Jump to content

svchost trojan - search redirects


Recommended Posts

can't seem to remove svchost trojan. along with seeming to be running slower all my google and bing searches get redirected. please help. below are dds, mbam and roguekiller logs. THANKS!

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22

Run by Aug-11 at 21:35:33 on 2012-03-31

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.1609 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2012\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe

C:\Program Files (x86)\PDF Complete\pdfsvc.exe

C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

-netsvcs

C:\Windows\system32\conhost.exe

c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

BHO: AVG Do-Not-Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

dRun: [sysVer] "C:\Windows\system32\config\systemprofile\AppData\Local\MSRebar\SysVer\SysVer.exe"

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{B1FB28BE-9E27-4566-B7C3-E818386505AD} : DhcpNameServer = 192.168.2.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

BHO-X64: Conduit Engine - No File

BHO-X64: AVG Do-Not-Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO-X64: AVG Do-Not-Track - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll

BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

BHO-X64: Vuze Remote - No File

BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

Hosts: 94.63.147.22 www.google.com

Hosts: 94.63.147.23 www.bing.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Aug-11\AppData\Roaming\Mozilla\Firefox\Profiles\t5h1wh4w.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B524cc4d6-b3ab-4a88-9d73-cc368777775d%7D&mid=740066f430df47d1abb6ed906db4abbc-ebe5aca7cfd32f9faede2535b753341eef991577&ds=AVG&v=10.2.0.3〈=en&pr=fr&d=2012-03-28%2007%3A57%3A09&sap=ku&q=

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\system32\drivers\amd_sata.sys --> C:\Windows\system32\drivers\amd_sata.sys [?]

R0 amd_xata;amd_xata;C:\Windows\system32\drivers\amd_xata.sys --> C:\Windows\system32\drivers\amd_xata.sys [?]

R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\avgidseha.sys --> C:\Windows\system32\DRIVERS\avgidseha.sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-2-14 5104992]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-6-1 1127448]

R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-3-28 918880]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\drivers\usbfilter.sys --> C:\Windows\system32\drivers\usbfilter.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-04-01 02:25:25 -------- d-----w- C:\Users\Aug-11\AppData\Local\{5A6D2003-7B79-11E1-826D-B8AC6F996F26}

2012-03-31 20:02:01 20480 ----a-w- C:\Windows\svchost.exe

2012-03-31 13:36:43 -------- d-----w- C:\Users\Aug-11\AppData\Local\{CC8E1090-3A7E-4916-90BA-992BC03E943C}

2012-03-30 12:01:41 -------- d-----w- C:\Users\Aug-11\AppData\Local\{36052974-B56F-4D69-98CD-ABA4EB4EDCC5}

2012-03-29 23:43:05 -------- d-----w- C:\Users\Aug-11\AppData\Local\{1989AC9F-2FF3-4D5A-9F50-FD329BD2E4F6}

2012-03-29 21:06:45 -------- d-----w- C:\Users\Aug-11\AppData\Local\{F6072F4B-C1C8-4E3D-A5A6-C78973F8A40B}

2012-03-29 02:45:26 -------- d-----w- C:\Users\Aug-11\AppData\Local\{4757459F-2128-4A65-89F2-31D0F8414701}

2012-03-29 01:06:58 -------- d-----w- C:\Users\Aug-11\AppData\Roaming\SUPERAntiSpyware.com

2012-03-29 01:06:22 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2012-03-29 01:06:22 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2012-03-29 00:19:57 -------- d-----w- C:\Program Files (x86)\PC Tools

2012-03-29 00:16:42 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys

2012-03-29 00:16:41 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools

2012-03-29 00:16:07 -------- d-----w- C:\Users\Aug-11\AppData\Roaming\TestApp

2012-03-29 00:16:07 -------- d-----w- C:\ProgramData\PC Tools

2012-03-28 23:55:04 -------- d-----w- C:\Users\Aug-11\AppData\Roaming\AVG2012

2012-03-28 12:57:07 -------- d-----w- C:\ProgramData\AVG Secure Search

2012-03-28 12:57:04 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search

2012-03-28 12:57:04 -------- d-----w- C:\Program Files (x86)\AVG Secure Search

2012-03-28 12:55:58 -------- d-----w- C:\Windows\SysWow64\drivers\AVG

2012-03-28 12:55:23 -------- d-----w- C:\Windows\System32\drivers\AVG

2012-03-28 12:28:46 -------- d-----w- C:\Users\Aug-11\AppData\Local\{EB65F8D6-B9E9-4E9B-89ED-E7E8EA545D88}

2012-03-28 12:28:35 -------- d-----w- C:\Users\Aug-11\AppData\Local\{3DE67B08-976C-46B4-B511-12BE03117840}

2012-03-28 04:07:12 -------- d-sh--w- C:\$RECYCLE.BIN

2012-03-28 03:15:00 98816 ----a-w- C:\Windows\sed.exe

2012-03-28 03:15:00 518144 ----a-w- C:\Windows\SWREG.exe

2012-03-28 03:15:00 256000 ----a-w- C:\Windows\PEV.exe

2012-03-28 03:15:00 208896 ----a-w- C:\Windows\MBR.exe

2012-03-28 02:10:49 -------- d-----w- C:\Users\Aug-11\AppData\Local\{543A1248-BA24-4DD7-8D52-F9F1BAA246A6}

2012-03-28 02:10:38 -------- d-----w- C:\Users\Aug-11\AppData\Local\{F6019DD5-2DF0-44B8-B6AE-91148238F8B2}

2012-03-27 22:40:34 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-27 22:40:34 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll

2012-03-27 22:28:59 -------- d-----w- C:\Users\Aug-11\AppData\Roaming\Xaest

2012-03-27 22:28:59 -------- d-----w- C:\Users\Aug-11\AppData\Roaming\Quensi

2012-03-24 15:31:54 -------- d-----w- C:\Users\Aug-11\AppData\Local\{3F0B8F00-E9E8-4B79-9D34-8FF319577888}

2012-03-24 15:31:43 -------- d-----w- C:\Users\Aug-11\AppData\Local\{5EBF3213-C140-465B-97A9-335A706D5700}

2012-03-21 02:10:35 -------- d-----w- C:\Users\Aug-11\AppData\Local\{A4AA4B41-6D80-4123-8B79-81AC44AE4809}

2012-03-21 02:10:25 -------- d-----w- C:\Users\Aug-11\AppData\Local\{26D79D2A-EC60-4D64-90E4-C151E4EBFB04}

2012-03-18 03:07:56 -------- d-----w- C:\Users\Aug-11\AppData\Local\{464D1096-6E7B-40C2-BFA2-849780B1D289}

2012-03-18 03:07:44 -------- d-----w- C:\Users\Aug-11\AppData\Local\{22200AA3-8B88-4F1D-9157-D12C88CDDD8C}

2012-03-17 21:49:43 -------- d-----w- C:\Program Files (x86)\ESET

2012-03-17 15:03:15 -------- d-----w- C:\Users\Aug-11\AppData\Local\{D6B864A0-CC2B-4B1D-BFE4-EB7232611086}

2012-03-17 15:03:04 -------- d-----w- C:\Users\Aug-11\AppData\Local\{ED4D0DD1-82C6-41B2-BD4B-312EE14A99C6}

2012-03-17 03:48:16 200976 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys

2012-03-17 03:30:51 -------- d-----w- C:\Users\Aug-11\AppData\Roaming\Malwarebytes

2012-03-17 03:30:47 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-17 03:30:47 -------- d-----w- C:\ProgramData\Malwarebytes

2012-03-17 03:30:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-03-16 17:59:55 -------- d-----w- C:\Users\Aug-11\AppData\Local\{C11CE875-C519-4F0A-8A10-ED9EDBFC9C94}

2012-03-16 17:59:42 -------- d-----w- C:\Users\Aug-11\AppData\Local\{AB5517E7-89C4-430A-805E-66A9D50B6BC4}

2012-03-14 08:21:39 -------- d-----w- C:\Users\Aug-11\AppData\Local\{1EE1E69C-D5BD-4953-9F53-653A5C261B6A}

2012-03-14 08:21:28 -------- d-----w- C:\Users\Aug-11\AppData\Local\{B1E71EC1-A841-43C3-9F1D-219451F6119C}

2012-03-14 08:03:14 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-14 08:03:13 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-14 08:03:13 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-03-14 03:02:31 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-03-14 03:02:26 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-03-14 03:02:26 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-03-14 03:00:58 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-03-14 03:00:58 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-03-14 03:00:58 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-03-14 03:00:50 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-03-14 03:00:49 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-03-14 03:00:49 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-03-14 03:00:49 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-03-12 12:32:30 -------- d-----w- C:\Users\Aug-11\AppData\Local\{B192DEF9-034F-4E10-A902-8CB661D4C479}

2012-03-12 12:32:19 -------- d-----w- C:\Users\Aug-11\AppData\Local\{D72C8EC2-59B3-42C3-A629-72D86B56FF77}

2012-03-09 13:28:08 -------- d-----w- C:\Users\Aug-11\AppData\Local\{3C839183-38A6-4207-A614-1D962455BC60}

2012-03-09 13:27:58 -------- d-----w- C:\Users\Aug-11\AppData\Local\{000D904D-75E0-49B3-B685-D80B53F38680}

2012-03-04 15:05:13 -------- d-----w- C:\Users\Aug-11\AppData\Local\{EE55F82A-2FE8-4AF0-B07C-7056374ED595}

2012-03-04 15:05:04 -------- d-----w- C:\Users\Aug-11\AppData\Local\{ED47A238-9C94-47FF-B360-7820F18828B0}

2012-03-04 06:36:15 -------- d-----w- C:\Users\Aug-11\AppData\Local\Amazon

.

==================== Find3M ====================

.

2012-02-22 10:25:50 382032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys

2012-02-22 10:25:32 289872 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

2012-02-16 02:54:40 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-01-31 09:46:48 36944 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys

2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

.

============= FINISH: 21:36:28.27 ===============

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.27.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Aug-11 :: AUG-11-HP [administrator]

3/31/2012 9:37:59 PM

mbam-log-2012-03-31 (21-41-31).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 195206

Time elapsed: 3 minute(s), 23 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 5496 -> No action taken.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)

RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Aug-11 [Admin rights]

Mode: Scan -- Date: 03/31/2012 16:13:33

¤¤¤ Bad processes: 1 ¤¤¤

[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 3 ¤¤¤

[sUSP PATH] winupd.job @ : C:\Users\Aug-11\AppData\Local\Temp:winupd.exe -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

94.63.147.22 www.google.com

94.63.147.23 www.bing.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST310005 28AS SATA Disk Device +++++

--- User ---

[MBR] 4664794ea9b3e1381cc1903ffa268820

[bSP] 4380b6c166e94d201c68450087fc3aec : Windows Vista/7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942339 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930117120 | Size: 11428 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 58e87bbccbddc74daba40b61bbf22a8a

[bSP] 774670e719613688107af143ed71084f : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 217933824 | Size: 300 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

  • Replies 60
  • Created
  • Last Reply

Top Posters In This Topic

definitely still need help. here are the new logs. thanks!

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.04.03.12

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Aug-11 :: AUG-11-HP [administrator]

4/3/2012 5:32:57 PM

mbam-log-2012-04-03 (17-35-38).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 196769

Time elapsed: 2 minute(s), 23 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 4620 -> No action taken.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)

RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Aug-11 [Admin rights]

Mode: Scan -- Date: 04/03/2012 17:46:27

¤¤¤ Bad processes: 1 ¤¤¤

[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 4 ¤¤¤

[sUSP PATH] winupd.job @ : C:\Users\Aug-11\AppData\Local\Temp:winupd.exe -> FOUND

[sUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}.job @ : C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST310005 28AS SATA Disk Device +++++

--- User ---

[MBR] 4664794ea9b3e1381cc1903ffa268820

[bSP] 4380b6c166e94d201c68450087fc3aec : Windows Vista/7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942339 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930117120 | Size: 11428 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 58e87bbccbddc74daba40b61bbf22a8a

[bSP] 774670e719613688107af143ed71084f : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 217933824 | Size: 300 Mo

Finished : << RKreport[3].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Link to post
Share on other sites

Please make sure system restore is running and create a new restore point before continuing.

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

Link to post
Share on other sites

18:33:13.0280 3928 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32

18:33:13.0639 3928 ============================================================

18:33:13.0639 3928 Current date / time: 2012/04/03 18:33:13.0639

18:33:13.0639 3928 SystemInfo:

18:33:13.0639 3928

18:33:13.0639 3928 OS Version: 6.1.7601 ServicePack: 1.0

18:33:13.0639 3928 Product type: Workstation

18:33:13.0639 3928 ComputerName: AUG-11-HP

18:33:13.0639 3928 UserName: Aug-11

18:33:13.0639 3928 Windows directory: C:\Windows

18:33:13.0639 3928 System windows directory: C:\Windows

18:33:13.0639 3928 Running under WOW64

18:33:13.0639 3928 Processor architecture: Intel x64

18:33:13.0639 3928 Number of processors: 4

18:33:13.0639 3928 Page size: 0x1000

18:33:13.0639 3928 Boot type: Normal boot

18:33:13.0639 3928 ============================================================

18:33:15.0262 3928 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

18:33:15.0355 3928 \Device\Harddisk0\DR0:

18:33:15.0355 3928 MBR used

18:33:15.0355 3928 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

18:33:15.0355 3928 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x73081800

18:33:15.0355 3928 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x730B4000, BlocksNum 0x1652000

18:33:15.0418 3928 Initialize success

18:33:15.0418 3928 ============================================================

18:33:22.0110 1328 ============================================================

18:33:22.0110 1328 Scan started

18:33:22.0110 1328 Mode: Manual; SigCheck; TDLFS;

18:33:22.0110 1328 ============================================================

18:33:26.0353 1328 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

18:33:26.0431 1328 1394ohci - ok

18:33:26.0462 1328 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

18:33:26.0478 1328 ACPI - ok

18:33:26.0494 1328 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

18:33:26.0556 1328 AcpiPmi - ok

18:33:26.0587 1328 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

18:33:26.0603 1328 adp94xx - ok

18:33:26.0634 1328 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

18:33:26.0650 1328 adpahci - ok

18:33:26.0665 1328 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

18:33:26.0681 1328 adpu320 - ok

18:33:26.0696 1328 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

18:33:26.0774 1328 AeLookupSvc - ok

18:33:26.0821 1328 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

18:33:26.0852 1328 AFD - ok

18:33:26.0946 1328 AffinegyService (b29bc445561f1ac7b1daf67af954c36b) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

18:33:26.0962 1328 AffinegyService - ok

18:33:26.0993 1328 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

18:33:26.0993 1328 agp440 - ok

18:33:27.0024 1328 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

18:33:27.0071 1328 ALG - ok

18:33:27.0086 1328 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

18:33:27.0102 1328 aliide - ok

18:33:27.0118 1328 AMD External Events Utility (ca0d6c1390f4b3baf2a0a69d1a7f8332) C:\Windows\system32\atiesrxx.exe

18:33:27.0164 1328 AMD External Events Utility - ok

18:33:27.0164 1328 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

18:33:27.0180 1328 amdide - ok

18:33:27.0196 1328 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

18:33:27.0227 1328 AmdK8 - ok

18:33:27.0320 1328 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys

18:33:27.0461 1328 amdkmdag - ok

18:33:27.0523 1328 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys

18:33:27.0523 1328 amdkmdap - ok

18:33:27.0788 1328 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

18:33:27.0804 1328 AmdPPM - ok

18:33:27.0898 1328 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

18:33:27.0913 1328 amdsata - ok

18:33:28.0756 1328 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

18:33:28.0771 1328 amdsbs - ok

18:33:28.0865 1328 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

18:33:28.0880 1328 amdxata - ok

18:33:28.0927 1328 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\Windows\system32\drivers\amd_sata.sys

18:33:28.0943 1328 amd_sata - ok

18:33:28.0974 1328 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\Windows\system32\drivers\amd_xata.sys

18:33:28.0974 1328 amd_xata - ok

18:33:29.0021 1328 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

18:33:29.0114 1328 AppID - ok

18:33:29.0146 1328 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

18:33:29.0177 1328 AppIDSvc - ok

18:33:29.0208 1328 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

18:33:29.0239 1328 Appinfo - ok

18:33:29.0286 1328 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

18:33:29.0302 1328 arc - ok

18:33:29.0317 1328 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

18:33:29.0333 1328 arcsas - ok

18:33:29.0395 1328 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

18:33:29.0426 1328 aspnet_state - ok

18:33:29.0442 1328 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

18:33:29.0489 1328 AsyncMac - ok

18:33:29.0520 1328 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

18:33:29.0520 1328 atapi - ok

18:33:29.0551 1328 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\drivers\AtiPcie64.sys

18:33:29.0567 1328 AtiPcie - ok

18:33:29.0582 1328 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

18:33:29.0629 1328 AudioEndpointBuilder - ok

18:33:29.0645 1328 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

18:33:29.0660 1328 AudioSrv - ok

18:33:29.0692 1328 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

18:33:29.0770 1328 AxInstSV - ok

18:33:29.0801 1328 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

18:33:29.0832 1328 b06bdrv - ok

18:33:29.0863 1328 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

18:33:29.0894 1328 b57nd60a - ok

18:33:29.0926 1328 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

18:33:29.0972 1328 BDESVC - ok

18:33:29.0988 1328 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

18:33:30.0019 1328 Beep - ok

18:33:30.0066 1328 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

18:33:30.0113 1328 BITS - ok

18:33:30.0144 1328 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

18:33:30.0160 1328 blbdrive - ok

18:33:30.0191 1328 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

18:33:30.0238 1328 bowser - ok

18:33:30.0253 1328 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

18:33:30.0253 1328 BrFiltLo - ok

18:33:30.0269 1328 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

18:33:30.0284 1328 BrFiltUp - ok

18:33:30.0331 1328 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

18:33:30.0378 1328 BridgeMP - ok

18:33:30.0425 1328 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

18:33:30.0456 1328 Browser - ok

18:33:30.0472 1328 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

18:33:30.0518 1328 Brserid - ok

18:33:30.0550 1328 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

18:33:30.0565 1328 BrSerWdm - ok

18:33:30.0581 1328 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

18:33:30.0612 1328 BrUsbMdm - ok

18:33:30.0643 1328 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

18:33:30.0643 1328 BrUsbSer - ok

18:33:30.0674 1328 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

18:33:30.0690 1328 BTHMODEM - ok

18:33:30.0721 1328 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

18:33:30.0752 1328 bthserv - ok

18:33:31.0033 1328 CarboniteService (9da7d983b4e9ea2d065edf566ca64fc8) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

