Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Website redirected + Trojan Detected


  • Please log in to reply
10 replies to this topic

#1 montrealerdowner

montrealerdowner

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 02 April 2012 - 09:47 PM

Hello,

I am using Windows 7 and I have experienced a website redirection on Firefox and my unactivated McAfee has detected a trojan. I have ran a scan using Malwarebytes but it came out clean and I have downloaded and subsequently uninstalled AVG Free edition when it came clean as well. The redirected website is pageinxt.com and the tab name is under asterpix.com. So far, the redirection problem occurs only on a tennis forum that I visit frequently.

Thank you for your help.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:57 AM

Posted 02 April 2012 - 10:01 PM

Hello,Are you on a router? Are other machines on it,if so are they redirecting?

Do you use Firefox?

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 montrealerdowner

montrealerdowner
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 02 April 2012 - 10:39 PM

Hello boopme,

If by router, you mean the machine that provides wireless internet, then yes. I used my sister's computer to access the tennis forum and it does redirect on her computer as well.

I do also use Firefox.

Here are the results:

MiniToolBox by Farbar Version: 18-01-2012
Ran by David (administrator) on 02-04-2012 at 23:23:39
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® Centrino® Wireless-N 1030 = Wireless Network Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : David-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
Physical Address. . . . . . . . . : AC-72-89-38-9D-EE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : AC-72-89-38-9D-EE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 1030
Physical Address. . . . . . . . . : AC-72-89-38-9D-ED
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::81e2:7439:7862:8420%14(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.20(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : April-02-12 11:19:17 PM
Lease Expires . . . . . . . . . . : April-05-12 11:19:17 PM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 363623049
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-E0-28-FB-78-2B-CB-F9-EF-00
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 78-2B-CB-F9-EF-00
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : AC-72-89-38-9D-F1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{77F1A8B6-971E-4D43-B181-F0CC424740D9}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:28d1:1c57:bcbb:bcc4(Preferred)
Link-local IPv6 Address . . . . . : fe80::28d1:1c57:bcbb:bcc4%17(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{57063865-D3BF-4C75-A7D1-CEF41DD41E4D}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{60BE1DE2-6D79-4EEF-A5EB-84148DF97C06}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{B201DB49-D0E8-4A8E-8A7E-50F3E1AB20F9}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: mymodem
Address: 192.168.2.1

Name: google.com
Addresses: 173.194.43.46
173.194.43.41
173.194.43.34
173.194.43.36
173.194.43.37
173.194.43.35
173.194.43.39
173.194.43.32
173.194.43.33
173.194.43.40
173.194.43.38


Pinging google.com [173.194.43.46] with 32 bytes of data:
Reply from 173.194.43.46: bytes=32 time=182ms TTL=55
Reply from 173.194.43.46: bytes=32 time=66ms TTL=55

Ping statistics for 173.194.43.46:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 66ms, Maximum = 182ms, Average = 124ms
Server: mymodem
Address: 192.168.2.1

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=319ms TTL=51
Reply from 98.139.183.24: bytes=32 time=188ms TTL=50

