 3584 crcdisk - ok
18:29:36.0328 3584 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
18:29:36.0369 3584 CryptSvc - ok
18:29:36.0471 3584 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:29:36.0491 3584 cvhsvc - ok
18:29:36.0531 3584 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:29:36.0575 3584 DcomLaunch - ok
18:29:36.0625 3584 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:29:36.0658 3584 defragsvc - ok
18:29:36.0737 3584 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:29:36.0776 3584 DfsC - ok
18:29:36.0829 3584 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:29:36.0865 3584 Dhcp - ok
18:29:36.0906 3584 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:29:36.0960 3584 discache - ok
18:29:36.0987 3584 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
18:29:37.0000 3584 Disk - ok
18:29:37.0035 3584 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:29:37.0068 3584 Dnscache - ok
18:29:37.0093 3584 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:29:37.0124 3584 dot3svc - ok
18:29:37.0137 3584 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:29:37.0175 3584 DPS - ok
18:29:37.0214 3584 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:29:37.0234 3584 drmkaud - ok
18:29:37.0265 3584 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:29:37.0284 3584 DXGKrnl - ok
18:29:37.0299 3584 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:29:37.0330 3584 EapHost - ok
18:29:37.0404 3584 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
18:29:37.0475 3584 ebdrv - ok
18:29:37.0498 3584 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:29:37.0513 3584 EFS - ok
18:29:37.0575 3584 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:29:37.0613 3584 ehRecvr - ok
18:29:37.0656 3584 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:29:37.0670 3584 ehSched - ok
18:29:37.0763 3584 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
18:29:37.0779 3584 elxstor - ok
18:29:37.0818 3584 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:29:37.0879 3584 ErrDev - ok
18:29:37.0910 3584 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:29:37.0960 3584 EventSystem - ok
18:29:38.0040 3584 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:29:38.0072 3584 exfat - ok
18:29:38.0120 3584 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:29:38.0164 3584 fastfat - ok
18:29:38.0238 3584 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:29:38.0274 3584 Fax - ok
18:29:38.0339 3584 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
18:29:38.0359 3584 fdc - ok
18:29:38.0478 3584 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:29:38.0528 3584 fdPHost - ok
18:29:38.0673 3584 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:29:38.0702 3584 FDResPub - ok
18:29:38.0784 3584 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:29:38.0793 3584 FileInfo - ok
18:29:38.0824 3584 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:29:38.0857 3584 Filetrace - ok
18:29:38.0897 3584 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
18:29:38.0908 3584 flpydisk - ok
18:29:38.0926 3584 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:29:38.0939 3584 FltMgr - ok
18:29:39.0002 3584 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:29:39.0061 3584 FontCache - ok
18:29:39.0137 3584 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:29:39.0154 3584 FontCache3.0.0.0 - ok
18:29:39.0174 3584 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:29:39.0183 3584 FsDepends - ok
18:29:39.0221 3584 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:29:39.0229 3584 Fs_Rec - ok
18:29:39.0247 3584 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:29:39.0260 3584 fvevol - ok
18:29:39.0283 3584 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
18:29:39.0307 3584 gagp30kx - ok
18:29:39.0376 3584 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
18:29:39.0395 3584 GamesAppService - ok
18:29:39.0458 3584 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:29:39.0513 3584 gpsvc - ok
18:29:39.0539 3584 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:29:39.0571 3584 hcw85cir - ok
18:29:39.0618 3584 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:29:39.0642 3584 HdAudAddService - ok
18:29:39.0663 3584 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:29:39.0682 3584 HDAudBus - ok
18:29:39.0698 3584 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
18:29:39.0723 3584 HidBatt - ok
18:29:39.0737 3584 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
18:29:39.0752 3584 HidBth - ok
18:29:39.0795 3584 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
18:29:39.0809 3584 HidIr - ok
18:29:39.0824 3584 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
18:29:39.0858 3584 hidserv - ok
18:29:39.0940 3584 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:29:39.0951 3584 HidUsb - ok
18:29:39.0966 3584 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:29:40.0006 3584 hkmsvc - ok
18:29:40.0046 3584 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:29:40.0082 3584 HomeGroupListener - ok
18:29:40.0127 3584 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:29:40.0168 3584 HomeGroupProvider - ok
18:29:40.0285 3584 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
18:29:40.0305 3584 HP Support Assistant Service - ok
18:29:40.0372 3584 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
18:29:40.0384 3584 HPClientSvc - ok
18:29:40.0418 3584 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
18:29:40.0426 3584 HPDrvMntSvc.exe - ok
18:29:40.0502 3584 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
18:29:40.0532 3584 hpqwmiex - ok
18:29:40.0571 3584 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:29:40.0580 3584 HpSAMD - ok
18:29:40.0654 3584 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:29:40.0710 3584 HTTP - ok
18:29:40.0767 3584 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:29:40.0795 3584 hwpolicy - ok
