Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot turn on Windows Security Center & A device attached to the system is not functioning error


  • This topic is locked This topic is locked
23 replies to this topic

#1 JPYW

JPYW

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 26 March 2012 - 11:48 PM

I have a couple of problems.. I get an error message saying the 'Windows Security System can't be started' - had this for a couple days, and when I try to open DisplayFusion I get a popup error saying 'A device attached to the system is not functioning' - only started today; reinstalled did nothing.

I did have a Google redirect problem that has gone after running FixTDSS - DisplayFusion error started after this redirect problem cleared. I have run a full scan with Malwarevytes and Avira AV which has found no problems, chkdsk has found no problems either. I have once previously experienced the Security Center problem but that time it was accompanied by a BSOD problem, which thankfully is not happening this time.

Running 64bit OS so don't have a GMER log.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Jeremy at 15:43:26 on 2012-03-27
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.12286.8036 [GMT 11:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Windows\SysWOW64\lkcitdl.exe
C:\Windows\SysWOW64\lkads.exe
C:\Windows\SysWOW64\lktsrv.exe
C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
C:\Users\Jeremy\Local Settings\Apps\F.lux\flux.exe
C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Users\Jeremy\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Jeremy\Documents\MiniBin\minibin.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Users\Jeremy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeremy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeremy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeremy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeremy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeremy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Jeremy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeremy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Jeremy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [F.lux] "C:\Users\Jeremy\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [TurboV EVO] "C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -b
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Jeremy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jeremy\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Jeremy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MiniBin.lnk - C:\Users\Jeremy\Documents\MiniBin\minibin.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~2.LNK - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech\SetPoint\SetPoint.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SOLIDW~1.LNK - C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{A260DF3F-694B-4B88-8442-25C4B723AD70} : DhcpNameServer = 10.0.0.138
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [TurboV EVO] "C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -b
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\0p4vorc5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader 2\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Jeremy\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Users\Jeremy\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hc3ServiceName;C:\Windows\system32\DRIVERS\hotcore3.sys --> C:\Windows\system32\DRIVERS\hotcore3.sys [?]
R0 nipbcfk;National Instruments Class Upper Filter Driver;C:\Windows\system32\drivers\nipbcfk.sys --> C:\Windows\system32\drivers\nipbcfk.sys [?]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-4 63928]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-11-12 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-11-12 110032]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2011-11-17 96896]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-2-2 18656]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-27 1253376]
R2 NIApplicationWebServer;NI Application Web Server;C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2010-6-22 47776]
R2 niLXIDiscovery;National Instruments LXI Discovery Service;C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2010-6-23 131776]
R2 nimDNSResponder;National Instruments mDNS Responder Service;C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2010-6-23 193712]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-2-23 343032]
R2 NiViPxiK;NI-VISA PXI Driver;C:\Windows\system32\drivers\NiViPxiKl.sys --> C:\Windows\system32\drivers\NiViPxiKl.sys [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-22 2348352]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-9 382272]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-3-15 1431888]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys --> C:\Windows\system32\DRIVERS\ggflt.sys [?]
S3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-8-15 2329480]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 nidimk;nidimk;\??\C:\Windows\system32\drivers\nidimkl.sys --> C:\Windows\system32\drivers\nidimkl.sys [?]
S3 nipalfwedl;nipalfwedl;C:\Windows\system32\drivers\nipalfwedl.sys --> C:\Windows\system32\drivers\nipalfwedl.sys [?]
S3 nipalusbedl;nipalusbedl;C:\Windows\system32\drivers\nipalusbedl.sys --> C:\Windows\system32\drivers\nipalusbedl.sys [?]
S3 NiViPciK;NI-VISA PCI Driver;C:\Windows\system32\drivers\NiViPciKl.sys --> C:\Windows\system32\drivers\NiViPciKl.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-12-11 155344]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 NIApplicationWebServer64;NI Application Web Server (64-bit);C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2010-6-22 63648]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-03-27 03:11:36 -------- d-----w- C:\Program Files (x86)\DisplayFusion
2012-03-27 02:48:36 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-27 02:13:45 -------- d-----w- C:\Users\Jeremy\AppData\Local\{6040D4B6-FA61-4A50-B5E6-F0A80D0031FD}
2012-03-27 02:13:34 -------- d-----w- C:\Users\Jeremy\AppData\Local\{A4B136D3-117C-41D4-A726-4F63071D2FC1}
2012-03-26 15:50:24 98816 ----a-w- C:\Windows\sed.exe
2012-03-26 15:50:24 518144 ----a-w- C:\Windows\SWREG.exe
2012-03-26 15:50:24 256000 ----a-w- C:\Windows\PEV.exe
2012-03-26 15:50:24 208896 ----a-w- C:\Windows\MBR.exe
2012-03-26 14:13:09 -------- d-----w- C:\Users\Jeremy\AppData\Local\{CEC2A01A-D0E3-4387-9534-83FEF06A5747}
2012-03-26 14:12:58 -------- d-----w- C:\Users\Jeremy\AppData\Local\{F5D3CF0A-A38C-4DA6-8315-FAA9A372CB40}
2012-03-26 08:11:36 16200 ----a-w- C:\Windows\stinger.sys
2012-03-26 07:59:26 -------- d-----w- C:\Program Files (x86)\stinger
2012-03-26 07:54:38 -------- d-----w- C:\Program Files (x86)\ESET
2012-03-26 02:12:32 -------- d-----w- C:\Users\Jeremy\AppData\Local\{09A41D1F-B909-41EB-8DBD-F0E17F63F352}
2012-03-26 02:12:22 -------- d-----w- C:\Users\Jeremy\AppData\Local\{B8851535-02A9-44EC-9E90-71E679C7B174}
2012-03-25 14:11:58 -------- d-----w- C:\Users\Jeremy\AppData\Local\{833FBF49-9400-40F0-8DD5-89EA93108CBF}
2012-03-25 14:11:48 -------- d-----w- C:\Users\Jeremy\AppData\Local\{58337000-10BF-47FF-8F34-C523B1AFD5A4}
2012-03-25 12:31:22 102912 --sha-r- C:\Windows\SysWow64\KBDA2P.dll
2012-03-25 02:11:35 -------- d-----w- C:\Users\Jeremy\AppData\Local\{BB486ECD-9F9A-43D0-8B60-75196EF219D0}
2012-03-25 02:11:24 -------- d-----w- C:\Users\Jeremy\AppData\Local\{E9496D66-2EB5-4D1E-80F0-AA46184CCBDE}
