Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect; Trojan horse generic26; maybe more!


  • This topic is locked This topic is locked
9 replies to this topic

#1 pilates

pilates

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 27 March 2012 - 03:21 AM

Wife's computer. 64 bit. Started with Google redirect last night. I tried some self-help today by mimicing some of your posts. Google seemed OK and Malware Bytes clean (for a while). But now AVG seems to find a threat -a-minute, a different one each time. And MBAM also turning up new viruses. Also virus seems to block Windows update. I'm trying to fix by downloading stuff to spare (uninfected) computer(s) and ferrying programs and logs via thumb drive.

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Celeste Kuta at 0:58:34 on 2012-03-27
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3766.627 [GMT -7:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgfws.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Protector Suite\upeksvr.exe
C:\Program Files (x86)\AVG\AVG10\avgam.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Care\VCSpt.exe
C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\vncutil64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\Protector Suite\psqltray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.avg.com/ww.homepage-tlbrc
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [MuhNyVLeVoL.exe] C:\ProgramData\MuhNyVLeVoL.exe
mRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F947A138-2058-47C6-B8E2-B30165C84C95} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F947A138-2058-47C6-B8E2-B30165C84C95}\261627267237 : DhcpNameServer = 68.87.69.150 68.87.85.102
TCP: Interfaces\{F947A138-2058-47C6-B8E2-B30165C84C95}\4586560225F636B6 : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{F947A138-2058-47C6-B8E2-B30165C84C95}\64169627669656C646F594E6E6 : DhcpNameServer = 4.2.2.1
TCP: Interfaces\{F947A138-2058-47C6-B8E2-B30165C84C95}\74F6C64656E645275656 : DhcpNameServer = 68.87.71.226 12.127.16.67 12.127.16.68
TCP: Interfaces\{F947A138-2058-47C6-B8E2-B30165C84C95}\A4642575966496 : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Notification Packages = scecli C:\Program Files\Protector Suite\psqlpwd.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [MuhNyVLeVoL.exe] C:\ProgramData\MuhNyVLeVoL.exe
mRun-x64: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
Hosts: 149.5.18.172 www.google-analytics.com.
Hosts: 149.5.18.172 ad-emea.doubleclick.net.
Hosts: 149.5.18.172 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG10\avgfws.exe [2011-3-9 2708024]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-19 13336]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-2-9 49152]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-6-1 367456]
R2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys --> C:\Windows\system32\drivers\rimssne64.sys [?]
R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys --> C:\Windows\system32\drivers\risdsne64.sys [?]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2010-10-18 190496]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2010-10-18 252416]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2010-10-18 104960]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-19 2320920]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-10-18 575856]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-6-17 851824]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-3-12 918880]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-6-6 304496]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2011-9-23 1429608]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 136176]
S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-22 167264]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 136176]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-6-20 108400]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-6-18 423280]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-6-20 67952]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-6-9 537456]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-6-9 384880]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-6-9 101232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-03-27 06:51:53 20480 ------w- C:\Windows\svchost.exe
2012-03-27 06:26:13 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-27 00:20:03 -------- d-----w- C:\_OTL
2012-03-26 22:19:43 98816 ----a-w- C:\Windows\sed.exe
2012-03-26 22:19:43 518144 ----a-w- C:\Windows\SWREG.exe
2012-03-26 22:19:43 256000 ----a-w- C:\Windows\PEV.exe
2012-03-26 22:19:43 208896 ----a-w- C:\Windows\MBR.exe
2012-03-26 21:36:43 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-26 20:25:18 -------- d-----w- C:\Users\Celeste Kuta\AppData\Roaming\Malwarebytes
2012-03-26 20:25:12 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2012-03-26 20:25:11 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-26 20:25:11 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-26 20:25:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-25 22:27:42 -------- d-----w- C:\Users\Celeste Kuta\AppData\Local\{DD6430BC-EDD8-4290-B887-630CF0557C9C}
2012-03-25 22:27:42 -------- d-----w- C:\Users\Celeste Kuta\AppData\Local\{AD097E37-A554-48D7-876C-3E95B685144C}
2012-03-23 00:20:27 -------- dc-h--w- C:\ProgramData\{CC6525B7-42F2-42DB-BF33-445E26F52EC1}
2012-03-23 00:19:13 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-23 00:19:12 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-23 00:19:12 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-23 00:19:02 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-23 00:19:02 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-23 00:19:02 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-23 00:18:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-23 00:18:53 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-23 00:18:53 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-23 00:18:53 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-21 12:59:46 -------- dc-h--w- C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}
2012-03-21 12:53:34 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\DA9B.tmp
2012-03-21 12:53:34 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\DA9A.tmp
2012-03-02 22:36:09 -------- d-----w- C:\ProgramData\{F77EE8EF-305B-4394-A018-C1A57D2D66B5}
.
==================== Find3M ====================
.
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
.
============= FINISH: 0:58:58.23 ===============

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,391 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:45 PM

Posted 29 March 2012 - 06:41 AM

We are in the process of researching and investigating your log. Please be patient as we develop a fix for your specific problems.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:06:45 PM

Posted 29 March 2012 - 01:27 PM

Hi Pilates, my name is Mark and I will be helping you.

Before doing anything further, if you have not already done so, you should back up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. If that occurs there may be no option but to reformat and reinstall the OS or perform a full system recovery. The safest practice is not to backup any files with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.


NOTE: Please do not run any further scans on the PC unless instructed as this could interfere with the clean up process and produce misleading results.

Your log shows you ran TDSSKiller on 26th March. Please can you copy and paste the contents of that log into your next post. TDSSKiller logs can be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt".

I also see OTL in your log which was run on 27th March, please tell me if you are receiving any help from another forum and were instructed to run it. If you receive help from two places at the same time the clean up process will become very confusing so please close any other threads that you are getting advice from.

Please follow this to post the most recent scan from Malwarebytes:

  • Open Malwarebytes and click on the Logs tab.
  • Scroll down the list to find the relative scan dates.
  • Click on the entry and then click on Open.
  • Copy and paste the log into your next post.

Then please run another scan as follows:

  • Open Malwarebytes and allow it to update with the latest definitions, then run a Quick Scan.
  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

Include in your next post:
Log from TDSSKiller.
Most recent log and a new log from Malwarebytes.


#4 pilates

pilates
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 29 March 2012 - 02:59 PM

Mark,

Sorry for the delay. I realized that I had to reactivate "cookies" after I failed to log on about 40 times! I have all important data files backed up. Also note that I have 2 nice unused emergency discs so I can reinstall if we have to wipe.

Also note that AVG keeps finding malware de jour, in this case: Pihar.B and SHeur4.WEZ

Thanks for your help.