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 188ms, Maximum = 319ms, Average = 253ms
Server: mymodem
Address: 192.168.2.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
16...ac 72 89 38 9d ee ......Microsoft Virtual WiFi Miniport Adapter #2
15...ac 72 89 38 9d ee ......Microsoft Virtual WiFi Miniport Adapter
14...ac 72 89 38 9d ed ......Intel® Centrino® Wireless-N 1030
13...78 2b cb f9 ef 00 ......Realtek PCIe FE Family Controller
12...ac 72 89 38 9d f1 ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.20 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.20 281
192.168.2.20 255.255.255.255 On-link 192.168.2.20 281
192.168.2.255 255.255.255.255 On-link 192.168.2.20 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.20 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.20 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
17 58 ::/0 On-link
1 306 ::1/128 On-link
17 58 2001::/32 On-link
17 306 2001:0:4137:9e76:28d1:1c57:bcbb:bcc4/128
On-link
14 281 fe80::/64 On-link
17 306 fe80::/64 On-link
17 306 fe80::28d1:1c57:bcbb:bcc4/128
On-link
14 281 fe80::81e2:7439:7862:8420/128
On-link
1 306 ff00::/8 On-link
17 306 ff00::/8 On-link
14 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/02/2012 11:19:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2012 10:31:22 PM) (Source: TOASTER.EXE) (User: )
Description: An Unhandled Exception occured.
Access to the path 'C:\Users\David\AppData\local\softthinks\scheduler.xml' is denied.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
at System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials)
at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
at System.Xml.XmlTextReaderImpl.OpenUrlDelegate(Object xmlResolver)
at System.Threading.CompressedStack.runTryCode(Object userData)
at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
at System.Threading.CompressedStack.Run(CompressedStack compressedStack, ContextCallback callback, Object state)
at System.Xml.XmlTextReaderImpl.OpenUrl()
at System.Xml.XmlTextReaderImpl.Read()
at System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace)
at System.Xml.XmlDocument.Load(XmlReader reader)
at System.Xml.XmlDocument.Load(String filename)
at Toaster.SchedulerReader.read()
at Toaster.Notifications.FullSystemBackup.FsbHelper.IsFsbScheduledNow()
at Toaster.Notifications.FullSystemBackup.FsbHelper.CheckReminder()
at Toaster.Helper.CheckReminders(ObservableCollection`1 notificationHelpers)
at Toaster.MainWindowViewModel.NotificationsTimerTick(Object sender, EventArgs e)
at System.Windows.Threading.DispatcherTimer.FireTick(Object unused)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Boolean isSingleParameter)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

Error: (04/02/2012 07:46:38 PM) (Source: CVHSVC) (User: )
Description: Information only.
Error: The server returned an invalid or unrecognized response
ErrorCode: 14007(0x36b7).

Error: (04/02/2012 06:42:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2012 11:46:37 AM) (Source: CVHSVC) (User: )
Description: Information only.
Error: The server returned an invalid or unrecognized response
ErrorCode: 14007(0x36b7).

Error: (04/02/2012 11:34:56 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2012 10:26:07 PM) (Source: CVHSVC) (User: )
Description: Information only.
Error: The server returned an invalid or unrecognized response
ErrorCode: 14007(0x36b7).

Error: (04/01/2012 09:38:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2012 11:04:28 AM) (Source: CVHSVC) (User: )
Description: Information only.
Error: The server returned an invalid or unrecognized response
ErrorCode: 14007(0x36b7).

Error: (04/01/2012 10:51:57 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/02/2012 11:22:24 PM) (Source: Service Control Manager) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/02/2012 11:20:15 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (04/02/2012 11:20:01 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%842

Error: (04/02/2012 11:19:45 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (04/02/2012 06:47:25 PM) (Source: DCOM) (User: )
Description: {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A}

Error: (04/02/2012 06:45:25 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (04/02/2012 06:42:43 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%842

Error: (04/02/2012 11:35:06 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%842

Error: (04/01/2012 09:39:12 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (04/01/2012 09:38:42 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.


Microsoft Office Sessions:
=========================
Error: (04/02/2012 11:19:51 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2012 10:31:22 PM) (Source: TOASTER.EXE)(User: )
Description: An Unhandled Exception occured.
Access to the path 'C:\Users\David\AppData\local\softthinks\scheduler.xml' is denied.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
at System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials)
at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
at System.Xml.XmlTextReaderImpl.OpenUrlDelegate(Object xmlResolver)
at System.Threading.CompressedStack.runTryCode(Object userData)
at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
at System.Threading.CompressedStack.Run(CompressedStack compressedStack, ContextCallback callback, Object state)
at System.Xml.XmlTextReaderImpl.OpenUrl()
at System.Xml.XmlTextReaderImpl.Read()
at System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace)
at System.Xml.XmlDocument.Load(XmlReader reader)
at System.Xml.XmlDocument.Load(String filename)
at Toaster.SchedulerReader.read()
at Toaster.Notifications.FullSystemBackup.FsbHelper.IsFsbScheduledNow()
at Toaster.Notifications.FullSystemBackup.FsbHelper.CheckReminder()
at Toaster.Helper.CheckReminders(ObservableCollection`1 notificationHelpers)
at Toaster.MainWindowViewModel.NotificationsTimerTick(Object sender, EventArgs e)
at System.Windows.Threading.DispatcherTimer.FireTick(Object unused)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Boolean isSingleParameter)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

Error: (04/02/2012 07:46:38 PM) (Source: CVHSVC)(User: )
Description: Error: The server returned an invalid or unrecognized response
ErrorCode: 14007(0x36b7).