2012-03-24 14:10:58 -------- d-----w- C:\Users\Jeremy\AppData\Local\{7B1A6FBD-1D43-4870-83B4-16DEC7A271AE}
2012-03-24 14:10:48 -------- d-----w- C:\Users\Jeremy\AppData\Local\{5EF561A8-5F1F-40CB-B163-34A3F32D1DBB}
2012-03-24 02:09:45 -------- d-----w- C:\Users\Jeremy\AppData\Local\{29582921-AB02-4A13-9B4A-E918A26CAB3F}
2012-03-24 02:09:35 -------- d-----w- C:\Users\Jeremy\AppData\Local\{77CB0D1F-07A8-41C2-AE45-BF829EBC515B}
2012-03-24 01:56:13 -------- d-----w- C:\Users\Jeremy\AppData\Local\HandBrake
2012-03-23 14:09:07 -------- d-----w- C:\Users\Jeremy\AppData\Local\{0E879D02-3080-46A6-87A8-66C51CC46FAE}
2012-03-23 14:08:57 -------- d-----w- C:\Users\Jeremy\AppData\Local\{B7C7FBEA-B8EA-40F7-8865-AD3C97041370}
2012-03-23 13:10:35 -------- d-----w- C:\Program Files (x86)\AllToAVI
2012-03-23 06:36:50 -------- d-----w- C:\Users\Jeremy\AppData\Roaming\HandBrake
2012-03-23 06:23:11 -------- d-----w- C:\Users\Jeremy\AppData\Roaming\avidemux
2012-03-23 03:06:53 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-03-23 03:06:53 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-03-23 03:06:53 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-03-23 03:06:17 -------- d-----w- C:\Program Files\iPod
2012-03-23 03:06:16 -------- d-----w- C:\Program Files\iTunes
2012-03-23 03:06:16 -------- d-----w- C:\Program Files (x86)\iTunes
2012-03-22 14:39:02 -------- d-----w- C:\Users\Jeremy\AppData\Local\{04DBEB37-70CF-4697-9AA2-1843F8E2EDBA}
2012-03-22 14:38:52 -------- d-----w- C:\Users\Jeremy\AppData\Local\{D9439C74-5A0A-463A-8CBD-1E44AF5AE80D}
2012-03-22 02:38:38 -------- d-----w- C:\Users\Jeremy\AppData\Local\{A83928AE-A205-4A50-A8B2-1631C0063B3A}
2012-03-22 02:38:28 -------- d-----w- C:\Users\Jeremy\AppData\Local\{3C584B58-DEA3-45FE-B0A0-B5B1B399315C}
2012-03-21 04:22:36 -------- d-----w- C:\Users\Jeremy\AppData\Local\{952A90E7-7333-4A3B-BD54-CDE97E92FC65}
2012-03-21 04:22:25 -------- d-----w- C:\Users\Jeremy\AppData\Local\{A0089875-C363-4974-B8D4-D86E519E154C}
2012-03-19 13:36:56 -------- d-----w- C:\Users\Jeremy\AppData\Local\{09172A61-E96E-46DC-8B53-D6F2F06DE2FB}
2012-03-19 13:36:45 -------- d-----w- C:\Users\Jeremy\AppData\Local\{B8E72ADC-9036-4947-936F-03FEFD889A85}
2012-03-19 01:36:25 -------- d-----w- C:\Users\Jeremy\AppData\Local\{355B37A7-AFC2-4F6E-98C5-20C974E9D8D7}
2012-03-19 01:36:12 -------- d-----w- C:\Users\Jeremy\AppData\Local\{6B36732E-B733-4688-B24B-D97AEA8D6D6F}
2012-03-18 12:18:53 -------- d-----w- C:\Users\Jeremy\AppData\Local\{3A682F7D-AD5B-4B26-BF0B-0CE4DF309647}
2012-03-18 12:18:43 -------- d-----w- C:\Users\Jeremy\AppData\Local\{50E92CF3-C8F7-43D7-B9F5-D64FF30590EE}
2012-03-18 00:18:18 -------- d-----w- C:\Users\Jeremy\AppData\Local\{84C47D49-7E5A-44AF-BFA0-3DD5E7AE6F92}
2012-03-18 00:18:07 -------- d-----w- C:\Users\Jeremy\AppData\Local\{5808266A-2885-40C0-A0B3-0CDA510C34E3}
2012-03-17 15:15:53 -------- d-----w- C:\Program Files (x86)\StealthBastard
2012-03-17 12:17:42 -------- d-----w- C:\Users\Jeremy\AppData\Local\{7300482C-92AA-409D-A8D5-4BD653EF4852}
2012-03-17 12:17:31 -------- d-----w- C:\Users\Jeremy\AppData\Local\{9AD184F2-6BEB-4D51-89BE-9B29C96E02EF}
2012-03-17 00:17:05 -------- d-----w- C:\Users\Jeremy\AppData\Local\{2F0B696B-3775-4284-A32A-FB8B7317C245}
2012-03-17 00:16:55 -------- d-----w- C:\Users\Jeremy\AppData\Local\{38C0BE8E-B3F5-400E-A958-CE7972168E6F}
2012-03-16 07:26:31 -------- d-----w- C:\ProgramData\Xara
2012-03-16 07:26:31 -------- d-----w- C:\Program Files (x86)\Xara
2012-03-16 04:19:24 -------- d-----w- C:\Users\Jeremy\AppData\Local\{EF809B08-8103-4C60-870F-23865D97C917}
2012-03-16 04:19:12 -------- d-----w- C:\Users\Jeremy\AppData\Local\{B4FFF0EA-ACCD-4278-849F-52EA082D6228}
2012-03-15 14:03:49 -------- d-----w- C:\Users\Jeremy\AppData\Local\cache
2012-03-15 13:34:37 -------- d-----w- C:\Users\Jeremy\AppData\Local\{35B5B3A1-B261-46A3-9D3C-CC7162BCDBC2}
2012-03-15 13:34:26 -------- d-----w- C:\Users\Jeremy\AppData\Local\{77635A45-7D06-4C8B-97D2-C92B0FBA9DC0}
2012-03-15 06:21:51 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared
2012-03-15 06:20:49 -------- d-----w- C:\Users\Jeremy\AppData\Local\Autodesk
2012-03-15 06:20:49 -------- d-----w- C:\Program Files\Common Files\Autodesk Shared
2012-03-15 06:20:49 -------- d-----w- C:\Program Files\Autodesk
2012-03-15 06:20:19 -------- d-----w- C:\Program Files (x86)\Autodesk
2012-03-15 06:19:02 -------- d-----w- C:\Program Files (x86)\Common Files\Autodesk Shared
2012-03-15 06:13:34 -------- d-----w- C:\Users\Jeremy\AppData\Roaming\Autodesk
2012-03-15 01:34:11 -------- d-----w- C:\Users\Jeremy\AppData\Local\{E5A3BF56-C149-4E23-9C21-7C5614CC75CB}
2012-03-15 01:34:00 -------- d-----w- C:\Users\Jeremy\AppData\Local\{0B5B6CEA-92D2-431C-B9B2-7DD8DF20C8D3}
2012-03-14 13:33:36 -------- d-----w- C:\Users\Jeremy\AppData\Local\{A5EC9A6C-8502-48A1-AD92-A0C23746CF28}
2012-03-14 13:33:26 -------- d-----w- C:\Users\Jeremy\AppData\Local\{55D277FF-952E-49F4-9CA8-1CFA54FE057E}
2012-03-14 08:30:32 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 08:30:31 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 08:30:31 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 01:33:13 -------- d-----w- C:\Users\Jeremy\AppData\Local\{E289F732-F2E6-48FD-8D10-1359B2CFC299}
2012-03-14 01:33:02 -------- d-----w- C:\Users\Jeremy\AppData\Local\{1F4E9508-C392-45AC-B16C-3A3A7E92DD5C}
2012-03-13 23:04:10 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-13 23:04:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-13 23:04:07 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-13 22:48:24 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-13 22:48:24 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-13 22:48:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-13 22:48:24 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-13 22:48:22 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-13 22:48:22 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-13 22:48:22 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-13 13:32:38 -------- d-----w- C:\Users\Jeremy\AppData\Local\{71849AD9-74D5-44AB-B441-2B1451EE97A8}
2012-03-13 13:32:28 -------- d-----w- C:\Users\Jeremy\AppData\Local\{1EABCAC1-3132-4CD6-995D-92E6B8094E7E}
2012-03-13 01:32:15 -------- d-----w- C:\Users\Jeremy\AppData\Local\{BA25B41C-3E6C-4A4D-BD1D-6080AA1C8E67}
2012-03-13 01:32:05 -------- d-----w- C:\Users\Jeremy\AppData\Local\{E107CABC-1C47-4040-A927-AC976AB4203A}
2012-03-12 15:10:35 -------- d-----w- C:\Users\Jeremy\AppData\Local\Lunar_Giant_Studios
2012-03-12 15:10:10 -------- d-----w- C:\Users\Jeremy\AppData\Local\LunarGiantStudios
2012-03-12 15:09:39 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2012-03-12 13:31:41 -------- d-----w- C:\Users\Jeremy\AppData\Local\{2EF3A0E0-DED7-418D-91EF-F81BE0FFC8B8}
2012-03-12 13:31:30 -------- d-----w- C:\Users\Jeremy\AppData\Local\{B391EFDB-5FFD-468D-BD1F-83D35E519EFE}
2012-03-12 01:31:17 -------- d-----w- C:\Users\Jeremy\AppData\Local\{EC69B068-2AEE-40B3-A274-3017CB79DDB5}
2012-03-12 01:31:06 -------- d-----w- C:\Users\Jeremy\AppData\Local\{81F5E272-2CE4-40D1-A22D-662B30DEADED}
2012-03-11 13:30:42 -------- d-----w- C:\Users\Jeremy\AppData\Local\{6864B172-C647-4E14-B362-451EECCCBABE}
2012-03-11 13:30:32 -------- d-----w- C:\Users\Jeremy\AppData\Local\{861C9BB8-B377-4D8A-8EBF-A0E582F32E1D}
2012-03-11 01:30:20 -------- d-----w- C:\Users\Jeremy\AppData\Local\{891735E1-E6B5-40C9-9C3C-0FC29403AA51}
2012-03-11 01:30:09 -------- d-----w- C:\Users\Jeremy\AppData\Local\{9242138E-A8D8-4FE3-A98A-70621E196A45}