12:05:34.0636 6788 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
12:05:35.0120 6788 ============================================================
12:05:35.0120 6788 Current date / time: 2012/03/29 12:05:35.0120
12:05:35.0120 6788 SystemInfo:
12:05:35.0120 6788
12:05:35.0120 6788 OS Version: 6.1.7601 ServicePack: 1.0
12:05:35.0120 6788 Product type: Workstation
12:05:35.0120 6788 ComputerName: CELESTEKUTA
12:05:35.0120 6788 UserName: Celeste Kuta
12:05:35.0120 6788 Windows directory: C:\Windows
12:05:35.0120 6788 System windows directory: C:\Windows
12:05:35.0120 6788 Running under WOW64
12:05:35.0120 6788 Processor architecture: Intel x64
12:05:35.0120 6788 Number of processors: 4
12:05:35.0120 6788 Page size: 0x1000
12:05:35.0120 6788 Boot type: Normal boot
12:05:35.0120 6788 ============================================================
12:05:35.0463 6788 Drive \Device\Harddisk0\DR0 - Size: 0x1DCFE00000 (119.25 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:05:35.0463 6788 Drive \Device\Harddisk1\DR1 - Size: 0xF600000 (0.24 Gb), SectorSize: 0x200, Cylinders: 0x1F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:05:35.0479 6788 \Device\Harddisk0\DR0:
12:05:35.0479 6788 MBR used
12:05:35.0479 6788 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1D8B800, BlocksNum 0x32000
12:05:35.0479 6788 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1DBD800, BlocksNum 0xD0C1000
12:05:35.0479 6788 \Device\Harddisk1\DR1:
12:05:35.0479 6788 MBR used
12:05:35.0479 6788 Initialize success
12:05:35.0479 6788 ============================================================
12:05:37.0242 6856 ============================================================
12:05:37.0242 6856 Scan started
12:05:37.0242 6856 Mode: Manual;
12:05:37.0242 6856 ============================================================
12:05:37.0351 6856 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:05:37.0366 6856 1394ohci - ok
12:05:37.0366 6856 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
12:05:37.0366 6856 ACDaemon - ok
12:05:37.0398 6856 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:05:37.0413 6856 ACPI - ok
12:05:37.0413 6856 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:05:37.0413 6856 AcpiPmi - ok
12:05:37.0413 6856 AdobeActiveFileMonitor8.0 (4451cc2275b04043ec2bcc757af97291) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
12:05:37.0429 6856 AdobeActiveFileMonitor8.0 - ok
12:05:37.0429 6856 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
12:05:37.0429 6856 adp94xx - ok
12:05:37.0444 6856 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
12:05:37.0444 6856 adpahci - ok
12:05:37.0444 6856 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
12:05:37.0460 6856 adpu320 - ok
12:05:37.0460 6856 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:05:37.0460 6856 AeLookupSvc - ok
12:05:37.0476 6856 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:05:37.0476 6856 AFD - ok
12:05:37.0476 6856 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:05:37.0476 6856 agp440 - ok
12:05:37.0491 6856 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:05:37.0491 6856 ALG - ok
12:05:37.0491 6856 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:05:37.0491 6856 aliide - ok
12:05:37.0491 6856 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:05:37.0507 6856 amdide - ok
12:05:37.0507 6856 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
12:05:37.0507 6856 AmdK8 - ok
12:05:37.0507 6856 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
12:05:37.0507 6856 AmdPPM - ok
12:05:37.0522 6856 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:05:37.0522 6856 amdsata - ok
12:05:37.0522 6856 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
12:05:37.0522 6856 amdsbs - ok
12:05:37.0538 6856 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:05:37.0538 6856 amdxata - ok
12:05:37.0538 6856 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:05:37.0538 6856 AppID - ok
12:05:37.0538 6856 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:05:37.0554 6856 AppIDSvc - ok
12:05:37.0554 6856 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:05:37.0554 6856 Appinfo - ok
12:05:37.0554 6856 Apple Mobile Device (5aa788d5a2c6737bb9c45933985bc1b8) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:05:37.0569 6856 Apple Mobile Device - ok
12:05:37.0569 6856 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
12:05:37.0569 6856 AppMgmt - ok
12:05:37.0585 6856 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
12:05:37.0585 6856 arc - ok
12:05:37.0585 6856 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
12:05:37.0600 6856 arcsas - ok
12:05:37.0600 6856 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
12:05:37.0600 6856 ArcSoftKsUFilter - ok
12:05:37.0600 6856 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:05:37.0600 6856 AsyncMac - ok
12:05:37.0600 6856 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:05:37.0616 6856 atapi - ok
12:05:37.0616 6856 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:05:37.0632 6856 AudioEndpointBuilder - ok
12:05:37.0632 6856 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:05:37.0632 6856 AudioSrv - ok
12:05:37.0647 6856 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
12:05:37.0663 6856 AVG Security Toolbar Service - ok
12:05:37.0663 6856 Avgfwfd (705417fd6c165ccf926aca943b478d68) C:\Windows\system32\DRIVERS\avgfwd6a.sys
12:05:37.0663 6856 Avgfwfd - ok
12:05:37.0694 6856 avgfws (2f0c5ae2352f22b587edc2829c971262) C:\Program Files (x86)\AVG\AVG10\avgfws.exe
12:05:37.0710 6856 avgfws - ok
12:05:37.0803 6856 AVGIDSAgent (7a0f6a3e0e41425b9ba54616b482668a) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
12:05:37.0834 6856 AVGIDSAgent - ok
12:05:37.0834 6856 AVGIDSDriver (e6671e90d38c88764412e07c9d9b3d63) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
12:05:37.0834 6856 AVGIDSDriver - ok
12:05:37.0834 6856 AVGIDSEH (1553b388e0f0462c25ad8f30c3c29e83) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
12:05:37.0834 6856 AVGIDSEH - ok
12:05:37.0850 6856 AVGIDSFilter (dca426a66739e75f51a72160dfb945ad) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
12:05:37.0850 6856 AVGIDSFilter - ok
12:05:37.0866 6856 Avgldx64 (ff7383388a7d2283dae5831abc2b0720) C:\Windows\system32\DRIVERS\avgldx64.sys
12:05:37.0866 6856 Avgldx64 - ok
12:05:37.0866 6856 Avgmfx64 (997d002827d3e3dcbbb25bf46db161ab) C:\Windows\system32\DRIVERS\avgmfx64.sys
12:05:37.0866 6856 Avgmfx64 - ok
12:05:37.0866 6856 Avgrkx64 (bccfe3374c887075cde2ac8fdb1cb2f8) C:\Windows\system32\DRIVERS\avgrkx64.sys
12:05:37.0866 6856 Avgrkx64 - ok
12:05:37.0881 6856 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\Windows\system32\DRIVERS\avgtdia.sys
12:05:37.0881 6856 Avgtdia - ok
12:05:37.0881 6856 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
12:05:37.0881 6856 avgwd - ok
12:05:37.0897 6856 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:05:37.0897 6856 AxInstSV - ok
12:05:37.0897 6856 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
12:05:37.0912 6856 b06bdrv - ok
12:05:37.0912 6856 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:05:37.0912 6856 b57nd60a - ok
12:05:37.0928 6856 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:05:37.0928 6856 BDESVC - ok
12:05:37.0928 6856 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:05:37.0928 6856 Beep - ok
12:05:37.0944 6856 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
12:05:37.0944 6856 BITS - ok
12:05:37.0959 6856 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
12:05:37.0959 6856 blbdrive - ok
12:05:37.0959 6856 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
12:05:37.0959 6856 Bonjour Service - ok
12:05:37.0975 6856 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:05:37.0975 6856 bowser - ok
12:05:37.0975 6856 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
12:05:37.0975 6856 BrFiltLo - ok
12:05:37.0975 6856 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
12:05:37.0975 6856 BrFiltUp - ok
12:05:37.0990 6856 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:05:37.0990 6856 BridgeMP - ok
12:05:37.0990 6856 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:05:37.0990 6856 Browser - ok
12:05:38.0006 6856 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:05:38.0006 6856 Brserid - ok
12:05:38.0006 6856 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:05:38.0006 6856 BrSerWdm - ok
12:05:38.0022 6856 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:05:38.0022 6856 BrUsbMdm - ok
12:05:38.0022 6856 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:05:38.0022 6856 BrUsbSer - ok
12:05:38.0022 6856 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
12:05:38.0022 6856 BthEnum - ok
12:05:38.0037 6856 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
12:05:38.0037 6856 BTHMODEM - ok
12:05:38.0037 6856 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
12:05:38.0037 6856 BthPan - ok
12:05:38.0053 6856 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
12:05:38.0053 6856 BTHPORT - ok
12:05:38.0053 6856 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:05:38.0053 6856 bthserv - ok
12:05:38.0068 6856 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
12:05:38.0068 6856 BTHUSB - ok
12:05:38.0068 6856 btwampfl (59e3510784548c6939c1b3b985c232e3) C:\Windows\system32\drivers\btwampfl.sys
12:05:38.0084 6856 btwampfl - ok
12:05:38.0084 6856 btwaudio (1872074ed0a3fb22e3f1e3197b984bfa) C:\Windows\system32\drivers\btwaudio.sys
12:05:38.0084 6856 btwaudio - ok
12:05:38.0084 6856 btwavdt (691cf076c33ab1c3a5b2fd5450300733) C:\Windows\system32\drivers\btwavdt.sys
12:05:38.0084 6856 btwavdt - ok
12:05:38.0115 6856 btwdins (8ba6e93a182126781952a7895ec1e4b2) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
12:05:38.0115 6856 btwdins - ok
12:05:38.0115 6856 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
12:05:38.0115 6856 btwl2cap - ok
12:05:38.0131 6856 btwrchid (c9273b20dec8ce38dbce5d29de63c907) C:\Windows\system32\DRIVERS\btwrchid.sys
12:05:38.0131 6856 btwrchid - ok
12:05:38.0131 6856 catchme - ok
12:05:38.0131 6856 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:05:38.0131 6856 cdfs - ok
12:05:38.0146 6856 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
12:05:38.0146 6856 cdrom - ok
12:05:38.0146 6856 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:05:38.0146 6856 CertPropSvc - ok
12:05:38.0162 6856 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
12:05:38.0162 6856 circlass - ok
12:05:38.0162 6856 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:05:38.0178 6856 CLFS - ok
12:05:38.0178 6856 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:05:38.0178 6856 clr_optimization_v2.0.50727_32 - ok
12:05:38.0193 6856 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:05:38.0193 6856 clr_optimization_v2.0.50727_64 - ok
12:05:38.0193 6856 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:05:38.0209 6856 clr_optimization_v4.0.30319_32 - ok
12:05:38.0209 6856 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:05:38.0209 6856 clr_optimization_v4.0.30319_64 - ok
12:05:38.0224 6856 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
12:05:38.0224 6856 CmBatt - ok
12:05:38.0224 6856 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:05:38.0224 6856 cmdide - ok
12:05:38.0240 6856 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:05:38.0240 6856 CNG - ok
12:05:38.0240 6856 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
12:05:38.0240 6856 Compbatt - ok
12:05:38.0256 6856 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:05:38.0256 6856 CompositeBus - ok
12:05:38.0256 6856 COMSysApp - ok
12:05:38.0256 6856 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
12:05:38.0271 6856 crcdisk - ok
12:05:38.0271 6856 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
12:05:38.0271 6856 CryptSvc - ok
12:05:38.0287 6856 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
12:05:38.0287 6856 CSC - ok
12:05:38.0302 6856 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
12:05:38.0302 6856 CscService - ok
12:05:38.0318 6856 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:05:38.0318 6856 DcomLaunch - ok
12:05:38.0334 6856 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:05:38.0334 6856 defragsvc - ok
12:05:38.0334 6856 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:05:38.0334 6856 DfsC - ok
12:05:38.0349 6856 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:05:38.0349 6856 Dhcp - ok
12:05:38.0349 6856 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:05:38.0365 6856 discache - ok
12:05:38.0365 6856 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
12:05:38.0365 6856 Disk - ok
12:05:38.0365 6856 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:05:38.0365 6856 Dnscache - ok
12:05:38.0380 6856 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:05:38.0380 6856 dot3svc - ok
12:05:38.0380 6856 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:05:38.0396 6856 DPS - ok
12:05:38.0396 6856 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:05:38.0396 6856 drmkaud - ok
12:05:38.0412 6856 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:05:38.0412 6856 DXGKrnl - ok
12:05:38.0427 6856 e1kexpress (f369e83f6cdab987ca2dd764278659a6) C:\Windows\system32\DRIVERS\e1k62x64.sys
12:05:38.0427 6856 e1kexpress - ok
12:05:38.0427 6856 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:05:38.0427 6856 EapHost - ok
12:05:38.0474 6856 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
12:05:38.0505 6856 ebdrv - ok
12:05:38.0505 6856 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:05:38.0505 6856 EFS - ok
12:05:38.0521 6856 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:05:38.0521 6856 ehRecvr - ok
12:05:38.0536 6856 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:05:38.0536 6856 ehSched - ok
12:05:38.0536 6856 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
12:05:38.0552 6856 elxstor - ok
12:05:38.0552 6856 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:05:38.0552 6856 ErrDev - ok
12:05:38.0568 6856 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:05:38.0568 6856 EventSystem - ok
12:05:38.0599 6856 EvtEng (b56d9602db5fe1c116b1ca5efd8e2e50) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
12:05:38.0599 6856 EvtEng - ok
12:05:38.0614 6856 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:05:38.0614 6856 exfat - ok
12:05:38.0614 6856 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:05:38.0614 6856 fastfat - ok
12:05:38.0630 6856 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:05:38.0646 6856 Fax - ok
12:05:38.0646 6856 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
12:05:38.0646 6856 fdc - ok
12:05:38.0646 6856 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:05:38.0646 6856 fdPHost - ok
12:05:38.0661 6856 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:05:38.0661 6856 FDResPub - ok
12:05:38.0661 6856 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:05:38.0661 6856 FileInfo - ok
12:05:38.0677 6856 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:05:38.0677 6856 Filetrace - ok
12:05:38.0692 6856 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:05:38.0692 6856 FLEXnet Licensing Service - ok
12:05:38.0708 6856 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
12:05:38.0708 6856 flpydisk - ok
12:05:38.0708 6856 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:05:38.0708 6856 FltMgr - ok
12:05:38.0724 6856 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:05:38.0739 6856 FontCache - ok
12:05:38.0739 6856 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:05:38.0739 6856 FontCache3.0.0.0 - ok
12:05:38.0755 6856 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:05:38.0755 6856 FsDepends - ok
12:05:38.0755 6856 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:05:38.0755 6856 Fs_Rec - ok
12:05:38.0770 6856 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:05:38.0770 6856 fvevol - ok
12:05:38.0770 6856 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
12:05:38.0770 6856 gagp30kx - ok
12:05:38.0770 6856 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:05:38.0786 6856 GEARAspiWDM - ok
12:05:38.0802 6856 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:05:38.0802 6856 gpsvc - ok
12:05:38.0802 6856 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:05:38.0817 6856 gupdate - ok
12:05:38.0817 6856 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:05:38.0817 6856 gupdatem - ok
12:05:38.0817 6856 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:05:38.0817 6856 gusvc - ok
12:05:38.0833 6856 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:05:38.0833 6856 hcw85cir - ok
12:05:38.0833 6856 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:05:38.0848 6856 HdAudAddService - ok
12:05:38.0848 6856 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:05:38.0848 6856 HDAudBus - ok
12:05:38.0864 6856 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\drivers\HECIx64.sys
12:05:38.0864 6856 HECIx64 - ok
12:05:38.0864 6856 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
12:05:38.0864 6856 HidBatt - ok
12:05:38.0864 6856 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
12:05:38.0880 6856 HidBth - ok
12:05:38.0880 6856 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
12:05:38.0880 6856 HidIr - ok
12:05:38.0880 6856 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:05:38.0895 6856 hidserv - ok
12:05:38.0895 6856 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
12:05:38.0895 6856 HidUsb - ok
12:05:38.0895 6856 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:05:38.0911 6856 hkmsvc - ok
12:05:38.0911 6856 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:05:38.0911 6856 HomeGroupListener - ok