18:29:40.0856 3584 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:29:40.0869 3584 i8042prt - ok
18:29:40.0918 3584 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:29:40.0932 3584 iaStorV - ok
18:29:41.0053 3584 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:29:41.0083 3584 idsvc - ok
18:29:41.0225 3584 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:29:41.0376 3584 igfx - ok
18:29:41.0395 3584 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
18:29:41.0411 3584 iirsp - ok
18:29:41.0467 3584 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:29:41.0524 3584 IKEEXT - ok
18:29:41.0793 3584 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
18:29:41.0829 3584 IntcAzAudAddService - ok
18:29:41.0944 3584 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:29:41.0962 3584 intelide - ok
18:29:42.0025 3584 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
18:29:42.0046 3584 intelppm - ok
18:29:42.0093 3584 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:29:42.0129 3584 IPBusEnum - ok
18:29:42.0200 3584 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:29:42.0239 3584 IpFilterDriver - ok
18:29:42.0307 3584 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:29:42.0351 3584 iphlpsvc - ok
18:29:42.0369 3584 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:29:42.0394 3584 IPMIDRV - ok
18:29:42.0408 3584 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:29:42.0438 3584 IPNAT - ok
18:29:42.0474 3584 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:29:42.0489 3584 IRENUM - ok
18:29:42.0509 3584 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:29:42.0518 3584 isapnp - ok
18:29:42.0551 3584 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:29:42.0564 3584 iScsiPrt - ok
18:29:42.0578 3584 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:29:42.0586 3584 kbdclass - ok
18:29:42.0603 3584 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:29:42.0626 3584 kbdhid - ok
18:29:42.0692 3584 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:29:42.0703 3584 KeyIso - ok
18:29:42.0726 3584 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:29:42.0736 3584 KSecDD - ok
18:29:42.0934 3584 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:29:42.0954 3584 KSecPkg - ok
18:29:42.0999 3584 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:29:43.0035 3584 ksthunk - ok
18:29:43.0065 3584 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:29:43.0117 3584 KtmRm - ok
18:29:43.0179 3584 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
18:29:43.0223 3584 LanmanServer - ok
18:29:43.0243 3584 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:29:43.0292 3584 LanmanWorkstation - ok
18:29:43.0351 3584 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:29:43.0383 3584 lltdio - ok
18:29:43.0411 3584 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:29:43.0450 3584 lltdsvc - ok
18:29:43.0486 3584 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:29:43.0515 3584 lmhosts - ok
18:29:43.0560 3584 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
18:29:43.0570 3584 LSI_FC - ok
18:29:43.0668 3584 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
18:29:43.0679 3584 LSI_SAS - ok
18:29:43.0694 3584 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
18:29:43.0704 3584 LSI_SAS2 - ok
18:29:43.0728 3584 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
18:29:43.0745 3584 LSI_SCSI - ok
18:29:43.0762 3584 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:29:43.0795 3584 luafv - ok
18:29:43.0841 3584 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:29:43.0855 3584 Mcx2Svc - ok
18:29:43.0879 3584 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
18:29:43.0888 3584 megasas - ok
18:29:43.0910 3584 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
18:29:43.0924 3584 MegaSR - ok
18:29:43.0974 3584 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
18:29:43.0984 3584 mfeapfk - ok
18:29:44.0052 3584 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
18:29:44.0069 3584 mfehidk - ok
18:29:44.0119 3584 mfevtp (3ed58a36f7f7d60f0ef44d29810b0b80) C:\Windows\system32\mfevtps.exe
18:29:44.0129 3584 mfevtp - ok
18:29:44.0140 3584 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:29:44.0177 3584 MMCSS - ok
18:29:44.0198 3584 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:29:44.0239 3584 Modem - ok
18:29:44.0260 3584 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:29:44.0279 3584 monitor - ok
18:29:44.0334 3584 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:29:44.0342 3584 mouclass - ok
18:29:44.0356 3584 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:29:44.0376 3584 mouhid - ok
18:29:44.0413 3584 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:29:44.0423 3584 mountmgr - ok
18:29:44.0450 3584 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:29:44.0469 3584 mpio - ok
18:29:44.0485 3584 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:29:44.0514 3584 mpsdrv - ok
18:29:44.0535 3584 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:29:44.0573 3584 MpsSvc - ok
18:29:44.0616 3584 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:29:44.0659 3584 MRxDAV - ok
18:29:44.0747 3584 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:29:44.0790 3584 mrxsmb - ok
18:29:44.0813 3584 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:29:44.0831 3584 mrxsmb10 - ok
18:29:44.0849 3584 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:29:44.0862 3584 mrxsmb20 - ok
18:29:44.0878 3584 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:29:44.0887 3584 msahci - ok
18:29:44.0912 3584 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:29:44.0922 3584 msdsm - ok
18:29:44.0934 3584 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:29:44.0956 3584 MSDTC - ok
18:29:44.0971 3584 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:29:44.0999 3584 Msfs - ok