Error: (04/02/2012 06:42:39 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2012 11:46:37 AM) (Source: CVHSVC)(User: )
Description: Error: The server returned an invalid or unrecognized response
ErrorCode: 14007(0x36b7).

Error: (04/02/2012 11:34:56 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2012 10:26:07 PM) (Source: CVHSVC)(User: )
Description: Error: The server returned an invalid or unrecognized response
ErrorCode: 14007(0x36b7).

Error: (04/01/2012 09:38:07 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2012 11:04:28 AM) (Source: CVHSVC)(User: )
Description: Error: The server returned an invalid or unrecognized response
ErrorCode: 14007(0x36b7).

Error: (04/01/2012 10:51:57 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

7-Zip 9.22beta
Adobe Flash Player 10 ActiveX (Version: 10.3.181.23)
Adobe Flash Player 10 Plugin (Version: 10.3.181.22)
Adobe Reader X MUI (Version: 10.0.0)
Advanced Audio FX Engine (Version: 1.12.05)
Bing Bar (Version: 6.0.2282.0)
Bing Bar Platform (Version: 6.0.2282.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
CutePDF Writer 2.8
D3DX10 (Version: 15.4.2368.0902)
Dell DataSafe Local Backup - Support Software (Version: 9.4.55)
Dell DataSafe Local Backup (Version: 9.4.55)
Dell Digital Delivery (Version: 2.0.1012.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell MusicStage (Version: 1.5.201.0)
Dell PhotoStage (Version: 1.5.0.65)
Dell Stage (Version: 1.5.201.0)
Dell Support Center (Version: 3.1.5803.11)
Dell Touchpad (Version: 7.1209.101.204)
Dell VideoStage (Version: 1.2.0.1712)
Dell Webcam Central (Version: 2.00.44)
DirectX 9 Runtime (Version: 1.00.0000)
eBay (Version: 1.4.0)
GoToAssist 8.0.0.514
IDT Audio (Version: 1.0.6324.0)
Intel PROSet Wireless
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 7.0.0.1118)
Intel® Processor Graphics (Version: 8.15.10.2361)
Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 1.0.0.0454)
Intel® PROSet/Wireless WiFi Software (Version: 14.2.0000)
Intel® Rapid Storage Technology (Version: 10.1.0.1008)
Intel® Turbo Boost Technology Monitor 2.0 (Version: 2.1.23.0)
Intel® WiDi (Version: 2.1.35.0)
Intel® Wireless Display
Internet Explorer (Version: 8)
Java™ 6 Update 24 (64-bit) (Version: 6.0.240)
Junk Mail filter update (Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
McAfee SecurityCenter (Version: 11.0.654)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Default Manager (Version: 2.2.114.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Search Enhancement Pack (Version: 3.0.131.0)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
PhotoShowExpress (Version: 2.0.063)
Quickset64 (Version: 10.09.20)
RBVirtualFolder64Inst (Version: 1.00.0000)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek Ethernet Controller Driver (Version: 7.31.1025.2010)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30126)
RealUpgrade 1.1 (Version: 1.1.0)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.32.0)
Roxio Activation Module (Version: 1.0)
Roxio BackOnTrack (Version: 1.3.3)
Roxio Burn (Version: 1.8)
Roxio Creator Starter (Version: 1.0.439)
Roxio Creator Starter (Version: 12.1.77.0)
Roxio Creator Starter (Version: 5.0.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
Skype Toolbars (Version: 1.0.4051)
Skype™ 4.2 (Version: 4.2.169)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
SpywareBlaster 4.6 (Version: 4.6.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)