2012-03-10 12:58:14 -------- d-----w- C:\Users\Jeremy\AppData\Local\{1D49B064-7A9D-4C25-AE68-9B154EB0A299}
2012-03-10 12:58:04 -------- d-----w- C:\Users\Jeremy\AppData\Local\{E66B368A-6938-407E-A0C0-163E42FABEDE}
2012-03-10 08:54:55 -------- d-----w- C:\Users\Jeremy\AppData\Roaming\Ashampoo
2012-03-10 00:53:39 -------- d-----w- C:\Users\Jeremy\AppData\Local\{A0567986-2544-4164-9A8B-B6004FC37644}
2012-03-10 00:53:27 -------- d-----w- C:\Users\Jeremy\AppData\Local\{0195B5DB-0BE0-4F73-9DD8-1824D2CD64B0}
2012-03-09 08:12:42 -------- d-----w- C:\Users\Jeremy\AppData\Local\ashampoo
2012-03-09 08:12:42 -------- d-----w- C:\ProgramData\ashampoo
2012-03-09 08:11:00 -------- d-----w- C:\Users\Jeremy\AppData\Local\{8A284576-0739-4CFC-A65C-68BE183B5846}
2012-03-09 08:10:50 -------- d-----w- C:\Users\Jeremy\AppData\Local\{66C0065B-9EA1-46E5-92F8-CF75337178A8}
2012-03-08 13:52:15 -------- d-----w- C:\Users\Jeremy\AppData\Local\{C87047E9-77EB-4DC0-87C1-85443987235E}
2012-03-08 13:52:04 -------- d-----w- C:\Users\Jeremy\AppData\Local\{15E8951B-BE49-44C4-87EE-A64ABE0B1B86}
2012-03-08 01:51:52 -------- d-----w- C:\Users\Jeremy\AppData\Local\{B1F4C429-6366-41B0-882A-CA954A7D4C42}
2012-03-08 01:51:42 -------- d-----w- C:\Users\Jeremy\AppData\Local\{05B07A49-1B13-4E0D-8DEB-C6C62C69E0AC}
2012-03-07 13:51:18 -------- d-----w- C:\Users\Jeremy\AppData\Local\{075DAC64-143B-4B48-B0CF-D5333997FB73}
2012-03-07 13:51:08 -------- d-----w- C:\Users\Jeremy\AppData\Local\{4AD67F9F-9A63-45B1-8077-FDA67F8B77E2}
2012-03-07 01:50:55 -------- d-----w- C:\Users\Jeremy\AppData\Local\{E07E8F59-337F-40A2-B52E-C7B98ECC9A2B}
2012-03-07 01:50:44 -------- d-----w- C:\Users\Jeremy\AppData\Local\{24DC7BBB-4AD4-4A7F-9EC5-D15792630281}
2012-03-06 13:50:21 -------- d-----w- C:\Users\Jeremy\AppData\Local\{9553F79F-E65C-4DC0-82F8-898E788587ED}
2012-03-06 13:50:11 -------- d-----w- C:\Users\Jeremy\AppData\Local\{B1AC2C77-3C7E-48D7-BDBF-F691049B9500}
2012-03-06 01:49:54 -------- d-----w- C:\Users\Jeremy\AppData\Local\{77675750-6325-4F3D-8099-CB4514CBC069}
2012-03-06 01:49:43 -------- d-----w- C:\Users\Jeremy\AppData\Local\{C6CAD9BA-03AE-43F8-A013-0978F9CE0C1A}
2012-03-05 05:10:24 -------- d-----w- C:\Users\Jeremy\AppData\Local\{C069587D-7EBA-4462-B9D8-6F1AC86410EF}
2012-03-05 05:10:13 -------- d-----w- C:\Users\Jeremy\AppData\Local\{9128A997-3B7B-4C96-8798-92CA8B64A5E2}
2012-03-04 14:09:50 -------- d-----w- C:\Users\Jeremy\AppData\Local\{1C6184E0-C67A-4447-A11F-C746FBFB3EEB}
2012-03-04 14:09:40 -------- d-----w- C:\Users\Jeremy\AppData\Local\{DA74410A-8810-40FE-99F8-C515FADC238B}
2012-03-04 12:12:16 -------- d-----w- C:\Program Files\Common Files\Nitro PDF
2012-03-04 12:12:16 -------- d-----w- C:\Program Files (x86)\Common Files\Nitro PDF
2012-03-04 02:09:27 -------- d-----w- C:\Users\Jeremy\AppData\Local\{0DABC646-F176-471B-9271-729B0B971D4B}
2012-03-04 02:09:17 -------- d-----w- C:\Users\Jeremy\AppData\Local\{2F6E7C57-113D-4603-AD3C-7E003A5E19BD}
2012-03-03 14:08:51 -------- d-----w- C:\Users\Jeremy\AppData\Local\{2959144D-9939-4407-8F7A-1744AF912B61}
2012-03-03 14:08:41 -------- d-----w- C:\Users\Jeremy\AppData\Local\{E7DE374A-B9DD-4855-99F9-41977DE6F547}
2012-03-03 02:08:15 -------- d-----w- C:\Users\Jeremy\AppData\Local\{664C2BAC-652F-453E-9B78-5886A666DD5D}
2012-03-03 02:08:04 -------- d-----w- C:\Users\Jeremy\AppData\Local\{93A6955F-9FC9-4C83-8799-F8EAB44C8BB9}
2012-03-02 12:56:39 -------- d-----w- C:\Users\Jeremy\AppData\Local\{035C8659-440A-4305-83EC-351FC5007EE8}
2012-03-02 12:56:28 -------- d-----w- C:\Users\Jeremy\AppData\Local\{30B9277F-D7C0-47F7-BA62-FCAD67A8FA71}
2012-03-02 00:56:15 -------- d-----w- C:\Users\Jeremy\AppData\Local\{0D9763C8-3CB8-4AEB-ABF9-E14B48873374}
2012-03-02 00:56:05 -------- d-----w- C:\Users\Jeremy\AppData\Local\{306E85BC-86E1-4791-9FAD-BA0CF9594E45}
2012-03-01 14:35:27 -------- d-----w- C:\Users\Jeremy\AppData\Roaming\MAXON
2012-03-01 12:29:11 -------- d-----w- C:\Users\Jeremy\AppData\Local\{64C09D02-EA37-4D71-9686-C5DFD61F1E8D}
2012-03-01 12:29:01 -------- d-----w- C:\Users\Jeremy\AppData\Local\{2AD22C79-9D5C-47D1-A711-3F356A22445F}
2012-03-01 00:28:46 -------- d-----w- C:\Users\Jeremy\AppData\Local\{8194E01E-4BC3-469B-A3C8-94D7316DCDE6}
2012-03-01 00:28:36 -------- d-----w- C:\Users\Jeremy\AppData\Local\{A502C02D-228C-42B1-908B-D100DB0BF15D}
2012-02-29 12:32:54 -------- d-----w- C:\Users\Jeremy\AppData\Roaming\WinISO Computing
2012-02-29 12:32:54 -------- d-----w- C:\Users\Jeremy\AppData\Local\WinISO Computing
2012-02-29 12:32:50 -------- d-----w- C:\Program Files (x86)\WinISO Computing
2012-02-29 04:50:17 -------- d-----w- C:\Users\Jeremy\AppData\Local\{CC9ECF02-F2B7-4B62-A6D3-0CB8D583FFBD}
2012-02-29 04:50:07 -------- d-----w- C:\Users\Jeremy\AppData\Local\{01C86C68-D6EB-4067-A955-D305EAF0716B}
2012-02-28 14:39:09 -------- d-----w- C:\Users\Jeremy\AppData\Local\{4DC50AB5-5848-4ABB-B741-66A9D3948AFB}
2012-02-28 14:38:58 -------- d-----w- C:\Users\Jeremy\AppData\Local\{461E2110-8B60-4A09-B817-9028032704F0}
2012-02-28 02:38:45 -------- d-----w- C:\Users\Jeremy\AppData\Local\{029948C9-78BE-4583-B8AD-467DE243F8F7}
2012-02-28 02:38:34 -------- d-----w- C:\Users\Jeremy\AppData\Local\{3CE1D495-2976-4FBD-8111-D63AB2CCA334}
2012-02-28 01:15:16 -------- d-----w- C:\Program Files (x86)\Age Of Empires 2 & The Conquerors Expansion - Full Game
2012-02-27 14:38:09 -------- d-----w- C:\Users\Jeremy\AppData\Local\{38FF6000-6BBD-487E-9436-7244D8E5EFD8}
2012-02-27 14:37:58 -------- d-----w- C:\Users\Jeremy\AppData\Local\{9A818895-D1B2-4E48-89C5-A85998D10EAE}
2012-02-27 02:37:32 -------- d-----w- C:\Users\Jeremy\AppData\Local\{0D7448F5-F0AA-4864-950A-CFE607437F2D}
2012-02-27 02:37:21 -------- d-----w- C:\Users\Jeremy\AppData\Local\{70F3542D-7455-43E7-A554-F69169E443AF}
2012-02-26 08:13:15 -------- d-----w- C:\Users\Jeremy\AppData\Local\{81E30C7F-965F-4132-B64D-F9ED520B710F}
2012-02-26 08:13:04 -------- d-----w- C:\Users\Jeremy\AppData\Local\{EE16A72E-D13A-4B66-B9DA-99A1EC03B45F}
.
==================== Find3M ====================
.
2012-03-06 01:36:40 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 12:23:50 30200 ----a-w- C:\Windows\System32\nitrolocalmon2.dll
2012-02-23 12:23:50 18424 ----a-w- C:\Windows\System32\nitrolocalui2.dll
2012-02-20 00:40:04 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-15 00:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 00:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-02-10 03:14:04 6074176 ----a-w- C:\Windows\System32\nvcpl.dll
2012-02-10 03:14:01 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-02-10 03:07:00 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-02-10 03:07:00 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-02-10 03:07:00 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-02-10 03:05:59 2497985 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-02-09 09:05:44 416064 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-02-02 05:13:44 37456 ----a-w- C:\Windows\System32\drivers\hotcore3.sys
2012-02-02 05:13:44 249936 ----a-w- C:\Windows\SysWow64\prgiso.dll
2012-01-23 09:51:36 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-01-23 09:51:36 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-01-23 09:51:35 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-01-23 09:51:35 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-01-17 12:46:01 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-01-17 12:45:56 188224 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-01-17 12:45:55 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
.
============= FINISH: 15:43:47.29 ===============