18:29:45.0011 3584 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:29:45.0040 3584 mshidkmdf - ok
18:29:45.0071 3584 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:29:45.0079 3584 msisadrv - ok
18:29:45.0146 3584 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:29:45.0178 3584 MSiSCSI - ok
18:29:45.0229 3584 msiserver - ok
18:29:45.0285 3584 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:29:45.0322 3584 MSKSSRV - ok
18:29:45.0334 3584 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:29:45.0372 3584 MSPCLOCK - ok
18:29:45.0387 3584 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:29:45.0424 3584 MSPQM - ok
18:29:45.0447 3584 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:29:45.0460 3584 MsRPC - ok
18:29:45.0473 3584 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:29:45.0481 3584 mssmbios - ok
18:29:45.0520 3584 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:29:45.0562 3584 MSTEE - ok
18:29:45.0610 3584 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
18:29:45.0630 3584 MTConfig - ok
18:29:45.0667 3584 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:29:45.0676 3584 Mup - ok
18:29:45.0768 3584 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:29:45.0806 3584 napagent - ok
18:29:45.0869 3584 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:29:45.0900 3584 NativeWifiP - ok
18:29:45.0958 3584 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:29:45.0980 3584 NDIS - ok
18:29:45.0997 3584 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:29:46.0027 3584 NdisCap - ok
18:29:46.0047 3584 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:29:46.0076 3584 NdisTapi - ok
18:29:46.0090 3584 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:29:46.0129 3584 Ndisuio - ok
18:29:46.0149 3584 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:29:46.0187 3584 NdisWan - ok
18:29:46.0213 3584 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:29:46.0241 3584 NDProxy - ok
18:29:46.0252 3584 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:29:46.0290 3584 NetBIOS - ok
18:29:46.0320 3584 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:29:46.0349 3584 NetBT - ok
18:29:46.0405 3584 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:29:46.0416 3584 Netlogon - ok
18:29:46.0466 3584 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:29:46.0500 3584 Netman - ok
18:29:46.0581 3584 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:29:46.0601 3584 NetMsmqActivator - ok
18:29:46.0605 3584 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:29:46.0613 3584 NetPipeActivator - ok
18:29:46.0695 3584 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:29:46.0757 3584 netprofm - ok
18:29:46.0763 3584 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:29:46.0772 3584 NetTcpActivator - ok
18:29:46.0776 3584 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:29:46.0784 3584 NetTcpPortSharing - ok
18:29:46.0933 3584 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
18:29:46.0947 3584 nfrd960 - ok
18:29:46.0993 3584 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:29:47.0032 3584 NlaSvc - ok
18:29:47.0074 3584 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:29:47.0103 3584 Npfs - ok
18:29:47.0115 3584 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:29:47.0151 3584 nsi - ok
18:29:47.0168 3584 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:29:47.0197 3584 nsiproxy - ok
18:29:47.0251 3584 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:29:47.0301 3584 Ntfs - ok
18:29:47.0315 3584 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:29:47.0343 3584 Null - ok
18:29:47.0392 3584 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:29:47.0404 3584 nvraid - ok
18:29:47.0454 3584 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:29:47.0466 3584 nvstor - ok
18:29:47.0590 3584 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:29:47.0605 3584 nv_agp - ok
18:29:47.0626 3584 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:29:47.0639 3584 ohci1394 - ok
18:29:47.0745 3584 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:29:47.0755 3584 ose - ok
18:29:47.0866 3584 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:29:47.0985 3584 osppsvc - ok
18:29:48.0092 3584 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:29:48.0141 3584 p2pimsvc - ok
18:29:48.0201 3584 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:29:48.0218 3584 p2psvc - ok
18:29:48.0275 3584 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
18:29:48.0287 3584 Parport - ok
18:29:48.0314 3584 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:29:48.0323 3584 partmgr - ok
18:29:48.0339 3584 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:29:48.0362 3584 PcaSvc - ok
18:29:48.0382 3584 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:29:48.0393 3584 pci - ok
18:29:48.0419 3584 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:29:48.0432 3584 pciide - ok
18:29:48.0461 3584 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
18:29:48.0473 3584 pcmcia - ok
18:29:48.0491 3584 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:29:48.0499 3584 pcw - ok
18:29:48.0578 3584 pdfcDispatcher - ok
18:29:48.0671 3584 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:29:48.0742 3584 PEAUTH - ok
18:29:48.0804 3584 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:29:48.0826 3584 PerfHost - ok
18:29:48.0970 3584 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:29:49.0032 3584 pla - ok
18:29:49.0096 3584 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:29:49.0131 3584 PlugPlay - ok
18:29:49.0142 3584 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:29:49.0162 3584 PNRPAutoReg - ok
18:29:49.0191 3584 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:29:49.0204 3584 PNRPsvc - ok
18:29:49.0228 3584 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:29:49.0270 3584 PolicyAgent - ok