========================= Memory info: ===================================

Percentage of memory in use: 30%
Total physical RAM: 6051.17 MB
Available physical RAM: 4219.93 MB
Total Pagefile: 12100.54 MB
Available Pagefile: 9880.05 MB
Total Virtual: 4095.88 MB
Available Virtual: 3977.55 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:409.04 GB) NTFS

========================= Users: ========================================

User accounts for \\DAVID-PC

Administrator David Guest


**** End of log ****


23:24:31.0750 6388 TDSS rootkit removing tool 2.7.24.0 Apr 2 2012 10:31:48
23:24:33.0840 6388 ============================================================
23:24:33.0840 6388 Current date / time: 2012/04/02 23:24:33.0840
23:24:33.0840 6388 SystemInfo:
23:24:33.0840 6388
23:24:33.0840 6388 OS Version: 6.1.7601 ServicePack: 1.0
23:24:33.0840 6388 Product type: Workstation
23:24:33.0840 6388 ComputerName: DAVID-PC
23:24:33.0840 6388 UserName: David
23:24:33.0840 6388 Windows directory: C:\windows
23:24:33.0840 6388 System windows directory: C:\windows
23:24:33.0840 6388 Running under WOW64
23:24:33.0840 6388 Processor architecture: Intel x64
23:24:33.0840 6388 Number of processors: 4
23:24:33.0840 6388 Page size: 0x1000
23:24:33.0840 6388 Boot type: Normal boot
23:24:33.0840 6388 ============================================================
23:24:34.0370 6388 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:24:34.0386 6388 \Device\Harddisk0\DR0:
23:24:34.0386 6388 MBR used
23:24:34.0386 6388 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
23:24:34.0386 6388 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030
23:24:34.0448 6388 Initialize success
23:24:34.0448 6388 ============================================================
23:24:47.0958 3920 ============================================================
23:24:47.0958 3920 Scan started
23:24:47.0958 3920 Mode: Manual; TDLFS;
23:24:47.0958 3920 ============================================================
23:24:48.0800 3920 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
23:24:48.0800 3920 1394ohci - ok
23:24:49.0237 3920 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
23:24:49.0253 3920 ACPI - ok
23:24:49.0674 3920 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
23:24:49.0690 3920 AcpiPmi - ok
23:24:50.0189 3920 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
23:24:50.0204 3920 adp94xx - ok
23:24:50.0672 3920 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
23:24:50.0688 3920 adpahci - ok
23:24:51.0140 3920 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
23:24:51.0156 3920 adpu320 - ok
23:24:51.0515 3920 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
23:24:51.0515 3920 AeLookupSvc - ok
23:24:51.0655 3920 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
23:24:51.0671 3920 AESTFilters - ok
23:24:52.0123 3920 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
23:24:52.0123 3920 AFD - ok
23:24:52.0591 3920 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
23:24:52.0591 3920 agp440 - ok
23:24:52.0934 3920 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
23:24:52.0934 3920 ALG - ok
23:24:53.0387 3920 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
23:24:53.0387 3920 aliide - ok
23:24:53.0824 3920 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
23:24:53.0839 3920 amdide - ok
23:24:54.0276 3920 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
23:24:54.0276 3920 AmdK8 - ok
23:24:54.0697 3920 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
23:24:54.0697 3920 AmdPPM - ok
23:24:55.0134 3920 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
23:24:55.0134 3920 amdsata - ok
23:24:55.0571 3920 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
23:24:55.0571 3920 amdsbs - ok
23:24:56.0210 3920 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
23:24:56.0210 3920 amdxata - ok
23:24:57.0068 3920 AMPPAL (7d9e301ab3247765702d0b65e2e47e50) C:\windows\system32\DRIVERS\AMPPAL.sys
23:24:57.0068 3920 AMPPAL - ok
23:24:57.0833 3920 AMPPALP (7d9e301ab3247765702d0b65e2e47e50) C:\windows\system32\DRIVERS\amppal.sys
23:24:57.0833 3920 AMPPALP - ok
23:24:58.0254 3920 AMPPALR3 (864c632b999be1237a3dc46736e71f27) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
23:24:58.0270 3920 AMPPALR3 - ok
23:24:58.0706 3920 ApfiltrService (24ed0eb2b2558970176ecee680f8f806) C:\windows\system32\DRIVERS\Apfiltr.sys