BC AdBot (Login to Remove)

 


#2 JPYW

JPYW
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 26 March 2012 - 11:51 PM

Oops, forgot to attach Attach.txt Here it is.

Attached Files



#3 JPYW

JPYW
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 27 March 2012 - 03:47 AM

An update to first post.. Google redirect is back, obviously FixTDSS did not remove as furst thought..

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:27 AM

Posted 29 March 2012 - 08:42 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#5 JPYW

JPYW
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 29 March 2012 - 09:51 AM

Just an update first on the 'A device attached to the system is not functioning' error... did a safe mode reboot and then a normal reboot and there's no problem anymore; runs on startup and upon exiting and re-opening no error come up. So it is the Windows Security Center error and the occasional redirect that is still to be fixed.

No threats detected for TDSSKiller


00:54:59.0776 6736 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
00:55:00.0790 6736 ============================================================
00:55:00.0790 6736 Current date / time: 2012/03/30 00:55:00.0790
00:55:00.0790 6736 SystemInfo:
00:55:00.0790 6736
00:55:00.0790 6736 OS Version: 6.1.7601 ServicePack: 1.0
00:55:00.0790 6736 Product type: Workstation
00:55:00.0791 6736 ComputerName: JEREMY-PC
00:55:00.0791 6736 UserName: Jeremy
00:55:00.0791 6736 Windows directory: C:\Windows
00:55:00.0791 6736 System windows directory: C:\Windows
00:55:00.0791 6736 Running under WOW64
00:55:00.0791 6736 Processor architecture: Intel x64
00:55:00.0791 6736 Number of processors: 4
00:55:00.0791 6736 Page size: 0x1000
00:55:00.0791 6736 Boot type: Normal boot
00:55:00.0791 6736 ============================================================
00:55:01.0676 6736 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:55:01.0679 6736 \Device\Harddisk0\DR0:
00:55:01.0679 6736 MBR used
00:55:01.0679 6736 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:55:01.0679 6736 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
00:55:01.0702 6736 Initialize success
00:55:01.0702 6736 ============================================================
00:55:08.0301 5540 ============================================================
00:55:08.0301 5540 Scan started
00:55:08.0301 5540 Mode: Manual;
00:55:08.0301 5540 ============================================================
00:55:09.0238 5540 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
00:55:09.0240 5540 1394ohci - ok
00:55:09.0311 5540 ABBYY.Licensing.FineReader.Sprint.9.0 (b33cf4de909a5b30f526d82053a63c8e) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
00:55:09.0314 5540 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
00:55:09.0355 5540 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:55:09.0357 5540 ACPI - ok
00:55:09.0382 5540 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:55:09.0383 5540 AcpiPmi - ok
00:55:09.0482 5540 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:55:09.0483 5540 AdobeARMservice - ok
00:55:09.0526 5540 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:55:09.0529 5540 adp94xx - ok
00:55:09.0545 5540 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:55:09.0548 5540 adpahci - ok
00:55:09.0564 5540 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:55:09.0565 5540 adpu320 - ok
00:55:09.0594 5540 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
00:55:09.0598 5540 AeLookupSvc - ok
00:55:09.0637 5540 AF15BDA (0517e1670a58213e3f206066cd209273) C:\Windows\system32\DRIVERS\AF15BDA.sys
00:55:09.0642 5540 AF15BDA - ok
00:55:09.0687 5540 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
00:55:09.0690 5540 AFD - ok
00:55:09.0709 5540 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:55:09.0710 5540 agp440 - ok
00:55:09.0731 5540 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
00:55:09.0732 5540 ALG - ok
00:55:09.0760 5540 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:55:09.0761 5540 aliide - ok
00:55:09.0775 5540 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:55:09.0776 5540 amdide - ok
00:55:09.0808 5540 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:55:09.0809 5540 AmdK8 - ok
00:55:09.0826 5540 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:55:09.0826 5540 AmdPPM - ok
00:55:09.0844 5540 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:55:09.0844 5540 amdsata - ok
00:55:09.0860 5540 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:55:09.0861 5540 amdsbs - ok
00:55:09.0874 5540 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:55:09.0874 5540 amdxata - ok
00:55:09.0970 5540 AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
00:55:09.0971 5540 AntiVirSchedulerService - ok
00:55:10.0001 5540 AntiVirService (42f88bfbb76f7a63e381829479b18518) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
00:55:10.0002 5540 AntiVirService - ok
00:55:10.0032 5540 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:55:10.0033 5540 AppID - ok
00:55:10.0055 5540 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
00:55:10.0059 5540 AppIDSvc - ok
00:55:10.0084 5540 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
00:55:10.0088 5540 Appinfo - ok
00:55:10.0164 5540 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:55:10.0165 5540 Apple Mobile Device - ok
00:55:10.0207 5540 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
00:55:10.0213 5540 AppMgmt - ok
00:55:10.0252 5540 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:55:10.0253 5540 arc - ok
00:55:10.0269 5540 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:55:10.0269 5540 arcsas - ok
00:55:10.0329 5540 AsIO (f6bda026e4157dc4e321ca391e9d9bc6) C:\Windows\syswow64\drivers\AsIO.sys
00:55:10.0330 5540 AsIO - ok
00:55:10.0472 5540 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
00:55:10.0498 5540 aspnet_state - ok
00:55:10.0569 5540 AsSysCtrlService (954ffbff05b0b60eb63b52af561436c4) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
00:55:10.0570 5540 AsSysCtrlService - ok
00:55:10.0601 5540 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:55:10.0601 5540 AsyncMac - ok
00:55:10.0633 5540 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:55:10.0634 5540 atapi - ok
00:55:10.0669 5540 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
00:55:10.0670 5540 AtiPcie - ok
00:55:10.0721 5540 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:55:10.0731 5540 AudioEndpointBuilder - ok
00:55:10.0740 5540 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:55:10.0743 5540 AudioSrv - ok
00:55:10.0834 5540 Autodesk Content Service (1992c2a1867d95aa3a0802539358d162) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
00:55:10.0834 5540 Autodesk Content Service - ok
00:55:10.0865 5540 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
00:55:10.0866 5540 avgntflt - ok
00:55:10.0888 5540 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
00:55:10.0888 5540 avipbb - ok
00:55:10.0901 5540 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
00:55:10.0901 5540 avkmgr - ok
00:55:10.0938 5540 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
00:55:10.0942 5540 AxInstSV - ok
00:55:10.0977 5540 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:55:10.0981 5540 b06bdrv - ok
00:55:11.0015 5540 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:55:11.0017 5540 b57nd60a - ok
00:55:11.0040 5540 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
00:55:11.0044 5540 BDESVC - ok
00:55:11.0062 5540 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:55:11.0064 5540 Beep - ok
00:55:11.0122 5540 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
00:55:11.0132 5540 BFE - ok
00:55:11.0169 5540 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
00:55:11.0176 5540 BITS - ok
00:55:11.0204 5540 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:55:11.0204 5540 blbdrive - ok
00:55:11.0279 5540 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
00:55:11.0282 5540 Bonjour Service - ok
00:55:11.0309 5540 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:55:11.0310 5540 bowser - ok
00:55:11.0327 5540 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:55:11.0327 5540 BrFiltLo - ok
00:55:11.0334 5540 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:55:11.0334 5540 BrFiltUp - ok
00:55:11.0412 5540 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
00:55:11.0412 5540 BridgeMP - ok
00:55:11.0441 5540 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
00:55:11.0446 5540 Browser - ok
00:55:11.0465 5540 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:55:11.0467 5540 Brserid - ok
00:55:11.0487 5540 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:55:11.0487 5540 BrSerWdm - ok
00:55:11.0515 5540 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:55:11.0516 5540 BrUsbMdm - ok
00:55:11.0523 5540 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:55:11.0524 5540 BrUsbSer - ok
00:55:11.0553 5540 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:55:11.0554 5540 BTHMODEM - ok
00:55:11.0593 5540 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
00:55:11.0597 5540 bthserv - ok
00:55:11.0621 5540 catchme - ok
00:55:11.0653 5540 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:55:11.0654 5540 cdfs - ok
00:55:11.0695 5540 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
00:55:11.0696 5540 cdrom - ok
00:55:11.0726 5540 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:55:11.0730 5540 CertPropSvc - ok
00:55:11.0749 5540 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:55:11.0750 5540 circlass - ok
00:55:11.0766 5540 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:55:11.0769 5540 CLFS - ok
00:55:11.0824 5540 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:55:11.0824 5540 clr_optimization_v2.0.50727_32 - ok
00:55:11.0856 5540 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:55:11.0857 5540 clr_optimization_v2.0.50727_64 - ok
00:55:11.0918 5540 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:55:11.0939 5540 clr_optimization_v4.0.30319_32 - ok
00:55:11.0962 5540 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:55:11.0975 5540 clr_optimization_v4.0.30319_64 - ok
00:55:12.0001 5540 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:55:12.0002 5540 CmBatt - ok
00:55:12.0030 5540 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:55:12.0030 5540 cmdide - ok
00:55:12.0067 5540 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
00:55:12.0070 5540 CNG - ok
00:55:12.0078 5540 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:55:12.0078 5540 Compbatt - ok
00:55:12.0102 5540 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
00:55:12.0102 5540 CompositeBus - ok
00:55:12.0115 5540 COMSysApp - ok
00:55:12.0164 5540 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
00:55:12.0165 5540 cpuz135 - ok
00:55:12.0171 5540 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:55:12.0172 5540 crcdisk - ok
00:55:12.0209 5540 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
00:55:12.0214 5540 CryptSvc - ok
00:55:12.0237 5540 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
00:55:12.0241 5540 CSC - ok
00:55:12.0266 5540 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
00:55:12.0271 5540 CscService - ok
00:55:12.0294 5540 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:55:12.0299 5540 DcomLaunch - ok
00:55:12.0327 5540 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
00:55:12.0333 5540 defragsvc - ok
00:55:12.0385 5540 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:55:12.0386 5540 DfsC - ok
00:55:12.0412 5540 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
00:55:12.0419 5540 Dhcp - ok
00:55:12.0445 5540 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:55:12.0446 5540 discache - ok
00:55:12.0472 5540 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:55:12.0473 5540 Disk - ok
00:55:12.0550 5540 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
00:55:12.0556 5540 Dnscache - ok
00:55:12.0588 5540 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
00:55:12.0595 5540 dot3svc - ok
00:55:12.0609 5540 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
00:55:12.0610 5540 DPS - ok
00:55:12.0670 5540 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:55:12.0671 5540 drmkaud - ok
00:55:12.0704 5540 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:55:12.0708 5540 DXGKrnl - ok
00:55:12.0733 5540 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
00:55:12.0737 5540 EapHost - ok
00:55:12.0803 5540 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:55:12.0847 5540 ebdrv - ok
00:55:12.0877 5540 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
00:55:12.0878 5540 EFS - ok
00:55:12.0923 5540 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
00:55:12.0928 5540 ehRecvr - ok
00:55:12.0947 5540 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
00:55:12.0948 5540 ehSched - ok