18:29:49.0291 3584 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:29:49.0328 3584 Power - ok
18:29:49.0402 3584 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:29:49.0440 3584 PptpMiniport - ok
18:29:49.0535 3584 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
18:29:49.0565 3584 Processor - ok
18:29:49.0633 3584 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
18:29:49.0672 3584 ProfSvc - ok
18:29:49.0686 3584 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:29:49.0697 3584 ProtectedStorage - ok
18:29:49.0718 3584 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:29:49.0747 3584 Psched - ok
18:29:49.0863 3584 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
18:29:49.0918 3584 ql2300 - ok
18:29:49.0945 3584 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
18:29:49.0963 3584 ql40xx - ok
18:29:49.0990 3584 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:29:50.0008 3584 QWAVE - ok
18:29:50.0025 3584 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:29:50.0063 3584 QWAVEdrv - ok
18:29:50.0097 3584 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:29:50.0126 3584 RasAcd - ok
18:29:50.0175 3584 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:29:50.0205 3584 RasAgileVpn - ok
18:29:50.0231 3584 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:29:50.0265 3584 RasAuto - ok
18:29:50.0280 3584 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:29:50.0318 3584 Rasl2tp - ok
18:29:50.0354 3584 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:29:50.0386 3584 RasMan - ok
18:29:50.0401 3584 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:29:50.0440 3584 RasPppoe - ok
18:29:50.0458 3584 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:29:50.0488 3584 RasSstp - ok
18:29:50.0526 3584 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:29:50.0562 3584 rdbss - ok
18:29:50.0615 3584 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
18:29:50.0629 3584 rdpbus - ok
18:29:50.0661 3584 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:29:50.0695 3584 RDPCDD - ok
18:29:50.0745 3584 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:29:50.0787 3584 RDPENCDD - ok
18:29:50.0909 3584 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:29:50.0937 3584 RDPREFMP - ok
18:29:51.0035 3584 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
18:29:51.0083 3584 RDPWD - ok
18:29:51.0116 3584 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:29:51.0128 3584 rdyboost - ok
18:29:51.0149 3584 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:29:51.0185 3584 RemoteAccess - ok
18:29:51.0233 3584 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:29:51.0270 3584 RemoteRegistry - ok
18:29:51.0323 3584 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
18:29:51.0339 3584 RoxioNow Service - ok
18:29:51.0363 3584 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:29:51.0403 3584 RpcEptMapper - ok
18:29:51.0414 3584 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:29:51.0427 3584 RpcLocator - ok
18:29:51.0443 3584 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:29:51.0475 3584 RpcSs - ok
18:29:51.0526 3584 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:29:51.0561 3584 rspndr - ok
18:29:51.0665 3584 RTL8167 (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:29:51.0677 3584 RTL8167 - ok
18:29:51.0700 3584 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:29:51.0711 3584 SamSs - ok
18:29:51.0822 3584 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:29:51.0843 3584 sbp2port - ok
18:29:51.0871 3584 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:29:51.0903 3584 SCardSvr - ok
18:29:51.0937 3584 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:29:51.0971 3584 scfilter - ok
18:29:52.0001 3584 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:29:52.0056 3584 Schedule - ok
18:29:52.0101 3584 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:29:52.0128 3584 SCPolicySvc - ok
18:29:52.0205 3584 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:29:52.0239 3584 SDRSVC - ok
18:29:52.0307 3584 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
18:29:52.0318 3584 SeaPort - ok
18:29:52.0344 3584 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:29:52.0397 3584 secdrv - ok
18:29:52.0442 3584 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:29:52.0470 3584 seclogon - ok
18:29:52.0525 3584 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
18:29:52.0578 3584 SENS - ok
18:29:52.0633 3584 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:29:52.0671 3584 SensrSvc - ok
18:29:52.0726 3584 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
18:29:52.0747 3584 Serenum - ok
18:29:52.0774 3584 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
18:29:52.0795 3584 Serial - ok
18:29:52.0813 3584 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
18:29:52.0837 3584 sermouse - ok
18:29:52.0858 3584 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:29:52.0893 3584 SessionEnv - ok
18:29:52.0920 3584 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:29:52.0939 3584 sffdisk - ok
18:29:52.0947 3584 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:29:52.0961 3584 sffp_mmc - ok
18:29:52.0981 3584 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:29:52.0995 3584 sffp_sd - ok
18:29:53.0012 3584 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
18:29:53.0024 3584 sfloppy - ok
18:29:53.0064 3584 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
18:29:53.0080 3584 Sftfs - ok
18:29:53.0180 3584 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
18:29:53.0195 3584 sftlist - ok
18:29:53.0213 3584 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
18:29:53.0223 3584 Sftplay - ok
18:29:53.0239 3584 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
18:29:53.0245 3584 Sftredir - ok