18:33:31.0111 1328 CarboniteService - ok

18:33:31.0158 1328 catchme - ok

18:33:31.0298 1328 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

18:33:31.0345 1328 cdfs - ok

18:33:31.0392 1328 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

18:33:31.0423 1328 cdrom - ok

18:33:31.0486 1328 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

18:33:31.0517 1328 CertPropSvc - ok

18:33:31.0549 1328 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

18:33:31.0565 1328 circlass - ok

18:33:31.0596 1328 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

18:33:31.0611 1328 CLFS - ok

18:33:31.0658 1328 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

18:33:31.0674 1328 clr_optimization_v2.0.50727_32 - ok

18:33:31.0721 1328 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

18:33:31.0736 1328 clr_optimization_v2.0.50727_64 - ok

18:33:31.0783 1328 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

18:33:31.0892 1328 clr_optimization_v4.0.30319_32 - ok

18:33:32.0095 1328 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

18:33:32.0126 1328 clr_optimization_v4.0.30319_64 - ok

18:33:32.0220 1328 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

18:33:32.0251 1328 CmBatt - ok

18:33:32.0282 1328 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

18:33:32.0298 1328 cmdide - ok

18:33:32.0345 1328 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

18:33:32.0376 1328 CNG - ok

18:33:32.0407 1328 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

18:33:32.0423 1328 Compbatt - ok

18:33:32.0438 1328 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

18:33:32.0469 1328 CompositeBus - ok

18:33:32.0485 1328 COMSysApp - ok

18:33:32.0501 1328 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

18:33:32.0516 1328 crcdisk - ok

18:33:32.0532 1328 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

18:33:32.0579 1328 CryptSvc - ok

18:33:32.0657 1328 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

18:33:32.0672 1328 cvhsvc - ok

18:33:32.0719 1328 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

18:33:32.0750 1328 DcomLaunch - ok

18:33:32.0781 1328 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

18:33:32.0813 1328 defragsvc - ok

18:33:32.0859 1328 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

18:33:32.0906 1328 DfsC - ok

18:33:32.0937 1328 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

18:33:32.0969 1328 Dhcp - ok

18:33:32.0984 1328 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

18:33:33.0031 1328 discache - ok

18:33:33.0062 1328 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

18:33:33.0078 1328 Disk - ok

18:33:33.0109 1328 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

18:33:33.0140 1328 Dnscache - ok

18:33:33.0156 1328 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

18:33:33.0187 1328 dot3svc - ok

18:33:33.0218 1328 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

18:33:33.0249 1328 DPS - ok

18:33:33.0281 1328 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

18:33:33.0296 1328 drmkaud - ok

18:33:33.0327 1328 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

18:33:33.0343 1328 DXGKrnl - ok

18:33:33.0359 1328 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

18:33:33.0390 1328 EapHost - ok

18:33:33.0483 1328 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

18:33:33.0561 1328 ebdrv - ok

18:33:33.0608 1328 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

18:33:33.0624 1328 EFS - ok

18:33:33.0671 1328 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

18:33:33.0702 1328 ehRecvr - ok

18:33:33.0733 1328 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

18:33:33.0749 1328 ehSched - ok

18:33:33.0827 1328 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

18:33:33.0842 1328 elxstor - ok

18:33:33.0873 1328 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

18:33:33.0889 1328 ErrDev - ok

18:33:33.0967 1328 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

18:33:34.0029 1328 EventSystem - ok

18:33:34.0139 1328 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

18:33:34.0170 1328 exfat - ok

18:33:34.0232 1328 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

18:33:34.0279 1328 fastfat - ok

18:33:34.0404 1328 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

18:33:34.0482 1328 Fax - ok

18:33:34.0544 1328 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

18:33:34.0575 1328 fdc - ok

18:33:34.0685 1328 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

18:33:34.0731 1328 fdPHost - ok

18:33:34.0778 1328 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

18:33:34.0809 1328 FDResPub - ok

18:33:34.0919 1328 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

18:33:34.0934 1328 FileInfo - ok

18:33:35.0012 1328 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

18:33:35.0090 1328 Filetrace - ok

18:33:35.0199 1328 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

18:33:35.0215 1328 flpydisk - ok

18:33:35.0293 1328 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

18:33:35.0309 1328 FltMgr - ok

18:33:35.0433 1328 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

18:33:35.0511 1328 FontCache - ok

18:33:35.0652 1328 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

18:33:35.0667 1328 FontCache3.0.0.0 - ok

18:33:35.0745 1328 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

18:33:35.0761 1328 FsDepends - ok

18:33:35.0839 1328 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

18:33:35.0839 1328 Fs_Rec - ok

18:33:35.0933 1328 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

18:33:35.0948 1328 fvevol - ok

18:33:36.0026 1328 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

18:33:36.0042 1328 gagp30kx - ok

18:33:36.0167 1328 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

18:33:36.0182 1328 GamesAppService - ok

18:33:36.0323 1328 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

18:33:36.0369 1328 gpsvc - ok

18:33:36.0463 1328 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

18:33:36.0525 1328 hcw85cir - ok

18:33:36.0635 1328 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

18:33:36.0666 1328 HdAudAddService - ok

18:33:36.0775 1328 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

18:33:36.0806 1328 HDAudBus - ok

18:33:36.0884 1328 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

18:33:36.0915 1328 HidBatt - ok

18:33:36.0993 1328 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

18:33:37.0025 1328 HidBth - ok

18:33:37.0290 1328 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

18:33:37.0321 1328 HidIr - ok

18:33:37.0493 1328 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

18:33:37.0539 1328 hidserv - ok

18:33:37.0727 1328 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

18:33:37.0742 1328 HidUsb - ok

18:33:37.0976 1328 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

18:33:38.0054 1328 hkmsvc - ok

18:33:38.0085 1328 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

18:33:38.0163 1328 HomeGroupListener - ok

18:33:38.0351 1328 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

18:33:38.0397 1328 HomeGroupProvider - ok

18:33:38.0585 1328 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

18:33:38.0616 1328 HP Support Assistant Service - ok

18:33:38.0772 1328 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

18:33:38.0803 1328 HPClientSvc - ok

18:33:38.0928 1328 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

18:33:38.0959 1328 HPDrvMntSvc.exe - ok

18:33:39.0021 1328 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

18:33:39.0053 1328 hpqwmiex - ok

18:33:39.0209 1328 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

18:33:39.0224 1328 HpSAMD - ok

18:33:39.0287 1328 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

18:33:39.0333 1328 HTTP - ok

18:33:39.0427 1328 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

18:33:39.0427 1328 hwpolicy - ok

18:33:39.0458 1328 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

18:33:39.0474 1328 i8042prt - ok

18:33:39.0536 1328 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

18:33:39.0552 1328 iaStorV - ok

18:33:39.0692 1328 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

18:33:39.0723 1328 idsvc - ok

18:33:40.0098 1328 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys

18:33:40.0269 1328 igfx - ok

18:33:40.0347 1328 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

18:33:40.0379 1328 iirsp - ok

18:33:40.0519 1328 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

18:33:40.0659 1328 IKEEXT - ok

18:33:40.0815 1328 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys

18:33:40.0862 1328 IntcAzAudAddService - ok

18:33:40.0956 1328 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

18:33:40.0987 1328 intelide - ok

18:33:41.0065 1328 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys

18:33:41.0096 1328 intelppm - ok

18:33:41.0174 1328 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

18:33:41.0268 1328 IPBusEnum - ok

18:33:41.0315 1328 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

18:33:41.0377 1328 IpFilterDriver - ok

18:33:41.0439 1328 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

18:33:41.0502 1328 IPMIDRV - ok

18:33:41.0549 1328 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

18:33:41.0627 1328 IPNAT - ok

18:33:41.0673 1328 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

18:33:41.0705 1328 IRENUM - ok

18:33:41.0767 1328 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

18:33:41.0798 1328 isapnp - ok

18:33:41.0861 1328 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

18:33:41.0892 1328 iScsiPrt - ok

18:33:41.0923 1328 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

18:33:41.0954 1328 kbdclass - ok

18:33:42.0001 1328 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

18:33:42.0048 1328 kbdhid - ok

18:33:42.0110 1328 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

18:33:42.0141 1328 KeyIso - ok

18:33:42.0188 1328 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

18:33:42.0219 1328 KSecDD - ok

18:33:42.0266 1328 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

18:33:42.0282 1328 KSecPkg - ok

18:33:42.0329 1328 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

18:33:42.0407 1328 ksthunk - ok

18:33:42.0500 1328 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

18:33:42.0578 1328 KtmRm - ok

18:33:42.0687 1328 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

18:33:42.0765 1328 LanmanServer - ok

18:33:42.0797 1328 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

18:33:42.0890 1328 LanmanWorkstation - ok

18:33:42.0999 1328 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

18:33:43.0093 1328 lltdio - ok

18:33:43.0218 1328 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

18:33:43.0296 1328 lltdsvc - ok

18:33:43.0374 1328 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

18:33:43.0436 1328 lmhosts - ok

18:33:43.0623 1328 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

18:33:43.0655 1328 LSI_FC - ok

18:33:43.0951 1328 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

18:33:43.0982 1328 LSI_SAS - ok

18:33:44.0076 1328 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

18:33:44.0107 1328 LSI_SAS2 - ok

18:33:44.0201 1328 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

18:33:44.0247 1328 LSI_SCSI - ok

18:33:44.0325 1328 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

18:33:44.0419 1328 luafv - ok

18:33:44.0481 1328 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

18:33:44.0513 1328 Mcx2Svc - ok

18:33:44.0684 1328 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

18:33:44.0715 1328 megasas - ok

18:33:44.0809 1328 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

18:33:44.0825 1328 MegaSR - ok

18:33:44.0887 1328 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

18:33:44.0918 1328 MMCSS - ok

18:33:44.0996 1328 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

18:33:45.0027 1328 Modem - ok

18:33:45.0137 1328 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

18:33:45.0183 1328 monitor - ok

18:33:45.0230 1328 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

18:33:45.0230 1328 mouclass - ok

18:33:45.0261 1328 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

18:33:45.0293 1328 mouhid - ok

18:33:45.0371 1328 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

18:33:45.0386 1328 mountmgr - ok

18:33:45.0464 1328 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

18:33:45.0511 1328 mpio - ok

18:33:45.0542 1328 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

18:33:45.0573 1328 mpsdrv - ok

18:33:45.0605 1328 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

18:33:45.0683 1328 MRxDAV - ok

18:33:45.0729 1328 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

18:33:45.0807 1328 mrxsmb - ok

18:33:45.0885 1328 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

18:33:45.0901 1328 mrxsmb10 - ok

18:33:45.0932 1328 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

18:33:45.0948 1328 mrxsmb20 - ok

18:33:46.0041 1328 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

18:33:46.0057 1328 msahci - ok

18:33:46.0088 1328 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

18:33:46.0104 1328 msdsm - ok

18:33:46.0151 1328 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

18:33:46.0197 1328 MSDTC - ok

18:33:46.0338 1328 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

18:33:46.0385 1328 Msfs - ok

18:33:46.0447 1328 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

18:33:46.0556 1328 mshidkmdf - ok

18:33:46.0650 1328 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

18:33:46.0650 1328 msisadrv - ok

18:33:46.0697 1328 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

18:33:46.0743 1328 MSiSCSI - ok

18:33:46.0790 1328 msiserver - ok

18:33:46.0977 1328 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

18:33:47.0102 1328 MSKSSRV - ok

18:33:47.0196 1328 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

18:33:47.0289 1328 MSPCLOCK - ok

18:33:47.0336 1328 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

18:33:47.0430 1328 MSPQM - ok

18:33:47.0492 1328 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

18:33:47.0539 1328 MsRPC - ok

18:33:47.0586 1328 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

18:33:47.0601 1328 mssmbios - ok

18:33:47.0633 1328 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

18:33:47.0711 1328 MSTEE - ok

18:33:47.0742 1328 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

18:33:47.0757 1328 MTConfig - ok

18:33:47.0773 1328 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

18:33:47.0773 1328 Mup - ok

18:33:47.0898 1328 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

18:33:47.0991 1328 napagent - ok

18:33:48.0116 1328 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

18:33:48.0194 1328 NativeWifiP - ok

18:33:48.0397 1328 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

18:33:48.0444 1328 NDIS - ok

18:33:48.0491 1328 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

18:33:48.0537 1328 NdisCap - ok

18:33:48.0569 1328 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

18:33:48.0631 1328 NdisTapi - ok

18:33:48.0647 1328 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

18:33:48.0693 1328 Ndisuio - ok

18:33:48.0756 1328 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

18:33:48.0787 1328 NdisWan - ok

18:33:48.0834 1328 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

18:33:48.0865 1328 NDProxy - ok

18:33:48.0881 1328 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

18:33:48.0912 1328 NetBIOS - ok

18:33:48.0974 1328 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

18:33:49.0006 1328 NetBT - ok

18:33:49.0037 1328 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

18:33:49.0052 1328 Netlogon - ok

18:33:49.0130 1328 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

18:33:49.0240 1328 Netman - ok

18:33:49.0567 1328 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

18:33:49.0583 1328 NetMsmqActivator - ok

18:33:49.0598 1328 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

18:33:49.0598 1328 NetPipeActivator - ok

18:33:49.0614 1328 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

18:33:49.0676 1328 netprofm - ok

18:33:49.0676 1328 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

18:33:49.0692 1328 NetTcpActivator - ok

18:33:49.0692 1328 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

18:33:49.0708 1328 NetTcpPortSharing - ok

18:33:49.0770 1328 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

18:33:49.0786 1328 nfrd960 - ok

18:33:49.0864 1328 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

18:33:49.0957 1328 NlaSvc - ok

18:33:50.0020 1328 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

18:33:50.0082 1328 Npfs - ok

18:33:50.0160 1328 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

18:33:50.0238 1328 nsi - ok

18:33:50.0285 1328 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

18:33:50.0347 1328 nsiproxy - ok

18:33:50.0441 1328 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

18:33:50.0519 1328 Ntfs - ok

18:33:50.0566 1328 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

18:33:50.0612 1328 Null - ok

18:33:50.0675 1328 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

18:33:50.0690 1328 nvraid - ok

18:33:50.0753 1328 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

18:33:50.0768 1328 nvstor - ok

18:33:50.0815 1328 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

18:33:50.0878 1328 nv_agp - ok

18:33:50.0987 1328 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

18:33:51.0034 1328 ohci1394 - ok

18:33:51.0439 1328 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

18:33:51.0470 1328 ose - ok

18:33:51.0673 1328 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

18:33:51.0829 1328 osppsvc - ok

18:33:51.0892 1328 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

18:33:51.0970 1328 p2pimsvc - ok

18:33:52.0016 1328 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

18:33:52.0032 1328 p2psvc - ok

18:33:52.0079 1328 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

18:33:52.0094 1328 Parport - ok

18:33:52.0141 1328 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

18:33:52.0157 1328 partmgr - ok

18:33:52.0172 1328 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

18:33:52.0204 1328 PcaSvc - ok

18:33:52.0250 1328 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

18:33:52.0250 1328 pci - ok

18:33:52.0328 1328 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

18:33:52.0360 1328 pciide - ok

18:33:52.0406 1328 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

18:33:52.0438 1328 pcmcia - ok

18:33:52.0516 1328 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

18:33:52.0547 1328 pcw - ok

18:33:52.0609 1328 pdfcDispatcher - ok

18:33:52.0687 1328 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

18:33:52.0812 1328 PEAUTH - ok

18:33:52.0906 1328 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

18:33:52.0952 1328 PerfHost - ok

18:33:53.0077 1328 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

18:33:53.0171 1328 pla - ok

18:33:53.0218 1328 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

18:33:53.0280 1328 PlugPlay - ok

18:33:53.0311 1328 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

18:33:53.0358 1328 PNRPAutoReg - ok

18:33:53.0389 1328 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

18:33:53.0405 1328 PNRPsvc - ok

18:33:53.0483 1328 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

18:33:53.0545 1328 PolicyAgent - ok

18:33:53.0576 1328 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

18:33:53.0623 1328 Power - ok

18:33:53.0686 1328 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

18:33:53.0717 1328 PptpMiniport - ok

18:33:53.0764 1328 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

18:33:53.0795 1328 Processor - ok

18:33:53.0826 1328 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

18:33:53.0857 1328 ProfSvc - ok

18:33:53.0904 1328 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

18:33:53.0920 1328 ProtectedStorage - ok

18:33:53.0951 1328 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

18:33:53.0982 1328 Psched - ok

18:33:54.0091 1328 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

18:33:54.0138 1328 ql2300 - ok

18:33:54.0185 1328 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

18:33:54.0185 1328 ql40xx - ok

18:33:54.0216 1328 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

18:33:54.0232 1328 QWAVE - ok

18:33:54.0263 1328 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

18:33:54.0310 1328 QWAVEdrv - ok

18:33:54.0356 1328 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

18:33:54.0372 1328 RasAcd - ok

18:33:54.0419 1328 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

18:33:54.0450 1328 RasAgileVpn - ok

18:33:54.0481 1328 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

18:33:54.0512 1328 RasAuto - ok

18:33:54.0559 1328 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

18:33:54.0606 1328 Rasl2tp - ok

18:33:54.0684 1328 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

18:33:54.0715 1328 RasMan - ok

18:33:54.0762 1328 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

18:33:54.0809 1328 RasPppoe - ok

18:33:54.0824 1328 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

18:33:54.0856 1328 RasSstp - ok

18:33:54.0918 1328 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

18:33:54.0965 1328 rdbss - ok

18:33:55.0012 1328 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

18:33:55.0058 1328 rdpbus - ok

18:33:55.0090 1328 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

18:33:55.0121 1328 RDPCDD - ok

18:33:55.0168 1328 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

18:33:55.0214 1328 RDPENCDD - ok

18:33:55.0292 1328 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

18:33:55.0308 1328 RDPREFMP - ok

18:33:55.0386 1328 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

18:33:55.0448 1328 RDPWD - ok

18:33:55.0480 1328 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

18:33:55.0495 1328 rdyboost - ok

18:33:55.0526 1328 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

18:33:55.0542 1328 RemoteAccess - ok

18:33:55.0573 1328 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

18:33:55.0620 1328 RemoteRegistry - ok

18:33:55.0807 1328 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

18:33:55.0823 1328 RoxioNow Service - ok

18:33:55.0854 1328 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

18:33:55.0901 1328 RpcEptMapper - ok

18:33:55.0948 1328 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

18:33:55.0948 1328 RpcLocator - ok

18:33:55.0979 1328 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

18:33:56.0010 1328 RpcSs - ok

18:33:56.0041 1328 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

18:33:56.0072 1328 rspndr - ok

18:33:56.0104 1328 RTL8167 (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys

18:33:56.0119 1328 RTL8167 - ok

18:33:56.0150 1328 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

18:33:56.0166 1328 SamSs - ok

18:33:56.0213 1328 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

18:33:56.0213 1328 sbp2port - ok

18:33:56.0244 1328 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

18:33:56.0275 1328 SCardSvr - ok

18:33:56.0322 1328 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

18:33:56.0353 1328 scfilter - ok

18:33:56.0400 1328 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

18:33:56.0462 1328 Schedule - ok

18:33:56.0509 1328 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

18:33:56.0540 1328 SCPolicySvc - ok

18:33:56.0556 1328 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

18:33:56.0572 1328 SDRSVC - ok

18:33:56.0618 1328 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

18:33:56.0618 1328 SeaPort - ok

18:33:56.0634 1328 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

18:33:56.0681 1328 secdrv - ok

18:33:56.0696 1328 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

18:33:56.0743 1328 seclogon - ok

18:33:56.0759 1328 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

18:33:56.0790 1328 SENS - ok

18:33:56.0806 1328 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

18:33:56.0837 1328 SensrSvc - ok

18:33:56.0884 1328 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

18:33:56.0915 1328 Serenum - ok

18:33:56.0946 1328 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

18:33:56.0977 1328 Serial - ok

18:33:56.0993 1328 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

18:33:57.0008 1328 sermouse - ok

18:33:57.0040 1328 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

18:33:57.0086 1328 SessionEnv - ok

18:33:57.0118 1328 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

18:33:57.0133 1328 sffdisk - ok

18:33:57.0133 1328 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

18:33:57.0149 1328 sffp_mmc - ok

18:33:57.0164 1328 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

18:33:57.0180 1328 sffp_sd - ok

18:33:57.0211 1328 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

18:33:57.0227 1328 sfloppy - ok

18:33:57.0258 1328 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys

18:33:57.0274 1328 Sftfs - ok

18:33:57.0383 1328 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

18:33:57.0398 1328 sftlist - ok

18:33:57.0414 1328 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys

18:33:57.0430 1328 Sftplay - ok

18:33:57.0445 1328 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys

18:33:57.0445 1328 Sftredir - ok

18:33:57.0461 1328 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys

18:33:57.0476 1328 Sftvol - ok

18:33:57.0492 1328 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

18:33:57.0492 1328 sftvsa - ok

18:33:57.0539 1328 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

18:33:57.0570 1328 SharedAccess - ok

18:33:57.0601 1328 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

18:33:57.0648 1328 ShellHWDetection - ok

18:33:57.0679 1328 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

18:33:57.0679 1328 SiSRaid2 - ok

18:33:57.0695 1328 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

18:33:57.0710 1328 SiSRaid4 - ok

18:33:57.0742 1328 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

18:33:57.0788 1328 Smb - ok

18:33:57.0804 1328 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

18:33:57.0820 1328 SNMPTRAP - ok

18:33:57.0851 1328 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

18:33:57.0851 1328 spldr - ok

18:33:57.0882 1328 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

18:33:57.0913 1328 Spooler - ok

18:33:57.0976 1328 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

18:33:58.0100 1328 sppsvc - ok

18:33:58.0116 1328 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

18:33:58.0147 1328 sppuinotify - ok

18:33:58.0178 1328 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

18:33:58.0225 1328 srv - ok

18:33:58.0272 1328 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

18:33:58.0303 1328 srv2 - ok

18:33:58.0334 1328 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

18:33:58.0350 1328 srvnet - ok

18:33:58.0381 1328 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

18:33:58.0428 1328 SSDPSRV - ok

18:33:58.0444 1328 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

18:33:58.0475 1328 SstpSvc - ok

18:33:58.0522 1328 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

18:33:58.0537 1328 stexstor - ok

18:33:58.0584 1328 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

18:33:58.0615 1328 stisvc - ok

18:33:58.0631 1328 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

18:33:58.0646 1328 swenum - ok

18:33:58.0678 1328 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

18:33:58.0740 1328 swprv - ok

18:33:58.0896 1328 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

18:33:58.0974 1328 SysMain - ok

18:33:59.0005 1328 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

18:33:59.0021 1328 TabletInputService - ok

18:33:59.0083 1328 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

18:33:59.0146 1328 TapiSrv - ok

18:33:59.0192 1328 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

18:33:59.0224 1328 TBS - ok

18:33:59.0302 1328 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

18:33:59.0364 1328 Tcpip - ok

18:33:59.0426 1328 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

18:33:59.0442 1328 TCPIP6 - ok

18:33:59.0489 1328 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

18:33:59.0536 1328 tcpipreg - ok

18:33:59.0567 1328 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

18:33:59.0582 1328 TDPIPE - ok

18:33:59.0660 1328 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

18:33:59.0692 1328 TDTCP - ok

18:33:59.0707 1328 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

18:33:59.0738 1328 tdx - ok

18:33:59.0879 1328 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

18:33:59.0894 1328 TermDD - ok

18:33:59.0941 1328 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

18:34:00.0019 1328 TermService - ok

18:34:00.0066 1328 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

18:34:00.0082 1328 Themes - ok

18:34:00.0144 1328 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

18:34:00.0175 1328 THREADORDER - ok

18:34:00.0206 1328 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

18:34:00.0253 1328 TrkWks - ok

18:34:00.0284 1328 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

18:34:00.0331 1328 TrustedInstaller - ok

18:34:00.0362 1328 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

18:34:00.0394 1328 tssecsrv - ok

18:34:00.0440 1328 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

18:34:00.0456 1328 TsUsbFlt - ok

18:34:00.0487 1328 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

18:34:00.0503 1328 TsUsbGD - ok

18:34:00.0534 1328 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

18:34:00.0565 1328 tunnel - ok

18:34:00.0596 1328 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

18:34:00.0596 1328 uagp35 - ok

18:34:00.0643 1328 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

18:34:00.0659 1328 udfs - ok

18:34:00.0690 1328 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

18:34:00.0706 1328 UI0Detect - ok

18:34:00.0721 1328 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

18:34:00.0737 1328 uliagpkx - ok

18:34:00.0752 1328 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

18:34:00.0752 1328 umbus - ok

18:34:00.0784 1328 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

18:34:00.0799 1328 UmPass - ok

18:34:00.0846 1328 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

18:34:00.0924 1328 upnphost - ok

18:34:00.0955 1328 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

18:34:01.0002 1328 usbccgp - ok

18:34:01.0018 1328 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

18:34:01.0049 1328 usbcir - ok

18:34:01.0064 1328 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

18:34:01.0096 1328 usbehci - ok

18:34:01.0127 1328 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\drivers\usbfilter.sys

18:34:01.0127 1328 usbfilter - ok

18:34:01.0158 1328 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

18:34:01.0189 1328 usbhub - ok

18:34:01.0236 1328 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

18:34:01.0298 1328 usbohci - ok

18:34:01.0330 1328 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

18:34:01.0376 1328 usbprint - ok

18:34:01.0408 1328 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

18:34:01.0439 1328 usbscan - ok

18:34:01.0470 1328 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

18:34:01.0532 1328 USBSTOR - ok

18:34:01.0548 1328 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

18:34:01.0564 1328 usbuhci - ok

18:34:01.0626 1328 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

18:34:01.0673 1328 UxSms - ok

18:34:01.0704 1328 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

18:34:01.0720 1328 VaultSvc - ok

18:34:01.0735 1328 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

18:34:01.0735 1328 vdrvroot - ok

18:34:01.0766 1328 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

18:34:01.0813 1328 vds - ok

18:34:01.0844 1328 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

18:34:01.0876 1328 vga - ok

18:34:01.0891 1328 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

18:34:01.0922 1328 VgaSave - ok

18:34:01.0954 1328 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

18:34:01.0969 1328 vhdmp - ok

18:34:01.0985 1328 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

18:34:02.0000 1328 viaide - ok

18:34:02.0016 1328 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

18:34:02.0032 1328 volmgr - ok

18:34:02.0047 1328 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

18:34:02.0063 1328 volmgrx - ok

18:34:02.0078 1328 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

18:34:02.0094 1328 volsnap - ok

18:34:02.0094 1328 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

18:34:02.0110 1328 vsmraid - ok

18:34:02.0250 1328 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

18:34:02.0359 1328 VSS - ok

18:34:02.0406 1328 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

18:34:02.0453 1328 vwifibus - ok

18:34:02.0484 1328 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

18:34:02.0546 1328 W32Time - ok

18:34:02.0609 1328 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

18:34:02.0640 1328 WacomPen - ok

18:34:02.0671 1328 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

18:34:02.0702 1328 WANARP - ok

18:34:02.0718 1328 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

18:34:02.0749 1328 Wanarpv6 - ok

18:34:02.0796 1328 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

18:34:02.0827 1328 WatAdminSvc - ok

18:34:02.0858 1328 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

18:34:02.0921 1328 wbengine - ok

18:34:02.0936 1328 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

18:34:02.0952 1328 WbioSrvc - ok

18:34:02.0968 1328 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

18:34:02.0999 1328 wcncsvc - ok

18:34:03.0046 1328 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

18:34:03.0108 1328 WcsPlugInService - ok

18:34:03.0124 1328 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

18:34:03.0139 1328 Wd - ok

18:34:03.0170 1328 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

18:34:03.0186 1328 Wdf01000 - ok

18:34:03.0217 1328 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

18:34:03.0280 1328 WdiServiceHost - ok

18:34:03.0295 1328 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

18:34:03.0311 1328 WdiSystemHost - ok

18:34:03.0342 1328 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

18:34:03.0389 1328 WebClient - ok

18:34:03.0420 1328 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

18:34:03.0467 1328 Wecsvc - ok

18:34:03.0498 1328 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

18:34:03.0529 1328 wercplsupport - ok

18:34:03.0545 1328 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

18:34:03.0576 1328 WerSvc - ok

18:34:03.0592 1328 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

18:34:03.0607 1328 WfpLwf - ok

18:34:03.0638 1328 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

18:34:03.0638 1328 WIMMount - ok

18:34:03.0638 1328 WinHttpAutoProxySvc - ok

18:34:03.0685 1328 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

18:34:03.0763 1328 Winmgmt - ok

18:34:03.0841 1328 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

18:34:03.0982 1328 WinRM - ok

18:34:04.0044 1328 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

18:34:04.0044 1328 WinUsb - ok

18:34:04.0106 1328 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

18:34:04.0184 1328 Wlansvc - ok

18:34:04.0216 1328 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

18:34:04.0247 1328 wlcrasvc - ok

18:34:04.0294 1328 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

18:34:04.0387 1328 wlidsvc - ok

18:34:04.0418 1328 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

18:34:04.0465 1328 WmiAcpi - ok

18:34:04.0528 1328 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

18:34:04.0543 1328 wmiApSrv - ok

18:34:04.0559 1328 WMPNetworkSvc - ok

18:34:04.0590 1328 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

18:34:04.0606 1328 WPCSvc - ok

18:34:04.0652 1328 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

18:34:04.0699 1328 WPDBusEnum - ok

18:34:04.0793 1328 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

18:34:04.0855 1328 ws2ifsl - ok

18:34:04.0871 1328 WSearch - ok

18:34:04.0933 1328 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

18:34:05.0011 1328 wuauserv - ok

18:34:05.0042 1328 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

18:34:05.0089 1328 WudfPf - ok

18:34:05.0120 1328 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

18:34:05.0198 1328 WUDFRd - ok

18:34:05.0230 1328 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

18:34:05.0261 1328 wudfsvc - ok

18:34:05.0292 1328 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

18:34:05.0323 1328 WwanSvc - ok

18:34:05.0339 1328 MBR (0x1B8) (22a989b08cd088728d4e9fc470755d79) \Device\Harddisk0\DR0

18:34:05.0354 1328 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

18:34:05.0354 1328 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

18:34:05.0464 1328 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

18:34:05.0464 1328 \Device\Harddisk0\DR0 - detected TDSS File System (1)

18:34:05.0464 1328 Boot (0x1200) (b920e4bc4db2a2f85672de53afd62e83) \Device\Harddisk0\DR0\Partition0

18:34:05.0464 1328 \Device\Harddisk0\DR0\Partition0 - ok

18:34:05.0479 1328 Boot (0x1200) (6c565c6c6da482cbbc6f595924924585) \Device\Harddisk0\DR0\Partition1

18:34:05.0479 1328 \Device\Harddisk0\DR0\Partition1 - ok

18:34:05.0510 1328 Boot (0x1200) (bff80509c2c7cfccb6c9f2aed897ec2b) \Device\Harddisk0\DR0\Partition2

18:34:05.0510 1328 \Device\Harddisk0\DR0\Partition2 - ok

18:34:05.0510 1328 ============================================================

18:34:05.0510 1328 Scan finished

18:34:05.0510 1328 ============================================================

18:34:05.0526 2532 Detected object count: 2

18:34:05.0526 2532 Actual detected object count: 2

18:35:44.0742 2532 \Device\Harddisk0\DR0\# - copied to quarantine

18:35:44.0742 2532 \Device\Harddisk0\DR0 - copied to quarantine

18:35:44.0789 2532 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

18:35:44.0789 2532 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

18:35:44.0789 2532 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

18:35:44.0805 2532 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

18:35:44.0820 2532 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

18:35:44.0820 2532 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

18:35:44.0820 2532 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

18:35:44.0820 2532 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

18:35:44.0820 2532 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

18:35:44.0836 2532 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

18:35:44.0836 2532 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

18:35:44.0836 2532 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

18:35:44.0867 2532 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

18:35:44.0867 2532 \Device\Harddisk0\DR0 - ok

18:35:45.0304 2532 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

18:35:45.0304 2532 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

18:35:45.0304 2532 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

18:36:03.0228 3068 Deinitialize success

Link to post
Share on other sites

i had an issue the 1st time i tried to run it. before i hit scan something called internet security popped up and started scanning. to my knowledge that is not something i put on my computer. it shut down tdsskiller and firefox and would not let me open the task manager. i have to shut down the computer and when i restarted i was able to run tdsskiller. i now have a new icon on my desktop labeled internet security.

thanks.

Link to post
Share on other sites

Sounds like a rogue/fake antivirus program:

http://www.bleepingc...t-security-2012

---------------------------------

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Link to post
Share on other sites

after running combofix, nothing on my computer would work - everything i clicked gave me an error message. i shut down and restarted and got blue screen telling me windows could not load and needed to do system restore. finally after several attempts windows did finally work. here is the log from combofix...

ComboFix 12-04-03.02 - Aug-11 04/03/2012 19:28:27.3.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.2081 [GMT -5:00]

Running from: c:\users\Aug-11\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Aug-11\AppData\Local\Temp\1.tmp\F_IN_BOX.dll

c:\users\Public\Desktop\Internet Security.lnk

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

c:\windows\assembly\temp\@

c:\windows\assembly\temp\cfg.ini

c:\windows\system32\consrv.dll

c:\windows\system32\dds_trash_log.cmd

c:\windows\System64

.

.

((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))

.

.

2012-04-04 00:32 . 2012-04-04 00:32 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-03 23:35 . 2012-04-03 23:35 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-03 10:46 . 2012-04-03 10:46 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F89A2F2-CE23-4A69-AFE1-7358AC940FE3}\offreg.dll

2012-04-03 07:01 . 2012-03-20 08:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F89A2F2-CE23-4A69-AFE1-7358AC940FE3}\mpengine.dll

2012-04-01 19:24 . 2012-04-01 19:24 -------- d-----w- c:\program files\Carbonite

2012-04-01 19:24 . 2012-04-01 19:24 -------- d-----w- c:\programdata\Carbonite

2012-04-01 19:24 . 2012-04-01 19:24 -------- d-----w- c:\program files (x86)\Carbonite

2012-04-01 02:25 . 2012-04-01 17:40 -------- d-----w- c:\users\Aug-11\AppData\Local\{5A6D2003-7B79-11E1-826D-B8AC6F996F26}

2012-03-29 01:06 . 2012-03-29 01:06 -------- d-----w- c:\users\Aug-11\AppData\Roaming\SUPERAntiSpyware.com

2012-03-29 01:06 . 2012-04-01 17:40 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-03-29 01:06 . 2012-03-29 01:06 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-03-29 00:19 . 2012-03-29 00:19 -------- d-----w- c:\program files (x86)\PC Tools

2012-03-29 00:16 . 2012-03-29 00:47 -------- d-----w- c:\programdata\PC Tools

2012-03-29 00:16 . 2012-03-29 00:16 -------- d-----w- c:\users\Aug-11\AppData\Roaming\TestApp

2012-03-28 12:57 . 2012-03-28 12:57 -------- d-----w- c:\programdata\AVG Secure Search

2012-03-28 12:57 . 2012-04-01 17:40 -------- d-----w- c:\program files (x86)\AVG Secure Search

2012-03-28 12:57 . 2012-04-01 17:40 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search

2012-03-27 22:40 . 2012-03-13 04:39 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-03-27 22:40 . 2012-03-13 04:39 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-27 22:28 . 2012-03-27 22:29 -------- d-----w- c:\users\Aug-11\AppData\Roaming\Xaest

2012-03-27 22:28 . 2012-03-27 22:29 -------- d-----w- c:\users\Aug-11\AppData\Roaming\Quensi

2012-03-17 21:49 . 2012-03-17 21:49 -------- d-----w- c:\program files (x86)\ESET

2012-03-17 03:48 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys

2012-03-17 03:30 . 2012-04-01 17:33 -------- d-----w- c:\users\Aug-11\AppData\Roaming\Malwarebytes

2012-03-17 03:30 . 2012-04-01 17:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-17 03:30 . 2012-03-28 02:33 -------- d-----w- c:\programdata\Malwarebytes

2012-03-17 03:30 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-14 08:03 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-14 08:03 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-03-14 08:03 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-03-14 03:02 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 03:02 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 03:02 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-14 03:00 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-14 03:00 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-14 03:00 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-14 03:00 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 03:00 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-03-14 03:00 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-14 03:00 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-23 14:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-16 02:54 . 2011-08-13 06:23 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((( SnapShot@2012-03-28_03.43.23 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-04-04 00:33 . 2012-04-04 00:33 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

- 2012-03-28 03:41 . 2012-03-28 03:41 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

- 2012-03-16 18:02 . 2012-03-28 03:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2012-03-16 18:02 . 2012-04-04 00:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2012-04-03 22:50 . 2012-04-03 23:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040320120404\index.dat