23:24:58.0722 3920 ApfiltrService - ok
23:24:59.0190 3920 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
23:24:59.0190 3920 AppID - ok
23:24:59.0767 3920 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
23:24:59.0767 3920 AppIDSvc - ok
23:25:00.0376 3920 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
23:25:00.0376 3920 Appinfo - ok
23:25:01.0358 3920 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
23:25:01.0358 3920 arc - ok
23:25:02.0638 3920 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
23:25:02.0685 3920 arcsas - ok
23:25:03.0558 3920 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:25:03.0605 3920 aspnet_state - ok
23:25:04.0697 3920 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
23:25:04.0697 3920 AsyncMac - ok
23:25:05.0758 3920 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
23:25:05.0758 3920 atapi - ok
23:25:06.0881 3920 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
23:25:07.0084 3920 AudioEndpointBuilder - ok
23:25:07.0443 3920 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
23:25:07.0458 3920 AudioSrv - ok
23:25:08.0488 3920 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
23:25:08.0503 3920 AxInstSV - ok
23:25:09.0720 3920 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
23:25:09.0751 3920 b06bdrv - ok
23:25:11.0015 3920 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
23:25:11.0015 3920 b57nd60a - ok
23:25:11.0826 3920 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
23:25:11.0826 3920 BDESVC - ok
23:25:12.0965 3920 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
23:25:12.0965 3920 Beep - ok
23:25:14.0073 3920 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
23:25:14.0088 3920 BFE - ok
23:25:15.0180 3920 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
23:25:15.0196 3920 BITS - ok
23:25:16.0397 3920 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
23:25:16.0413 3920 blbdrive - ok
23:25:16.0834 3920 Bluetooth Device Monitor (093b1b419ef25b15d3a1ca6953f41afb) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
23:25:16.0849 3920 Bluetooth Device Monitor - ok
23:25:17.0271 3920 Bluetooth Media Service (03a7341e94acd92e0831336d4f3ace92) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
23:25:17.0286 3920 Bluetooth Media Service - ok
23:25:18.0519 3920 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
23:25:18.0519 3920 bowser - ok
23:25:19.0642 3920 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
23:25:19.0642 3920 BrFiltLo - ok
23:25:20.0874 3920 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
23:25:20.0874 3920 BrFiltUp - ok
23:25:21.0654 3920 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
23:25:21.0670 3920 Browser - ok
23:25:23.0121 3920 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
23:25:23.0121 3920 Brserid - ok
23:25:24.0322 3920 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
23:25:24.0353 3920 BrSerWdm - ok
23:25:25.0414 3920 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
23:25:25.0414 3920 BrUsbMdm - ok
23:25:26.0615 3920 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
23:25:26.0615 3920 BrUsbSer - ok
23:25:27.0879 3920 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
23:25:27.0879 3920 BthEnum - ok
23:25:29.0111 3920 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
23:25:29.0127 3920 BTHMODEM - ok
23:25:29.0969 3920 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
23:25:29.0985 3920 BthPan - ok
23:25:31.0201 3920 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys
23:25:31.0217 3920 BTHPORT - ok
23:25:32.0278 3920 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
23:25:32.0278 3920 bthserv - ok
23:25:32.0481 3920 BTHSSecurityMgr (9e2af97302b9f4bf97e952a865eb31ae) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
23:25:32.0481 3920 BTHSSecurityMgr - ok
23:25:33.0713 3920 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys
23:25:33.0713 3920 BTHUSB - ok
23:25:35.0117 3920 btmaux (16c1bac9760c9fa85a30f3fa0fbb1b7a) C:\windows\system32\DRIVERS\btmaux.sys
23:25:35.0133 3920 btmaux - ok
23:25:36.0599 3920 btmhsf (0c468d8da95be16bfdd380bb9de88259) C:\windows\system32\DRIVERS\btmhsf.sys
23:25:36.0599 3920 btmhsf - ok
23:25:37.0847 3920 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
23:25:37.0847 3920 cdfs - ok
23:25:39.0079 3920 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