00:55:12.0975 5540 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:55:12.0979 5540 elxstor - ok
00:55:13.0016 5540 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:55:13.0017 5540 ErrDev - ok
00:55:13.0053 5540 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
00:55:13.0056 5540 EventSystem - ok
00:55:13.0078 5540 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:55:13.0085 5540 exfat - ok
00:55:13.0159 5540 Fabs - ok
00:55:13.0169 5540 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:55:13.0174 5540 fastfat - ok
00:55:13.0214 5540 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
00:55:13.0220 5540 Fax - ok
00:55:13.0244 5540 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:55:13.0245 5540 fdc - ok
00:55:13.0251 5540 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
00:55:13.0253 5540 fdPHost - ok
00:55:13.0278 5540 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
00:55:13.0282 5540 FDResPub - ok
00:55:13.0302 5540 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:55:13.0303 5540 FileInfo - ok
00:55:13.0309 5540 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:55:13.0310 5540 Filetrace - ok
00:55:13.0412 5540 FLEXnet Licensing Service 64 (5cee6cd43ae5844c49300ea0b1e557ee) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
00:55:13.0424 5540 FLEXnet Licensing Service 64 - ok
00:55:13.0461 5540 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:55:13.0461 5540 flpydisk - ok
00:55:13.0536 5540 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:55:13.0538 5540 FltMgr - ok
00:55:13.0583 5540 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
00:55:13.0596 5540 FontCache - ok
00:55:13.0657 5540 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:55:13.0657 5540 FontCache3.0.0.0 - ok
00:55:13.0675 5540 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:55:13.0676 5540 FsDepends - ok
00:55:13.0697 5540 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
00:55:13.0700 5540 Fs_Rec - ok
00:55:13.0763 5540 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:55:13.0765 5540 fvevol - ok
00:55:13.0791 5540 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:55:13.0791 5540 gagp30kx - ok
00:55:13.0845 5540 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:55:13.0846 5540 GEARAspiWDM - ok
00:55:13.0884 5540 ggflt (a4198f2bd8aa592cb90476277a81b5e1) C:\Windows\system32\DRIVERS\ggflt.sys
00:55:13.0885 5540 ggflt - ok
00:55:13.0929 5540 ggsemc (d266350bdaab9eb6c1aec370eeaaff3a) C:\Windows\system32\DRIVERS\ggsemc.sys
00:55:13.0930 5540 ggsemc - ok
00:55:13.0971 5540 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
00:55:13.0977 5540 gpsvc - ok
00:55:14.0015 5540 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
00:55:14.0016 5540 hamachi - ok
00:55:14.0145 5540 Hamachi2Svc (ce77bc37bdd36c9dc50c3591ebac3fa3) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
00:55:14.0175 5540 Hamachi2Svc - ok
00:55:14.0338 5540 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:55:14.0339 5540 hcw85cir - ok
00:55:14.0545 5540 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
00:55:14.0573 5540 HdAudAddService - ok
00:55:14.0607 5540 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
00:55:14.0608 5540 HDAudBus - ok
00:55:14.0615 5540 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:55:14.0615 5540 HidBatt - ok
00:55:14.0635 5540 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:55:14.0636 5540 HidBth - ok
00:55:14.0659 5540 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:55:14.0660 5540 HidIr - ok
00:55:14.0689 5540 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
00:55:14.0693 5540 hidserv - ok
00:55:14.0717 5540 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
00:55:14.0718 5540 HidUsb - ok
00:55:14.0741 5540 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
00:55:14.0745 5540 hkmsvc - ok
00:55:14.0780 5540 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
00:55:14.0787 5540 HomeGroupListener - ok
00:55:14.0809 5540 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
00:55:14.0815 5540 HomeGroupProvider - ok
00:55:14.0878 5540 hotcore3 (71297bd56776f90866423d14b963a5c8) C:\Windows\system32\DRIVERS\hotcore3.sys
00:55:14.0878 5540 hotcore3 - ok
00:55:14.0893 5540 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:55:14.0894 5540 HpSAMD - ok
00:55:14.0947 5540 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:55:14.0952 5540 HTTP - ok
00:55:14.0970 5540 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:55:14.0970 5540 hwpolicy - ok
00:55:14.0987 5540 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
00:55:14.0988 5540 i8042prt - ok
00:55:15.0009 5540 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:55:15.0012 5540 iaStorV - ok
00:55:15.0080 5540 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:55:15.0087 5540 idsvc - ok
00:55:15.0122 5540 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:55:15.0123 5540 iirsp - ok
00:55:15.0150 5540 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
00:55:15.0158 5540 IKEEXT - ok
00:55:15.0182 5540 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:55:15.0183 5540 intelide - ok
00:55:15.0219 5540 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:55:15.0220 5540 intelppm - ok
00:55:15.0246 5540 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
00:55:15.0251 5540 IPBusEnum - ok
00:55:15.0289 5540 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:55:15.0289 5540 IpFilterDriver - ok
00:55:15.0310 5540 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
00:55:15.0314 5540 iphlpsvc - ok
00:55:15.0333 5540 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:55:15.0334 5540 IPMIDRV - ok
00:55:15.0348 5540 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:55:15.0349 5540 IPNAT - ok
00:55:15.0501 5540 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
00:55:15.0505 5540 iPod Service - ok
00:55:15.0547 5540 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:55:15.0547 5540 IRENUM - ok
00:55:15.0573 5540 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:55:15.0574 5540 isapnp - ok
00:55:15.0619 5540 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:55:15.0621 5540 iScsiPrt - ok
00:55:15.0640 5540 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
00:55:15.0641 5540 kbdclass - ok
00:55:15.0667 5540 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
00:55:15.0667 5540 kbdhid - ok
00:55:15.0697 5540 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:55:15.0698 5540 KeyIso - ok
00:55:15.0713 5540 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
00:55:15.0713 5540 KSecDD - ok
00:55:15.0741 5540 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
00:55:15.0742 5540 KSecPkg - ok
00:55:15.0769 5540 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:55:15.0769 5540 ksthunk - ok
00:55:15.0808 5540 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
00:55:15.0817 5540 KtmRm - ok
00:55:15.0850 5540 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
00:55:15.0856 5540 LanmanServer - ok
00:55:15.0880 5540 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
00:55:15.0882 5540 LanmanWorkstation - ok
00:55:15.0958 5540 LBTServ (64222b8f5357fd3c26c8957021bccb58) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
00:55:15.0959 5540 LBTServ - ok
00:55:15.0999 5540 LHidFilt (a7a1f07a63eecea1de943592374e26ce) C:\Windows\system32\DRIVERS\LHidFilt.Sys
00:55:16.0000 5540 LHidFilt - ok
00:55:16.0054 5540 LkCitadelServer (20cdb07017497c94a0bad253c4bafcbc) C:\Windows\SysWOW64\lkcitdl.exe
00:55:16.0057 5540 LkCitadelServer - ok
00:55:16.0077 5540 lkClassAds (4cf1212843e92442265e61f945fdd7bc) C:\Windows\SysWOW64\lkads.exe
00:55:16.0077 5540 lkClassAds - ok
00:55:16.0098 5540 lkTimeSync (37f285d5645a4b01c2e2c98246436811) C:\Windows\SysWOW64\lktsrv.exe
00:55:16.0099 5540 lkTimeSync - ok
00:55:16.0131 5540 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:55:16.0132 5540 lltdio - ok
00:55:16.0162 5540 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
00:55:16.0171 5540 lltdsvc - ok
00:55:16.0201 5540 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
00:55:16.0205 5540 lmhosts - ok
00:55:16.0226 5540 LMouFilt (3ffc578a2388ed48600ea7b3a37e4394) C:\Windows\system32\DRIVERS\LMouFilt.Sys
00:55:16.0226 5540 LMouFilt - ok
00:55:16.0241 5540 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:55:16.0242 5540 LSI_FC - ok
00:55:16.0256 5540 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:55:16.0257 5540 LSI_SAS - ok
00:55:16.0270 5540 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:55:16.0270 5540 LSI_SAS2 - ok
00:55:16.0282 5540 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:55:16.0283 5540 LSI_SCSI - ok
00:55:16.0298 5540 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:55:16.0298 5540 luafv - ok
00:55:16.0332 5540 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
00:55:16.0336 5540 Mcx2Svc - ok
00:55:16.0359 5540 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:55:16.0359 5540 megasas - ok
00:55:16.0377 5540 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:55:16.0379 5540 MegaSR - ok
00:55:16.0477 5540 Microsoft SharePoint Workspace Audit Service - ok
00:55:16.0514 5540 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:55:16.0515 5540 MMCSS - ok
00:55:16.0522 5540 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:55:16.0522 5540 Modem - ok
00:55:16.0548 5540 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:55:16.0549 5540 monitor - ok
00:55:16.0628 5540 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
00:55:16.0629 5540 mouclass - ok
00:55:16.0645 5540 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:55:16.0646 5540 mouhid - ok
00:55:16.0679 5540 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:55:16.0680 5540 mountmgr - ok
00:55:16.0712 5540 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:55:16.0713 5540 mpio - ok
00:55:16.0729 5540 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:55:16.0730 5540 mpsdrv - ok
00:55:16.0773 5540 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
00:55:16.0779 5540 MpsSvc - ok
00:55:16.0812 5540 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:55:16.0813 5540 MRxDAV - ok
00:55:16.0850 5540 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:55:16.0851 5540 mrxsmb - ok
00:55:16.0870 5540 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:55:16.0871 5540 mrxsmb10 - ok
00:55:16.0893 5540 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:55:16.0894 5540 mrxsmb20 - ok
00:55:16.0919 5540 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:55:16.0919 5540 msahci - ok
00:55:16.0939 5540 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:55:16.0940 5540 msdsm - ok
00:55:16.0972 5540 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
00:55:16.0973 5540 MSDTC - ok
00:55:16.0995 5540 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:55:16.0995 5540 Msfs - ok
00:55:17.0016 5540 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:55:17.0017 5540 mshidkmdf - ok
00:55:17.0036 5540 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:55:17.0037 5540 msisadrv - ok
00:55:17.0086 5540 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
00:55:17.0091 5540 MSiSCSI - ok
00:55:17.0097 5540 msiserver - ok
00:55:17.0132 5540 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:55:17.0132 5540 MSKSSRV - ok
00:55:17.0165 5540 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:55:17.0165 5540 MSPCLOCK - ok
00:55:17.0172 5540 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:55:17.0173 5540 MSPQM - ok
00:55:17.0203 5540 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:55:17.0205 5540 MsRPC - ok
00:55:17.0221 5540 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
00:55:17.0222 5540 mssmbios - ok
00:55:17.0229 5540 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:55:17.0230 5540 MSTEE - ok
00:55:17.0244 5540 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:55:17.0245 5540 MTConfig - ok
00:55:17.0275 5540 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
00:55:17.0276 5540 MTsensor - ok
00:55:17.0302 5540 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:55:17.0303 5540 Mup - ok
00:55:17.0399 5540 mxssvr (a3ba8a14490fdbf106939c37a125e82c) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
00:55:17.0399 5540 mxssvr - ok
00:55:17.0419 5540 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
00:55:17.0423 5540 napagent - ok
00:55:17.0450 5540 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:55:17.0452 5540 NativeWifiP - ok
00:55:17.0499 5540 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
00:55:17.0505 5540 NDIS - ok
00:55:17.0531 5540 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:55:17.0532 5540 NdisCap - ok
00:55:17.0621 5540 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:55:17.0622 5540 NdisTapi - ok
00:55:17.0649 5540 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:55:17.0650 5540 Ndisuio - ok