+ 2012-04-03 22:50 . 2012-04-03 22:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012032620120402\index.dat

- 2012-03-16 18:02 . 2012-03-28 03:27 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat

+ 2012-03-16 18:02 . 2012-04-04 00:28 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat

+ 2010-11-21 03:09 . 2012-04-04 00:08 48364 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-04-04 00:08 35270 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-08-13 07:15 . 2012-04-04 00:08 10090 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2443618145-3234143949-2320547976-1000_UserData.bin

+ 2012-04-01 17:42 . 2012-04-01 05:36 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat

- 2011-02-11 19:25 . 2012-03-28 03:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-02-11 19:25 . 2012-04-03 23:37 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-02-11 19:25 . 2012-03-28 03:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-02-11 19:25 . 2012-04-03 23:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-04-03 23:37 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-03-28 03:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-08-13 05:36 . 2012-04-04 00:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-08-13 05:36 . 2012-03-28 03:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2012-03-16 17:58 . 2012-03-28 03:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat

+ 2012-03-16 17:58 . 2012-04-03 23:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat

+ 2012-03-16 17:58 . 2012-04-03 23:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat

- 2012-03-16 17:58 . 2012-03-28 03:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat

+ 2012-03-16 17:58 . 2012-04-03 23:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat

- 2012-03-16 17:58 . 2012-03-28 03:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat

+ 2011-08-13 05:36 . 2012-04-04 00:07 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-08-13 05:36 . 2012-03-28 03:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-08-13 05:36 . 2012-04-04 00:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-08-13 05:36 . 2012-03-28 03:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-08-13 07:15 . 2012-03-28 03:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-08-13 07:15 . 2012-04-04 00:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-08-13 07:15 . 2012-03-28 03:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-08-13 07:15 . 2012-04-04 00:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-08-14 03:44 . 2012-03-29 02:34 5414 c:\windows\system32\wdi\ERCQueuedResolutions.dat

+ 2009-07-13 23:31 . 2009-07-14 01:39 6656 c:\windows\system32\adsservice.dll

+ 2012-04-04 00:34 . 2012-04-04 00:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-03-28 03:42 . 2012-03-28 03:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 04:54 . 2012-04-04 00:34 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-02-11 18:41 . 2012-04-02 22:50 327602 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin

+ 2009-07-14 02:36 . 2012-04-04 00:11 660520 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-03-28 03:27 660520 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-03-28 03:27 121190 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2012-04-04 00:11 121190 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:01 . 2012-04-04 00:33 277296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-03-28 03:41 277296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 04:54 . 2012-04-04 00:34 5177344 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-03-28 03:42 1458176 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-04-04 00:34 1458176 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-08-13 07:12 . 2012-03-28 03:09 1627496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-08-13 07:12 . 2012-03-29 00:48 1627496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2011-08-13 07:12 . 2012-03-28 03:41 1989984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2443618145-3234143949-2320547976-1000-8192.dat

+ 2011-08-13 07:12 . 2012-04-04 00:33 1989984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2443618145-3234143949-2320547976-1000-8192.dat

+ 2012-03-28 12:54 . 2012-03-28 12:54 2872832 c:\windows\Installer\1e32a47.msi

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2011-01-17 21:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

2011-01-17 21:54 175912 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2012-03-17 02:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2012-03-17 02:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2012-03-17 02:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-02-01 656920]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-03-17 1059984]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448]

S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-03 c:\windows\Tasks\HPCeeScheduleForAug-11.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2012-03-17 01:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2012-03-17 01:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2012-03-17 01:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"combofix"="c:\combofix\CF9611.3XE" [2010-11-21 345088]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

alertservice

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

LSP: mswsock.dll

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Aug-11\AppData\Roaming\Mozilla\Firefox\Profiles\t5h1wh4w.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Be379abac-22b4-479e-921f-fec664619ae5%7D&mid=740066f430df47d1abb6ed906db4abbc-ebe5aca7cfd32f9faede2535b753341eef991577&ds=AVG&v=10.2.0.3〈=en&pr=fr&d=2011-10-24%2023%3A59%3A26&sap=ku&q=

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\08\06\0d\0f2\04v"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

.

**************************************************************************

.

Completion time: 2012-04-03 19:37:04 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-04 00:37

ComboFix2.txt 2012-03-28 04:04

.

Pre-Run: 774,580,187,136 bytes free

Post-Run: 774,357,270,528 bytes free

.

- - End Of File - - 5A20CECBB369F4A23C8A2C199AE7D2AB

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.04.04.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Aug-11 :: AUG-11-HP [administrator]

4/3/2012 9:01:53 PM

mbam-log-2012-04-03 (21-01-53).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 196133

Time elapsed: 2 minute(s), 14 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Users\Aug-11\AppData\Local\Temp\ch8l0.exe (Rootkit.0Access) -> Quarantined and deleted successfully.

C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Run OTL

Under the Custom Scans/Fixes

Copy and paste this in: netsvcs

Click the None button on top

Now click on the blue Run Scan button

Post the log it creates.

MrC

Link to post
Share on other sites

OTL logfile created on: 4/4/2012 7:47:22 AM - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Aug-11\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 35.60% Memory free

11.50 Gb Paging File | 7.22 Gb Available in Paging File | 62.83% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 920.25 Gb Total Space | 720.64 Gb Free Space | 78.31% Space Free | Partition Type: NTFS

Drive D: | 11.16 Gb Total Space | 1.36 Gb Free Space | 12.21% Space Free | Partition Type: NTFS

Unable to calculate disk information.

Computer Name: AUG-11-HP | User Name: Aug-11 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

< End of report >

Link to post
Share on other sites

08:02:15.0155 2360 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32

08:02:15.0541 2360 ============================================================

08:02:15.0541 2360 Current date / time: 2012/04/04 08:02:15.0541

08:02:15.0541 2360 SystemInfo:

08:02:15.0541 2360

08:02:15.0541 2360 OS Version: 6.1.7601 ServicePack: 1.0

08:02:15.0541 2360 Product type: Workstation

08:02:15.0541 2360 ComputerName: AUG-11-HP

08:02:15.0541 2360 UserName: Aug-11

08:02:15.0541 2360 Windows directory: C:\Windows

08:02:15.0541 2360 System windows directory: C:\Windows

08:02:15.0541 2360 Running under WOW64

08:02:15.0541 2360 Processor architecture: Intel x64

08:02:15.0541 2360 Number of processors: 4

08:02:15.0541 2360 Page size: 0x1000

08:02:15.0541 2360 Boot type: Normal boot

08:02:15.0541 2360 ============================================================

08:02:17.0283 2360 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

08:02:17.0379 2360 \Device\Harddisk0\DR0:

08:02:17.0380 2360 MBR used

08:02:17.0380 2360 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

08:02:17.0380 2360 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x73081800

08:02:17.0380 2360 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x730B4000, BlocksNum 0x1652000

08:02:17.0523 2360 Initialize success

08:02:17.0523 2360 ============================================================

08:02:50.0347 5100 ============================================================

08:02:50.0347 5100 Scan started

08:02:50.0347 5100 Mode: Manual; SigCheck; TDLFS;

08:02:50.0347 5100 ============================================================

08:02:50.0784 5100 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

08:02:50.0846 5100 1394ohci - ok

08:02:50.0893 5100 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

08:02:50.0908 5100 ACPI - ok

08:02:50.0924 5100 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

08:02:50.0955 5100 AcpiPmi - ok

08:02:50.0986 5100 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

08:02:51.0002 5100 adp94xx - ok

08:02:51.0033 5100 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

08:02:51.0049 5100 adpahci - ok

08:02:51.0064 5100 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

08:02:51.0080 5100 adpu320 - ok

08:02:51.0096 5100 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

08:02:51.0174 5100 AeLookupSvc - ok

08:02:51.0205 5100 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

08:02:51.0236 5100 AFD - ok

08:02:51.0345 5100 AffinegyService (b29bc445561f1ac7b1daf67af954c36b) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

08:02:51.0361 5100 AffinegyService - ok

08:02:51.0408 5100 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

08:02:51.0408 5100 agp440 - ok

08:02:51.0439 5100 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

08:02:51.0454 5100 ALG - ok

08:02:51.0470 5100 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

08:02:51.0486 5100 aliide - ok

08:02:51.0501 5100 AMD External Events Utility (ca0d6c1390f4b3baf2a0a69d1a7f8332) C:\Windows\system32\atiesrxx.exe

08:02:51.0532 5100 AMD External Events Utility - ok

08:02:51.0548 5100 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

08:02:51.0548 5100 amdide - ok

08:02:51.0564 5100 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

08:02:51.0595 5100 AmdK8 - ok

08:02:51.0688 5100 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys

08:02:51.0829 5100 amdkmdag - ok

08:02:51.0860 5100 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys

08:02:51.0876 5100 amdkmdap - ok

08:02:51.0922 5100 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

08:02:51.0954 5100 AmdPPM - ok

08:02:51.0969 5100 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

08:02:51.0985 5100 amdsata - ok

08:02:52.0016 5100 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

08:02:52.0032 5100 amdsbs - ok

08:02:52.0047 5100 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

08:02:52.0063 5100 amdxata - ok

08:02:52.0078 5100 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\Windows\system32\drivers\amd_sata.sys

08:02:52.0094 5100 amd_sata - ok

08:02:52.0141 5100 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\Windows\system32\drivers\amd_xata.sys

08:02:52.0141 5100 amd_xata - ok

08:02:52.0203 5100 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

08:02:52.0297 5100 AppID - ok

08:02:52.0328 5100 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

08:02:52.0359 5100 AppIDSvc - ok

08:02:52.0375 5100 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

08:02:52.0406 5100 Appinfo - ok

08:02:52.0468 5100 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

08:02:52.0468 5100 arc - ok

08:02:52.0500 5100 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

08:02:52.0515 5100 arcsas - ok

08:02:52.0578 5100 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

08:02:52.0578 5100 aspnet_state - ok

08:02:52.0609 5100 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

08:02:52.0656 5100 AsyncMac - ok

08:02:52.0702 5100 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

08:02:52.0718 5100 atapi - ok

08:02:52.0765 5100 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\drivers\AtiPcie64.sys

08:02:52.0780 5100 AtiPcie - ok

08:02:52.0796 5100 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

08:02:52.0843 5100 AudioEndpointBuilder - ok

08:02:52.0843 5100 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

08:02:52.0874 5100 AudioSrv - ok

08:02:52.0968 5100 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

08:02:52.0999 5100 AxInstSV - ok

08:02:53.0030 5100 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

08:02:53.0061 5100 b06bdrv - ok

08:02:53.0077 5100 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

08:02:53.0108 5100 b57nd60a - ok

08:02:53.0139 5100 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

08:02:53.0155 5100 BDESVC - ok

08:02:53.0170 5100 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

08:02:53.0217 5100 Beep - ok

08:02:53.0264 5100 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

08:02:53.0311 5100 BFE - ok

08:02:53.0342 5100 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

08:02:53.0389 5100 BITS - ok

08:02:53.0451 5100 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

08:02:53.0467 5100 blbdrive - ok

08:02:53.0498 5100 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

08:02:53.0514 5100 bowser - ok

08:02:53.0545 5100 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

08:02:53.0560 5100 BrFiltLo - ok

08:02:53.0576 5100 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

08:02:53.0576 5100 BrFiltUp - ok

08:02:53.0638 5100 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

08:02:53.0670 5100 BridgeMP - ok

08:02:53.0701 5100 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

08:02:53.0732 5100 Browser - ok

08:02:53.0763 5100 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

08:02:53.0794 5100 Brserid - ok

08:02:53.0826 5100 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

08:02:53.0857 5100 BrSerWdm - ok

08:02:53.0872 5100 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

08:02:53.0888 5100 BrUsbMdm - ok

08:02:53.0919 5100 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

08:02:53.0919 5100 BrUsbSer - ok

08:02:53.0950 5100 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

08:02:53.0966 5100 BTHMODEM - ok

08:02:53.0997 5100 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

08:02:54.0028 5100 bthserv - ok

08:02:54.0200 5100 CarboniteService (9da7d983b4e9ea2d065edf566ca64fc8) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

08:02:54.0325 5100 CarboniteService - ok

08:02:54.0340 5100 catchme - ok

08:02:54.0372 5100 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

08:02:54.0403 5100 cdfs - ok

08:02:54.0450 5100 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

08:02:54.0465 5100 cdrom - ok

08:02:54.0496 5100 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

08:02:54.0528 5100 CertPropSvc - ok

08:02:54.0543 5100 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

08:02:54.0543 5100 circlass - ok

08:02:54.0574 5100 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

08:02:54.0590 5100 CLFS - ok

08:02:54.0621 5100 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

08:02:54.0637 5100 clr_optimization_v2.0.50727_32 - ok

08:02:54.0668 5100 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

08:02:54.0684 5100 clr_optimization_v2.0.50727_64 - ok

08:02:54.0730 5100 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

08:02:54.0730 5100 clr_optimization_v4.0.30319_32 - ok

08:02:54.0777 5100 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

08:02:54.0777 5100 clr_optimization_v4.0.30319_64 - ok

08:02:54.0808 5100 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

08:02:54.0824 5100 CmBatt - ok

08:02:54.0855 5100 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

08:02:54.0855 5100 cmdide - ok

08:02:54.0886 5100 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

08:02:54.0902 5100 CNG - ok

08:02:54.0918 5100 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

08:02:54.0918 5100 Compbatt - ok

08:02:54.0964 5100 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

08:02:54.0996 5100 CompositeBus - ok

08:02:54.0996 5100 COMSysApp - ok

08:02:55.0011 5100 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

08:02:55.0027 5100 crcdisk - ok

08:02:55.0042 5100 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

08:02:55.0074 5100 CryptSvc - ok

08:02:55.0167 5100 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

08:02:55.0183 5100 cvhsvc - ok

08:02:55.0214 5100 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

08:02:55.0261 5100 DcomLaunch - ok

08:02:55.0276 5100 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

08:02:55.0308 5100 defragsvc - ok

08:02:55.0339 5100 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

08:02:55.0370 5100 DfsC - ok

08:02:55.0386 5100 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

08:02:55.0432 5100 Dhcp - ok

08:02:55.0448 5100 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

08:02:55.0479 5100 discache - ok

08:02:55.0542 5100 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

08:02:55.0557 5100 Disk - ok

08:02:55.0588 5100 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

08:02:55.0588 5100 Dnscache - ok

08:02:55.0620 5100 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

08:02:55.0651 5100 dot3svc - ok

08:02:55.0666 5100 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

08:02:55.0713 5100 DPS - ok

08:02:55.0760 5100 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

08:02:55.0776 5100 drmkaud - ok

08:02:55.0807 5100 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

08:02:55.0822 5100 DXGKrnl - ok

08:02:55.0869 5100 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

08:02:55.0900 5100 EapHost - ok

08:02:55.0963 5100 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

08:02:56.0025 5100 ebdrv - ok

08:02:56.0072 5100 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

08:02:56.0088 5100 EFS - ok

08:02:56.0134 5100 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

08:02:56.0150 5100 ehRecvr - ok

08:02:56.0166 5100 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

08:02:56.0181 5100 ehSched - ok

08:02:56.0228 5100 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

08:02:56.0244 5100 elxstor - ok

08:02:56.0275 5100 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

08:02:56.0306 5100 ErrDev - ok

08:02:56.0322 5100 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

08:02:56.0368 5100 EventSystem - ok

08:02:56.0431 5100 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

08:02:56.0462 5100 exfat - ok

08:02:56.0478 5100 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

08:02:56.0509 5100 fastfat - ok

08:02:56.0540 5100 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

08:02:56.0571 5100 Fax - ok

08:02:56.0587 5100 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

08:02:56.0602 5100 fdc - ok

08:02:56.0618 5100 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

08:02:56.0649 5100 fdPHost - ok

08:02:56.0665 5100 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

08:02:56.0696 5100 FDResPub - ok

08:02:56.0712 5100 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

08:02:56.0712 5100 FileInfo - ok

08:02:56.0727 5100 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

08:02:56.0758 5100 Filetrace - ok

08:02:56.0774 5100 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

08:02:56.0790 5100 flpydisk - ok

08:02:56.0805 5100 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

08:02:56.0821 5100 FltMgr - ok

08:02:56.0868 5100 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

08:02:56.0899 5100 FontCache - ok

08:02:56.0946 5100 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

08:02:56.0961 5100 FontCache3.0.0.0 - ok

08:02:56.0977 5100 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

08:02:56.0977 5100 FsDepends - ok

08:02:56.0992 5100 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

08:02:57.0008 5100 Fs_Rec - ok

08:02:57.0024 5100 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

08:02:57.0039 5100 fvevol - ok

08:02:57.0070 5100 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

08:02:57.0070 5100 gagp30kx - ok

08:02:57.0148 5100 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

08:02:57.0148 5100 GamesAppService - ok

08:02:57.0195 5100 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

08:02:57.0226 5100 gpsvc - ok

08:02:57.0242 5100 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

08:02:57.0273 5100 hcw85cir - ok

08:02:57.0304 5100 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

08:02:57.0336 5100 HdAudAddService - ok

08:02:57.0382 5100 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

08:02:57.0398 5100 HDAudBus - ok

08:02:57.0414 5100 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

08:02:57.0445 5100 HidBatt - ok

08:02:57.0460 5100 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

08:02:57.0476 5100 HidBth - ok

08:02:57.0507 5100 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

08:02:57.0507 5100 HidIr - ok

08:02:57.0538 5100 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

08:02:57.0570 5100 hidserv - ok

08:02:57.0601 5100 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

08:02:57.0616 5100 HidUsb - ok

08:02:57.0632 5100 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

08:02:57.0679 5100 hkmsvc - ok

08:02:57.0710 5100 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

08:02:57.0726 5100 HomeGroupListener - ok

08:02:57.0741 5100 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

08:02:57.0772 5100 HomeGroupProvider - ok

08:02:57.0866 5100 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

08:02:57.0866 5100 HP Support Assistant Service - ok

08:02:57.0928 5100 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

08:02:57.0928 5100 HPClientSvc - ok

08:02:58.0006 5100 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

08:02:58.0022 5100 HPDrvMntSvc.exe - ok

08:02:58.0256 5100 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

08:02:58.0287 5100 hpqwmiex - ok

08:02:58.0350 5100 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

08:02:58.0365 5100 HpSAMD - ok

08:02:58.0396 5100 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

08:02:58.0443 5100 HTTP - ok

08:02:58.0459 5100 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

08:02:58.0474 5100 hwpolicy - ok

08:02:58.0506 5100 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

08:02:58.0521 5100 i8042prt - ok

08:02:58.0552 5100 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

08:02:58.0568 5100 iaStorV - ok

08:02:58.0630 5100 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

08:02:58.0646 5100 idsvc - ok

08:02:58.0755 5100 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys

08:02:58.0880 5100 igfx - ok

08:02:58.0927 5100 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

08:02:58.0942 5100 iirsp - ok

08:02:58.0974 5100 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

08:02:59.0020 5100 IKEEXT - ok

08:02:59.0067 5100 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys

08:02:59.0098 5100 IntcAzAudAddService - ok

08:02:59.0145 5100 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

08:02:59.0161 5100 intelide - ok

08:02:59.0176 5100 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys

08:02:59.0192 5100 intelppm - ok

08:02:59.0239 5100 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

08:02:59.0286 5100 IPBusEnum - ok

08:02:59.0301 5100 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

08:02:59.0332 5100 IpFilterDriver - ok

08:02:59.0348 5100 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

08:02:59.0395 5100 iphlpsvc - ok

08:02:59.0410 5100 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

08:02:59.0426 5100 IPMIDRV - ok

08:02:59.0442 5100 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

08:02:59.0473 5100 IPNAT - ok

08:02:59.0504 5100 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

08:02:59.0520 5100 IRENUM - ok

08:02:59.0535 5100 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

08:02:59.0535 5100 isapnp - ok

08:02:59.0566 5100 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

08:02:59.0582 5100 iScsiPrt - ok

08:02:59.0598 5100 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

08:02:59.0613 5100 kbdclass - ok

08:02:59.0644 5100 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

08:02:59.0660 5100 kbdhid - ok

08:02:59.0707 5100 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:02:59.0722 5100 KeyIso - ok