18:29:53.0329 3584 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
18:29:53.0336 3584 Sftvol - ok
18:29:53.0404 3584 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
18:29:53.0422 3584 sftvsa - ok
18:29:53.0452 3584 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:29:53.0485 3584 SharedAccess - ok
18:29:53.0520 3584 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:29:53.0570 3584 ShellHWDetection - ok
18:29:53.0608 3584 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
18:29:53.0617 3584 SiSRaid2 - ok
18:29:53.0638 3584 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
18:29:53.0647 3584 SiSRaid4 - ok
18:29:53.0693 3584 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:29:53.0746 3584 Smb - ok
18:29:53.0790 3584 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:29:53.0811 3584 SNMPTRAP - ok
18:29:53.0836 3584 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:29:53.0843 3584 spldr - ok
18:29:53.0876 3584 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:29:53.0911 3584 Spooler - ok
18:29:54.0278 3584 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:29:54.0385 3584 sppsvc - ok
18:29:54.0399 3584 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:29:54.0432 3584 sppuinotify - ok
18:29:54.0489 3584 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:29:54.0532 3584 srv - ok
18:29:54.0557 3584 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:29:54.0580 3584 srv2 - ok
18:29:54.0617 3584 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:29:54.0630 3584 srvnet - ok
18:29:54.0669 3584 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:29:54.0711 3584 SSDPSRV - ok
18:29:54.0748 3584 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:29:54.0779 3584 SstpSvc - ok
18:29:54.0803 3584 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
18:29:54.0820 3584 stexstor - ok
18:29:54.0881 3584 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:29:54.0903 3584 stisvc - ok
18:29:54.0937 3584 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:29:54.0944 3584 swenum - ok
18:29:54.0964 3584 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:29:55.0004 3584 swprv - ok
18:29:55.0095 3584 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:29:55.0158 3584 SysMain - ok
18:29:55.0184 3584 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:29:55.0205 3584 TabletInputService - ok
18:29:55.0226 3584 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:29:55.0261 3584 TapiSrv - ok
18:29:55.0287 3584 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:29:55.0316 3584 TBS - ok
18:29:55.0535 3584 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:29:55.0590 3584 Tcpip - ok
18:29:55.0651 3584 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:29:55.0681 3584 TCPIP6 - ok
18:29:55.0800 3584 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:29:55.0832 3584 tcpipreg - ok
18:29:55.0850 3584 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:29:55.0862 3584 TDPIPE - ok
18:29:55.0894 3584 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:29:55.0915 3584 TDTCP - ok
18:29:55.0935 3584 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:29:55.0963 3584 tdx - ok
18:29:55.0991 3584 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:29:55.0999 3584 TermDD - ok
18:29:56.0043 3584 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:29:56.0088 3584 TermService - ok
18:29:56.0101 3584 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:29:56.0117 3584 Themes - ok
18:29:56.0145 3584 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:29:56.0174 3584 THREADORDER - ok
18:29:56.0186 3584 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:29:56.0217 3584 TrkWks - ok
18:29:56.0235 3584 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:29:56.0273 3584 TrustedInstaller - ok
18:29:56.0284 3584 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:29:56.0317 3584 tssecsrv - ok
18:29:56.0360 3584 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:29:56.0381 3584 TsUsbFlt - ok
18:29:56.0409 3584 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
18:29:56.0420 3584 TsUsbGD - ok
18:29:56.0470 3584 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:29:56.0507 3584 tunnel - ok
18:29:56.0522 3584 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
18:29:56.0537 3584 uagp35 - ok
18:29:56.0558 3584 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:29:56.0599 3584 udfs - ok
18:29:56.0634 3584 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:29:56.0648 3584 UI0Detect - ok
18:29:56.0697 3584 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:29:56.0706 3584 uliagpkx - ok
18:29:56.0751 3584 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
18:29:56.0762 3584 umbus - ok
18:29:56.0793 3584 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
18:29:56.0815 3584 UmPass - ok
18:29:56.0836 3584 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:29:56.0876 3584 upnphost - ok
18:29:56.0947 3584 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:29:56.0965 3584 usbccgp - ok
18:29:56.0986 3584 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:29:57.0001 3584 usbcir - ok
18:29:57.0017 3584 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:29:57.0033 3584 usbehci - ok
18:29:57.0052 3584 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\drivers\usbfilter.sys
18:29:57.0060 3584 usbfilter - ok
18:29:57.0079 3584 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:29:57.0104 3584 usbhub - ok
18:29:57.0120 3584 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
18:29:57.0136 3584 usbohci - ok
18:29:57.0193 3584 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:29:57.0212 3584 usbprint - ok
18:29:57.0226 3584 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:29:57.0240 3584 usbscan - ok
18:29:57.0261 3584 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:29:57.0288 3584 USBSTOR - ok