12:05:38.0926 6856 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:05:38.0926 6856 HomeGroupProvider - ok
12:05:38.0926 6856 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:05:38.0942 6856 HpSAMD - ok
12:05:38.0942 6856 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:05:38.0958 6856 HTTP - ok
12:05:38.0958 6856 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:05:38.0958 6856 hwpolicy - ok
12:05:38.0973 6856 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:05:38.0973 6856 i8042prt - ok
12:05:38.0989 6856 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\drivers\iaStor.sys
12:05:38.0989 6856 iaStor - ok
12:05:38.0989 6856 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
12:05:39.0004 6856 IAStorDataMgrSvc - ok
12:05:39.0004 6856 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:05:39.0020 6856 iaStorV - ok
12:05:39.0036 6856 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:05:39.0036 6856 idsvc - ok
12:05:39.0036 6856 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
12:05:39.0051 6856 iirsp - ok
12:05:39.0067 6856 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:05:39.0067 6856 IKEEXT - ok
12:05:39.0082 6856 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\drivers\Impcd.sys
12:05:39.0082 6856 Impcd - ok
12:05:39.0114 6856 IntcAzAudAddService (9aa1e982bc10176ce316aadfbd5c28f5) C:\Windows\system32\drivers\RTKVHD64.sys
12:05:39.0129 6856 IntcAzAudAddService - ok
12:05:39.0129 6856 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:05:39.0129 6856 intelide - ok
12:05:39.0145 6856 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:05:39.0145 6856 intelppm - ok
12:05:39.0145 6856 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:05:39.0145 6856 IPBusEnum - ok
12:05:39.0160 6856 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:05:39.0160 6856 IpFilterDriver - ok
12:05:39.0160 6856 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:05:39.0160 6856 IPMIDRV - ok
12:05:39.0176 6856 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:05:39.0176 6856 IPNAT - ok
12:05:39.0192 6856 iPod Service (3d62fe4fefe9c67dafec52b534dfa1fb) C:\Program Files\iPod\bin\iPodService.exe
12:05:39.0192 6856 iPod Service - ok
12:05:39.0192 6856 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:05:39.0207 6856 IRENUM - ok
12:05:39.0207 6856 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:05:39.0207 6856 isapnp - ok
12:05:39.0207 6856 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:05:39.0223 6856 iScsiPrt - ok
12:05:39.0223 6856 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
12:05:39.0223 6856 kbdclass - ok
12:05:39.0223 6856 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
12:05:39.0223 6856 kbdhid - ok
12:05:39.0238 6856 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:05:39.0238 6856 KeyIso - ok
12:05:39.0238 6856 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:05:39.0238 6856 KSecDD - ok
12:05:39.0254 6856 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:05:39.0254 6856 KSecPkg - ok
12:05:39.0254 6856 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:05:39.0254 6856 ksthunk - ok
12:05:39.0270 6856 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:05:39.0270 6856 KtmRm - ok
12:05:39.0270 6856 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
12:05:39.0285 6856 LanmanServer - ok
12:05:39.0285 6856 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:05:39.0285 6856 LanmanWorkstation - ok
12:05:39.0301 6856 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:05:39.0301 6856 lltdio - ok
12:05:39.0301 6856 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:05:39.0316 6856 lltdsvc - ok
12:05:39.0316 6856 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:05:39.0316 6856 lmhosts - ok
12:05:39.0316 6856 LMS (ad1cf8471b06badb93d87cc4d63b8483) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
12:05:39.0332 6856 LMS - ok
12:05:39.0332 6856 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
12:05:39.0332 6856 LSI_FC - ok
12:05:39.0348 6856 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
12:05:39.0348 6856 LSI_SAS - ok
12:05:39.0348 6856 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
12:05:39.0348 6856 LSI_SAS2 - ok
12:05:39.0363 6856 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
12:05:39.0363 6856 LSI_SCSI - ok
12:05:39.0363 6856 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:05:39.0363 6856 luafv - ok
12:05:39.0379 6856 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:05:39.0379 6856 Mcx2Svc - ok
12:05:39.0379 6856 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
12:05:39.0379 6856 megasas - ok
12:05:39.0379 6856 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
12:05:39.0394 6856 MegaSR - ok
12:05:39.0394 6856 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:05:39.0394 6856 MMCSS - ok
12:05:39.0394 6856 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:05:39.0410 6856 Modem - ok
12:05:39.0410 6856 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:05:39.0410 6856 monitor - ok
12:05:39.0410 6856 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
12:05:39.0410 6856 mouclass - ok
12:05:39.0426 6856 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:05:39.0426 6856 mouhid - ok
12:05:39.0426 6856 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:05:39.0426 6856 mountmgr - ok
12:05:39.0441 6856 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:05:39.0441 6856 mpio - ok
12:05:39.0441 6856 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:05:39.0441 6856 mpsdrv - ok
12:05:39.0457 6856 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:05:39.0457 6856 MRxDAV - ok
12:05:39.0457 6856 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:05:39.0457 6856 mrxsmb - ok
12:05:39.0472 6856 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:05:39.0472 6856 mrxsmb10 - ok
12:05:39.0488 6856 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:05:39.0488 6856 mrxsmb20 - ok
12:05:39.0488 6856 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:05:39.0488 6856 msahci - ok
12:05:39.0504 6856 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:05:39.0504 6856 msdsm - ok
12:05:39.0504 6856 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:05:39.0504 6856 MSDTC - ok
12:05:39.0519 6856 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:05:39.0519 6856 Msfs - ok
12:05:39.0519 6856 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:05:39.0535 6856 mshidkmdf - ok
12:05:39.0535 6856 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:05:39.0535 6856 msisadrv - ok
12:05:39.0550 6856 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:05:39.0550 6856 MSiSCSI - ok
12:05:39.0550 6856 msiserver - ok
12:05:39.0566 6856 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:05:39.0566 6856 MSKSSRV - ok
12:05:39.0566 6856 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:05:39.0566 6856 MSPCLOCK - ok
12:05:39.0566 6856 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:05:39.0582 6856 MSPQM - ok
12:05:39.0582 6856 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:05:39.0597 6856 MsRPC - ok
12:05:39.0597 6856 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:05:39.0597 6856 mssmbios - ok
12:05:39.0613 6856 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:05:39.0613 6856 MSTEE - ok
12:05:39.0613 6856 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
12:05:39.0613 6856 MTConfig - ok
12:05:39.0628 6856 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:05:39.0628 6856 Mup - ok
12:05:39.0644 6856 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:05:39.0644 6856 napagent - ok
12:05:39.0660 6856 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:05:39.0660 6856 NativeWifiP - ok
12:05:39.0675 6856 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:05:39.0691 6856 NDIS - ok
12:05:39.0691 6856 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:05:39.0691 6856 NdisCap - ok
12:05:39.0706 6856 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:05:39.0706 6856 NdisTapi - ok
12:05:39.0706 6856 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:05:39.0706 6856 Ndisuio - ok
12:05:39.0722 6856 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:05:39.0722 6856 NdisWan - ok
12:05:39.0722 6856 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:05:39.0722 6856 NDProxy - ok
12:05:39.0738 6856 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:05:39.0738 6856 NetBIOS - ok
12:05:39.0738 6856 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:05:39.0753 6856 NetBT - ok
12:05:39.0753 6856 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:05:39.0753 6856 Netlogon - ok
12:05:39.0769 6856 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:05:39.0769 6856 Netman - ok
12:05:39.0784 6856 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:05:39.0784 6856 netprofm - ok
12:05:39.0784 6856 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:05:39.0784 6856 NetTcpPortSharing - ok
12:05:39.0862 6856 NETw5s64 (18555f48844c2861d9dce8f2b7223ae5) C:\Windows\system32\DRIVERS\NETw5s64.sys
12:05:39.0894 6856 NETw5s64 - ok
12:05:39.0909 6856 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
12:05:39.0909 6856 nfrd960 - ok
12:05:39.0925 6856 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:05:39.0925 6856 NlaSvc - ok
12:05:39.0925 6856 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:05:39.0925 6856 Npfs - ok
12:05:39.0940 6856 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:05:39.0940 6856 nsi - ok
12:05:39.0940 6856 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:05:39.0940 6856 nsiproxy - ok
12:05:39.0972 6856 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:05:39.0987 6856 Ntfs - ok
12:05:39.0987 6856 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:05:39.0987 6856 Null - ok
12:05:40.0003 6856 NVHDA (cddd4478757288df4bb1494bfd084259) C:\Windows\system32\drivers\nvhda64v.sys
12:05:40.0003 6856 NVHDA - ok
12:05:40.0112 6856 nvlddmkm (23183c4149547d21b5cb9f7aee3775b0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:05:40.0174 6856 nvlddmkm - ok
12:05:40.0174 6856 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:05:40.0174 6856 nvraid - ok
12:05:40.0190 6856 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:05:40.0190 6856 nvstor - ok
12:05:40.0206 6856 nvsvc (cb3814ed7b97cc2d9315cbe7731f018e) C:\Windows\system32\nvvsvc.exe
12:05:40.0206 6856 nvsvc - ok
12:05:40.0206 6856 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:05:40.0221 6856 nv_agp - ok
12:05:40.0221 6856 Oasis2Service (567e84848445135c0f4b8de2d121edb8) C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
12:05:40.0221 6856 Oasis2Service - ok
12:05:40.0237 6856 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:05:40.0237 6856 ohci1394 - ok
12:05:40.0252 6856 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:05:40.0252 6856 ose - ok
12:05:40.0315 6856 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:05:40.0362 6856 osppsvc - ok
12:05:40.0377 6856 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:05:40.0377 6856 p2pimsvc - ok
12:05:40.0393 6856 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:05:40.0393 6856 p2psvc - ok
12:05:40.0408 6856 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
12:05:40.0408 6856 Parport - ok
12:05:40.0408 6856 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
12:05:40.0408 6856 partmgr - ok
12:05:40.0424 6856 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:05:40.0424 6856 PcaSvc - ok
12:05:40.0440 6856 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:05:40.0440 6856 pci - ok
12:05:40.0440 6856 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:05:40.0440 6856 pciide - ok
12:05:40.0455 6856 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
12:05:40.0455 6856 pcmcia - ok
12:05:40.0471 6856 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:05:40.0471 6856 pcw - ok
12:05:40.0486 6856 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:05:40.0486 6856 PEAUTH - ok
12:05:40.0518 6856 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
12:05:40.0518 6856 PeerDistSvc - ok
12:05:40.0549 6856 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:05:40.0549 6856 PerfHost - ok
12:05:40.0580 6856 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:05:40.0596 6856 pla - ok
12:05:40.0611 6856 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:05:40.0611 6856 PlugPlay - ok
12:05:40.0627 6856 PMBDeviceInfoProvider (80e85394d8cd7f84340b1c6f4b9d698f) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
12:05:40.0642 6856 PMBDeviceInfoProvider - ok
12:05:40.0642 6856 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:05:40.0642 6856 PNRPAutoReg - ok
12:05:40.0658 6856 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:05:40.0658 6856 PNRPsvc - ok
12:05:40.0674 6856 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:05:40.0674 6856 PolicyAgent - ok
12:05:40.0689 6856 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:05:40.0689 6856 Power - ok
12:05:40.0689 6856 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:05:40.0705 6856 PptpMiniport - ok
12:05:40.0705 6856 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
12:05:40.0705 6856 Processor - ok
12:05:40.0720 6856 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
12:05:40.0720 6856 ProfSvc - ok
12:05:40.0720 6856 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:05:40.0720 6856 ProtectedStorage - ok
12:05:40.0736 6856 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:05:40.0736 6856 Psched - ok
12:05:40.0752 6856 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
12:05:40.0752 6856 PxHlpa64 - ok
12:05:40.0767 6856 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
12:05:40.0783 6856 ql2300 - ok
12:05:40.0798 6856 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
12:05:40.0798 6856 ql40xx - ok
12:05:40.0798 6856 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:05:40.0814 6856 QWAVE - ok
12:05:40.0814 6856 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:05:40.0814 6856 QWAVEdrv - ok
12:05:40.0830 6856 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:05:40.0830 6856 RasAcd - ok
12:05:40.0830 6856 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:05:40.0830 6856 RasAgileVpn - ok
12:05:40.0845 6856 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:05:40.0845 6856 RasAuto - ok
12:05:40.0861 6856 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:05:40.0861 6856 Rasl2tp - ok
12:05:40.0861 6856 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:05:40.0876 6856 RasMan - ok
12:05:40.0876 6856 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:05:40.0876 6856 RasPppoe - ok
12:05:40.0892 6856 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:05:40.0892 6856 RasSstp - ok
12:05:40.0908 6856 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:05:40.0908 6856 rdbss - ok
12:05:40.0908 6856 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
12:05:40.0923 6856 rdpbus - ok
12:05:40.0923 6856 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:05:40.0923 6856 RDPCDD - ok
12:05:40.0939 6856 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
12:05:40.0939 6856 RDPDR - ok
12:05:40.0939 6856 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:05:40.0954 6856 RDPENCDD - ok
12:05:40.0954 6856 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:05:40.0954 6856 RDPREFMP - ok
12:05:40.0970 6856 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
12:05:40.0970 6856 RDPWD - ok
12:05:40.0986 6856 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:05:40.0986 6856 rdyboost - ok
12:05:41.0001 6856 RegSrvc (0aa473966357c4a41b5eb19649eb6e5e) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
12:05:41.0017 6856 RegSrvc - ok
12:05:41.0017 6856 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:05:41.0017 6856 RemoteAccess - ok
12:05:41.0032 6856 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:05:41.0032 6856 RemoteRegistry - ok
12:05:41.0048 6856 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
12:05:41.0048 6856 RFCOMM - ok
12:05:41.0048 6856 rimspci (fa6abc06b629da29634d31f1fe0347bd) C:\Windows\system32\drivers\rimssne64.sys
12:05:41.0048 6856 rimspci - ok
12:05:41.0064 6856 risdsnpe (8f8539a7f5c117d4407b2985995671f2) C:\Windows\system32\drivers\risdsne64.sys
12:05:41.0064 6856 risdsnpe - ok
12:05:41.0064 6856 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:05:41.0079 6856 RpcEptMapper - ok
12:05:41.0079 6856 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:05:41.0079 6856 RpcLocator - ok
12:05:41.0095 6856 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:05:41.0095 6856 RpcSs - ok
12:05:41.0110 6856 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:05:41.0110 6856 rspndr - ok
12:05:41.0126 6856 RtkAudioService (b7fcc2d5b1dd8898bc00056cbfba46b8) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
12:05:41.0126 6856 RtkAudioService - ok
12:05:41.0126 6856 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
12:05:41.0142 6856 s3cap - ok
12:05:41.0142 6856 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:05:41.0142 6856 SamSs - ok
12:05:41.0157 6856 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:05:41.0157 6856 sbp2port - ok
12:05:41.0173 6856 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:05:41.0173 6856 SCardSvr - ok
12:05:41.0173 6856 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:05:41.0173 6856 scfilter - ok
12:05:41.0204 6856 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:05:41.0204 6856 Schedule - ok
12:05:41.0220 6856 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:05:41.0220 6856 SCPolicySvc - ok
12:05:41.0235 6856 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
12:05:41.0235 6856 sdbus - ok
12:05:41.0235 6856 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:05:41.0235 6856 SDRSVC - ok