00:55:17.0682 5540 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:55:17.0683 5540 NdisWan - ok
00:55:17.0705 5540 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:55:17.0709 5540 NDProxy - ok
00:55:17.0716 5540 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:55:17.0716 5540 NetBIOS - ok
00:55:17.0734 5540 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:55:17.0736 5540 NetBT - ok
00:55:17.0773 5540 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:55:17.0773 5540 Netlogon - ok
00:55:17.0804 5540 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
00:55:17.0811 5540 Netman - ok
00:55:17.0878 5540 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:55:17.0880 5540 NetMsmqActivator - ok
00:55:17.0884 5540 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:55:17.0885 5540 NetPipeActivator - ok
00:55:17.0894 5540 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
00:55:17.0903 5540 netprofm - ok
00:55:17.0908 5540 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:55:17.0909 5540 NetTcpActivator - ok
00:55:17.0913 5540 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:55:17.0914 5540 NetTcpPortSharing - ok
00:55:17.0969 5540 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:55:17.0969 5540 nfrd960 - ok
00:55:18.0055 5540 NIApplicationWebServer (ef5225ed8671d406e4a84769b26147f0) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
00:55:18.0055 5540 NIApplicationWebServer - ok
00:55:18.0118 5540 NIApplicationWebServer64 (dae7c49b3cdabd1466dded91b72550af) C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
00:55:18.0118 5540 NIApplicationWebServer64 - ok
00:55:18.0153 5540 nidimk (7ca60459a9576ed86c5181f138c9b383) C:\Windows\system32\drivers\nidimkl.sys
00:55:18.0153 5540 nidimk - ok
00:55:18.0200 5540 NIDomainService (159e95cfc105a27a2ec6d7632bb254a8) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
00:55:18.0202 5540 NIDomainService - ok
00:55:18.0258 5540 niLXIDiscovery (3aaa79f03f85306005e060094b029142) C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
00:55:18.0259 5540 niLXIDiscovery - ok
00:55:18.0314 5540 nimDNSResponder (f0d9ffb575a06fee410e2a838be3507b) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
00:55:18.0315 5540 nimDNSResponder - ok
00:55:18.0345 5540 niorbk (ca6882d4a8fbd313d2b4694154f1182b) C:\Windows\system32\drivers\niorbkl.sys
00:55:18.0345 5540 niorbk - ok
00:55:18.0388 5540 nipalfwedl (0b8fc496fbf85e45472da68108dca042) C:\Windows\system32\drivers\nipalfwedl.sys
00:55:18.0388 5540 nipalfwedl - ok
00:55:18.0418 5540 NIPALK (56d1038b47287b787fcb00a465f087f7) C:\Windows\system32\drivers\nipalk.sys
00:55:18.0425 5540 NIPALK - ok
00:55:18.0432 5540 nipalusbedl (0364cd30c6ab0c6d5817358db2851a60) C:\Windows\system32\drivers\nipalusbedl.sys
00:55:18.0432 5540 nipalusbedl - ok
00:55:18.0450 5540 nipbcfk (0aef3d16a49ab7dba0c2d96588980f69) C:\Windows\system32\drivers\nipbcfk.sys
00:55:18.0451 5540 nipbcfk - ok
00:55:18.0513 5540 niSvcLoc (617b57046635d3b15634416d68528a8b) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
00:55:18.0514 5540 niSvcLoc - ok
00:55:18.0552 5540 NITaggerService (ad0203c2e2afaf92be528e79a38c64b5) C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
00:55:18.0555 5540 NITaggerService - ok
00:55:18.0770 5540 NitroReaderDriverReadSpool2 (dd785430e326f13de9a87739491bed7b) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
00:55:18.0771 5540 NitroReaderDriverReadSpool2 - ok
00:55:18.0850 5540 NiViPciK (d68240f076486d89b2e9c7b1cbe7dbc2) C:\Windows\system32\drivers\NiViPciKl.sys
00:55:18.0851 5540 NiViPciK - ok
00:55:18.0881 5540 NiViPxiK (e91f504fbb6570a62806cd8dadb94cc9) C:\Windows\system32\drivers\NiViPxiKl.sys
00:55:18.0881 5540 NiViPxiK - ok
00:55:18.0913 5540 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
00:55:18.0916 5540 NlaSvc - ok
00:55:18.0943 5540 NPF (c31fa031335eff434b2d94278e74bcce) C:\Windows\system32\drivers\npf.sys
00:55:18.0944 5540 NPF - ok
00:55:18.0976 5540 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:55:18.0976 5540 Npfs - ok
00:55:19.0009 5540 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
00:55:19.0012 5540 nsi - ok
00:55:19.0031 5540 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:55:19.0031 5540 nsiproxy - ok
00:55:19.0077 5540 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:55:19.0091 5540 Ntfs - ok
00:55:19.0108 5540 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:55:19.0109 5540 Null - ok
00:55:19.0144 5540 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
00:55:19.0145 5540 NVHDA - ok
00:55:19.0387 5540 nvlddmkm (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:55:19.0442 5540 nvlddmkm - ok
00:55:19.0507 5540 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:55:19.0508 5540 nvraid - ok
00:55:19.0529 5540 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:55:19.0530 5540 nvstor - ok
00:55:19.0809 5540 nvsvc (34e5498528bb3d5a951f889f8756ad26) C:\Windows\system32\nvvsvc.exe
00:55:19.0861 5540 nvsvc - ok
00:55:20.0053 5540 nvUpdatusService (cd0bfaa6872cfe38c908d313ae17c350) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
00:55:20.0083 5540 nvUpdatusService - ok
00:55:20.0103 5540 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:55:20.0104 5540 nv_agp - ok
00:55:20.0133 5540 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:55:20.0134 5540 ohci1394 - ok
00:55:20.0178 5540 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:55:20.0179 5540 ose - ok
00:55:20.0278 5540 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:55:20.0353 5540 osppsvc - ok
00:55:20.0397 5540 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:55:20.0401 5540 p2pimsvc - ok
00:55:20.0425 5540 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
00:55:20.0432 5540 p2psvc - ok
00:55:20.0468 5540 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:55:20.0469 5540 Parport - ok
00:55:20.0502 5540 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
00:55:20.0503 5540 partmgr - ok
00:55:20.0516 5540 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
00:55:20.0518 5540 PcaSvc - ok
00:55:20.0534 5540 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:55:20.0535 5540 pci - ok
00:55:20.0592 5540 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:55:20.0592 5540 pciide - ok
00:55:20.0609 5540 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:55:20.0610 5540 pcmcia - ok
00:55:20.0623 5540 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:55:20.0624 5540 pcw - ok
00:55:20.0643 5540 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:55:20.0648 5540 PEAUTH - ok
00:55:20.0749 5540 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
00:55:20.0761 5540 PeerDistSvc - ok
00:55:20.0805 5540 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
00:55:20.0806 5540 PerfHost - ok
00:55:20.0848 5540 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
00:55:20.0884 5540 pla - ok
00:55:20.0919 5540 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
00:55:20.0928 5540 PlugPlay - ok
00:55:20.0948 5540 PnkBstrA - ok
00:55:20.0985 5540 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
00:55:20.0989 5540 PNRPAutoReg - ok
00:55:21.0009 5540 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:55:21.0012 5540 PNRPsvc - ok
00:55:21.0038 5540 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
00:55:21.0046 5540 PolicyAgent - ok
00:55:21.0084 5540 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
00:55:21.0086 5540 Power - ok
00:55:21.0138 5540 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:55:21.0139 5540 PptpMiniport - ok
00:55:21.0157 5540 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:55:21.0157 5540 Processor - ok
00:55:21.0187 5540 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
00:55:21.0193 5540 ProfSvc - ok
00:55:21.0229 5540 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:55:21.0230 5540 ProtectedStorage - ok
00:55:21.0260 5540 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:55:21.0261 5540 Psched - ok
00:55:21.0300 5540 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:55:21.0312 5540 ql2300 - ok
00:55:21.0345 5540 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:55:21.0346 5540 ql40xx - ok
00:55:21.0374 5540 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
00:55:21.0382 5540 QWAVE - ok
00:55:21.0389 5540 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:55:21.0390 5540 QWAVEdrv - ok
00:55:21.0402 5540 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:55:21.0403 5540 RasAcd - ok
00:55:21.0437 5540 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:55:21.0438 5540 RasAgileVpn - ok
00:55:21.0452 5540 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
00:55:21.0457 5540 RasAuto - ok
00:55:21.0471 5540 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:55:21.0472 5540 Rasl2tp - ok
00:55:21.0490 5540 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
00:55:21.0499 5540 RasMan - ok
00:55:21.0517 5540 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:55:21.0517 5540 RasPppoe - ok
00:55:21.0531 5540 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:55:21.0532 5540 RasSstp - ok
00:55:21.0611 5540 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:55:21.0613 5540 rdbss - ok
00:55:21.0625 5540 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:55:21.0626 5540 rdpbus - ok
00:55:21.0642 5540 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:55:21.0643 5540 RDPCDD - ok
00:55:21.0671 5540 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
00:55:21.0672 5540 RDPDR - ok
00:55:21.0721 5540 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:55:21.0721 5540 RDPENCDD - ok
00:55:21.0731 5540 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:55:21.0732 5540 RDPREFMP - ok
00:55:21.0778 5540 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
00:55:21.0784 5540 RDPWD - ok
00:55:21.0809 5540 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:55:21.0810 5540 rdyboost - ok
00:55:21.0849 5540 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
00:55:21.0853 5540 RemoteAccess - ok
00:55:21.0874 5540 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
00:55:21.0880 5540 RemoteRegistry - ok
00:55:21.0949 5540 rpcapd (a780d3eaa74582ea1deb6bd9c7a3d9c9) C:\Program Files (x86)\WinPcap\rpcapd.exe
00:55:21.0950 5540 rpcapd - ok
00:55:21.0976 5540 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
00:55:21.0980 5540 RpcEptMapper - ok
00:55:22.0003 5540 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
00:55:22.0004 5540 RpcLocator - ok
00:55:22.0026 5540 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:55:22.0029 5540 RpcSs - ok
00:55:22.0049 5540 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:55:22.0050 5540 rspndr - ok
00:55:22.0099 5540 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
00:55:22.0101 5540 RTL8167 - ok
00:55:22.0129 5540 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
00:55:22.0129 5540 s3cap - ok
00:55:22.0165 5540 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:55:22.0166 5540 SamSs - ok
00:55:22.0203 5540 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:55:22.0204 5540 sbp2port - ok
00:55:22.0218 5540 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
00:55:22.0225 5540 SCardSvr - ok
00:55:22.0277 5540 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:55:22.0277 5540 scfilter - ok
00:55:22.0323 5540 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
00:55:22.0331 5540 Schedule - ok
00:55:22.0358 5540 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:55:22.0359 5540 SCPolicySvc - ok
00:55:22.0392 5540 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
00:55:22.0402 5540 SDRSVC - ok
00:55:22.0432 5540 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:55:22.0434 5540 secdrv - ok
00:55:22.0453 5540 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
00:55:22.0457 5540 seclogon - ok
00:55:22.0466 5540 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
00:55:22.0468 5540 SENS - ok
00:55:22.0482 5540 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
00:55:22.0487 5540 SensrSvc - ok
00:55:22.0501 5540 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:55:22.0502 5540 Serenum - ok
00:55:22.0536 5540 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:55:22.0536 5540 Serial - ok
00:55:22.0558 5540 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:55:22.0559 5540 sermouse - ok
00:55:22.0607 5540 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
00:55:22.0612 5540 SessionEnv - ok
00:55:22.0653 5540 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:55:22.0653 5540 sffdisk - ok
00:55:22.0687 5540 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:55:22.0687 5540 sffp_mmc - ok
00:55:22.0731 5540 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:55:22.0732 5540 sffp_sd - ok
00:55:22.0755 5540 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:55:22.0756 5540 sfloppy - ok
00:55:22.0782 5540 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