18:29:57.0309 3584 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:29:57.0329 3584 usbuhci - ok
18:29:57.0352 3584 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:29:57.0392 3584 UxSms - ok
18:29:57.0411 3584 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:29:57.0422 3584 VaultSvc - ok
18:29:57.0485 3584 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:29:57.0494 3584 vdrvroot - ok
18:29:57.0511 3584 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:29:57.0552 3584 vds - ok
18:29:57.0597 3584 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:29:57.0611 3584 vga - ok
18:29:57.0668 3584 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:29:57.0706 3584 VgaSave - ok
18:29:57.0730 3584 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:29:57.0741 3584 vhdmp - ok
18:29:57.0769 3584 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:29:57.0778 3584 viaide - ok
18:29:57.0795 3584 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:29:57.0804 3584 volmgr - ok
18:29:57.0826 3584 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:29:57.0840 3584 volmgrx - ok
18:29:57.0854 3584 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:29:57.0867 3584 volsnap - ok
18:29:57.0889 3584 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
18:29:57.0899 3584 vsmraid - ok
18:29:57.0955 3584 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:29:58.0017 3584 VSS - ok
18:29:58.0041 3584 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:29:58.0066 3584 vwifibus - ok
18:29:58.0118 3584 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:29:58.0152 3584 W32Time - ok
18:29:58.0177 3584 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
18:29:58.0193 3584 WacomPen - ok
18:29:58.0240 3584 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:29:58.0273 3584 WANARP - ok
18:29:58.0277 3584 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:29:58.0304 3584 Wanarpv6 - ok
18:29:58.0372 3584 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:29:58.0423 3584 WatAdminSvc - ok
18:29:58.0455 3584 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:29:58.0509 3584 wbengine - ok
18:29:58.0526 3584 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:29:58.0544 3584 WbioSrvc - ok
18:29:58.0612 3584 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:29:58.0644 3584 wcncsvc - ok
18:29:58.0663 3584 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:29:58.0680 3584 WcsPlugInService - ok
18:29:58.0716 3584 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
18:29:58.0728 3584 Wd - ok
18:29:58.0767 3584 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:29:58.0785 3584 Wdf01000 - ok
18:29:58.0798 3584 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:29:58.0871 3584 WdiServiceHost - ok
18:29:58.0874 3584 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:29:58.0890 3584 WdiSystemHost - ok
18:29:58.0929 3584 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:29:58.0948 3584 WebClient - ok
18:29:58.0991 3584 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:29:59.0036 3584 Wecsvc - ok
18:29:59.0074 3584 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:29:59.0112 3584 wercplsupport - ok
18:29:59.0157 3584 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:29:59.0187 3584 WerSvc - ok
18:29:59.0225 3584 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:29:59.0254 3584 WfpLwf - ok
18:29:59.0286 3584 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:29:59.0295 3584 WIMMount - ok
18:29:59.0311 3584 WinDefend - ok
18:29:59.0319 3584 WinHttpAutoProxySvc - ok
18:29:59.0360 3584 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:29:59.0391 3584 Winmgmt - ok
18:29:59.0433 3584 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:29:59.0502 3584 WinRM - ok
18:29:59.0600 3584 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:29:59.0614 3584 WinUsb - ok
18:29:59.0746 3584 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:29:59.0798 3584 Wlansvc - ok
18:29:59.0869 3584 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:29:59.0881 3584 wlcrasvc - ok
18:29:59.0968 3584 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:30:00.0025 3584 wlidsvc - ok
18:30:00.0049 3584 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:30:00.0062 3584 WmiAcpi - ok
18:30:00.0108 3584 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:30:00.0136 3584 wmiApSrv - ok
18:30:00.0178 3584 WMPNetworkSvc - ok
18:30:00.0217 3584 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:30:00.0230 3584 WPCSvc - ok
18:30:00.0247 3584 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:30:00.0262 3584 WPDBusEnum - ok
18:30:00.0280 3584 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:30:00.0308 3584 ws2ifsl - ok
18:30:00.0344 3584 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
18:30:00.0369 3584 wscsvc - ok
18:30:00.0376 3584 WSearch - ok
18:30:00.0522 3584 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
18:30:00.0603 3584 wuauserv - ok
18:30:00.0634 3584 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:30:00.0671 3584 WudfPf - ok
18:30:00.0730 3584 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:30:00.0760 3584 WUDFRd - ok
18:30:00.0793 3584 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:30:00.0822 3584 wudfsvc - ok
18:30:00.0879 3584 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:30:00.0917 3584 WwanSvc - ok
18:30:00.0965 3584 MBR (0x1B8) (6f9dd6ab827c8b46cad334291946f201) \Device\Harddisk0\DR0
18:30:02.0686 3584 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:30:02.0686 3584 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:30:02.0703 3584 Boot (0x1200) (b920e4bc4db2a2f85672de53afd62e83) \Device\Harddisk0\DR0\Partition0
18:30:02.0705 3584 \Device\Harddisk0\DR0\Partition0 - ok
18:30:02.0716 3584 Boot (0x1200) (6c565c6c6da482cbbc6f595924924585) \Device\Harddisk0\DR0\Partition1
18:30:02.0726 3584 \Device\Harddisk0\DR0\Partition1 - ok