08:02:59.0738 5100 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

08:02:59.0738 5100 KSecDD - ok

08:02:59.0754 5100 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

08:02:59.0769 5100 KSecPkg - ok

08:02:59.0785 5100 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

08:02:59.0832 5100 ksthunk - ok

08:02:59.0847 5100 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

08:02:59.0894 5100 KtmRm - ok

08:02:59.0941 5100 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

08:02:59.0988 5100 LanmanServer - ok

08:03:00.0003 5100 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

08:03:00.0034 5100 LanmanWorkstation - ok

08:03:00.0097 5100 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

08:03:00.0128 5100 lltdio - ok

08:03:00.0159 5100 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

08:03:00.0190 5100 lltdsvc - ok

08:03:00.0206 5100 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

08:03:00.0237 5100 lmhosts - ok

08:03:00.0284 5100 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

08:03:00.0300 5100 LSI_FC - ok

08:03:00.0315 5100 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

08:03:00.0331 5100 LSI_SAS - ok

08:03:00.0346 5100 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

08:03:00.0362 5100 LSI_SAS2 - ok

08:03:00.0393 5100 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

08:03:00.0409 5100 LSI_SCSI - ok

08:03:00.0424 5100 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

08:03:00.0456 5100 luafv - ok

08:03:00.0471 5100 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

08:03:00.0487 5100 Mcx2Svc - ok

08:03:00.0518 5100 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

08:03:00.0518 5100 megasas - ok

08:03:00.0549 5100 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

08:03:00.0549 5100 MegaSR - ok

08:03:00.0612 5100 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys

08:03:00.0627 5100 mfeapfk - ok

08:03:00.0690 5100 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys

08:03:00.0705 5100 mfehidk - ok

08:03:00.0721 5100 mfevtp (3ed58a36f7f7d60f0ef44d29810b0b80) C:\Windows\system32\mfevtps.exe

08:03:00.0736 5100 mfevtp - ok

08:03:00.0752 5100 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

08:03:00.0783 5100 MMCSS - ok

08:03:00.0799 5100 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

08:03:00.0846 5100 Modem - ok

08:03:00.0892 5100 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

08:03:00.0908 5100 monitor - ok

08:03:00.0939 5100 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

08:03:00.0955 5100 mouclass - ok

08:03:00.0970 5100 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

08:03:00.0986 5100 mouhid - ok

08:03:01.0017 5100 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

08:03:01.0033 5100 mountmgr - ok

08:03:01.0064 5100 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

08:03:01.0064 5100 mpio - ok

08:03:01.0080 5100 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

08:03:01.0111 5100 mpsdrv - ok

08:03:01.0142 5100 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

08:03:01.0173 5100 MpsSvc - ok

08:03:01.0189 5100 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

08:03:01.0220 5100 MRxDAV - ok

08:03:01.0267 5100 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

08:03:01.0282 5100 mrxsmb - ok

08:03:01.0314 5100 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

08:03:01.0329 5100 mrxsmb10 - ok

08:03:01.0345 5100 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

08:03:01.0360 5100 mrxsmb20 - ok

08:03:01.0376 5100 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

08:03:01.0376 5100 msahci - ok

08:03:01.0407 5100 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

08:03:01.0407 5100 msdsm - ok

08:03:01.0423 5100 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

08:03:01.0438 5100 MSDTC - ok

08:03:01.0485 5100 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

08:03:01.0501 5100 Msfs - ok

08:03:01.0516 5100 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

08:03:01.0548 5100 mshidkmdf - ok

08:03:01.0563 5100 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

08:03:01.0579 5100 msisadrv - ok

08:03:01.0641 5100 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

08:03:01.0672 5100 MSiSCSI - ok

08:03:01.0688 5100 msiserver - ok

08:03:01.0719 5100 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

08:03:01.0750 5100 MSKSSRV - ok

08:03:01.0766 5100 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

08:03:01.0797 5100 MSPCLOCK - ok

08:03:01.0813 5100 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

08:03:01.0860 5100 MSPQM - ok

08:03:01.0875 5100 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

08:03:01.0891 5100 MsRPC - ok

08:03:01.0906 5100 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

08:03:01.0922 5100 mssmbios - ok

08:03:01.0969 5100 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

08:03:02.0000 5100 MSTEE - ok

08:03:02.0016 5100 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

08:03:02.0016 5100 MTConfig - ok

08:03:02.0031 5100 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

08:03:02.0047 5100 Mup - ok

08:03:02.0062 5100 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

08:03:02.0109 5100 napagent - ok

08:03:02.0140 5100 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

08:03:02.0172 5100 NativeWifiP - ok

08:03:02.0234 5100 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

08:03:02.0265 5100 NDIS - ok

08:03:02.0312 5100 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

08:03:02.0328 5100 NdisCap - ok

08:03:02.0359 5100 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

08:03:02.0390 5100 NdisTapi - ok

08:03:02.0406 5100 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

08:03:02.0421 5100 Ndisuio - ok

08:03:02.0437 5100 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

08:03:02.0484 5100 NdisWan - ok

08:03:02.0499 5100 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

08:03:02.0530 5100 NDProxy - ok

08:03:02.0530 5100 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

08:03:02.0577 5100 NetBIOS - ok

08:03:02.0593 5100 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

08:03:02.0624 5100 NetBT - ok

08:03:02.0640 5100 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:03:02.0655 5100 Netlogon - ok

08:03:02.0702 5100 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

08:03:02.0749 5100 Netman - ok

08:03:02.0827 5100 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

08:03:02.0827 5100 NetMsmqActivator - ok

08:03:02.0842 5100 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

08:03:02.0842 5100 NetPipeActivator - ok

08:03:02.0858 5100 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

08:03:02.0905 5100 netprofm - ok

08:03:02.0920 5100 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

08:03:02.0920 5100 NetTcpActivator - ok

08:03:02.0920 5100 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

08:03:02.0936 5100 NetTcpPortSharing - ok

08:03:03.0014 5100 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

08:03:03.0014 5100 nfrd960 - ok

08:03:03.0061 5100 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

08:03:03.0108 5100 NlaSvc - ok

08:03:03.0139 5100 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

08:03:03.0154 5100 Npfs - ok

08:03:03.0170 5100 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

08:03:03.0201 5100 nsi - ok

08:03:03.0232 5100 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

08:03:03.0248 5100 nsiproxy - ok

08:03:03.0310 5100 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

08:03:03.0357 5100 Ntfs - ok

08:03:03.0373 5100 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

08:03:03.0404 5100 Null - ok

08:03:03.0451 5100 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

08:03:03.0451 5100 nvraid - ok

08:03:03.0466 5100 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

08:03:03.0482 5100 nvstor - ok

08:03:03.0513 5100 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

08:03:03.0513 5100 nv_agp - ok

08:03:03.0529 5100 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

08:03:03.0544 5100 ohci1394 - ok

08:03:03.0622 5100 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

08:03:03.0622 5100 ose - ok

08:03:03.0716 5100 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

08:03:03.0825 5100 osppsvc - ok

08:03:03.0872 5100 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

08:03:03.0903 5100 p2pimsvc - ok

08:03:03.0934 5100 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

08:03:03.0966 5100 p2psvc - ok

08:03:03.0997 5100 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

08:03:04.0012 5100 Parport - ok

08:03:04.0059 5100 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

08:03:04.0059 5100 partmgr - ok

08:03:04.0075 5100 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

08:03:04.0106 5100 PcaSvc - ok

08:03:04.0122 5100 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

08:03:04.0137 5100 pci - ok

08:03:04.0153 5100 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

08:03:04.0168 5100 pciide - ok

08:03:04.0184 5100 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

08:03:04.0200 5100 pcmcia - ok

08:03:04.0215 5100 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

08:03:04.0231 5100 pcw - ok

08:03:04.0309 5100 pdfcDispatcher - ok

08:03:04.0324 5100 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

08:03:04.0371 5100 PEAUTH - ok

08:03:04.0418 5100 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

08:03:04.0434 5100 PerfHost - ok

08:03:04.0496 5100 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

08:03:04.0543 5100 pla - ok

08:03:04.0605 5100 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

08:03:04.0636 5100 PlugPlay - ok

08:03:04.0636 5100 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

08:03:04.0668 5100 PNRPAutoReg - ok

08:03:04.0683 5100 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

08:03:04.0699 5100 PNRPsvc - ok

08:03:04.0730 5100 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

08:03:04.0777 5100 PolicyAgent - ok

08:03:04.0808 5100 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

08:03:04.0839 5100 Power - ok

08:03:04.0902 5100 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

08:03:04.0933 5100 PptpMiniport - ok

08:03:04.0964 5100 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

08:03:04.0995 5100 Processor - ok

08:03:05.0042 5100 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

08:03:05.0073 5100 ProfSvc - ok

08:03:05.0089 5100 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:03:05.0104 5100 ProtectedStorage - ok

08:03:05.0120 5100 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

08:03:05.0151 5100 Psched - ok

08:03:05.0214 5100 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

08:03:05.0260 5100 ql2300 - ok

08:03:05.0276 5100 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

08:03:05.0292 5100 ql40xx - ok

08:03:05.0307 5100 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

08:03:05.0338 5100 QWAVE - ok

08:03:05.0354 5100 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

08:03:05.0370 5100 QWAVEdrv - ok

08:03:05.0385 5100 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

08:03:05.0416 5100 RasAcd - ok

08:03:05.0463 5100 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

08:03:05.0494 5100 RasAgileVpn - ok

08:03:05.0494 5100 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

08:03:05.0526 5100 RasAuto - ok

08:03:05.0541 5100 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

08:03:05.0588 5100 Rasl2tp - ok

08:03:05.0619 5100 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

08:03:05.0650 5100 RasMan - ok

08:03:05.0666 5100 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

08:03:05.0713 5100 RasPppoe - ok

08:03:05.0728 5100 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

08:03:05.0760 5100 RasSstp - ok

08:03:05.0775 5100 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

08:03:05.0806 5100 rdbss - ok

08:03:05.0822 5100 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

08:03:05.0838 5100 rdpbus - ok

08:03:05.0853 5100 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

08:03:05.0884 5100 RDPCDD - ok

08:03:05.0900 5100 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

08:03:05.0931 5100 RDPENCDD - ok

08:03:05.0947 5100 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

08:03:05.0978 5100 RDPREFMP - ok

08:03:05.0994 5100 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

08:03:06.0025 5100 RDPWD - ok

08:03:06.0040 5100 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

08:03:06.0056 5100 rdyboost - ok

08:03:06.0072 5100 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

08:03:06.0103 5100 RemoteAccess - ok

08:03:06.0134 5100 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

08:03:06.0165 5100 RemoteRegistry - ok

08:03:06.0228 5100 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

08:03:06.0228 5100 RoxioNow Service - ok

08:03:06.0259 5100 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

08:03:06.0290 5100 RpcEptMapper - ok

08:03:06.0290 5100 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

08:03:06.0306 5100 RpcLocator - ok

08:03:06.0321 5100 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

08:03:06.0352 5100 RpcSs - ok

08:03:06.0384 5100 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

08:03:06.0399 5100 rspndr - ok

08:03:06.0462 5100 RTL8167 (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys

08:03:06.0462 5100 RTL8167 - ok

08:03:06.0493 5100 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:03:06.0508 5100 SamSs - ok

08:03:06.0524 5100 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

08:03:06.0540 5100 sbp2port - ok

08:03:06.0571 5100 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

08:03:06.0602 5100 SCardSvr - ok

08:03:06.0618 5100 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

08:03:06.0649 5100 scfilter - ok

08:03:06.0680 5100 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

08:03:06.0727 5100 Schedule - ok

08:03:06.0758 5100 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

08:03:06.0789 5100 SCPolicySvc - ok

08:03:06.0805 5100 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

08:03:06.0820 5100 SDRSVC - ok

08:03:06.0867 5100 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

08:03:06.0883 5100 SeaPort - ok

08:03:06.0930 5100 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

08:03:06.0961 5100 secdrv - ok

08:03:06.0992 5100 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

08:03:07.0008 5100 seclogon - ok

08:03:07.0054 5100 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

08:03:07.0086 5100 SENS - ok

08:03:07.0101 5100 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

08:03:07.0117 5100 SensrSvc - ok

08:03:07.0179 5100 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

08:03:07.0195 5100 Serenum - ok

08:03:07.0242 5100 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

08:03:07.0257 5100 Serial - ok

08:03:07.0288 5100 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

08:03:07.0304 5100 sermouse - ok

08:03:07.0335 5100 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

08:03:07.0366 5100 SessionEnv - ok

08:03:07.0382 5100 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

08:03:07.0398 5100 sffdisk - ok

08:03:07.0413 5100 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

08:03:07.0429 5100 sffp_mmc - ok

08:03:07.0444 5100 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

08:03:07.0460 5100 sffp_sd - ok

08:03:07.0476 5100 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

08:03:07.0491 5100 sfloppy - ok

08:03:07.0554 5100 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys

08:03:07.0569 5100 Sftfs - ok

08:03:07.0616 5100 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

08:03:07.0632 5100 sftlist - ok

08:03:07.0647 5100 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys

08:03:07.0663 5100 Sftplay - ok

08:03:07.0678 5100 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys

08:03:07.0678 5100 Sftredir - ok

08:03:07.0710 5100 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys

08:03:07.0710 5100 Sftvol - ok

08:03:07.0756 5100 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

08:03:07.0772 5100 sftvsa - ok

08:03:07.0788 5100 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

08:03:07.0834 5100 SharedAccess - ok

08:03:07.0866 5100 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

08:03:07.0912 5100 ShellHWDetection - ok

08:03:07.0959 5100 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

08:03:07.0975 5100 SiSRaid2 - ok

08:03:07.0990 5100 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

08:03:08.0006 5100 SiSRaid4 - ok

08:03:08.0053 5100 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

08:03:08.0100 5100 Smb - ok

08:03:08.0146 5100 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

08:03:08.0162 5100 SNMPTRAP - ok

08:03:08.0178 5100 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

08:03:08.0193 5100 spldr - ok

08:03:08.0224 5100 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

08:03:08.0256 5100 Spooler - ok

08:03:08.0318 5100 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

08:03:08.0427 5100 sppsvc - ok

08:03:08.0458 5100 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

08:03:08.0474 5100 sppuinotify - ok

08:03:08.0521 5100 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

08:03:08.0536 5100 srv - ok

08:03:08.0583 5100 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

08:03:08.0614 5100 srv2 - ok

08:03:08.0630 5100 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

08:03:08.0646 5100 srvnet - ok

08:03:08.0692 5100 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

08:03:08.0724 5100 SSDPSRV - ok

08:03:08.0739 5100 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

08:03:08.0770 5100 SstpSvc - ok

08:03:08.0786 5100 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

08:03:08.0802 5100 stexstor - ok

08:03:08.0864 5100 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

08:03:08.0880 5100 stisvc - ok

08:03:08.0911 5100 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

08:03:08.0911 5100 swenum - ok

08:03:08.0926 5100 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

08:03:08.0973 5100 swprv - ok

08:03:09.0004 5100 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

08:03:09.0067 5100 SysMain - ok

08:03:09.0082 5100 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

08:03:09.0098 5100 TabletInputService - ok

08:03:09.0114 5100 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

08:03:09.0160 5100 TapiSrv - ok

08:03:09.0176 5100 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

08:03:09.0207 5100 TBS - ok

08:03:09.0410 5100 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

08:03:09.0472 5100 Tcpip - ok

08:03:09.0535 5100 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

08:03:09.0566 5100 TCPIP6 - ok

08:03:09.0582 5100 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

08:03:09.0613 5100 tcpipreg - ok

08:03:09.0628 5100 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

08:03:09.0644 5100 TDPIPE - ok

08:03:09.0675 5100 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

08:03:09.0675 5100 TDTCP - ok

08:03:09.0691 5100 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

08:03:09.0722 5100 tdx - ok

08:03:09.0769 5100 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

08:03:09.0769 5100 TermDD - ok

08:03:09.0800 5100 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

08:03:09.0847 5100 TermService - ok

08:03:09.0862 5100 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

08:03:09.0894 5100 Themes - ok

08:03:09.0909 5100 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

08:03:09.0940 5100 THREADORDER - ok

08:03:09.0956 5100 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

08:03:09.0987 5100 TrkWks - ok

08:03:10.0003 5100 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

08:03:10.0034 5100 TrustedInstaller - ok

08:03:10.0065 5100 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

08:03:10.0096 5100 tssecsrv - ok

08:03:10.0143 5100 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

08:03:10.0143 5100 TsUsbFlt - ok

08:03:10.0159 5100 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

08:03:10.0174 5100 TsUsbGD - ok

08:03:10.0221 5100 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

08:03:10.0252 5100 tunnel - ok

08:03:10.0268 5100 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

08:03:10.0284 5100 uagp35 - ok

08:03:10.0299 5100 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

08:03:10.0346 5100 udfs - ok

08:03:10.0362 5100 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

08:03:10.0377 5100 UI0Detect - ok

08:03:10.0393 5100 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

08:03:10.0408 5100 uliagpkx - ok

08:03:10.0455 5100 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

08:03:10.0471 5100 umbus - ok

08:03:10.0502 5100 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

08:03:10.0518 5100 UmPass - ok

08:03:10.0533 5100 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

08:03:10.0580 5100 upnphost - ok

08:03:10.0627 5100 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

08:03:10.0642 5100 usbccgp - ok

08:03:10.0658 5100 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

08:03:10.0674 5100 usbcir - ok

08:03:10.0689 5100 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

08:03:10.0720 5100 usbehci - ok

08:03:10.0736 5100 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\drivers\usbfilter.sys