23:25:39.0095 3920 cdrom - ok
23:25:40.0000 3920 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
23:25:40.0031 3920 CertPropSvc - ok
23:25:41.0217 3920 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\windows\system32\drivers\cfwids.sys
23:25:41.0232 3920 cfwids - ok
23:25:42.0293 3920 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
23:25:42.0293 3920 circlass - ok
23:25:43.0213 3920 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
23:25:43.0213 3920 CLFS - ok
23:25:44.0025 3920 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:25:44.0040 3920 clr_optimization_v2.0.50727_32 - ok
23:25:44.0680 3920 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:25:44.0695 3920 clr_optimization_v2.0.50727_64 - ok
23:25:45.0507 3920 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:25:45.0850 3920 clr_optimization_v4.0.30319_32 - ok
23:25:46.0677 3920 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:25:46.0739 3920 clr_optimization_v4.0.30319_64 - ok
23:25:47.0800 3920 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
23:25:47.0800 3920 CmBatt - ok
23:25:49.0079 3920 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
23:25:49.0095 3920 cmdide - ok
23:25:50.0405 3920 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
23:25:50.0421 3920 CNG - ok
23:25:51.0622 3920 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
23:25:51.0622 3920 Compbatt - ok
23:25:52.0792 3920 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
23:25:52.0807 3920 CompositeBus - ok
23:25:53.0525 3920 COMSysApp - ok
23:25:54.0664 3920 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
23:25:54.0679 3920 crcdisk - ok
23:25:55.0615 3920 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
23:25:55.0631 3920 CryptSvc - ok
23:25:56.0973 3920 CtClsFlt (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\windows\system32\DRIVERS\CtClsFlt.sys
23:25:57.0004 3920 CtClsFlt - ok
23:25:57.0612 3920 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
23:25:57.0659 3920 cvhsvc - ok
23:25:58.0486 3920 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
23:25:58.0501 3920 DcomLaunch - ok
23:25:59.0094 3920 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
23:25:59.0094 3920 defragsvc - ok
23:25:59.0406 3920 DellDigitalDelivery (742e683ce96ec699ad74926f4f65551d) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
23:25:59.0406 3920 DellDigitalDelivery - ok
23:26:00.0405 3920 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
23:26:00.0420 3920 DfsC - ok
23:26:01.0138 3920 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
23:26:01.0153 3920 Dhcp - ok
23:26:02.0355 3920 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
23:26:02.0355 3920 discache - ok
23:26:03.0493 3920 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
23:26:03.0493 3920 Disk - ok
23:26:04.0414 3920 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
23:26:04.0429 3920 Dnscache - ok
23:26:05.0241 3920 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
23:26:05.0256 3920 dot3svc - ok
23:26:05.0958 3920 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
23:26:05.0974 3920 DPS - ok
23:26:06.0832 3920 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
23:26:06.0832 3920 drmkaud - ok
23:26:07.0799 3920 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
23:26:07.0815 3920 DXGKrnl - ok
23:26:08.0657 3920 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
23:26:08.0688 3920 EapHost - ok
23:26:10.0279 3920 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
23:26:10.0373 3920 ebdrv - ok
23:26:11.0013 3920 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
23:26:11.0028 3920 EFS - ok
23:26:11.0496 3920 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
23:26:11.0512 3920 ehRecvr - ok
23:26:11.0574 3920 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
23:26:11.0574 3920 ehSched - ok
23:26:12.0713 3920 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
23:26:12.0729 3920 elxstor - ok
23:26:13.0961 3920 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
23:26:13.0961 3920 ErrDev - ok
23:26:14.0803 3920 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
23:26:14.0819 3920 EventSystem - ok
23:26:15.0271 3920 EvtEng (e3a96d5ae6e5c7b5472011ba77353368) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
23:26:15.0318 3920 EvtEng - ok
23:26:16.0473 3920 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