18:30:02.0750 3584 Boot (0x1200) (bff80509c2c7cfccb6c9f2aed897ec2b) \Device\Harddisk0\DR0\Partition2
18:30:02.0751 3584 \Device\Harddisk0\DR0\Partition2 - ok
18:30:02.0751 3584 ============================================================
18:30:02.0751 3584 Scan finished
18:30:02.0751 3584 ============================================================
18:30:02.0762 3100 Detected object count: 1
18:30:02.0762 3100 Actual detected object count: 1
18:30:14.0697 3100 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
18:30:14.0699 3100 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
18:30:14.0712 3100 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
18:30:14.0718 3100 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
18:30:14.0732 3100 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
18:30:14.0741 3100 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
18:30:14.0742 3100 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
18:30:14.0743 3100 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
18:30:14.0745 3100 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
18:30:14.0747 3100 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
18:30:14.0750 3100 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
18:30:14.0751 3100 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
18:30:14.0752 3100 \Device\Harddisk0\DR0\TDLFS - deleted
18:30:14.0752 3100 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

#20 headinhome

headinhome

    New Member

  • Members
  • Pip
  • 39 posts

Posted 04 April 2012 - 06:56 PM

combofix...


ComboFix 12-04-04.02 - Aug-11 04/04/2012 18:35:53.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.2176 [GMT -5:00]
Running from: c:\users\Aug-11\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Aug-11\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
.
.
2012-04-04 23:39 . 2012-04-04 23:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-04 05:21 . 2012-04-04 05:21 0 ----a-w- c:\windows\SysWow64\sho4D58.tmp
2012-04-04 05:19 . 2011-10-15 17:16 647080 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-04-04 05:19 . 2011-11-18 21:36 161168 ----a-w- c:\windows\system32\mfevtps.exe
2012-04-04 05:18 . 2012-04-04 05:18 -------- d-----w- c:\programdata\McAfee
2012-04-03 23:35 . 2012-04-04 23:30 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-03 10:46 . 2012-04-03 10:46 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F89A2F2-CE23-4A69-AFE1-7358AC940FE3}\offreg.dll
2012-04-03 07:01 . 2012-03-20 08:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F89A2F2-CE23-4A69-AFE1-7358AC940FE3}\mpengine.dll
2012-04-01 19:24 . 2012-04-01 19:24 -------- d-----w- c:\program files\Carbonite
2012-04-01 19:24 . 2012-04-01 19:24 -------- d-----w- c:\programdata\Carbonite
2012-04-01 19:24 . 2012-04-01 19:24 -------- d-----w- c:\program files (x86)\Carbonite
2012-04-01 02:25 . 2012-04-01 17:40 -------- d-----w- c:\users\Aug-11\AppData\Local\{5A6D2003-7B79-11E1-826D-B8AC6F996F26}
2012-03-29 01:06 . 2012-03-29 01:06 -------- d-----w- c:\users\Aug-11\AppData\Roaming\SUPERAntiSpyware.com
2012-03-29 01:06 . 2012-04-01 17:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-29 01:06 . 2012-03-29 01:06 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-29 00:19 . 2012-03-29 00:19 -------- d-----w- c:\program files (x86)\PC Tools
2012-03-29 00:16 . 2012-03-29 00:47 -------- d-----w- c:\programdata\PC Tools
2012-03-29 00:16 . 2012-03-29 00:16 -------- d-----w- c:\users\Aug-11\AppData\Roaming\TestApp
2012-03-28 12:57 . 2012-03-28 12:57 -------- d-----w- c:\programdata\AVG Secure Search
2012-03-28 12:57 . 2012-04-01 17:40 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-03-28 12:57 . 2012-04-01 17:40 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-03-27 22:40 . 2012-03-13 04:39 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-27 22:40 . 2012-03-13 04:39 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-27 22:28 . 2012-03-27 22:29 -------- d-----w- c:\users\Aug-11\AppData\Roaming\Xaest
2012-03-27 22:28 . 2012-03-27 22:29 -------- d-----w- c:\users\Aug-11\AppData\Roaming\Quensi
2012-03-17 21:49 . 2012-03-17 21:49 -------- d-----w- c:\program files (x86)\ESET
2012-03-17 03:48 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-03-17 03:30 . 2012-04-01 17:33 -------- d-----w- c:\users\Aug-11\AppData\Roaming\Malwarebytes
2012-03-17 03:30 . 2012-04-01 17:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-17 03:30 . 2012-03-28 02:33 -------- d-----w- c:\programdata\Malwarebytes
2012-03-17 03:30 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-14 08:03 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 08:03 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 08:03 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 03:02 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 03:02 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 03:02 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 03:00 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 03:00 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 03:00 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 03:00 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 03:00 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 03:00 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 03:00 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 14:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-16 02:54 . 2011-08-13 06:23 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-28_03.43.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-04 23:39 . 2012-04-04 23:39 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-03-28 03:41 . 2012-03-28 03:41 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-03-16 18:02 . 2012-03-28 03:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-03-16 18:02 . 2012-04-01 14:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-04-01 14:47 . 2012-04-01 14:44 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040120120402\index.dat