08:03:10.0752 5100 usbfilter - ok

08:03:10.0767 5100 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

08:03:10.0783 5100 usbhub - ok

08:03:10.0814 5100 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

08:03:10.0830 5100 usbohci - ok

08:03:10.0876 5100 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

08:03:10.0892 5100 usbprint - ok

08:03:10.0908 5100 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

08:03:10.0923 5100 usbscan - ok

08:03:10.0939 5100 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

08:03:10.0954 5100 USBSTOR - ok

08:03:10.0970 5100 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

08:03:10.0986 5100 usbuhci - ok

08:03:11.0017 5100 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

08:03:11.0048 5100 UxSms - ok

08:03:11.0064 5100 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:03:11.0079 5100 VaultSvc - ok

08:03:11.0126 5100 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

08:03:11.0126 5100 vdrvroot - ok

08:03:11.0142 5100 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

08:03:11.0188 5100 vds - ok

08:03:11.0220 5100 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

08:03:11.0235 5100 vga - ok

08:03:11.0251 5100 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

08:03:11.0298 5100 VgaSave - ok

08:03:11.0313 5100 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

08:03:11.0313 5100 vhdmp - ok

08:03:11.0344 5100 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

08:03:11.0360 5100 viaide - ok

08:03:11.0376 5100 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

08:03:11.0376 5100 volmgr - ok

08:03:11.0407 5100 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

08:03:11.0422 5100 volmgrx - ok

08:03:11.0438 5100 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

08:03:11.0438 5100 volsnap - ok

08:03:11.0485 5100 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

08:03:11.0500 5100 vsmraid - ok

08:03:11.0547 5100 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

08:03:11.0610 5100 VSS - ok

08:03:11.0625 5100 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

08:03:11.0641 5100 vwifibus - ok

08:03:11.0688 5100 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

08:03:11.0719 5100 W32Time - ok

08:03:11.0750 5100 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

08:03:11.0766 5100 WacomPen - ok

08:03:11.0812 5100 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

08:03:11.0844 5100 WANARP - ok

08:03:11.0844 5100 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

08:03:11.0875 5100 Wanarpv6 - ok

08:03:11.0937 5100 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

08:03:11.0968 5100 WatAdminSvc - ok

08:03:12.0000 5100 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

08:03:12.0062 5100 wbengine - ok

08:03:12.0093 5100 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

08:03:12.0109 5100 WbioSrvc - ok

08:03:12.0124 5100 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

08:03:12.0156 5100 wcncsvc - ok

08:03:12.0187 5100 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

08:03:12.0187 5100 WcsPlugInService - ok

08:03:12.0218 5100 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

08:03:12.0234 5100 Wd - ok

08:03:12.0265 5100 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

08:03:12.0280 5100 Wdf01000 - ok

08:03:12.0296 5100 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

08:03:12.0327 5100 WdiServiceHost - ok

08:03:12.0327 5100 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

08:03:12.0343 5100 WdiSystemHost - ok

08:03:12.0358 5100 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

08:03:12.0374 5100 WebClient - ok

08:03:12.0390 5100 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

08:03:12.0436 5100 Wecsvc - ok

08:03:12.0452 5100 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

08:03:12.0483 5100 wercplsupport - ok

08:03:12.0499 5100 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

08:03:12.0530 5100 WerSvc - ok

08:03:12.0561 5100 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

08:03:12.0592 5100 WfpLwf - ok

08:03:12.0608 5100 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

08:03:12.0608 5100 WIMMount - ok

08:03:12.0624 5100 WinDefend - ok

08:03:12.0639 5100 WinHttpAutoProxySvc - ok

08:03:12.0670 5100 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

08:03:12.0702 5100 Winmgmt - ok

08:03:12.0748 5100 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

08:03:12.0811 5100 WinRM - ok

08:03:12.0873 5100 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

08:03:12.0889 5100 WinUsb - ok

08:03:12.0904 5100 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

08:03:12.0936 5100 Wlansvc - ok

08:03:12.0998 5100 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

08:03:13.0014 5100 wlcrasvc - ok

08:03:13.0092 5100 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

08:03:13.0123 5100 wlidsvc - ok

08:03:13.0170 5100 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

08:03:13.0201 5100 WmiAcpi - ok

08:03:13.0216 5100 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

08:03:13.0248 5100 wmiApSrv - ok

08:03:13.0294 5100 WMPNetworkSvc - ok

08:03:13.0294 5100 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

08:03:13.0310 5100 WPCSvc - ok

08:03:13.0326 5100 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

08:03:13.0341 5100 WPDBusEnum - ok

08:03:13.0357 5100 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

08:03:13.0388 5100 ws2ifsl - ok

08:03:13.0435 5100 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

08:03:13.0450 5100 wscsvc - ok

08:03:13.0466 5100 WSearch - ok

08:03:13.0497 5100 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

08:03:13.0575 5100 wuauserv - ok

08:03:13.0606 5100 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

08:03:13.0653 5100 WudfPf - ok

08:03:13.0700 5100 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

08:03:13.0731 5100 WUDFRd - ok

08:03:13.0778 5100 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

08:03:13.0809 5100 wudfsvc - ok

08:03:13.0825 5100 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

08:03:13.0856 5100 WwanSvc - ok

08:03:13.0903 5100 MBR (0x1B8) (6f9dd6ab827c8b46cad334291946f201) \Device\Harddisk0\DR0

08:03:14.0074 5100 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

08:03:14.0074 5100 \Device\Harddisk0\DR0 - detected TDSS File System (1)

08:03:14.0074 5100 Boot (0x1200) (b920e4bc4db2a2f85672de53afd62e83) \Device\Harddisk0\DR0\Partition0

08:03:14.0074 5100 \Device\Harddisk0\DR0\Partition0 - ok

08:03:14.0106 5100 Boot (0x1200) (6c565c6c6da482cbbc6f595924924585) \Device\Harddisk0\DR0\Partition1

08:03:14.0106 5100 \Device\Harddisk0\DR0\Partition1 - ok

08:03:14.0137 5100 Boot (0x1200) (bff80509c2c7cfccb6c9f2aed897ec2b) \Device\Harddisk0\DR0\Partition2

08:03:14.0137 5100 \Device\Harddisk0\DR0\Partition2 - ok

08:03:14.0137 5100 ============================================================

08:03:14.0137 5100 Scan finished

08:03:14.0137 5100 ============================================================

08:03:14.0137 5052 Detected object count: 1

08:03:14.0137 5052 Actual detected object count: 1

08:03:28.0899 5052 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

08:03:28.0899 5052 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Link to post
Share on other sites

08:03:28.0899 5052 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

08:03:28.0899 5052 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Run it again and delete these two.

------------------------------------

Delete your copy of ComboFix and download and run a fresh copy as before, post back the log.

MrC

Link to post
Share on other sites

ran tdsskiller again and deleted... here's that log. will run combofix again as well.

18:29:19.0109 4108 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32

18:29:19.0488 4108 ============================================================

18:29:19.0488 4108 Current date / time: 2012/04/04 18:29:19.0488

18:29:19.0488 4108 SystemInfo:

18:29:19.0488 4108

18:29:19.0488 4108 OS Version: 6.1.7601 ServicePack: 1.0

18:29:19.0488 4108 Product type: Workstation

18:29:19.0488 4108 ComputerName: AUG-11-HP

18:29:19.0489 4108 UserName: Aug-11

18:29:19.0489 4108 Windows directory: C:\Windows

18:29:19.0489 4108 System windows directory: C:\Windows

18:29:19.0489 4108 Running under WOW64

18:29:19.0489 4108 Processor architecture: Intel x64

18:29:19.0489 4108 Number of processors: 4

18:29:19.0489 4108 Page size: 0x1000

18:29:19.0489 4108 Boot type: Normal boot

18:29:19.0489 4108 ============================================================

18:29:22.0254 4108 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

18:29:22.0350 4108 \Device\Harddisk0\DR0:

18:29:22.0350 4108 MBR used

18:29:22.0350 4108 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

18:29:22.0350 4108 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x73081800

18:29:22.0350 4108 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x730B4000, BlocksNum 0x1652000

18:29:22.0461 4108 Initialize success

18:29:22.0461 4108 ============================================================

18:29:29.0126 3584 ============================================================

18:29:29.0126 3584 Scan started

18:29:29.0126 3584 Mode: Manual; SigCheck; TDLFS;

18:29:29.0126 3584 ============================================================

18:29:30.0434 3584 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

18:29:30.0508 3584 1394ohci - ok

18:29:30.0535 3584 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

18:29:30.0549 3584 ACPI - ok

18:29:30.0570 3584 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

18:29:30.0605 3584 AcpiPmi - ok

18:29:30.0630 3584 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

18:29:30.0647 3584 adp94xx - ok

18:29:30.0721 3584 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

18:29:30.0739 3584 adpahci - ok

18:29:30.0754 3584 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

18:29:30.0765 3584 adpu320 - ok

18:29:30.0789 3584 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

18:29:30.0862 3584 AeLookupSvc - ok

18:29:30.0918 3584 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

18:29:30.0949 3584 AFD - ok

18:29:31.0109 3584 AffinegyService (b29bc445561f1ac7b1daf67af954c36b) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

18:29:31.0149 3584 AffinegyService - ok

18:29:31.0193 3584 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

18:29:31.0203 3584 agp440 - ok

18:29:31.0220 3584 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

18:29:31.0245 3584 ALG - ok

18:29:31.0293 3584 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

18:29:31.0302 3584 aliide - ok

18:29:31.0354 3584 AMD External Events Utility (ca0d6c1390f4b3baf2a0a69d1a7f8332) C:\Windows\system32\atiesrxx.exe

18:29:31.0397 3584 AMD External Events Utility - ok

18:29:31.0416 3584 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

18:29:31.0425 3584 amdide - ok

18:29:31.0488 3584 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

18:29:31.0538 3584 AmdK8 - ok

18:29:31.0660 3584 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys

18:29:31.0830 3584 amdkmdag - ok

18:29:31.0868 3584 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys

18:29:31.0890 3584 amdkmdap - ok

18:29:31.0931 3584 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

18:29:31.0963 3584 AmdPPM - ok

18:29:32.0004 3584 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

18:29:32.0027 3584 amdsata - ok

18:29:32.0112 3584 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

18:29:32.0136 3584 amdsbs - ok

18:29:32.0161 3584 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

18:29:32.0182 3584 amdxata - ok

18:29:32.0207 3584 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\Windows\system32\drivers\amd_sata.sys

18:29:32.0269 3584 amd_sata - ok

18:29:32.0343 3584 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\Windows\system32\drivers\amd_xata.sys

18:29:32.0350 3584 amd_xata - ok

18:29:32.0414 3584 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

18:29:32.0524 3584 AppID - ok

18:29:32.0620 3584 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

18:29:32.0673 3584 AppIDSvc - ok

18:29:32.0687 3584 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

18:29:32.0718 3584 Appinfo - ok

18:29:32.0775 3584 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

18:29:32.0785 3584 arc - ok

18:29:32.0823 3584 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

18:29:32.0833 3584 arcsas - ok

18:29:32.0923 3584 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

18:29:32.0950 3584 aspnet_state - ok

18:29:32.0992 3584 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

18:29:33.0035 3584 AsyncMac - ok

18:29:33.0082 3584 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

18:29:33.0091 3584 atapi - ok

18:29:33.0145 3584 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\drivers\AtiPcie64.sys

18:29:33.0153 3584 AtiPcie - ok

18:29:33.0175 3584 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

18:29:33.0215 3584 AudioEndpointBuilder - ok

18:29:33.0225 3584 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

18:29:33.0256 3584 AudioSrv - ok

18:29:33.0277 3584 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

18:29:33.0305 3584 AxInstSV - ok

18:29:33.0333 3584 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

18:29:33.0387 3584 b06bdrv - ok

18:29:33.0418 3584 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

18:29:33.0446 3584 b57nd60a - ok

18:29:33.0486 3584 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

18:29:33.0509 3584 BDESVC - ok

18:29:33.0526 3584 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

18:29:33.0574 3584 Beep - ok

18:29:33.0633 3584 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

18:29:33.0678 3584 BFE - ok

18:29:33.0835 3584 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

18:29:33.0897 3584 BITS - ok

18:29:33.0943 3584 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

18:29:33.0955 3584 blbdrive - ok

18:29:34.0037 3584 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

18:29:34.0072 3584 bowser - ok

18:29:34.0095 3584 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

18:29:34.0108 3584 BrFiltLo - ok

18:29:34.0123 3584 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

18:29:34.0137 3584 BrFiltUp - ok

18:29:34.0203 3584 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

18:29:34.0240 3584 BridgeMP - ok

18:29:34.0265 3584 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

18:29:34.0301 3584 Browser - ok

18:29:34.0317 3584 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

18:29:34.0351 3584 Brserid - ok

18:29:34.0378 3584 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

18:29:34.0404 3584 BrSerWdm - ok

18:29:34.0417 3584 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

18:29:34.0440 3584 BrUsbMdm - ok

18:29:34.0459 3584 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

18:29:34.0470 3584 BrUsbSer - ok

18:29:34.0482 3584 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

18:29:34.0510 3584 BTHMODEM - ok

18:29:34.0554 3584 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

18:29:34.0605 3584 bthserv - ok

18:29:35.0130 3584 CarboniteService (9da7d983b4e9ea2d065edf566ca64fc8) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