23:26:16.0473 3920 exfat - ok
23:26:17.0549 3920 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
23:26:17.0565 3920 fastfat - ok
23:26:18.0610 3920 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
23:26:18.0625 3920 Fax - ok
23:26:19.0655 3920 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
23:26:19.0671 3920 fdc - ok
23:26:20.0404 3920 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
23:26:20.0419 3920 fdPHost - ok
23:26:21.0106 3920 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
23:26:21.0106 3920 FDResPub - ok
23:26:22.0307 3920 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
23:26:22.0307 3920 FileInfo - ok
23:26:23.0290 3920 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
23:26:23.0290 3920 Filetrace - ok
23:26:24.0288 3920 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
23:26:24.0288 3920 flpydisk - ok
23:26:25.0536 3920 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
23:26:25.0552 3920 FltMgr - ok
23:26:26.0472 3920 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
23:26:26.0535 3920 FontCache - ok
23:26:27.0112 3920 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:26:27.0112 3920 FontCache3.0.0.0 - ok
23:26:27.0939 3920 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
23:26:27.0939 3920 FsDepends - ok
23:26:28.0812 3920 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
23:26:28.0812 3920 Fs_Rec - ok
23:26:29.0623 3920 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
23:26:29.0623 3920 fvevol - ok
23:26:30.0653 3920 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
23:26:30.0653 3920 gagp30kx - ok
23:26:30.0965 3920 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
23:26:30.0965 3920 GoToAssist - ok
23:26:31.0917 3920 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
23:26:31.0948 3920 gpsvc - ok
23:26:33.0196 3920 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
23:26:33.0196 3920 hcw85cir - ok
23:26:34.0397 3920 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
23:26:34.0413 3920 HdAudAddService - ok
23:26:35.0645 3920 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
23:26:35.0645 3920 HDAudBus - ok
23:26:36.0659 3920 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
23:26:36.0659 3920 HidBatt - ok
23:26:37.0486 3920 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
23:26:37.0486 3920 HidBth - ok
23:26:38.0687 3920 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
23:26:38.0687 3920 HidIr - ok
23:26:39.0436 3920 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
23:26:39.0436 3920 hidserv - ok
23:26:40.0575 3920 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
23:26:40.0590 3920 HidUsb - ok
23:26:41.0557 3920 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
23:26:41.0557 3920 hkmsvc - ok
23:26:42.0259 3920 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
23:26:42.0275 3920 HomeGroupListener - ok
23:26:42.0930 3920 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
23:26:42.0946 3920 HomeGroupProvider - ok
23:26:44.0053 3920 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
23:26:44.0069 3920 HpSAMD - ok
23:26:45.0192 3920 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
23:26:45.0208 3920 HTTP - ok
23:26:46.0347 3920 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
23:26:46.0347 3920 hwpolicy - ok
23:26:47.0439 3920 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
23:26:47.0439 3920 i8042prt - ok
23:26:48.0531 3920 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\windows\system32\DRIVERS\iaStor.sys
23:26:48.0546 3920 iaStor - ok
23:26:49.0014 3920 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
23:26:49.0014 3920 IAStorDataMgrSvc - ok
23:26:50.0169 3920 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
23:26:50.0169 3920 iaStorV - ok
23:26:51.0417 3920 iBtFltCoex (fc85972037815fa7b413e790b426acb2) C:\windows\system32\DRIVERS\iBtFltCoex.sys
23:26:51.0432 3920 iBtFltCoex - ok
23:26:52.0056 3920 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:26:52.0072 3920 idsvc - ok
23:26:54.0630 3920 igfx (174bcac474de13b2650e444cf124828e) C:\windows\system32\DRIVERS\igdkmd64.sys
23:26:54.0833 3920 igfx - ok
23:26:56.0019 3920 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
23:26:56.0019 3920 iirsp - ok
23:26:57.0017 3920 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
23:26:57.0064 3920 IKEEXT - ok