+ 2012-03-27 22:26 . 2012-03-28 04:08 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012032720120328\index.dat
- 2012-03-27 22:26 . 2012-03-28 03:27 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012032720120328\index.dat
- 2012-03-16 18:02 . 2012-03-28 03:27 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-03-16 18:02 . 2012-04-01 14:44 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-11-21 03:09 . 2012-04-04 23:25 48808 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-04 23:25 35646 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-13 07:15 . 2012-04-04 23:25 10512 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2443618145-3234143949-2320547976-1000_UserData.bin
+ 2012-04-01 17:42 . 2012-04-04 00:40 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2011-02-11 19:25 . 2012-03-28 03:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-11 19:25 . 2012-04-04 23:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-11 19:25 . 2012-03-28 03:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-11 19:25 . 2012-04-04 23:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-04 23:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-28 03:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-13 05:36 . 2012-04-04 23:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-13 05:36 . 2012-03-28 03:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-03-16 17:58 . 2012-03-28 03:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-16 17:58 . 2012-04-03 23:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-16 17:58 . 2012-04-03 23:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2012-03-16 17:58 . 2012-03-28 03:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2012-03-16 17:58 . 2012-04-03 23:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2012-03-16 17:58 . 2012-03-28 03:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2011-08-13 05:36 . 2012-03-28 03:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-13 05:36 . 2012-04-04 23:23 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-13 05:36 . 2012-04-04 23:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-13 05:36 . 2012-03-28 03:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-13 07:15 . 2012-03-28 03:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-13 07:15 . 2012-04-04 23:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-13 07:15 . 2012-03-28 03:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-13 07:15 . 2012-04-04 23:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-14 03:44 . 2012-03-29 02:34 5414 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-04-04 23:40 . 2012-04-04 23:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-28 03:42 . 2012-03-28 03:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-04-04 23:40 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-11 18:41 . 2012-04-04 12:43 328494 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2012-03-28 03:27 660520 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-04 23:28 660520 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-28 03:27 121190 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-04 23:28 121190 c:\windows\system32\perfc009.dat
+ 2011-10-15 17:16 . 2011-10-15 17:16 160280 c:\windows\system32\drivers\mfeapfk.sys
+ 2009-07-14 05:01 . 2012-04-04 23:39 277296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-28 03:41 277296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-04-04 23:40 5177344 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-28 03:42 1458176 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-04 23:40 1458176 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-13 07:12 . 2012-03-28 03:09 1627496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-08-13 07:12 . 2012-04-04 13:06 1627496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-08-13 07:12 . 2012-03-28 03:41 1989984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2443618145-3234143949-2320547976-1000-8192.dat
+ 2011-08-13 07:12 . 2012-04-04 23:39 1989984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2443618145-3234143949-2320547976-1000-8192.dat
+ 2012-03-28 12:54 . 2012-03-28 12:54 2872832 c:\windows\Installer\1e32a47.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 21:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 21:54 175912 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-03-17 02:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-03-17 02:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-03-17 02:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-02-01 656920]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-03-17 1059984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-04 c:\windows\Tasks\HPCeeScheduleForAug-11.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-03-17 01:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-03-17 01:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-03-17 01:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Aug-11\AppData\Roaming\Mozilla\Firefox\Profiles\t5h1wh4w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Be379abac-22b4-479e-921f-fec664619ae5%7D&mid=740066f430df47d1abb6ed906db4abbc-ebe5aca7cfd32f9faede2535b753341eef991577&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2011-10-24%2023%3A59%3A26&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\08\06\0d\0f2\04v"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2012-04-04 18:43:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-04 23:43
ComboFix2.txt 2012-04-04 00:37
ComboFix3.txt 2012-03-28 04:04
.
Pre-Run: 773,720,489,984 bytes free
Post-Run: 773,685,772,288 bytes free
.
- - End Of File - - 39DEDA364BAFA40B859F7A44FAF41D02




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users