18:29:35.0302 3584 CarboniteService - ok

18:29:35.0334 3584 catchme - ok

18:29:35.0403 3584 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

18:29:35.0443 3584 cdfs - ok

18:29:35.0495 3584 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

18:29:35.0517 3584 cdrom - ok

18:29:35.0560 3584 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

18:29:35.0601 3584 CertPropSvc - ok

18:29:35.0664 3584 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

18:29:35.0694 3584 circlass - ok

18:29:35.0710 3584 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

18:29:35.0727 3584 CLFS - ok

18:29:35.0767 3584 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

18:29:35.0776 3584 clr_optimization_v2.0.50727_32 - ok

18:29:35.0813 3584 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

18:29:35.0823 3584 clr_optimization_v2.0.50727_64 - ok

18:29:35.0873 3584 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

18:29:35.0924 3584 clr_optimization_v4.0.30319_32 - ok

18:29:35.0968 3584 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

18:29:35.0979 3584 clr_optimization_v4.0.30319_64 - ok

18:29:36.0028 3584 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

18:29:36.0051 3584 CmBatt - ok

18:29:36.0069 3584 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

18:29:36.0078 3584 cmdide - ok

18:29:36.0127 3584 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

18:29:36.0147 3584 CNG - ok

18:29:36.0168 3584 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

18:29:36.0177 3584 Compbatt - ok

18:29:36.0224 3584 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

18:29:36.0242 3584 CompositeBus - ok

18:29:36.0261 3584 COMSysApp - ok

18:29:36.0296 3584 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

18:29:36.0306 3584 crcdisk - ok

18:29:36.0328 3584 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

18:29:36.0369 3584 CryptSvc - ok

18:29:36.0471 3584 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

18:29:36.0491 3584 cvhsvc - ok

18:29:36.0531 3584 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

18:29:36.0575 3584 DcomLaunch - ok

18:29:36.0625 3584 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

18:29:36.0658 3584 defragsvc - ok

18:29:36.0737 3584 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

18:29:36.0776 3584 DfsC - ok

18:29:36.0829 3584 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

18:29:36.0865 3584 Dhcp - ok

18:29:36.0906 3584 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

18:29:36.0960 3584 discache - ok

18:29:36.0987 3584 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

18:29:37.0000 3584 Disk - ok

18:29:37.0035 3584 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

18:29:37.0068 3584 Dnscache - ok

18:29:37.0093 3584 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

18:29:37.0124 3584 dot3svc - ok

18:29:37.0137 3584 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

18:29:37.0175 3584 DPS - ok

18:29:37.0214 3584 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

18:29:37.0234 3584 drmkaud - ok

18:29:37.0265 3584 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

18:29:37.0284 3584 DXGKrnl - ok

18:29:37.0299 3584 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

18:29:37.0330 3584 EapHost - ok

18:29:37.0404 3584 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

18:29:37.0475 3584 ebdrv - ok

18:29:37.0498 3584 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

18:29:37.0513 3584 EFS - ok

18:29:37.0575 3584 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

18:29:37.0613 3584 ehRecvr - ok

18:29:37.0656 3584 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

18:29:37.0670 3584 ehSched - ok

18:29:37.0763 3584 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

18:29:37.0779 3584 elxstor - ok

18:29:37.0818 3584 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

18:29:37.0879 3584 ErrDev - ok

18:29:37.0910 3584 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

18:29:37.0960 3584 EventSystem - ok

18:29:38.0040 3584 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

18:29:38.0072 3584 exfat - ok

18:29:38.0120 3584 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

18:29:38.0164 3584 fastfat - ok

18:29:38.0238 3584 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

18:29:38.0274 3584 Fax - ok

18:29:38.0339 3584 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

18:29:38.0359 3584 fdc - ok

18:29:38.0478 3584 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

18:29:38.0528 3584 fdPHost - ok

18:29:38.0673 3584 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

18:29:38.0702 3584 FDResPub - ok

18:29:38.0784 3584 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

18:29:38.0793 3584 FileInfo - ok

18:29:38.0824 3584 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

18:29:38.0857 3584 Filetrace - ok

18:29:38.0897 3584 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

18:29:38.0908 3584 flpydisk - ok

18:29:38.0926 3584 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

18:29:38.0939 3584 FltMgr - ok

18:29:39.0002 3584 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

18:29:39.0061 3584 FontCache - ok

18:29:39.0137 3584 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

18:29:39.0154 3584 FontCache3.0.0.0 - ok

18:29:39.0174 3584 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

18:29:39.0183 3584 FsDepends - ok

18:29:39.0221 3584 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

18:29:39.0229 3584 Fs_Rec - ok

18:29:39.0247 3584 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

18:29:39.0260 3584 fvevol - ok

18:29:39.0283 3584 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

18:29:39.0307 3584 gagp30kx - ok

18:29:39.0376 3584 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

18:29:39.0395 3584 GamesAppService - ok

18:29:39.0458 3584 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

18:29:39.0513 3584 gpsvc - ok

18:29:39.0539 3584 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

18:29:39.0571 3584 hcw85cir - ok

18:29:39.0618 3584 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

18:29:39.0642 3584 HdAudAddService - ok

18:29:39.0663 3584 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

18:29:39.0682 3584 HDAudBus - ok

18:29:39.0698 3584 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

18:29:39.0723 3584 HidBatt - ok

18:29:39.0737 3584 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

18:29:39.0752 3584 HidBth - ok

18:29:39.0795 3584 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

18:29:39.0809 3584 HidIr - ok

18:29:39.0824 3584 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

18:29:39.0858 3584 hidserv - ok

18:29:39.0940 3584 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

18:29:39.0951 3584 HidUsb - ok

18:29:39.0966 3584 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

18:29:40.0006 3584 hkmsvc - ok

18:29:40.0046 3584 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

18:29:40.0082 3584 HomeGroupListener - ok

18:29:40.0127 3584 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

18:29:40.0168 3584 HomeGroupProvider - ok

18:29:40.0285 3584 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

18:29:40.0305 3584 HP Support Assistant Service - ok

18:29:40.0372 3584 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

18:29:40.0384 3584 HPClientSvc - ok

18:29:40.0418 3584 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

18:29:40.0426 3584 HPDrvMntSvc.exe - ok

18:29:40.0502 3584 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

18:29:40.0532 3584 hpqwmiex - ok

18:29:40.0571 3584 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

18:29:40.0580 3584 HpSAMD - ok

18:29:40.0654 3584 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

18:29:40.0710 3584 HTTP - ok

18:29:40.0767 3584 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

18:29:40.0795 3584 hwpolicy - ok

18:29:40.0856 3584 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

18:29:40.0869 3584 i8042prt - ok

18:29:40.0918 3584 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

18:29:40.0932 3584 iaStorV - ok

18:29:41.0053 3584 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

18:29:41.0083 3584 idsvc - ok

18:29:41.0225 3584 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys

18:29:41.0376 3584 igfx - ok

18:29:41.0395 3584 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

18:29:41.0411 3584 iirsp - ok

18:29:41.0467 3584 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

18:29:41.0524 3584 IKEEXT - ok

18:29:41.0793 3584 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys

18:29:41.0829 3584 IntcAzAudAddService - ok

18:29:41.0944 3584 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

18:29:41.0962 3584 intelide - ok

18:29:42.0025 3584 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys

18:29:42.0046 3584 intelppm - ok

18:29:42.0093 3584 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

18:29:42.0129 3584 IPBusEnum - ok

18:29:42.0200 3584 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

18:29:42.0239 3584 IpFilterDriver - ok

18:29:42.0307 3584 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

18:29:42.0351 3584 iphlpsvc - ok

18:29:42.0369 3584 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

18:29:42.0394 3584 IPMIDRV - ok

18:29:42.0408 3584 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

18:29:42.0438 3584 IPNAT - ok

18:29:42.0474 3584 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

18:29:42.0489 3584 IRENUM - ok

18:29:42.0509 3584 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

18:29:42.0518 3584 isapnp - ok

18:29:42.0551 3584 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

18:29:42.0564 3584 iScsiPrt - ok

18:29:42.0578 3584 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

18:29:42.0586 3584 kbdclass - ok

18:29:42.0603 3584 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

18:29:42.0626 3584 kbdhid - ok

18:29:42.0692 3584 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

18:29:42.0703 3584 KeyIso - ok

18:29:42.0726 3584 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

18:29:42.0736 3584 KSecDD - ok

18:29:42.0934 3584 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

18:29:42.0954 3584 KSecPkg - ok

18:29:42.0999 3584 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

18:29:43.0035 3584 ksthunk - ok

18:29:43.0065 3584 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

18:29:43.0117 3584 KtmRm - ok

18:29:43.0179 3584 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

18:29:43.0223 3584 LanmanServer - ok

18:29:43.0243 3584 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

18:29:43.0292 3584 LanmanWorkstation - ok

18:29:43.0351 3584 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

18:29:43.0383 3584 lltdio - ok

18:29:43.0411 3584 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

18:29:43.0450 3584 lltdsvc - ok

18:29:43.0486 3584 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

18:29:43.0515 3584 lmhosts - ok

18:29:43.0560 3584 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

18:29:43.0570 3584 LSI_FC - ok

18:29:43.0668 3584 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

18:29:43.0679 3584 LSI_SAS - ok

18:29:43.0694 3584 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

18:29:43.0704 3584 LSI_SAS2 - ok

18:29:43.0728 3584 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

18:29:43.0745 3584 LSI_SCSI - ok

18:29:43.0762 3584 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

18:29:43.0795 3584 luafv - ok

18:29:43.0841 3584 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

18:29:43.0855 3584 Mcx2Svc - ok

18:29:43.0879 3584 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

18:29:43.0888 3584 megasas - ok

18:29:43.0910 3584 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

18:29:43.0924 3584 MegaSR - ok

18:29:43.0974 3584 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys

18:29:43.0984 3584 mfeapfk - ok

18:29:44.0052 3584 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys

18:29:44.0069 3584 mfehidk - ok

18:29:44.0119 3584 mfevtp (3ed58a36f7f7d60f0ef44d29810b0b80) C:\Windows\system32\mfevtps.exe

18:29:44.0129 3584 mfevtp - ok

18:29:44.0140 3584 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

18:29:44.0177 3584 MMCSS - ok

18:29:44.0198 3584 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

18:29:44.0239 3584 Modem - ok

18:29:44.0260 3584 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

18:29:44.0279 3584 monitor - ok

18:29:44.0334 3584 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

18:29:44.0342 3584 mouclass - ok

18:29:44.0356 3584 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

18:29:44.0376 3584 mouhid - ok

18:29:44.0413 3584 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

18:29:44.0423 3584 mountmgr - ok

18:29:44.0450 3584 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

18:29:44.0469 3584 mpio - ok

18:29:44.0485 3584 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

18:29:44.0514 3584 mpsdrv - ok

18:29:44.0535 3584 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

18:29:44.0573 3584 MpsSvc - ok

18:29:44.0616 3584 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

18:29:44.0659 3584 MRxDAV - ok

18:29:44.0747 3584 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

18:29:44.0790 3584 mrxsmb - ok

18:29:44.0813 3584 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

18:29:44.0831 3584 mrxsmb10 - ok

18:29:44.0849 3584 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

18:29:44.0862 3584 mrxsmb20 - ok

18:29:44.0878 3584 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

18:29:44.0887 3584 msahci - ok

18:29:44.0912 3584 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

18:29:44.0922 3584 msdsm - ok

18:29:44.0934 3584 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

18:29:44.0956 3584 MSDTC - ok

18:29:44.0971 3584 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

18:29:44.0999 3584 Msfs - ok

18:29:45.0011 3584 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

18:29:45.0040 3584 mshidkmdf - ok

18:29:45.0071 3584 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

18:29:45.0079 3584 msisadrv - ok

18:29:45.0146 3584 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

18:29:45.0178 3584 MSiSCSI - ok

18:29:45.0229 3584 msiserver - ok

18:29:45.0285 3584 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

18:29:45.0322 3584 MSKSSRV - ok

18:29:45.0334 3584 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

18:29:45.0372 3584 MSPCLOCK - ok

18:29:45.0387 3584 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

18:29:45.0424 3584 MSPQM - ok

18:29:45.0447 3584 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

18:29:45.0460 3584 MsRPC - ok

18:29:45.0473 3584 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

18:29:45.0481 3584 mssmbios - ok

18:29:45.0520 3584 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

18:29:45.0562 3584 MSTEE - ok

18:29:45.0610 3584 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

18:29:45.0630 3584 MTConfig - ok

18:29:45.0667 3584 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

18:29:45.0676 3584 Mup - ok

18:29:45.0768 3584 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

18:29:45.0806 3584 napagent - ok

18:29:45.0869 3584 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

18:29:45.0900 3584 NativeWifiP - ok

18:29:45.0958 3584 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

18:29:45.0980 3584 NDIS - ok

18:29:45.0997 3584 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

18:29:46.0027 3584 NdisCap - ok

18:29:46.0047 3584 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

18:29:46.0076 3584 NdisTapi - ok

18:29:46.0090 3584 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

18:29:46.0129 3584 Ndisuio - ok

18:29:46.0149 3584 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

18:29:46.0187 3584 NdisWan - ok

18:29:46.0213 3584 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

18:29:46.0241 3584 NDProxy - ok

18:29:46.0252 3584 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

18:29:46.0290 3584 NetBIOS - ok

18:29:46.0320 3584 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

18:29:46.0349 3584 NetBT - ok

18:29:46.0405 3584 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

18:29:46.0416 3584 Netlogon - ok

18:29:46.0466 3584 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

18:29:46.0500 3584 Netman - ok

18:29:46.0581 3584 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

18:29:46.0601 3584 NetMsmqActivator - ok

18:29:46.0605 3584 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

18:29:46.0613 3584 NetPipeActivator - ok

18:29:46.0695 3584 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

18:29:46.0757 3584 netprofm - ok

18:29:46.0763 3584 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

18:29:46.0772 3584 NetTcpActivator - ok

18:29:46.0776 3584 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

18:29:46.0784 3584 NetTcpPortSharing - ok

18:29:46.0933 3584 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

18:29:46.0947 3584 nfrd960 - ok

18:29:46.0993 3584 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

18:29:47.0032 3584 NlaSvc - ok

18:29:47.0074 3584 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

18:29:47.0103 3584 Npfs - ok

18:29:47.0115 3584 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

18:29:47.0151 3584 nsi - ok

18:29:47.0168 3584 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

18:29:47.0197 3584 nsiproxy - ok

18:29:47.0251 3584 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

18:29:47.0301 3584 Ntfs - ok

18:29:47.0315 3584 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

18:29:47.0343 3584 Null - ok

18:29:47.0392 3584 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

18:29:47.0404 3584 nvraid - ok

18:29:47.0454 3584 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

18:29:47.0466 3584 nvstor - ok

18:29:47.0590 3584 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

18:29:47.0605 3584 nv_agp - ok

18:29:47.0626 3584 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

18:29:47.0639 3584 ohci1394 - ok

18:29:47.0745 3584 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

18:29:47.0755 3584 ose - ok

18:29:47.0866 3584 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

18:29:47.0985 3584 osppsvc - ok

18:29:48.0092 3584 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

18:29:48.0141 3584 p2pimsvc - ok

18:29:48.0201 3584 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

18:29:48.0218 3584 p2psvc - ok

18:29:48.0275 3584 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

18:29:48.0287 3584 Parport - ok

18:29:48.0314 3584 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

18:29:48.0323 3584 partmgr - ok

18:29:48.0339 3584 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

18:29:48.0362 3584 PcaSvc - ok

18:29:48.0382 3584 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

18:29:48.0393 3584 pci - ok

18:29:48.0419 3584 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

18:29:48.0432 3584 pciide - ok

18:29:48.0461 3584 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

18:29:48.0473 3584 pcmcia - ok

18:29:48.0491 3584 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

18:29:48.0499 3584 pcw - ok

18:29:48.0578 3584 pdfcDispatcher - ok

18:29:48.0671 3584 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

18:29:48.0742 3584 PEAUTH - ok

18:29:48.0804 3584 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

18:29:48.0826 3584 PerfHost - ok

18:29:48.0970 3584 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

18:29:49.0032 3584 pla - ok

18:29:49.0096 3584 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

18:29:49.0131 3584 PlugPlay - ok

18:29:49.0142 3584 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

18:29:49.0162 3584 PNRPAutoReg - ok

18:29:49.0191 3584 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

18:29:49.0204 3584 PNRPsvc - ok

18:29:49.0228 3584 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

18:29:49.0270 3584 PolicyAgent - ok

18:29:49.0291 3584 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

18:29:49.0328 3584 Power - ok

18:29:49.0402 3584 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

18:29:49.0440 3584 PptpMiniport - ok

18:29:49.0535 3584 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

18:29:49.0565 3584 Processor - ok

18:29:49.0633 3584 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

18:29:49.0672 3584 ProfSvc - ok

18:29:49.0686 3584 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

18:29:49.0697 3584 ProtectedStorage - ok

18:29:49.0718 3584 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

18:29:49.0747 3584 Psched - ok

18:29:49.0863 3584 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

18:29:49.0918 3584 ql2300 - ok

18:29:49.0945 3584 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

18:29:49.0963 3584 ql40xx - ok

18:29:49.0990 3584 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

18:29:50.0008 3584 QWAVE - ok

18:29:50.0025 3584 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

18:29:50.0063 3584 QWAVEdrv - ok

18:29:50.0097 3584 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

18:29:50.0126 3584 RasAcd - ok

18:29:50.0175 3584 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

18:29:50.0205 3584 RasAgileVpn - ok

18:29:50.0231 3584 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

18:29:50.0265 3584 RasAuto - ok

18:29:50.0280 3584 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

18:29:50.0318 3584 Rasl2tp - ok

18:29:50.0354 3584 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

18:29:50.0386 3584 RasMan - ok

18:29:50.0401 3584 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

18:29:50.0440 3584 RasPppoe - ok

18:29:50.0458 3584 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

18:29:50.0488 3584 RasSstp - ok

18:29:50.0526 3584 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

18:29:50.0562 3584 rdbss - ok

18:29:50.0615 3584 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

18:29:50.0629 3584 rdpbus - ok

18:29:50.0661 3584 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

18:29:50.0695 3584 RDPCDD - ok

18:29:50.0745 3584 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

18:29:50.0787 3584 RDPENCDD - ok

18:29:50.0909 3584 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

18:29:50.0937 3584 RDPREFMP - ok

18:29:51.0035 3584 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

18:29:51.0083 3584 RDPWD - ok

18:29:51.0116 3584 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

18:29:51.0128 3584 rdyboost - ok

18:29:51.0149 3584 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

18:29:51.0185 3584 RemoteAccess - ok

18:29:51.0233 3584 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

18:29:51.0270 3584 RemoteRegistry - ok

18:29:51.0323 3584 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

18:29:51.0339 3584 RoxioNow Service - ok

18:29:51.0363 3584 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

18:29:51.0403 3584 RpcEptMapper - ok

18:29:51.0414 3584 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

18:29:51.0427 3584 RpcLocator - ok

18:29:51.0443 3584 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

18:29:51.0475 3584 RpcSs - ok

18:29:51.0526 3584 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

18:29:51.0561 3584 rspndr - ok

18:29:51.0665 3584 RTL8167 (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys

18:29:51.0677 3584 RTL8167 - ok

18:29:51.0700 3584 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

18:29:51.0711 3584 SamSs - ok

18:29:51.0822 3584 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

18:29:51.0843 3584 sbp2port - ok

18:29:51.0871 3584 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

18:29:51.0903 3584 SCardSvr - ok

18:29:51.0937 3584 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

18:29:51.0971 3584 scfilter - ok

18:29:52.0001 3584 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

18:29:52.0056 3584 Schedule - ok

18:29:52.0101 3584 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

18:29:52.0128 3584 SCPolicySvc - ok

18:29:52.0205 3584 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

18:29:52.0239 3584 SDRSVC - ok

18:29:52.0307 3584 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

18:29:52.0318 3584 SeaPort - ok

18:29:52.0344 3584 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

18:29:52.0397 3584 secdrv - ok

18:29:52.0442 3584 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

18:29:52.0470 3584 seclogon - ok

18:29:52.0525 3584 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

18:29:52.0578 3584 SENS - ok

18:29:52.0633 3584 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

18:29:52.0671 3584 SensrSvc - ok

18:29:52.0726 3584 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

18:29:52.0747 3584 Serenum - ok

18:29:52.0774 3584 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

18:29:52.0795 3584 Serial - ok

18:29:52.0813 3584 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

18:29:52.0837 3584 sermouse - ok

18:29:52.0858 3584 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

18:29:52.0893 3584 SessionEnv - ok

18:29:52.0920 3584 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

18:29:52.0939 3584 sffdisk - ok

18:29:52.0947 3584 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

18:29:52.0961 3584 sffp_mmc - ok

18:29:52.0981 3584 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

18:29:52.0995 3584 sffp_sd - ok

18:29:53.0012 3584 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

18:29:53.0024 3584 sfloppy - ok

18:29:53.0064 3584 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys

18:29:53.0080 3584 Sftfs - ok

18:29:53.0180 3584 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

18:29:53.0195 3584 sftlist - ok

18:29:53.0213 3584 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys

18:29:53.0223 3584 Sftplay - ok

18:29:53.0239 3584 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys

18:29:53.0245 3584 Sftredir - ok

18:29:53.0329 3584 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys

18:29:53.0336 3584 Sftvol - ok

18:29:53.0404 3584 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

18:29:53.0422 3584 sftvsa - ok

18:29:53.0452 3584 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

18:29:53.0485 3584 SharedAccess - ok

18:29:53.0520 3584 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

18:29:53.0570 3584 ShellHWDetection - ok

18:29:53.0608 3584 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

18:29:53.0617 3584 SiSRaid2 - ok

18:29:53.0638 3584 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

18:29:53.0647 3584 SiSRaid4 - ok

18:29:53.0693 3584 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

18:29:53.0746 3584 Smb - ok

18:29:53.0790 3584 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

18:29:53.0811 3584 SNMPTRAP - ok

18:29:53.0836 3584 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

18:29:53.0843 3584 spldr - ok

18:29:53.0876 3584 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

18:29:53.0911 3584 Spooler - ok

18:29:54.0278 3584 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

18:29:54.0385 3584 sppsvc - ok

18:29:54.0399 3584 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

18:29:54.0432 3584 sppuinotify - ok

18:29:54.0489 3584 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

18:29:54.0532 3584 srv - ok

18:29:54.0557 3584 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

18:29:54.0580 3584 srv2 - ok

18:29:54.0617 3584 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

18:29:54.0630 3584 srvnet - ok

18:29:54.0669 3584 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

18:29:54.0711 3584 SSDPSRV - ok

18:29:54.0748 3584 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

18:29:54.0779 3584 SstpSvc - ok

18:29:54.0803 3584 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

18:29:54.0820 3584 stexstor - ok

18:29:54.0881 3584 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

18:29:54.0903 3584 stisvc - ok

18:29:54.0937 3584 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

18:29:54.0944 3584 swenum - ok

18:29:54.0964 3584 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

18:29:55.0004 3584 swprv - ok

18:29:55.0095 3584 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

18:29:55.0158 3584 SysMain - ok

18:29:55.0184 3584 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

18:29:55.0205 3584 TabletInputService - ok

18:29:55.0226 3584 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

18:29:55.0261 3584 TapiSrv - ok

18:29:55.0287 3584 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

18:29:55.0316 3584 TBS - ok

18:29:55.0535 3584 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

18:29:55.0590 3584 Tcpip - ok

18:29:55.0651 3584 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

18:29:55.0681 3584 TCPIP6 - ok

18:29:55.0800 3584 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

18:29:55.0832 3584 tcpipreg - ok

18:29:55.0850 3584 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

18:29:55.0862 3584 TDPIPE - ok

18:29:55.0894 3584 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

18:29:55.0915 3584 TDTCP - ok

18:29:55.0935 3584 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

18:29:55.0963 3584 tdx - ok

18:29:55.0991 3584 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

18:29:55.0999 3584 TermDD - ok

18:29:56.0043 3584 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

18:29:56.0088 3584 TermService - ok

18:29:56.0101 3584 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

18:29:56.0117 3584 Themes - ok

18:29:56.0145 3584 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

18:29:56.0174 3584 THREADORDER - ok

18:29:56.0186 3584 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

18:29:56.0217 3584 TrkWks - ok

18:29:56.0235 3584 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

18:29:56.0273 3584 TrustedInstaller - ok

18:29:56.0284 3584 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

18:29:56.0317 3584 tssecsrv - ok

18:29:56.0360 3584 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

18:29:56.0381 3584 TsUsbFlt - ok

18:29:56.0409 3584 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

18:29:56.0420 3584 TsUsbGD - ok

18:29:56.0470 3584 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

18:29:56.0507 3584 tunnel - ok

18:29:56.0522 3584 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

18:29:56.0537 3584 uagp35 - ok

18:29:56.0558 3584 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

18:29:56.0599 3584 udfs - ok

18:29:56.0634 3584 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

18:29:56.0648 3584 UI0Detect - ok

18:29:56.0697 3584 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

18:29:56.0706 3584 uliagpkx - ok

18:29:56.0751 3584 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

18:29:56.0762 3584 umbus - ok

18:29:56.0793 3584 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

18:29:56.0815 3584 UmPass - ok

18:29:56.0836 3584 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

18:29:56.0876 3584 upnphost - ok

18:29:56.0947 3584 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

18:29:56.0965 3584 usbccgp - ok

18:29:56.0986 3584 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

18:29:57.0001 3584 usbcir - ok

18:29:57.0017 3584 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

18:29:57.0033 3584 usbehci - ok

18:29:57.0052 3584 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\drivers\usbfilter.sys

18:29:57.0060 3584 usbfilter - ok

18:29:57.0079 3584 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

18:29:57.0104 3584 usbhub - ok

18:29:57.0120 3584 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

18:29:57.0136 3584 usbohci - ok

18:29:57.0193 3584 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

18:29:57.0212 3584 usbprint - ok

18:29:57.0226 3584 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

18:29:57.0240 3584 usbscan - ok

18:29:57.0261 3584 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

18:29:57.0288 3584 USBSTOR - ok

18:29:57.0309 3584 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

18:29:57.0329 3584 usbuhci - ok

18:29:57.0352 3584 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

18:29:57.0392 3584 UxSms - ok

18:29:57.0411 3584 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

18:29:57.0422 3584 VaultSvc - ok

18:29:57.0485 3584 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

18:29:57.0494 3584 vdrvroot - ok

18:29:57.0511 3584 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

18:29:57.0552 3584 vds - ok

18:29:57.0597 3584 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

18:29:57.0611 3584 vga - ok

18:29:57.0668 3584 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

18:29:57.0706 3584 VgaSave - ok

18:29:57.0730 3584 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

18:29:57.0741 3584 vhdmp - ok

18:29:57.0769 3584 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

18:29:57.0778 3584 viaide - ok

18:29:57.0795 3584 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

18:29:57.0804 3584 volmgr - ok

18:29:57.0826 3584 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

18:29:57.0840 3584 volmgrx - ok

18:29:57.0854 3584 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

18:29:57.0867 3584 volsnap - ok

18:29:57.0889 3584 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

18:29:57.0899 3584 vsmraid - ok

18:29:57.0955 3584 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

18:29:58.0017 3584 VSS - ok

18:29:58.0041 3584 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

18:29:58.0066 3584 vwifibus - ok

18:29:58.0118 3584 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

18:29:58.0152 3584 W32Time - ok

18:29:58.0177 3584 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

18:29:58.0193 3584 WacomPen - ok

18:29:58.0240 3584 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

18:29:58.0273 3584 WANARP - ok

18:29:58.0277 3584 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

18:29:58.0304 3584 Wanarpv6 - ok

18:29:58.0372 3584 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

18:29:58.0423 3584 WatAdminSvc - ok

18:29:58.0455 3584 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

18:29:58.0509 3584 wbengine - ok

18:29:58.0526 3584 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

18:29:58.0544 3584 WbioSrvc - ok

18:29:58.0612 3584 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

18:29:58.0644 3584 wcncsvc - ok

18:29:58.0663 3584 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

18:29:58.0680 3584 WcsPlugInService - ok

18:29:58.0716 3584 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

18:29:58.0728 3584 Wd - ok

18:29:58.0767 3584 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

18:29:58.0785 3584 Wdf01000 - ok

18:29:58.0798 3584 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

18:29:58.0871 3584 WdiServiceHost - ok

18:29:58.0874 3584 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

18:29:58.0890 3584 WdiSystemHost - ok

18:29:58.0929 3584 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

18:29:58.0948 3584 WebClient - ok

18:29:58.0991 3584 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

18:29:59.0036 3584 Wecsvc - ok

18:29:59.0074 3584 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

18:29:59.0112 3584 wercplsupport - ok

18:29:59.0157 3584 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

18:29:59.0187 3584 WerSvc - ok

18:29:59.0225 3584 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

18:29:59.0254 3584 WfpLwf - ok

18:29:59.0286 3584 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

18:29:59.0295 3584 WIMMount - ok

18:29:59.0311 3584 WinDefend - ok

18:29:59.0319 3584 WinHttpAutoProxySvc - ok

18:29:59.0360 3584 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

18:29:59.0391 3584 Winmgmt - ok

18:29:59.0433 3584 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

18:29:59.0502 3584 WinRM - ok

18:29:59.0600 3584 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

18:29:59.0614 3584 WinUsb - ok

18:29:59.0746 3584 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

18:29:59.0798 3584 Wlansvc - ok

18:29:59.0869 3584 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

18:29:59.0881 3584 wlcrasvc - ok

18:29:59.0968 3584 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

18:30:00.0025 3584 wlidsvc - ok

18:30:00.0049 3584 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

18:30:00.0062 3584 WmiAcpi - ok

18:30:00.0108 3584 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

18:30:00.0136 3584 wmiApSrv - ok

18:30:00.0178 3584 WMPNetworkSvc - ok

18:30:00.0217 3584 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

18:30:00.0230 3584 WPCSvc - ok

18:30:00.0247 3584 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

18:30:00.0262 3584 WPDBusEnum - ok

18:30:00.0280 3584 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

18:30:00.0308 3584 ws2ifsl - ok

18:30:00.0344 3584 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

18:30:00.0369 3584 wscsvc - ok

18:30:00.0376 3584 WSearch - ok

18:30:00.0522 3584 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

18:30:00.0603 3584 wuauserv - ok

18:30:00.0634 3584 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

18:30:00.0671 3584 WudfPf - ok

18:30:00.0730 3584 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

18:30:00.0760 3584 WUDFRd - ok

18:30:00.0793 3584 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

18:30:00.0822 3584 wudfsvc - ok

18:30:00.0879 3584 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

18:30:00.0917 3584 WwanSvc - ok

18:30:00.0965 3584 MBR (0x1B8) (6f9dd6ab827c8b46cad334291946f201) \Device\Harddisk0\DR0

18:30:02.0686 3584 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

18:30:02.0686 3584 \Device\Harddisk0\DR0 - detected TDSS File System (1)

18:30:02.0703 3584 Boot (0x1200) (b920e4bc4db2a2f85672de53afd62e83) \Device\Harddisk0\DR0\Partition0

18:30:02.0705 3584 \Device\Harddisk0\DR0\Partition0 - ok

18:30:02.0716 3584 Boot (0x1200) (6c565c6c6da482cbbc6f595924924585) \Device\Harddisk0\DR0\Partition1

18:30:02.0726 3584 \Device\Harddisk0\DR0\Partition1 - ok

18:30:02.0750 3584 Boot (0x1200) (bff80509c2c7cfccb6c9f2aed897ec2b) \Device\Harddisk0\DR0\Partition2

18:30:02.0751 3584 \Device\Harddisk0\DR0\Partition2 - ok

18:30:02.0751 3584 ============================================================

18:30:02.0751 3584 Scan finished

18:30:02.0751 3584 ============================================================

18:30:02.0762 3100 Detected object count: 1

18:30:02.0762 3100 Actual detected object count: 1

18:30:14.0697 3100 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

18:30:14.0699 3100 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

18:30:14.0712 3100 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

18:30:14.0718 3100 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

18:30:14.0732 3100 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

18:30:14.0741 3100 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

18:30:14.0742 3100 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

18:30:14.0743 3100 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

18:30:14.0745 3100 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

18:30:14.0747 3100 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

18:30:14.0750 3100 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

18:30:14.0751 3100 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

18:30:14.0752 3100 \Device\Harddisk0\DR0\TDLFS - deleted

18:30:14.0752 3100 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

Link to post
Share on other sites

combofix...

ComboFix 12-04-04.02 - Aug-11 04/04/2012 18:35:53.3.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.2176 [GMT -5:00]

Running from: c:\users\Aug-11\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Aug-11\AppData\Local\Temp\1.tmp\F_IN_BOX.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))

.

.

2012-04-04 23:39 . 2012-04-04 23:39 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-04 05:21 . 2012-04-04 05:21 0 ----a-w- c:\windows\SysWow64\sho4D58.tmp

2012-04-04 05:19 . 2011-10-15 17:16 647080 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2012-04-04 05:19 . 2011-11-18 21:36 161168 ----a-w- c:\windows\system32\mfevtps.exe

2012-04-04 05:18 . 2012-04-04 05:18 -------- d-----w- c:\programdata\McAfee

2012-04-03 23:35 . 2012-04-04 23:30 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-03 10:46 . 2012-04-03 10:46 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F89A2F2-CE23-4A69-AFE1-7358AC940FE3}\offreg.dll

2012-04-03 07:01 . 2012-03-20 08:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F89A2F2-CE23-4A69-AFE1-7358AC940FE3}\mpengine.dll

2012-04-01 19:24 . 2012-04-01 19:24 -------- d-----w- c:\program files\Carbonite

2012-04-01 19:24 . 2012-04-01 19:24 -------- d-----w- c:\programdata\Carbonite

2012-04-01 19:24 . 2012-04-01 19:24 -------- d-----w- c:\program files (x86)\Carbonite

2012-04-01 02:25 . 2012-04-01 17:40 -------- d-----w- c:\users\Aug-11\AppData\Local\{5A6D2003-7B79-11E1-826D-B8AC6F996F26}

2012-03-29 01:06 . 2012-03-29 01:06 -------- d-----w- c:\users\Aug-11\AppData\Roaming\SUPERAntiSpyware.com

2012-03-29 01:06 . 2012-04-01 17:40 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-03-29 01:06 . 2012-03-29 01:06 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-03-29 00:19 . 2012-03-29 00:19 -------- d-----w- c:\program files (x86)\PC Tools

2012-03-29 00:16 . 2012-03-29 00:47 -------- d-----w- c:\programdata\PC Tools

2012-03-29 00:16 . 2012-03-29 00:16 -------- d-----w- c:\users\Aug-11\AppData\Roaming\TestApp

2012-03-28 12:57 . 2012-03-28 12:57 -------- d-----w- c:\programdata\AVG Secure Search

2012-03-28 12:57 . 2012-04-01 17:40 -------- d-----w- c:\program files (x86)\AVG Secure Search

2012-03-28 12:57 . 2012-04-01 17:40 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search

2012-03-27 22:40 . 2012-03-13 04:39 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-03-27 22:40 . 2012-03-13 04:39 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-27 22:28 . 2012-03-27 22:29 -------- d-----w- c:\users\Aug-11\AppData\Roaming\Xaest

2012-03-27 22:28 . 2012-03-27 22:29 -------- d-----w- c:\users\Aug-11\AppData\Roaming\Quensi

2012-03-17 21:49 . 2012-03-17 21:49 -------- d-----w- c:\program files (x86)\ESET

2012-03-17 03:48 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys

2012-03-17 03:30 . 2012-04-01 17:33 -------- d-----w- c:\users\Aug-11\AppData\Roaming\Malwarebytes

2012-03-17 03:30 . 2012-04-01 17:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-17 03:30 . 2012-03-28 02:33 -------- d-----w- c:\programdata\Malwarebytes

2012-03-17 03:30 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-14 08:03 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-14 08:03 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-03-14 08:03 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-03-14 03:02 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 03:02 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 03:02 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-14 03:00 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-14 03:00 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-14 03:00 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-14 03:00 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 03:00 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-03-14 03:00 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-14 03:00 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-23 14:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-16 02:54 . 2011-08-13 06:23 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((( SnapShot@2012-03-28_03.43.23 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-04-04 23:39 . 2012-04-04 23:39 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

- 2012-03-28 03:41 . 2012-03-28 03:41 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

- 2012-03-16 18:02 . 2012-03-28 03:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2012-03-16 18:02 . 2012-04-01 14:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2012-04-01 14:47 . 2012-04-01 14:44 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040120120402\index.dat

+ 2012-03-27 22:26 . 2012-03-28 04:08 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012032720120328\index.dat

- 2012-03-27 22:26 . 2012-03-28 03:27 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012032720120328\index.dat

- 2012-03-16 18:02 . 2012-03-28 03:27 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat

+ 2012-03-16 18:02 . 2012-04-01 14:44 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat

+ 2010-11-21 03:09 . 2012-04-04 23:25 48808 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-04-04 23:25 35646 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-08-13 07:15 . 2012-04-04 23:25 10512 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2443618145-3234143949-2320547976-1000_UserData.bin

+ 2012-04-01 17:42 . 2012-04-04 00:40 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat

- 2011-02-11 19:25 . 2012-03-28 03:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-02-11 19:25 . 2012-04-04 23:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-02-11 19:25 . 2012-03-28 03:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-02-11 19:25 . 2012-04-04 23:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-04-04 23:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-03-28 03:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-08-13 05:36 . 2012-04-04 23:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-08-13 05:36 . 2012-03-28 03:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2012-03-16 17:58 . 2012-03-28 03:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat

+ 2012-03-16 17:58 . 2012-04-03 23:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat

+ 2012-03-16 17:58 . 2012-04-03 23:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat

- 2012-03-16 17:58 . 2012-03-28 03:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat

+ 2012-03-16 17:58 . 2012-04-03 23:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat

- 2012-03-16 17:58 . 2012-03-28 03:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat

- 2011-08-13 05:36 . 2012-03-28 03:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-08-13 05:36 . 2012-04-04 23:23 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-08-13 05:36 . 2012-04-04 23:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-08-13 05:36 . 2012-03-28 03:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-08-13 07:15 . 2012-03-28 03:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-08-13 07:15 . 2012-04-04 23:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-08-13 07:15 . 2012-03-28 03:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-08-13 07:15 . 2012-04-04 23:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-08-14 03:44 . 2012-03-29 02:34 5414 c:\windows\system32\wdi\ERCQueuedResolutions.dat

+ 2012-04-04 23:40 . 2012-04-04 23:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-03-28 03:42 . 2012-03-28 03:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 04:54 . 2012-04-04 23:40 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-02-11 18:41 . 2012-04-04 12:43 328494 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin

- 2009-07-14 02:36 . 2012-03-28 03:27 660520 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-04-04 23:28 660520 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-03-28 03:27 121190 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2012-04-04 23:28 121190 c:\windows\system32\perfc009.dat

+ 2011-10-15 17:16 . 2011-10-15 17:16 160280 c:\windows\system32\drivers\mfeapfk.sys

+ 2009-07-14 05:01 . 2012-04-04 23:39 277296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-03-28 03:41 277296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 04:54 . 2012-04-04 23:40 5177344 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-03-28 03:42 1458176 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-04-04 23:40 1458176 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-08-13 07:12 . 2012-03-28 03:09 1627496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-08-13 07:12 . 2012-04-04 13:06 1627496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2011-08-13 07:12 . 2012-03-28 03:41 1989984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2443618145-3234143949-2320547976-1000-8192.dat

+ 2011-08-13 07:12 . 2012-04-04 23:39 1989984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2443618145-3234143949-2320547976-1000-8192.dat

+ 2012-03-28 12:54 . 2012-03-28 12:54 2872832 c:\windows\Installer\1e32a47.msi

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2011-01-17 21:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

2011-01-17 21:54 175912 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2012-03-17 02:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2012-03-17 02:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2012-03-17 02:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-02-01 656920]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-03-17 1059984]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448]

S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-04 c:\windows\Tasks\HPCeeScheduleForAug-11.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2012-03-17 01:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2012-03-17 01:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2012-03-17 01:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Aug-11\AppData\Roaming\Mozilla\Firefox\Profiles\t5h1wh4w.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Be379abac-22b4-479e-921f-fec664619ae5%7D&mid=740066f430df47d1abb6ed906db4abbc-ebe5aca7cfd32f9faede2535b753341eef991577&ds=AVG&v=10.2.0.3〈=en&pr=fr&d=2011-10-24%2023%3A59%3A26&sap=ku&q=

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\08\06\0d\0f2\04v"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

.

**************************************************************************

.

Completion time: 2012-04-04 18:43:09 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-04 23:43

ComboFix2.txt 2012-04-04 00:37

ComboFix3.txt 2012-03-28 04:04

.

Pre-Run: 773,720,489,984 bytes free

Post-Run: 773,685,772,288 bytes free

.

- - End Of File - - 39DEDA364BAFA40B859F7A44FAF41D02

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.04.04.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Aug-11 :: AUG-11-HP [administrator]

4/4/2012 7:15:45 PM

mbam-log-2012-04-04 (19-15-45).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 195943

Time elapsed: 2 minute(s), 31 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.