12:05:41.0251 6856 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:05:41.0251 6856 secdrv - ok
12:05:41.0266 6856 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:05:41.0266 6856 seclogon - ok
12:05:41.0282 6856 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
12:05:41.0282 6856 SENS - ok
12:05:41.0282 6856 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:05:41.0298 6856 SensrSvc - ok
12:05:41.0298 6856 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
12:05:41.0298 6856 Serenum - ok
12:05:41.0313 6856 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
12:05:41.0313 6856 Serial - ok
12:05:41.0313 6856 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
12:05:41.0313 6856 sermouse - ok
12:05:41.0344 6856 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:05:41.0344 6856 SessionEnv - ok
12:05:41.0360 6856 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\DRIVERS\SFEP.sys
12:05:41.0360 6856 SFEP - ok
12:05:41.0360 6856 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:05:41.0360 6856 sffdisk - ok
12:05:41.0376 6856 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:05:41.0376 6856 sffp_mmc - ok
12:05:41.0391 6856 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:05:41.0391 6856 sffp_sd - ok
12:05:41.0391 6856 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
12:05:41.0407 6856 sfloppy - ok
12:05:41.0422 6856 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:05:41.0422 6856 SharedAccess - ok
12:05:41.0438 6856 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:05:41.0454 6856 ShellHWDetection - ok
12:05:41.0454 6856 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
12:05:41.0454 6856 SiSRaid2 - ok
12:05:41.0469 6856 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
12:05:41.0469 6856 SiSRaid4 - ok
12:05:41.0485 6856 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:05:41.0485 6856 Smb - ok
12:05:41.0500 6856 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:05:41.0500 6856 SNMPTRAP - ok
12:05:41.0516 6856 SOHCImp (c3e69db0a4e59564230e053232f39ac7) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
12:05:41.0516 6856 SOHCImp - ok
12:05:41.0532 6856 SOHDms (65cc4779a29c3e82b987bd4961790dff) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
12:05:41.0532 6856 SOHDms - ok
12:05:41.0547 6856 SOHDs (f47d75cee1844eef4a9ea6ee768828fb) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
12:05:41.0547 6856 SOHDs - ok
12:05:41.0563 6856 SpfService (5449fc97476f52e027409e703791e6a9) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
12:05:41.0563 6856 SpfService - ok
12:05:41.0578 6856 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:05:41.0578 6856 spldr - ok
12:05:41.0594 6856 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:05:41.0594 6856 Spooler - ok
12:05:41.0641 6856 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:05:41.0672 6856 sppsvc - ok
12:05:41.0672 6856 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:05:41.0672 6856 sppuinotify - ok
12:05:41.0688 6856 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:05:41.0688 6856 srv - ok
12:05:41.0703 6856 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:05:41.0703 6856 srv2 - ok
12:05:41.0719 6856 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:05:41.0719 6856 srvnet - ok
12:05:41.0719 6856 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:05:41.0734 6856 SSDPSRV - ok
12:05:41.0734 6856 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:05:41.0734 6856 SstpSvc - ok
12:05:41.0750 6856 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
12:05:41.0750 6856 stexstor - ok
12:05:41.0766 6856 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:05:41.0766 6856 stisvc - ok
12:05:41.0781 6856 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
12:05:41.0781 6856 storflt - ok
12:05:41.0781 6856 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
12:05:41.0781 6856 StorSvc - ok
12:05:41.0797 6856 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
12:05:41.0797 6856 storvsc - ok
12:05:41.0797 6856 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:05:41.0812 6856 swenum - ok
12:05:41.0812 6856 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:05:41.0828 6856 swprv - ok
12:05:41.0844 6856 SynTP (3c08fb2829a5304825f974b1631dedfa) C:\Windows\system32\DRIVERS\SynTP.sys
12:05:41.0844 6856 SynTP - ok
12:05:41.0875 6856 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:05:41.0890 6856 SysMain - ok
12:05:41.0890 6856 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:05:41.0906 6856 TabletInputService - ok
12:05:41.0906 6856 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:05:41.0922 6856 TapiSrv - ok
12:05:41.0922 6856 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:05:41.0922 6856 TBS - ok
12:05:41.0968 6856 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
12:05:41.0968 6856 Tcpip - ok
12:05:42.0000 6856 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
12:05:42.0000 6856 TCPIP6 - ok
12:05:42.0015 6856 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:05:42.0015 6856 tcpipreg - ok
12:05:42.0031 6856 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:05:42.0031 6856 TDPIPE - ok
12:05:42.0031 6856 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:05:42.0046 6856 TDTCP - ok
12:05:42.0046 6856 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:05:42.0046 6856 tdx - ok
12:05:42.0062 6856 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:05:42.0062 6856 TermDD - ok
12:05:42.0078 6856 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:05:42.0078 6856 TermService - ok
12:05:42.0093 6856 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:05:42.0093 6856 Themes - ok
12:05:42.0093 6856 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:05:42.0093 6856 THREADORDER - ok
12:05:42.0109 6856 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
12:05:42.0109 6856 TPM - ok
12:05:42.0109 6856 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:05:42.0124 6856 TrkWks - ok
12:05:42.0124 6856 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:05:42.0124 6856 TrustedInstaller - ok
12:05:42.0140 6856 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:05:42.0140 6856 tssecsrv - ok
12:05:42.0156 6856 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:05:42.0156 6856 TsUsbFlt - ok
12:05:42.0156 6856 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:05:42.0156 6856 tunnel - ok
12:05:42.0171 6856 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
12:05:42.0171 6856 uagp35 - ok
12:05:42.0187 6856 uCamMonitor (63f6d08c54d5b3c1b12a6172032055c7) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
12:05:42.0187 6856 uCamMonitor - ok
12:05:42.0187 6856 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:05:42.0202 6856 udfs - ok
12:05:42.0218 6856 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:05:42.0218 6856 UI0Detect - ok
12:05:42.0218 6856 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:05:42.0218 6856 uliagpkx - ok
12:05:42.0234 6856 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:05:42.0234 6856 umbus - ok
12:05:42.0234 6856 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
12:05:42.0249 6856 UmPass - ok
12:05:42.0249 6856 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
12:05:42.0249 6856 UmRdpService - ok
12:05:42.0296 6856 UNS (ad88af249abdc546151f9bfc4093fa9b) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
12:05:42.0312 6856 UNS - ok
12:05:42.0327 6856 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:05:42.0327 6856 upnphost - ok
12:05:42.0343 6856 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:05:42.0343 6856 usbccgp - ok
12:05:42.0343 6856 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:05:42.0358 6856 usbcir - ok
12:05:42.0358 6856 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
12:05:42.0358 6856 usbehci - ok
12:05:42.0374 6856 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:05:42.0374 6856 usbhub - ok
12:05:42.0390 6856 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:05:42.0390 6856 usbohci - ok
12:05:42.0390 6856 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
12:05:42.0405 6856 usbprint - ok
12:05:42.0405 6856 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:05:42.0405 6856 USBSTOR - ok
12:05:42.0421 6856 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:05:42.0421 6856 usbuhci - ok
12:05:42.0421 6856 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
12:05:42.0436 6856 usbvideo - ok
12:05:42.0436 6856 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:05:42.0436 6856 UxSms - ok
12:05:42.0452 6856 VAIO Event Service (a60605fc66552b421ee1f3d4ebb9a4e0) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
12:05:42.0452 6856 VAIO Event Service - ok
12:05:42.0468 6856 VAIO Power Management (d469be2723f79cf4b384680b1fdc577d) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
12:05:42.0483 6856 VAIO Power Management - ok
12:05:42.0499 6856 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:05:42.0499 6856 VaultSvc - ok
12:05:42.0514 6856 VCFw (96efa2698d6b9e2931609a3ea73fc5dc) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
12:05:42.0530 6856 VCFw - ok
12:05:42.0546 6856 VcmIAlzMgr (7bebf6a5285ffc03c34a7297a4e177cb) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
12:05:42.0561 6856 VcmIAlzMgr - ok
12:05:42.0561 6856 VcmINSMgr (e005b04dfca99f5880c5111933194ca9) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
12:05:42.0577 6856 VcmINSMgr - ok
12:05:42.0592 6856 VcmXmlIfHelper (829a32fd1334f72429ca0515760eb7a7) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
12:05:42.0592 6856 VcmXmlIfHelper - ok
12:05:42.0592 6856 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:05:42.0592 6856 vdrvroot - ok
12:05:42.0608 6856 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:05:42.0624 6856 vds - ok
12:05:42.0624 6856 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:05:42.0624 6856 vga - ok
12:05:42.0639 6856 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:05:42.0639 6856 VgaSave - ok
12:05:42.0639 6856 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:05:42.0655 6856 vhdmp - ok
12:05:42.0655 6856 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:05:42.0655 6856 viaide - ok
12:05:42.0670 6856 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
12:05:42.0670 6856 vmbus - ok
12:05:42.0670 6856 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
12:05:42.0670 6856 VMBusHID - ok
12:05:42.0686 6856 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:05:42.0686 6856 volmgr - ok
12:05:42.0686 6856 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:05:42.0702 6856 volmgrx - ok
12:05:42.0702 6856 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:05:42.0702 6856 volsnap - ok
12:05:42.0717 6856 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
12:05:42.0717 6856 vpcbus - ok
12:05:42.0733 6856 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
12:05:42.0733 6856 vpcnfltr - ok
12:05:42.0733 6856 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
12:05:42.0733 6856 vpcusb - ok
12:05:42.0748 6856 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
12:05:42.0748 6856 vpcvmm - ok
12:05:42.0764 6856 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
12:05:42.0764 6856 vsmraid - ok
12:05:42.0795 6856 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:05:42.0811 6856 VSS - ok
12:05:42.0826 6856 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
12:05:42.0826 6856 vToolbarUpdater10.2.0 - ok
12:05:42.0842 6856 VUAgent (d62d16e057be87f5b84a54d1b83822c4) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
12:05:42.0873 6856 VUAgent - ok
12:05:42.0873 6856 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:05:42.0873 6856 vwifibus - ok
12:05:42.0889 6856 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:05:42.0889 6856 vwififlt - ok
12:05:42.0889 6856 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
12:05:42.0889 6856 vwifimp - ok
12:05:42.0904 6856 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:05:42.0904 6856 W32Time - ok
12:05:42.0920 6856 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
12:05:42.0920 6856 WacomPen - ok
12:05:42.0936 6856 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:05:42.0936 6856 WANARP - ok
12:05:42.0936 6856 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:05:42.0936 6856 Wanarpv6 - ok
12:05:42.0967 6856 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:05:42.0982 6856 WatAdminSvc - ok
12:05:43.0014 6856 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:05:43.0014 6856 wbengine - ok
12:05:43.0029 6856 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:05:43.0029 6856 WbioSrvc - ok
12:05:43.0045 6856 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:05:43.0045 6856 wcncsvc - ok
12:05:43.0045 6856 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:05:43.0060 6856 WcsPlugInService - ok
12:05:43.0060 6856 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
12:05:43.0060 6856 Wd - ok
12:05:43.0076 6856 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:05:43.0092 6856 Wdf01000 - ok
12:05:43.0092 6856 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:05:43.0092 6856 WdiServiceHost - ok
12:05:43.0107 6856 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:05:43.0107 6856 WdiSystemHost - ok
12:05:43.0107 6856 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:05:43.0123 6856 WebClient - ok
12:05:43.0123 6856 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:05:43.0123 6856 Wecsvc - ok
12:05:43.0138 6856 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:05:43.0138 6856 wercplsupport - ok
12:05:43.0154 6856 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:05:43.0154 6856 WerSvc - ok
12:05:43.0154 6856 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:05:43.0154 6856 WfpLwf - ok
12:05:43.0170 6856 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:05:43.0170 6856 WIMMount - ok
12:05:43.0170 6856 WinHttpAutoProxySvc - ok
12:05:43.0185 6856 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:05:43.0185 6856 Winmgmt - ok
12:05:43.0216 6856 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:05:43.0232 6856 WinRM - ok
12:05:43.0248 6856 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
12:05:43.0248 6856 WinUsb - ok
12:05:43.0263 6856 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:05:43.0279 6856 Wlansvc - ok
12:05:43.0326 6856 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:05:43.0326 6856 wlidsvc - ok
12:05:43.0341 6856 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:05:43.0341 6856 WmiAcpi - ok
12:05:43.0357 6856 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:05:43.0357 6856 wmiApSrv - ok
12:05:43.0357 6856 WMPNetworkSvc - ok
12:05:43.0372 6856 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:05:43.0372 6856 WPCSvc - ok
12:05:43.0372 6856 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:05:43.0388 6856 WPDBusEnum - ok
12:05:43.0388 6856 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:05:43.0388 6856 ws2ifsl - ok
12:05:43.0404 6856 WSearch - ok
12:05:43.0435 6856 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
12:05:43.0450 6856 wuauserv - ok
12:05:43.0466 6856 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:05:43.0466 6856 WudfPf - ok
12:05:43.0466 6856 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:05:43.0482 6856 WUDFRd - ok
12:05:43.0482 6856 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:05:43.0482 6856 wudfsvc - ok
12:05:43.0497 6856 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:05:43.0497 6856 WwanSvc - ok
12:05:43.0528 6856 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
12:05:43.0528 6856 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
12:05:43.0528 6856 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
12:05:43.0528 6856 MBR (0x1B8) (eb15be5e681ebb43601ea0745c72507d) \Device\Harddisk1\DR1
12:05:45.0229 6856 \Device\Harddisk1\DR1 - ok
12:05:45.0244 6856 Boot (0x1200) (f1b1e8c10bc84668040679987fcc93d9) \Device\Harddisk0\DR0\Partition0
12:05:45.0244 6856 \Device\Harddisk0\DR0\Partition0 - ok
12:05:45.0244 6856 Boot (0x1200) (c2ce2ad25ec966be90555ffe5577f9ed) \Device\Harddisk0\DR0\Partition1
12:05:45.0244 6856 \Device\Harddisk0\DR0\Partition1 - ok
12:05:45.0244 6856 ============================================================
12:05:45.0244 6856 Scan finished
12:05:45.0244 6856 ============================================================
12:05:45.0260 6848 Detected object count: 1
12:05:45.0260 6848 Actual detected object count: 1
12:06:08.0379 6848 \Device\Harddisk0\DR0\# - copied to quarantine
12:06:08.0379 6848 \Device\Harddisk0\DR0 - copied to quarantine
12:06:08.0395 6848 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
12:06:08.0395 6848 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
12:06:08.0395 6848 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
12:06:08.0395 6848 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
12:06:08.0395 6848 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
12:06:08.0395 6848 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
12:06:08.0395 6848 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
12:06:08.0395 6848 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
12:06:08.0395 6848 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
12:06:08.0395 6848 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
12:06:08.0395 6848 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
12:06:08.0410 6848 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
12:06:08.0410 6848 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
12:06:08.0410 6848 \Device\Harddisk0\DR0 - ok
12:06:08.0426 6848 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
12:06:40.0078 6768 Deinitialize success


Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.29.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Celeste Kuta :: CELESTEKUTA [administrator]

Protection: Enabled

3/29/2012 12:31:06 PM
mbam-log-2012-03-29 (12-35-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220030
Time elapsed: 1 minute(s), 31 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 2604 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MuhNyVLeVoL.exe (Rogue.Agent.SA) -> Data: C:\ProgramData\MuhNyVLeVoL.exe -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe -> No action taken.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)





#5 pilates

pilates
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 29 March 2012 - 03:19 PM

Sorry. Here's the original TDSS from the 26th, which is the one you requested:



14:35:14.0525 4844 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
14:35:15.0523 4844 ============================================================
14:35:15.0523 4844 Current date / time: 2012/03/26 14:35:15.0523
14:35:15.0523 4844 SystemInfo:
14:35:15.0523 4844
14:35:15.0523 4844 OS Version: 6.1.7601 ServicePack: 1.0
14:35:15.0523 4844 Product type: Workstation
14:35:15.0523 4844 ComputerName: CELESTEKUTA
14:35:15.0523 4844 UserName: Celeste Kuta
14:35:15.0523 4844 Windows directory: C:\Windows
14:35:15.0523 4844 System windows directory: C:\Windows
14:35:15.0523 4844 Running under WOW64
14:35:15.0523 4844 Processor architecture: Intel x64
14:35:15.0523 4844 Number of processors: 4
14:35:15.0523 4844 Page size: 0x1000
14:35:15.0523 4844 Boot type: Normal boot
14:35:15.0523 4844 ============================================================
14:35:15.0773 4844 Drive \Device\Harddisk0\DR0 - Size: 0x1DCFE00000 (119.25 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:35:15.0789 4844 Drive \Device\Harddisk1\DR2 - Size: 0xF600000 (0.24 Gb), SectorSize: 0x200, Cylinders: 0x1F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:35:15.0789 4844 \Device\Harddisk0\DR0:
14:35:15.0789 4844 MBR used
14:35:15.0789 4844 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1D8B800, BlocksNum 0x32000
14:35:15.0789 4844 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1DBD800, BlocksNum 0xD0C1000
14:35:15.0789 4844 \Device\Harddisk1\DR2:
14:35:15.0789 4844 MBR used
14:35:15.0789 4844 Initialize success
14:35:15.0789 4844 ============================================================
14:35:24.0993 4472 ============================================================
14:35:24.0993 4472 Scan started
14:35:24.0993 4472 Mode: Manual;
14:35:24.0993 4472 ============================================================
14:35:25.0211 4472 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:35:25.0211 4472 1394ohci - ok
14:35:25.0211 4472 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
14:35:25.0227 4472 ACDaemon - ok
14:35:25.0258 4472 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:35:25.0258 4472 ACPI - ok
14:35:25.0258 4472 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:35:25.0258 4472 AcpiPmi - ok
14:35:25.0274 4472 AdobeActiveFileMonitor8.0 (4451cc2275b04043ec2bcc757af97291) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
14:35:25.0274 4472 AdobeActiveFileMonitor8.0 - ok
14:35:25.0289 4472 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
14:35:25.0289 4472 adp94xx - ok
14:35:25.0289 4472 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
14:35:25.0305 4472 adpahci - ok
14:35:25.0305 4472 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
14:35:25.0305 4472 adpu320 - ok
14:35:25.0305 4472 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:35:25.0305 4472 AeLookupSvc - ok
14:35:25.0320 4472 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:35:25.0320 4472 AFD - ok
14:35:25.0336 4472 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:35:25.0336 4472 agp440 - ok
14:35:25.0336 4472 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:35:25.0336 4472 ALG - ok
14:35:25.0336 4472 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:35:25.0336 4472 aliide - ok
14:35:25.0352 4472 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:35:25.0352 4472 amdide - ok
14:35:25.0352 4472 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
14:35:25.0352 4472 AmdK8 - ok
14:35:25.0352 4472 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
14:35:25.0367 4472 AmdPPM - ok
14:35:25.0367 4472 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:35:25.0367 4472 amdsata - ok
14:35:25.0367 4472 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
14:35:25.0367 4472 amdsbs - ok
14:35:25.0383 4472 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:35:25.0383 4472 amdxata - ok
14:35:25.0383 4472 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:35:25.0383 4472 AppID - ok
14:35:25.0383 4472 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:35:25.0398 4472 AppIDSvc - ok
14:35:25.0398 4472 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:35:25.0398 4472 Appinfo - ok
14:35:25.0398 4472 Apple Mobile Device (5aa788d5a2c6737bb9c45933985bc1b8) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:35:25.0414 4472 Apple Mobile Device - ok
14:35:25.0414 4472 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
14:35:25.0414 4472 AppMgmt - ok
14:35:25.0414 4472 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
14:35:25.0430 4472 arc - ok
14:35:25.0430 4472 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
14:35:25.0430 4472 arcsas - ok
14:35:25.0430 4472 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
14:35:25.0430 4472 ArcSoftKsUFilter - ok
14:35:25.0445 4472 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:35:25.0445 4472 AsyncMac - ok
14:35:25.0445 4472 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:35:25.0445 4472 atapi - ok
14:35:25.0461 4472 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:35:25.0461 4472 AudioEndpointBuilder - ok
14:35:25.0461 4472 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:35:25.0476 4472 AudioSrv - ok
14:35:25.0476 4472 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
14:35:25.0476 4472 AVG Security Toolbar Service - ok
14:35:25.0492 4472 Avgfwfd (705417fd6c165ccf926aca943b478d68) C:\Windows\system32\DRIVERS\avgfwd6a.sys
14:35:25.0492 4472 Avgfwfd - ok
14:35:25.0523 4472 avgfws (2f0c5ae2352f22b587edc2829c971262) C:\Program Files (x86)\AVG\AVG10\avgfws.exe
14:35:25.0539 4472 avgfws - ok
14:35:25.0632 4472 AVGIDSAgent (7a0f6a3e0e41425b9ba54616b482668a) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
14:35:25.0664 4472 AVGIDSAgent - ok
14:35:25.0664 4472 AVGIDSDriver (e6671e90d38c88764412e07c9d9b3d63) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
14:35:25.0679 4472 AVGIDSDriver - ok
14:35:25.0679 4472 AVGIDSEH (1553b388e0f0462c25ad8f30c3c29e83) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
14:35:25.0679 4472 AVGIDSEH - ok
14:35:25.0679 4472 AVGIDSFilter (dca426a66739e75f51a72160dfb945ad) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
14:35:25.0679 4472 AVGIDSFilter - ok
14:35:25.0695 4472 Avgldx64 (ff7383388a7d2283dae5831abc2b0720) C:\Windows\system32\DRIVERS\avgldx64.sys
14:35:25.0695 4472 Avgldx64 - ok
14:35:25.0695 4472 Avgmfx64 (997d002827d3e3dcbbb25bf46db161ab) C:\Windows\system32\DRIVERS\avgmfx64.sys
14:35:25.0695 4472 Avgmfx64 - ok
14:35:25.0710 4472 Avgrkx64 (bccfe3374c887075cde2ac8fdb1cb2f8) C:\Windows\system32\DRIVERS\avgrkx64.sys
14:35:25.0710 4472 Avgrkx64 - ok
14:35:25.0710 4472 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\Windows\system32\DRIVERS\avgtdia.sys
14:35:25.0710 4472 Avgtdia - ok
14:35:25.0726 4472 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
14:35:25.0726 4472 avgwd - ok
14:35:25.0726 4472 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:35:25.0726 4472 AxInstSV - ok
14:35:25.0742 4472 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
14:35:25.0742 4472 b06bdrv - ok
14:35:25.0742 4472 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:35:25.0757 4472 b57nd60a - ok
14:35:25.0757 4472 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:35:25.0757 4472 BDESVC - ok
14:35:25.0757 4472 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:35:25.0757 4472 Beep - ok
14:35:25.0773 4472 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:35:25.0788 4472 BFE - ok
14:35:25.0788 4472 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
14:35:25.0804 4472 BITS - ok
14:35:25.0820 4472 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
14:35:25.0820 4472 blbdrive - ok
14:35:25.0820 4472 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
14:35:25.0835 4472 Bonjour Service - ok
14:35:25.0835 4472 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:35:25.0835 4472 bowser - ok
14:35:25.0835 4472 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
14:35:25.0835 4472 BrFiltLo - ok
14:35:25.0851 4472 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
14:35:25.0851 4472 BrFiltUp - ok
14:35:25.0851 4472 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:35:25.0851 4472 Browser - ok
14:35:25.0866 4472 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:35:25.0866 4472 Brserid - ok
14:35:25.0866 4472 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:35:25.0866 4472 BrSerWdm - ok
14:35:25.0866 4472 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:35:25.0866 4472 BrUsbMdm - ok
14:35:25.0882 4472 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:35:25.0882 4472 BrUsbSer - ok
14:35:25.0882 4472 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
14:35:25.0882 4472 BthEnum - ok
14:35:25.0882 4472 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
14:35:25.0882 4472 BTHMODEM - ok
14:35:25.0898 4472 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
14:35:25.0898 4472 BthPan - ok
14:35:25.0898 4472 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
14:35:25.0913 4472 BTHPORT - ok
14:35:25.0913 4472 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:35:25.0913 4472 bthserv - ok
14:35:25.0913 4472 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
14:35:25.0929 4472 BTHUSB - ok
14:35:25.0929 4472 btwampfl (59e3510784548c6939c1b3b985c232e3) C:\Windows\system32\drivers\btwampfl.sys
14:35:25.0929 4472 btwampfl - ok
14:35:25.0944 4472 btwaudio (1872074ed0a3fb22e3f1e3197b984bfa) C:\Windows\system32\drivers\btwaudio.sys
14:35:25.0944 4472 btwaudio - ok
14:35:25.0944 4472 btwavdt (691cf076c33ab1c3a5b2fd5450300733) C:\Windows\system32\drivers\btwavdt.sys
14:35:25.0944 4472 btwavdt - ok
14:35:25.0960 4472 btwdins (8ba6e93a182126781952a7895ec1e4b2) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
14:35:25.0976 4472 btwdins - ok
14:35:25.0976 4472 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
14:35:25.0976 4472 btwl2cap - ok
14:35:25.0976 4472 btwrchid (c9273b20dec8ce38dbce5d29de63c907) C:\Windows\system32\DRIVERS\btwrchid.sys
14:35:25.0976 4472 btwrchid - ok
14:35:25.0991 4472 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:35:25.0991 4472 cdfs - ok
14:35:25.0991 4472 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
14:35:25.0991 4472 cdrom - ok
14:35:26.0007 4472 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:35:26.0007 4472 CertPropSvc - ok
14:35:26.0007 4472 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
14:35:26.0007 4472 circlass - ok
14:35:26.0007 4472 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:35:26.0022 4472 CLFS - ok
14:35:26.0022 4472 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:35:26.0022 4472 clr_optimization_v2.0.50727_32 - ok
14:35:26.0038 4472 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:35:26.0038 4472 clr_optimization_v2.0.50727_64 - ok
14:35:26.0038 4472 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:35:26.0038 4472 clr_optimization_v4.0.30319_32 - ok
14:35:26.0054 4472 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:35:26.0054 4472 clr_optimization_v4.0.30319_64 - ok
14:35:26.0054 4472 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
14:35:26.0054 4472 CmBatt - ok
14:35:26.0069 4472 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:35:26.0069 4472 cmdide - ok
14:35:26.0085 4472 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:35:26.0085 4472 CNG - ok
14:35:26.0085 4472 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
14:35:26.0085 4472 Compbatt - ok
14:35:26.0085 4472 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:35:26.0085 4472 CompositeBus - ok
14:35:26.0100 4472 COMSysApp - ok
14:35:26.0100 4472 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
14:35:26.0100 4472 crcdisk - ok
14:35:26.0116 4472 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:35:26.0116 4472 CryptSvc - ok
14:35:26.0116 4472 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
14:35:26.0132 4472 CSC - ok
14:35:26.0132 4472 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
14:35:26.0147 4472 CscService - ok
14:35:26.0163 4472 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:35:26.0163 4472 DcomLaunch - ok
14:35:26.0163 4472 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:35:26.0178 4472 defragsvc - ok
14:35:26.0178 4472 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:35:26.0178 4472 DfsC - ok
14:35:26.0194 4472 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:35:26.0194 4472 Dhcp - ok
14:35:26.0194 4472 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:35:26.0194 4472 discache - ok
14:35:26.0194 4472 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
14:35:26.0210 4472 Disk - ok
14:35:26.0210 4472 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:35:26.0210 4472 Dnscache - ok
14:35:26.0225 4472 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:35:26.0225 4472 dot3svc - ok
14:35:26.0225 4472 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:35:26.0225 4472 DPS - ok
14:35:26.0225 4472 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:35:26.0241 4472 drmkaud - ok
14:35:26.0256 4472 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:35:26.0256 4472 DXGKrnl - ok
14:35:26.0256 4472 e1kexpress (f369e83f6cdab987ca2dd764278659a6) C:\Windows\system32\DRIVERS\e1k62x64.sys
14:35:26.0272 4472 e1kexpress - ok
14:35:26.0272 4472 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:35:26.0272 4472 EapHost - ok
14:35:26.0319 4472 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
14:35:26.0334 4472 ebdrv - ok
14:35:26.0350 4472 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:35:26.0350 4472 EFS - ok
14:35:26.0366 4472 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:35:26.0366 4472 ehRecvr - ok
14:35:26.0366 4472 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:35:26.0381 4472 ehSched - ok
14:35:26.0381 4472 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
14:35:26.0397 4472 elxstor - ok
14:35:26.0397 4472 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:35:26.0397 4472 ErrDev - ok
14:35:26.0412 4472 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:35:26.0412 4472 EventSystem - ok
14:35:26.0459 4472 EvtEng (b56d9602db5fe1c116b1ca5efd8e2e50) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
14:35:26.0459 4472 EvtEng - ok
14:35:26.0459 4472 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:35:26.0475 4472 exfat - ok
14:35:26.0475 4472 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:35:26.0475 4472 fastfat - ok
14:35:26.0490 4472 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:35:26.0490 4472 Fax - ok
14:35:26.0506 4472 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
14:35:26.0506 4472 fdc - ok
14:35:26.0506 4472 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:35:26.0506 4472 fdPHost - ok
14:35:26.0506 4472 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:35:26.0522 4472 FDResPub - ok
14:35:26.0522 4472 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:35:26.0522 4472 FileInfo - ok
14:35:26.0522 4472 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:35:26.0522 4472 Filetrace - ok
14:35:26.0553 4472 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:35:26.0553 4472 FLEXnet Licensing Service - ok
14:35:26.0553 4472 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
14:35:26.0553 4472 flpydisk - ok
14:35:26.0568 4472 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:35:26.0568 4472 FltMgr - ok
14:35:26.0584 4472 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:35:26.0600 4472 FontCache - ok
14:35:26.0600 4472 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:35:26.0600 4472 FontCache3.0.0.0 - ok
14:35:26.0615 4472 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:35:26.0615 4472 FsDepends - ok
14:35:26.0615 4472 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:35:26.0615 4472 Fs_Rec - ok
14:35:26.0631 4472 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:35:26.0631 4472 fvevol - ok
14:35:26.0631 4472 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
14:35:26.0631 4472 gagp30kx - ok
14:35:26.0631 4472 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:35:26.0631 4472 GEARAspiWDM - ok
14:35:26.0662 4472 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:35:26.0662 4472 gpsvc - ok
14:35:26.0678 4472 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:35:26.0678 4472 gupdate - ok
14:35:26.0678 4472 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:35:26.0678 4472 gupdatem - ok
14:35:26.0678 4472 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:35:26.0693 4472 gusvc - ok
14:35:26.0693 4472 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:35:26.0693 4472 hcw85cir - ok
14:35:26.0709 4472 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:35:26.0709 4472 HdAudAddService - ok
14:35:26.0709 4472 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:35:26.0709 4472 HDAudBus - ok
14:35:26.0724 4472 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\drivers\HECIx64.sys
14:35:26.0724 4472 HECIx64 - ok
14:35:26.0724 4472 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
14:35:26.0724 4472 HidBatt - ok
14:35:26.0724 4472 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
14:35:26.0740 4472 HidBth - ok
14:35:26.0740 4472 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
14:35:26.0740 4472 HidIr - ok
14:35:26.0740 4472 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