00:55:22.0791 5540 SharedAccess - ok
00:55:22.0831 5540 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
00:55:22.0834 5540 ShellHWDetection - ok
00:55:22.0866 5540 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:55:22.0866 5540 SiSRaid2 - ok
00:55:22.0878 5540 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:55:22.0878 5540 SiSRaid4 - ok
00:55:22.0908 5540 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:55:22.0909 5540 Smb - ok
00:55:22.0957 5540 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
00:55:22.0958 5540 SNMPTRAP - ok
00:55:23.0058 5540 Sony Ericsson PCCompanion (1a623f2b69e1f182f995f963c55db935) C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
00:55:23.0059 5540 Sony Ericsson PCCompanion - ok
00:55:23.0138 5540 speedfan (12583af6cbe0050651eaf2723b3ad7b3) C:\Windows\syswow64\speedfan.sys
00:55:23.0140 5540 speedfan - ok
00:55:23.0161 5540 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:55:23.0162 5540 spldr - ok
00:55:23.0195 5540 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
00:55:23.0198 5540 Spooler - ok
00:55:23.0265 5540 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
00:55:23.0320 5540 sppsvc - ok
00:55:23.0366 5540 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
00:55:23.0371 5540 sppuinotify - ok
00:55:23.0404 5540 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:55:23.0408 5540 srv - ok
00:55:23.0433 5540 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:55:23.0436 5540 srv2 - ok
00:55:23.0471 5540 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:55:23.0472 5540 srvnet - ok
00:55:23.0498 5540 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
00:55:23.0503 5540 SSDPSRV - ok
00:55:23.0533 5540 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
00:55:23.0538 5540 SstpSvc - ok
00:55:23.0594 5540 Steam Client Service - ok
00:55:23.0726 5540 Stereo Service (8544a200c40447e465f06e58687428bb) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
00:55:23.0727 5540 Stereo Service - ok
00:55:23.0756 5540 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:55:23.0756 5540 stexstor - ok
00:55:23.0840 5540 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
00:55:23.0850 5540 stisvc - ok
00:55:23.0876 5540 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
00:55:23.0877 5540 storflt - ok
00:55:23.0914 5540 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
00:55:23.0918 5540 StorSvc - ok
00:55:23.0930 5540 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
00:55:23.0930 5540 storvsc - ok
00:55:23.0945 5540 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
00:55:23.0946 5540 swenum - ok
00:55:24.0001 5540 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
00:55:24.0009 5540 swprv - ok
00:55:24.0059 5540 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
00:55:24.0072 5540 SysMain - ok
00:55:24.0106 5540 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
00:55:24.0111 5540 TabletInputService - ok
00:55:24.0135 5540 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
00:55:24.0144 5540 TapiSrv - ok
00:55:24.0162 5540 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
00:55:24.0164 5540 TBS - ok
00:55:24.0218 5540 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
00:55:24.0246 5540 Tcpip - ok
00:55:24.0292 5540 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
00:55:24.0300 5540 TCPIP6 - ok
00:55:24.0359 5540 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:55:24.0359 5540 tcpipreg - ok
00:55:24.0391 5540 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:55:24.0391 5540 TDPIPE - ok
00:55:24.0442 5540 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
00:55:24.0442 5540 TDTCP - ok
00:55:24.0500 5540 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:55:24.0501 5540 tdx - ok
00:55:24.0528 5540 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
00:55:24.0529 5540 TermDD - ok
00:55:24.0551 5540 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
00:55:24.0557 5540 TermService - ok
00:55:24.0572 5540 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
00:55:24.0576 5540 Themes - ok
00:55:24.0602 5540 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:55:24.0603 5540 THREADORDER - ok
00:55:24.0626 5540 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
00:55:24.0628 5540 TrkWks - ok
00:55:24.0710 5540 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
00:55:24.0711 5540 TrustedInstaller - ok
00:55:24.0732 5540 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:55:24.0732 5540 tssecsrv - ok
00:55:24.0760 5540 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:55:24.0760 5540 TsUsbFlt - ok
00:55:24.0835 5540 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:55:24.0836 5540 tunnel - ok
00:55:24.0853 5540 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:55:24.0854 5540 uagp35 - ok
00:55:24.0886 5540 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:55:24.0889 5540 udfs - ok
00:55:24.0911 5540 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
00:55:24.0913 5540 UI0Detect - ok
00:55:24.0955 5540 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:55:24.0956 5540 uliagpkx - ok
00:55:25.0009 5540 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
00:55:25.0010 5540 umbus - ok
00:55:25.0138 5540 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:55:25.0139 5540 UmPass - ok
00:55:25.0273 5540 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
00:55:25.0279 5540 UmRdpService - ok
00:55:25.0341 5540 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
00:55:25.0347 5540 upnphost - ok
00:55:25.0392 5540 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
00:55:25.0393 5540 USBAAPL64 - ok
00:55:25.0420 5540 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
00:55:25.0421 5540 usbccgp - ok
00:55:25.0442 5540 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:55:25.0443 5540 usbcir - ok
00:55:25.0463 5540 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
00:55:25.0463 5540 usbehci - ok
00:55:25.0490 5540 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
00:55:25.0491 5540 usbfilter - ok
00:55:25.0510 5540 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
00:55:25.0512 5540 usbhub - ok
00:55:25.0527 5540 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
00:55:25.0527 5540 usbohci - ok
00:55:25.0542 5540 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:55:25.0543 5540 usbprint - ok
00:55:25.0579 5540 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
00:55:25.0580 5540 usbscan - ok
00:55:25.0596 5540 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:55:25.0596 5540 USBSTOR - ok
00:55:25.0615 5540 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
00:55:25.0616 5540 usbuhci - ok
00:55:25.0638 5540 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
00:55:25.0640 5540 UxSms - ok
00:55:25.0705 5540 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:55:25.0706 5540 VaultSvc - ok
00:55:25.0739 5540 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:55:25.0740 5540 vdrvroot - ok
00:55:25.0819 5540 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
00:55:25.0824 5540 vds - ok
00:55:25.0846 5540 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:55:25.0847 5540 vga - ok
00:55:25.0867 5540 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:55:25.0867 5540 VgaSave - ok
00:55:25.0893 5540 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:55:25.0894 5540 vhdmp - ok
00:55:25.0934 5540 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:55:25.0934 5540 viaide - ok
00:55:25.0959 5540 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
00:55:25.0961 5540 vmbus - ok
00:55:25.0985 5540 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
00:55:25.0985 5540 VMBusHID - ok
00:55:26.0014 5540 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:55:26.0014 5540 volmgr - ok
00:55:26.0053 5540 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:55:26.0056 5540 volmgrx - ok
00:55:26.0071 5540 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:55:26.0073 5540 volsnap - ok
00:55:26.0102 5540 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:55:26.0103 5540 vsmraid - ok
00:55:26.0150 5540 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
00:55:26.0165 5540 VSS - ok
00:55:26.0178 5540 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
00:55:26.0179 5540 vwifibus - ok
00:55:26.0208 5540 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
00:55:26.0215 5540 W32Time - ok
00:55:26.0230 5540 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:55:26.0231 5540 WacomPen - ok
00:55:26.0252 5540 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:55:26.0253 5540 WANARP - ok
00:55:26.0256 5540 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:55:26.0256 5540 Wanarpv6 - ok
00:55:26.0324 5540 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
00:55:26.0335 5540 WatAdminSvc - ok
00:55:26.0389 5540 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
00:55:26.0403 5540 wbengine - ok
00:55:26.0420 5540 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
00:55:26.0427 5540 WbioSrvc - ok
00:55:26.0454 5540 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
00:55:26.0461 5540 wcncsvc - ok
00:55:26.0484 5540 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
00:55:26.0488 5540 WcsPlugInService - ok
00:55:26.0507 5540 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:55:26.0507 5540 Wd - ok
00:55:26.0539 5540 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:55:26.0544 5540 Wdf01000 - ok
00:55:26.0561 5540 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:55:26.0566 5540 WdiServiceHost - ok
00:55:26.0569 5540 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:55:26.0571 5540 WdiSystemHost - ok
00:55:26.0595 5540 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
00:55:26.0603 5540 WebClient - ok
00:55:26.0612 5540 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
00:55:26.0619 5540 Wecsvc - ok
00:55:26.0634 5540 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
00:55:26.0639 5540 wercplsupport - ok
00:55:26.0663 5540 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
00:55:26.0668 5540 WerSvc - ok
00:55:26.0694 5540 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:55:26.0695 5540 WfpLwf - ok
00:55:26.0708 5540 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:55:26.0712 5540 WIMMount - ok
00:55:26.0728 5540 WinDefend - ok
00:55:26.0735 5540 WinHttpAutoProxySvc - ok
00:55:26.0858 5540 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
00:55:26.0860 5540 Winmgmt - ok
00:55:26.0915 5540 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
00:55:26.0950 5540 WinRM - ok
00:55:27.0026 5540 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
00:55:27.0027 5540 WinUSB - ok
00:55:27.0140 5540 WISOVD - ok
00:55:27.0175 5540 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
00:55:27.0189 5540 Wlansvc - ok
00:55:27.0272 5540 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:55:27.0300 5540 wlidsvc - ok
00:55:27.0331 5540 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
00:55:27.0331 5540 WmiAcpi - ok
00:55:27.0373 5540 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
00:55:27.0374 5540 wmiApSrv - ok
00:55:27.0414 5540 WMPNetworkSvc - ok
00:55:27.0444 5540 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
00:55:27.0448 5540 WPCSvc - ok
00:55:27.0482 5540 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
00:55:27.0487 5540 WPDBusEnum - ok
00:55:27.0527 5540 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:55:27.0528 5540 ws2ifsl - ok
00:55:27.0545 5540 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
00:55:27.0547 5540 wscsvc - ok
00:55:27.0553 5540 WSearch - ok
00:55:27.0601 5540 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
00:55:27.0640 5540 wuauserv - ok
00:55:27.0701 5540 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:55:27.0702 5540 WudfPf - ok
00:55:27.0745 5540 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:55:27.0746 5540 WUDFRd - ok
00:55:27.0778 5540 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
00:55:27.0780 5540 wudfsvc - ok
00:55:27.0797 5540 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
00:55:27.0805 5540 WwanSvc - ok
00:55:27.0823 5540 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:55:27.0882 5540 \Device\Harddisk0\DR0 - ok
00:55:27.0907 5540 Boot (0x1200) (388d7842d52c57a12e130085018a3b34) \Device\Harddisk0\DR0\Partition0
00:55:27.0908 5540 \Device\Harddisk0\DR0\Partition0 - ok
00:55:27.0928 5540 Boot (0x1200) (fce95bc1dc676b1b6951a1653b100475) \Device\Harddisk0\DR0\Partition1
00:55:27.0928 5540 \Device\Harddisk0\DR0\Partition1 - ok
00:55:27.0929 5540 ============================================================
00:55:27.0929 5540 Scan finished
00:55:27.0929 5540 ============================================================
00:55:27.0940 4532 Detected object count: 0
00:55:27.0940 4532 Actual detected object count: 0