14:35:26.0740 4472 hidserv - ok
14:35:26.0756 4472 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
14:35:26.0756 4472 HidUsb - ok
14:35:26.0756 4472 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:35:26.0756 4472 hkmsvc - ok
14:35:26.0771 4472 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:35:26.0771 4472 HomeGroupListener - ok
14:35:26.0771 4472 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:35:26.0787 4472 HomeGroupProvider - ok
14:35:26.0787 4472 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:35:26.0787 4472 HpSAMD - ok
14:35:26.0802 4472 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:35:26.0802 4472 HTTP - ok
14:35:26.0818 4472 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:35:26.0818 4472 hwpolicy - ok
14:35:26.0818 4472 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:35:26.0818 4472 i8042prt - ok
14:35:26.0834 4472 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\drivers\iaStor.sys
14:35:26.0849 4472 iaStor - ok
14:35:26.0849 4472 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
14:35:26.0849 4472 IAStorDataMgrSvc - ok
14:35:26.0865 4472 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:35:26.0865 4472 iaStorV - ok
14:35:26.0880 4472 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:35:26.0896 4472 idsvc - ok
14:35:26.0896 4472 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
14:35:26.0896 4472 iirsp - ok
14:35:26.0927 4472 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:35:26.0927 4472 IKEEXT - ok
14:35:26.0927 4472 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\drivers\Impcd.sys
14:35:26.0943 4472 Impcd - ok
14:35:26.0974 4472 IntcAzAudAddService (9aa1e982bc10176ce316aadfbd5c28f5) C:\Windows\system32\drivers\RTKVHD64.sys
14:35:26.0990 4472 IntcAzAudAddService - ok
14:35:26.0990 4472 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:35:26.0990 4472 intelide - ok
14:35:27.0005 4472 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:35:27.0005 4472 intelppm - ok
14:35:27.0005 4472 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:35:27.0005 4472 IPBusEnum - ok
14:35:27.0021 4472 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:35:27.0021 4472 IpFilterDriver - ok
14:35:27.0036 4472 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:35:27.0036 4472 iphlpsvc - ok
14:35:27.0052 4472 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:35:27.0052 4472 IPMIDRV - ok
14:35:27.0052 4472 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:35:27.0052 4472 IPNAT - ok
14:35:27.0068 4472 iPod Service (3d62fe4fefe9c67dafec52b534dfa1fb) C:\Program Files\iPod\bin\iPodService.exe
14:35:27.0083 4472 iPod Service - ok
14:35:27.0083 4472 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:35:27.0083 4472 IRENUM - ok
14:35:27.0099 4472 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:35:27.0099 4472 isapnp - ok
14:35:27.0099 4472 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:35:27.0099 4472 iScsiPrt - ok
14:35:27.0114 4472 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
14:35:27.0114 4472 kbdclass - ok
14:35:27.0114 4472 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
14:35:27.0114 4472 kbdhid - ok
14:35:27.0130 4472 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:35:27.0130 4472 KeyIso - ok
14:35:27.0130 4472 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:35:27.0130 4472 KSecDD - ok
14:35:27.0146 4472 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:35:27.0146 4472 KSecPkg - ok
14:35:27.0146 4472 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:35:27.0146 4472 ksthunk - ok
14:35:27.0161 4472 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:35:27.0161 4472 KtmRm - ok
14:35:27.0177 4472 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
14:35:27.0177 4472 LanmanServer - ok
14:35:27.0177 4472 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:35:27.0192 4472 LanmanWorkstation - ok
14:35:27.0192 4472 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:35:27.0192 4472 lltdio - ok
14:35:27.0208 4472 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:35:27.0208 4472 lltdsvc - ok
14:35:27.0208 4472 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:35:27.0208 4472 lmhosts - ok
14:35:27.0224 4472 LMS (ad1cf8471b06badb93d87cc4d63b8483) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:35:27.0224 4472 LMS - ok
14:35:27.0239 4472 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
14:35:27.0239 4472 LSI_FC - ok
14:35:27.0239 4472 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
14:35:27.0239 4472 LSI_SAS - ok
14:35:27.0255 4472 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
14:35:27.0255 4472 LSI_SAS2 - ok
14:35:27.0255 4472 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
14:35:27.0255 4472 LSI_SCSI - ok
14:35:27.0270 4472 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:35:27.0270 4472 luafv - ok
14:35:27.0270 4472 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:35:27.0270 4472 Mcx2Svc - ok
14:35:27.0286 4472 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
14:35:27.0286 4472 megasas - ok
14:35:27.0286 4472 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
14:35:27.0286 4472 MegaSR - ok
14:35:27.0302 4472 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:35:27.0302 4472 MMCSS - ok
14:35:27.0302 4472 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:35:27.0302 4472 Modem - ok
14:35:27.0317 4472 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:35:27.0317 4472 monitor - ok
14:35:27.0317 4472 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
14:35:27.0317 4472 mouclass - ok
14:35:27.0333 4472 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:35:27.0333 4472 mouhid - ok
14:35:27.0333 4472 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:35:27.0333 4472 mountmgr - ok
14:35:27.0348 4472 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:35:27.0348 4472 mpio - ok
14:35:27.0348 4472 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:35:27.0348 4472 mpsdrv - ok
14:35:27.0364 4472 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:35:27.0380 4472 MpsSvc - ok
14:35:27.0380 4472 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:35:27.0380 4472 MRxDAV - ok
14:35:27.0395 4472 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:35:27.0395 4472 mrxsmb - ok
14:35:27.0395 4472 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:35:27.0411 4472 mrxsmb10 - ok
14:35:27.0411 4472 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:35:27.0411 4472 mrxsmb20 - ok
14:35:27.0411 4472 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:35:27.0426 4472 msahci - ok
14:35:27.0426 4472 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:35:27.0426 4472 msdsm - ok
14:35:27.0426 4472 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:35:27.0442 4472 MSDTC - ok
14:35:27.0442 4472 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:35:27.0442 4472 Msfs - ok
14:35:27.0458 4472 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:35:27.0458 4472 mshidkmdf - ok
14:35:27.0458 4472 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:35:27.0458 4472 msisadrv - ok
14:35:27.0458 4472 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:35:27.0473 4472 MSiSCSI - ok
14:35:27.0473 4472 msiserver - ok
14:35:27.0473 4472 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:35:27.0473 4472 MSKSSRV - ok
14:35:27.0489 4472 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:35:27.0489 4472 MSPCLOCK - ok
14:35:27.0489 4472 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:35:27.0489 4472 MSPQM - ok
14:35:27.0504 4472 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:35:27.0504 4472 MsRPC - ok
14:35:27.0504 4472 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:35:27.0504 4472 mssmbios - ok
14:35:27.0520 4472 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:35:27.0520 4472 MSTEE - ok
14:35:27.0520 4472 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
14:35:27.0520 4472 MTConfig - ok
14:35:27.0536 4472 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:35:27.0536 4472 Mup - ok
14:35:27.0551 4472 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:35:27.0551 4472 napagent - ok
14:35:27.0567 4472 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:35:27.0567 4472 NativeWifiP - ok
14:35:27.0582 4472 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:35:27.0598 4472 NDIS - ok
14:35:27.0598 4472 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:35:27.0598 4472 NdisCap - ok
14:35:27.0598 4472 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:35:27.0598 4472 NdisTapi - ok
14:35:27.0614 4472 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:35:27.0614 4472 Ndisuio - ok
14:35:27.0614 4472 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:35:27.0614 4472 NdisWan - ok
14:35:27.0629 4472 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:35:27.0629 4472 NDProxy - ok
14:35:27.0629 4472 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:35:27.0629 4472 NetBIOS - ok
14:35:27.0645 4472 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:35:27.0645 4472 NetBT - ok
14:35:27.0645 4472 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:35:27.0660 4472 Netlogon - ok
14:35:27.0660 4472 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:35:27.0660 4472 Netman - ok
14:35:27.0676 4472 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:35:27.0676 4472 netprofm - ok
14:35:27.0692 4472 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:35:27.0692 4472 NetTcpPortSharing - ok
14:35:27.0770 4472 NETw5s64 (18555f48844c2861d9dce8f2b7223ae5) C:\Windows\system32\DRIVERS\NETw5s64.sys
14:35:27.0816 4472 NETw5s64 - ok
14:35:27.0832 4472 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
14:35:27.0832 4472 nfrd960 - ok
14:35:27.0848 4472 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:35:27.0848 4472 NlaSvc - ok
14:35:27.0848 4472 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:35:27.0848 4472 Npfs - ok
14:35:27.0863 4472 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:35:27.0863 4472 nsi - ok
14:35:27.0863 4472 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:35:27.0863 4472 nsiproxy - ok
14:35:27.0894 4472 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:35:27.0910 4472 Ntfs - ok
14:35:27.0910 4472 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:35:27.0910 4472 Null - ok
14:35:27.0926 4472 NVHDA (cddd4478757288df4bb1494bfd084259) C:\Windows\system32\drivers\nvhda64v.sys
14:35:27.0926 4472 NVHDA - ok
14:35:28.0035 4472 nvlddmkm (23183c4149547d21b5cb9f7aee3775b0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:35:28.0113 4472 nvlddmkm - ok
14:35:28.0128 4472 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:35:28.0128 4472 nvraid - ok
14:35:28.0128 4472 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:35:28.0144 4472 nvstor - ok
14:35:28.0144 4472 nvsvc (cb3814ed7b97cc2d9315cbe7731f018e) C:\Windows\system32\nvvsvc.exe
14:35:28.0144 4472 nvsvc - ok
14:35:28.0160 4472 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:35:28.0160 4472 nv_agp - ok
14:35:28.0175 4472 Oasis2Service (567e84848445135c0f4b8de2d121edb8) C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
14:35:28.0175 4472 Oasis2Service - ok
14:35:28.0175 4472 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:35:28.0175 4472 ohci1394 - ok
14:35:28.0191 4472 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:35:28.0191 4472 ose - ok
14:35:28.0253 4472 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:35:28.0284 4472 osppsvc - ok
14:35:28.0300 4472 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:35:28.0300 4472 p2pimsvc - ok
14:35:28.0316 4472 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:35:28.0316 4472 p2psvc - ok
14:35:28.0316 4472 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
14:35:28.0331 4472 Parport - ok
14:35:28.0331 4472 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:35:28.0331 4472 partmgr - ok
14:35:28.0331 4472 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:35:28.0347 4472 PcaSvc - ok
14:35:28.0347 4472 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:35:28.0347 4472 pci - ok
14:35:28.0362 4472 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:35:28.0362 4472 pciide - ok
14:35:28.0362 4472 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
14:35:28.0362 4472 pcmcia - ok
14:35:28.0378 4472 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:35:28.0378 4472 pcw - ok
14:35:28.0394 4472 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:35:28.0394 4472 PEAUTH - ok
14:35:28.0425 4472 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
14:35:28.0425 4472 PeerDistSvc - ok
14:35:28.0440 4472 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:35:28.0440 4472 PerfHost - ok
14:35:28.0472 4472 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:35:28.0487 4472 pla - ok
14:35:28.0503 4472 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:35:28.0503 4472 PlugPlay - ok
14:35:28.0518 4472 PMBDeviceInfoProvider (80e85394d8cd7f84340b1c6f4b9d698f) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
14:35:28.0534 4472 PMBDeviceInfoProvider - ok
14:35:28.0534 4472 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:35:28.0534 4472 PNRPAutoReg - ok
14:35:28.0534 4472 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:35:28.0550 4472 PNRPsvc - ok
14:35:28.0550 4472 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:35:28.0565 4472 PolicyAgent - ok
14:35:28.0565 4472 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:35:28.0565 4472 Power - ok
14:35:28.0581 4472 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:35:28.0581 4472 PptpMiniport - ok
14:35:28.0581 4472 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
14:35:28.0581 4472 Processor - ok
14:35:28.0596 4472 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:35:28.0596 4472 ProfSvc - ok
14:35:28.0596 4472 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:35:28.0612 4472 ProtectedStorage - ok
14:35:28.0612 4472 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:35:28.0612 4472 Psched - ok
14:35:28.0612 4472 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
14:35:28.0628 4472 PxHlpa64 - ok
14:35:28.0643 4472 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
14:35:28.0659 4472 ql2300 - ok
14:35:28.0659 4472 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
14:35:28.0659 4472 ql40xx - ok
14:35:28.0674 4472 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:35:28.0674 4472 QWAVE - ok
14:35:28.0674 4472 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:35:28.0674 4472 QWAVEdrv - ok
14:35:28.0690 4472 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:35:28.0690 4472 RasAcd - ok
14:35:28.0690 4472 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:35:28.0690 4472 RasAgileVpn - ok
14:35:28.0706 4472 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:35:28.0706 4472 RasAuto - ok
14:35:28.0706 4472 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:35:28.0706 4472 Rasl2tp - ok
14:35:28.0721 4472 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:35:28.0721 4472 RasMan - ok
14:35:28.0737 4472 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:35:28.0737 4472 RasPppoe - ok
14:35:28.0737 4472 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:35:28.0737 4472 RasSstp - ok
14:35:28.0752 4472 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:35:28.0752 4472 rdbss - ok
14:35:28.0752 4472 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
14:35:28.0752 4472 rdpbus - ok
14:35:28.0768 4472 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:35:28.0768 4472 RDPCDD - ok
14:35:28.0768 4472 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
14:35:28.0768 4472 RDPDR - ok
14:35:28.0784 4472 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:35:28.0784 4472 RDPENCDD - ok
14:35:28.0784 4472 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:35:28.0784 4472 RDPREFMP - ok
14:35:28.0799 4472 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
14:35:28.0799 4472 RDPWD - ok
14:35:28.0799 4472 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:35:28.0815 4472 rdyboost - ok
14:35:28.0830 4472 RegSrvc (0aa473966357c4a41b5eb19649eb6e5e) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
14:35:28.0830 4472 RegSrvc - ok
14:35:28.0846 4472 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:35:28.0846 4472 RemoteAccess - ok
14:35:28.0846 4472 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:35:28.0846 4472 RemoteRegistry - ok
14:35:28.0862 4472 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
14:35:28.0862 4472 RFCOMM - ok
14:35:28.0862 4472 rimspci (fa6abc06b629da29634d31f1fe0347bd) C:\Windows\system32\drivers\rimssne64.sys
14:35:28.0862 4472 rimspci - ok
14:35:28.0877 4472 risdsnpe (8f8539a7f5c117d4407b2985995671f2) C:\Windows\system32\drivers\risdsne64.sys
14:35:28.0877 4472 risdsnpe - ok
14:35:28.0877 4472 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:35:28.0877 4472 RpcEptMapper - ok
14:35:28.0893 4472 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:35:28.0893 4472 RpcLocator - ok
14:35:28.0908 4472 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:35:28.0908 4472 RpcSs - ok
14:35:28.0924 4472 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:35:28.0924 4472 rspndr - ok
14:35:28.0924 4472 RtkAudioService (b7fcc2d5b1dd8898bc00056cbfba46b8) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
14:35:28.0924 4472 RtkAudioService - ok
14:35:28.0940 4472 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
14:35:28.0940 4472 s3cap - ok
14:35:28.0940 4472 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:35:28.0940 4472 SamSs - ok
14:35:28.0955 4472 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:35:28.0955 4472 sbp2port - ok
14:35:28.0955 4472 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:35:28.0955 4472 SCardSvr - ok
14:35:28.0971 4472 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:35:28.0971 4472 scfilter - ok
14:35:28.0986 4472 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:35:29.0002 4472 Schedule - ok