I've run aswMBR.exe twice and both times a popup saying 'avast! Antirootkit has stopped working' and the only option is to close the program.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:27 AM

Posted 29 March 2012 - 12:48 PM

Try this tool.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

#7 JPYW

JPYW
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 29 March 2012 - 08:33 PM

Log attached

Attached Files



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:27 AM

Posted 30 March 2012 - 07:53 AM

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed. Or when this computer is clean.

Now run aswMBR and post a log if you can.
===



HOW TO: Enable the CD Emulators... <- do this when all is well with this computer.

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.
===

Click the Posted Image button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7 with Elevated Privilege
http://www.mydigitallife.info/2007/02/17/how-to-open-elevated-command-prompt-with-administrator-privileges-in-windows-vista/
<<<>>>

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Windows Firewall
    • Security Center
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#9 JPYW

JPYW
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 30 March 2012 - 09:31 AM

Logs attached

Attached Files

  • Attached File  MBR.zip   559bytes   1 downloads
  • Attached File  FSS.txt   1.01KB   2 downloads


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:27 AM

Posted 30 March 2012 - 01:04 PM

You attached the MBR.dat in a zip file that is fine.

I would like to see the other log generated by the tool.
Can you please post it.

If you did not kept a copy please run the tool again and post the log.

#11 JPYW

JPYW
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 30 March 2012 - 07:24 PM

Sorry, here you go.

Attached Files



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:27 AM

Posted 31 March 2012 - 08:08 AM

>>> Download to your Desktop GooredFix by jpshortstuff from here or here
Ensure all Firefox windows are closed and right-click on GooredFix.exe and select Run As Administrator. Click Yes when prompted to run the scan.
GooredFix will check for infections, and then a log will appear and can also be found on your desktop, called GooredFix.txt.
Please copy and paste the contents of this log in your next reply.

p.s. On a Vista or Windows 7 computer right-click and select Run As Administrator.

A number of issues are covered on this page.
http://answers.microsoft.com/en-us/windows/forum/windows_7-security/the-windows-security-center-service-cant-be/d8250e7a-ee3c-4302-8ca6-9e2a10262feb

Try the suggestion recommended in post No. 1.

#13 JPYW

JPYW
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 31 March 2012 - 08:48 AM

GooredFix by jpshortstuff (03.07.10.1)
Log created at 00:33 on 01/04/2012 (Jeremy)
Firefox version 10.0 (en-GB)

========== GooredScan ==========

(none)

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [09:04 23/12/2011]
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [00:40 20/02/2012]

C:\Users\Jeremy\Application Data\Mozilla\Firefox\Profiles\0p4vorc5.default\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(none)

-=E.O.F=-

In services.msc the error in a popup is... "Error 1058: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it."

Running under default administrator gets the same error (Error 1058)

#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:27 AM

Posted 31 March 2012 - 01:27 PM

Try this fix.

Service does not start and displays "Error 1058"
http://support.microsoft.com/kb/241584

#15 JPYW

JPYW
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 31 March 2012 - 08:54 PM

Doesn't fix it. Starts up disabled.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users