14:35:29.0002 4472 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:35:29.0002 4472 SCPolicySvc - ok
14:35:29.0018 4472 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
14:35:29.0018 4472 sdbus - ok
14:35:29.0018 4472 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:35:29.0033 4472 SDRSVC - ok
14:35:29.0033 4472 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:35:29.0033 4472 secdrv - ok
14:35:29.0049 4472 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:35:29.0049 4472 seclogon - ok
14:35:29.0049 4472 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:35:29.0049 4472 SENS - ok
14:35:29.0064 4472 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:35:29.0064 4472 SensrSvc - ok
14:35:29.0064 4472 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
14:35:29.0064 4472 Serenum - ok
14:35:29.0080 4472 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
14:35:29.0080 4472 Serial - ok
14:35:29.0080 4472 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
14:35:29.0096 4472 sermouse - ok
14:35:29.0111 4472 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:35:29.0111 4472 SessionEnv - ok
14:35:29.0111 4472 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\DRIVERS\SFEP.sys
14:35:29.0111 4472 SFEP - ok
14:35:29.0127 4472 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:35:29.0127 4472 sffdisk - ok
14:35:29.0127 4472 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:35:29.0127 4472 sffp_mmc - ok
14:35:29.0142 4472 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:35:29.0142 4472 sffp_sd - ok
14:35:29.0158 4472 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
14:35:29.0158 4472 sfloppy - ok
14:35:29.0158 4472 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:35:29.0174 4472 SharedAccess - ok
14:35:29.0189 4472 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:35:29.0189 4472 ShellHWDetection - ok
14:35:29.0189 4472 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
14:35:29.0205 4472 SiSRaid2 - ok
14:35:29.0205 4472 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
14:35:29.0205 4472 SiSRaid4 - ok
14:35:29.0220 4472 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:35:29.0220 4472 Smb - ok
14:35:29.0236 4472 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:35:29.0236 4472 SNMPTRAP - ok
14:35:29.0236 4472 SOHCImp (c3e69db0a4e59564230e053232f39ac7) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
14:35:29.0252 4472 SOHCImp - ok
14:35:29.0252 4472 SOHDms (65cc4779a29c3e82b987bd4961790dff) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
14:35:29.0267 4472 SOHDms - ok
14:35:29.0267 4472 SOHDs (f47d75cee1844eef4a9ea6ee768828fb) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
14:35:29.0267 4472 SOHDs - ok
14:35:29.0283 4472 SpfService (5449fc97476f52e027409e703791e6a9) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
14:35:29.0283 4472 SpfService - ok
14:35:29.0283 4472 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:35:29.0283 4472 spldr - ok
14:35:29.0298 4472 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:35:29.0298 4472 Spooler - ok
14:35:29.0345 4472 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:35:29.0376 4472 sppsvc - ok
14:35:29.0376 4472 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:35:29.0376 4472 sppuinotify - ok
14:35:29.0392 4472 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:35:29.0392 4472 srv - ok
14:35:29.0408 4472 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:35:29.0423 4472 srv2 - ok
14:35:29.0423 4472 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:35:29.0423 4472 srvnet - ok
14:35:29.0439 4472 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:35:29.0439 4472 SSDPSRV - ok
14:35:29.0439 4472 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:35:29.0454 4472 SstpSvc - ok
14:35:29.0454 4472 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
14:35:29.0454 4472 stexstor - ok
14:35:29.0470 4472 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:35:29.0470 4472 stisvc - ok
14:35:29.0486 4472 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
14:35:29.0486 4472 storflt - ok
14:35:29.0486 4472 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
14:35:29.0486 4472 StorSvc - ok
14:35:29.0501 4472 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
14:35:29.0501 4472 storvsc - ok
14:35:29.0501 4472 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:35:29.0501 4472 swenum - ok
14:35:29.0517 4472 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:35:29.0517 4472 swprv - ok
14:35:29.0532 4472 SynTP (3c08fb2829a5304825f974b1631dedfa) C:\Windows\system32\DRIVERS\SynTP.sys
14:35:29.0532 4472 SynTP - ok
14:35:29.0579 4472 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:35:29.0579 4472 SysMain - ok
14:35:29.0595 4472 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:35:29.0595 4472 TabletInputService - ok
14:35:29.0610 4472 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:35:29.0610 4472 TapiSrv - ok
14:35:29.0610 4472 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:35:29.0610 4472 TBS - ok
14:35:29.0657 4472 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:35:29.0673 4472 Tcpip - ok
14:35:29.0688 4472 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:35:29.0688 4472 TCPIP6 - ok
14:35:29.0704 4472 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:35:29.0704 4472 tcpipreg - ok
14:35:29.0720 4472 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:35:29.0720 4472 TDPIPE - ok
14:35:29.0720 4472 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:35:29.0720 4472 TDTCP - ok
14:35:29.0735 4472 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:35:29.0735 4472 tdx - ok
14:35:29.0735 4472 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:35:29.0735 4472 TermDD - ok
14:35:29.0751 4472 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:35:29.0751 4472 TermService - ok
14:35:29.0766 4472 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:35:29.0766 4472 Themes - ok
14:35:29.0766 4472 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:35:29.0782 4472 THREADORDER - ok
14:35:29.0782 4472 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
14:35:29.0782 4472 TPM - ok
14:35:29.0798 4472 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:35:29.0798 4472 TrkWks - ok
14:35:29.0798 4472 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:35:29.0798 4472 TrustedInstaller - ok
14:35:29.0813 4472 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:35:29.0813 4472 tssecsrv - ok
14:35:29.0813 4472 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:35:29.0813 4472 TsUsbFlt - ok
14:35:29.0829 4472 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:35:29.0829 4472 tunnel - ok
14:35:29.0829 4472 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
14:35:29.0844 4472 uagp35 - ok
14:35:29.0844 4472 uCamMonitor (63f6d08c54d5b3c1b12a6172032055c7) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
14:35:29.0844 4472 uCamMonitor - ok
14:35:29.0860 4472 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:35:29.0860 4472 udfs - ok
14:35:29.0876 4472 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:35:29.0876 4472 UI0Detect - ok
14:35:29.0876 4472 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:35:29.0876 4472 uliagpkx - ok
14:35:29.0891 4472 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:35:29.0891 4472 umbus - ok
14:35:29.0891 4472 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
14:35:29.0891 4472 UmPass - ok
14:35:29.0907 4472 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
14:35:29.0907 4472 UmRdpService - ok
14:35:29.0938 4472 UNS (ad88af249abdc546151f9bfc4093fa9b) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:35:29.0954 4472 UNS - ok
14:35:29.0969 4472 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:35:29.0969 4472 upnphost - ok
14:35:29.0985 4472 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:35:29.0985 4472 usbccgp - ok
14:35:29.0985 4472 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:35:29.0985 4472 usbcir - ok
14:35:30.0000 4472 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
14:35:30.0000 4472 usbehci - ok
14:35:30.0000 4472 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:35:30.0016 4472 usbhub - ok
14:35:30.0016 4472 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:35:30.0016 4472 usbohci - ok
14:35:30.0032 4472 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
14:35:30.0032 4472 usbprint - ok
14:35:30.0032 4472 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:35:30.0032 4472 USBSTOR - ok
14:35:30.0032 4472 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:35:30.0047 4472 usbuhci - ok
14:35:30.0047 4472 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
14:35:30.0047 4472 usbvideo - ok
14:35:30.0063 4472 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:35:30.0063 4472 UxSms - ok
14:35:30.0063 4472 VAIO Event Service (a60605fc66552b421ee1f3d4ebb9a4e0) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
14:35:30.0063 4472 VAIO Event Service - ok
14:35:30.0078 4472 VAIO Power Management (d469be2723f79cf4b384680b1fdc577d) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
14:35:30.0094 4472 VAIO Power Management - ok
14:35:30.0094 4472 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:35:30.0094 4472 VaultSvc - ok
14:35:30.0125 4472 VCFw (96efa2698d6b9e2931609a3ea73fc5dc) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
14:35:30.0125 4472 VCFw - ok
14:35:30.0141 4472 VcmIAlzMgr (7bebf6a5285ffc03c34a7297a4e177cb) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
14:35:30.0141 4472 VcmIAlzMgr - ok
14:35:30.0156 4472 VcmINSMgr (e005b04dfca99f5880c5111933194ca9) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
14:35:30.0156 4472 VcmINSMgr - ok
14:35:30.0156 4472 VcmXmlIfHelper (829a32fd1334f72429ca0515760eb7a7) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
14:35:30.0156 4472 VcmXmlIfHelper - ok
14:35:30.0172 4472 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:35:30.0172 4472 vdrvroot - ok
14:35:30.0188 4472 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:35:30.0188 4472 vds - ok
14:35:30.0188 4472 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:35:30.0188 4472 vga - ok
14:35:30.0203 4472 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:35:30.0203 4472 VgaSave - ok
14:35:30.0203 4472 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:35:30.0219 4472 vhdmp - ok
14:35:30.0219 4472 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:35:30.0219 4472 viaide - ok
14:35:30.0234 4472 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
14:35:30.0234 4472 vmbus - ok
14:35:30.0234 4472 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
14:35:30.0234 4472 VMBusHID - ok
14:35:30.0250 4472 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:35:30.0250 4472 volmgr - ok
14:35:30.0250 4472 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:35:30.0266 4472 volmgrx - ok
14:35:30.0266 4472 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:35:30.0281 4472 volsnap - ok
14:35:30.0281 4472 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
14:35:30.0281 4472 vpcbus - ok
14:35:30.0297 4472 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
14:35:30.0297 4472 vpcnfltr - ok
14:35:30.0297 4472 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
14:35:30.0297 4472 vpcusb - ok
14:35:30.0312 4472 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
14:35:30.0312 4472 vpcvmm - ok
14:35:30.0328 4472 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
14:35:30.0328 4472 vsmraid - ok
14:35:30.0359 4472 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:35:30.0375 4472 VSS - ok
14:35:30.0390 4472 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
14:35:30.0390 4472 vToolbarUpdater10.2.0 - ok
14:35:30.0422 4472 VUAgent (d62d16e057be87f5b84a54d1b83822c4) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
14:35:30.0437 4472 VUAgent - ok
14:35:30.0437 4472 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:35:30.0453 4472 vwifibus - ok
14:35:30.0453 4472 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:35:30.0453 4472 vwififlt - ok
14:35:30.0453 4472 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
14:35:30.0453 4472 vwifimp - ok
14:35:30.0468 4472 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:35:30.0484 4472 W32Time - ok
14:35:30.0484 4472 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
14:35:30.0484 4472 WacomPen - ok
14:35:30.0500 4472 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:35:30.0500 4472 WANARP - ok
14:35:30.0500 4472 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:35:30.0500 4472 Wanarpv6 - ok
14:35:30.0531 4472 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:35:30.0546 4472 WatAdminSvc - ok
14:35:30.0578 4472 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:35:30.0578 4472 wbengine - ok
14:35:30.0593 4472 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:35:30.0593 4472 WbioSrvc - ok
14:35:30.0609 4472 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:35:30.0609 4472 wcncsvc - ok
14:35:30.0624 4472 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:35:30.0624 4472 WcsPlugInService - ok
14:35:30.0624 4472 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
14:35:30.0640 4472 Wd - ok
14:35:30.0656 4472 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:35:30.0656 4472 Wdf01000 - ok
14:35:30.0656 4472 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:35:30.0671 4472 WdiServiceHost - ok
14:35:30.0671 4472 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:35:30.0671 4472 WdiSystemHost - ok
14:35:30.0687 4472 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:35:30.0687 4472 WebClient - ok
14:35:30.0702 4472 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:35:30.0702 4472 Wecsvc - ok
14:35:30.0702 4472 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:35:30.0702 4472 wercplsupport - ok
14:35:30.0718 4472 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:35:30.0718 4472 WerSvc - ok
14:35:30.0734 4472 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:35:30.0734 4472 WfpLwf - ok
14:35:30.0734 4472 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:35:30.0734 4472 WIMMount - ok
14:35:30.0734 4472 WinDefend - ok
14:35:30.0749 4472 WinHttpAutoProxySvc - ok
14:35:30.0765 4472 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:35:30.0765 4472 Winmgmt - ok
14:35:30.0796 4472 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:35:30.0812 4472 WinRM - ok
14:35:30.0827 4472 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
14:35:30.0827 4472 WinUsb - ok
14:35:30.0843 4472 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:35:30.0858 4472 Wlansvc - ok
14:35:30.0890 4472 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:35:30.0905 4472 wlidsvc - ok
14:35:30.0921 4472 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:35:30.0921 4472 WmiAcpi - ok
14:35:30.0936 4472 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:35:30.0936 4472 wmiApSrv - ok
14:35:30.0936 4472 WMPNetworkSvc - ok
14:35:30.0952 4472 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:35:30.0952 4472 WPCSvc - ok
14:35:30.0968 4472 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:35:30.0968 4472 WPDBusEnum - ok
14:35:30.0983 4472 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:35:30.0983 4472 ws2ifsl - ok
14:35:30.0983 4472 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
14:35:30.0983 4472 wscsvc - ok
14:35:30.0999 4472 WSearch - ok
14:35:31.0046 4472 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:35:31.0061 4472 wuauserv - ok
14:35:31.0061 4472 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:35:31.0061 4472 WudfPf - ok
14:35:31.0077 4472 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:35:31.0077 4472 WUDFRd - ok
14:35:31.0092 4472 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:35:31.0092 4472 wudfsvc - ok
14:35:31.0092 4472 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:35:31.0108 4472 WwanSvc - ok
14:35:31.0124 4472 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
14:35:31.0124 4472 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
14:35:31.0124 4472 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
14:35:31.0139 4472 MBR (0x1B8) (eb15be5e681ebb43601ea0745c72507d) \Device\Harddisk1\DR2
14:35:32.0933 4472 \Device\Harddisk1\DR2 - ok
14:35:32.0949 4472 Boot (0x1200) (f1b1e8c10bc84668040679987fcc93d9) \Device\Harddisk0\DR0\Partition0
14:35:32.0949 4472 \Device\Harddisk0\DR0\Partition0 - ok
14:35:32.0949 4472 Boot (0x1200) (c2ce2ad25ec966be90555ffe5577f9ed) \Device\Harddisk0\DR0\Partition1
14:35:32.0949 4472 \Device\Harddisk0\DR0\Partition1 - ok
14:35:32.0949 4472 ============================================================
14:35:32.0949 4472 Scan finished
14:35:32.0949 4472 ============================================================
14:35:32.0964 6372 Detected object count: 1
14:35:32.0964 6372 Actual detected object count: 1
14:36:43.0180 6372 \Device\Harddisk0\DR0\# - copied to quarantine
14:36:43.0180 6372 \Device\Harddisk0\DR0 - copied to quarantine
14:36:43.0180 6372 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
14:36:43.0180 6372 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
14:36:43.0180 6372 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
14:36:43.0196 6372 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
14:36:43.0196 6372 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
14:36:43.0211 6372 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
14:36:43.0211 6372 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
14:36:43.0211 6372 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
14:36:43.0211 6372 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
14:36:43.0211 6372 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
14:36:43.0211 6372 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
14:36:43.0211 6372 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
14:36:43.0211 6372 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
14:36:43.0211 6372 \Device\Harddisk0\DR0 - ok
14:36:43.0242 6372 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
14:37:41.0821 1576 Deinitialize success

#6 pilates

pilates
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 29 March 2012 - 08:53 PM

And to be clear, I'm not getting help from any other site. Best regards, Pilates.

#7 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:06:45 PM

Posted 30 March 2012 - 07:55 AM

IMPORTANT NOTE: One or more of the identified infections is related to an advanced TDSS/TDL4 rootkit infection. This is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. Some variants will infect (overwrite) the Master Boot Record (MBR) and patch critical system files while newer variants create a hidden partition by modifying a free Partition Table entry in the MBR partition table. For more information on this particular rootkit, please refer to the ESET Threat Blog which provides a list of articles.

This type of infection is commonly seen with backdoor Trojans, Botnets, and IRCBots which are very dangerous because they compromise system integrity by making changes that allow it to be used by the attacker for malicious purposes. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is then sent back to the hacker.

You should disconnect the computer from the Internet and from any networked computers until it is cleaned. If your computer was used for online banking, paying bills, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for taxes, email, eBay, paypal and any other online activities. You should consider them to be compromised and change passwords from a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified immediately of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity. If using a router, you need to reset it with a strong logon/password before connecting again.

Although the infection has been identified and may be removed, your machine has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired so you can never be sure that you have completely removed all components of a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
• Reimaging the system
• Restoring the entire system using a full system backup from before the backdoor infection
• Reformatting and reinstalling the system

Backdoors and What They Mean to You

This is what Jesper M. Johansson, Security Program Manager at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).


Should you decide not to follow that advice, we will do our best to help clean the computer of any infections, but we cannot guarantee it to be trustworthy or that the removal will be successful. If you wish to proceed, please do the following:

The log indicates TDSSKiller found the TDL4 partition variant rootkit. This particular rootkit creates a small hidden partition which it uses to store its code. When the computer is started, it boots from that partition so that the malicious code is loaded into Windows. Please reboot if you have not done so already. Rerun TDSSKiller again and post the new log to confirm the infection was cured.

As can be seen in this part of the TDSSKiller log it requires a reboot to cure the infection. The logs indicate that this was not done:

12:06:08.0410 6848 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
12:06:08.0410 6848 \Device\Harddisk0\DR0 - ok
12:06:08.0426 6848 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
12:06:40.0078 6768 Deinitialize success


Also in the Malwarebytes log you can see this for all the infections found: No action taken

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MuhNyVLeVoL.exe (Rogue.Agent.SA) -> Data: C:\ProgramData\MuhNyVLeVoL.exe -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe -> No action taken.

This indicates that you did not select the infections for removal after the scan had completed.

Please run another scan with Malwarebytes and make sure you select any infections found for removal, then if it indicates that a reboot is required to complete the disinfection process, reboot the PC. Please then post the new log from Malwarebytes.

#8 pilates

pilates
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 30 March 2012 - 08:33 AM

Alas, I had pretty much come to that conclusion already. I am grateful for your good advice, particularly with regards to passwords. I'll be proceeding with reformat and reinstallation.

Signing off.

Pilates

#9 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:06:45 PM

Posted 30 March 2012 - 09:31 AM

Ok, you're welcome and thank you for letting me know.

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,391 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:45 PM

Posted 30 March 2012 - 04:58 PM

As the OP has chosen to reformat and reinstall the OS, this Topic is closed. Should you need it reopened, please contact a Forum Moderator or member of the Malware Removal Team. Include the address of this thread in your request. If you have a new issue, please start a New Topic.

Since this topic was started for assistance with malware infection, you may want to read:
Tips to protect yourself against malware and reduce the potential for re-infection
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users