23:26:58.0281 3920 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\windows\system32\drivers\intelaud.sys
23:26:58.0296 3920 intaud_WaveExtensible - ok
23:26:59.0092 3920 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
23:26:59.0108 3920 IntcDAud - ok
23:26:59.0763 3920 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
23:26:59.0778 3920 intelide - ok
23:27:00.0839 3920 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
23:27:00.0839 3920 intelppm - ok
23:27:01.0604 3920 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
23:27:01.0619 3920 IPBusEnum - ok
23:27:02.0680 3920 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
23:27:02.0680 3920 IpFilterDriver - ok
23:27:03.0429 3920 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
23:27:03.0460 3920 iphlpsvc - ok
23:27:04.0692 3920 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
23:27:04.0692 3920 IPMIDRV - ok
23:27:06.0081 3920 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
23:27:06.0081 3920 IPNAT - ok
23:27:07.0391 3920 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
23:27:07.0391 3920 IRENUM - ok
23:27:08.0717 3920 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
23:27:08.0717 3920 isapnp - ok
23:27:10.0012 3920 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
23:27:10.0012 3920 iScsiPrt - ok
23:27:11.0447 3920 iwdbus (716f66336f10885d935b08174dc54242) C:\windows\system32\DRIVERS\iwdbus.sys
23:27:11.0447 3920 iwdbus - ok
23:27:12.0648 3920 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
23:27:12.0664 3920 kbdclass - ok
23:27:14.0084 3920 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
23:27:14.0084 3920 kbdhid - ok
23:27:15.0129 3920 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
23:27:15.0129 3920 KeyIso - ok
23:27:16.0424 3920 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
23:27:16.0439 3920 KSecDD - ok
23:27:17.0640 3920 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
23:27:17.0640 3920 KSecPkg - ok
23:27:18.0888 3920 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
23:27:18.0888 3920 ksthunk - ok
23:27:19.0731 3920 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
23:27:19.0746 3920 KtmRm - ok
23:27:20.0667 3920 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
23:27:20.0698 3920 LanmanServer - ok
23:27:21.0618 3920 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
23:27:21.0618 3920 LanmanWorkstation - ok
23:27:22.0820 3920 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
23:27:22.0820 3920 lltdio - ok
23:27:23.0834 3920 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
23:27:23.0849 3920 lltdsvc - ok
23:27:24.0879 3920 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
23:27:24.0894 3920 lmhosts - ok
23:27:25.0378 3920 LMS (0803906d607a9b83184447b75b60ecc2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
23:27:25.0378 3920 LMS - ok
23:27:26.0423 3920 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
23:27:26.0439 3920 LSI_FC - ok
23:27:27.0609 3920 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
23:27:27.0609 3920 LSI_SAS - ok
23:27:28.0654 3920 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
23:27:28.0654 3920 LSI_SAS2 - ok
23:27:30.0011 3920 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
23:27:30.0011 3920 LSI_SCSI - ok
23:27:31.0244 3920 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
23:27:31.0244 3920 luafv - ok
23:27:31.0712 3920 McAWFwk (b6bd99c3e23507a732c474caa620c0d7) c:\PROGRA~1\mcafee\msc\mcawfwk.exe
23:27:31.0743 3920 McAWFwk - ok
23:27:32.0164 3920 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:27:32.0164 3920 McMPFSvc - ok
23:27:32.0382 3920 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
23:27:32.0382 3920 mcmscsvc - ok
23:27:32.0398 3920 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
23:27:32.0398 3920 McNaiAnn - ok
23:27:32.0460 3920 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
23:27:32.0460 3920 McNASvc - ok
23:27:32.0897 3920 McODS (b3914a7c97a81acb1e9befe07e4c387f) C:\Program Files\mcafee\VirusScan\mcods.exe
23:27:32.0913 3920 McODS - ok
23:27:33.0256 3920 McOobeSv (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
23:27:33.0256 3920 McOobeSv - ok
23:27:33.0272 3920 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
23:27:33.0272 3920 McProxy - ok
23:27:33.0584 3920 McShield (4a463d645b48bb487ca7df12ba5d1602) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
23:27:33.0599 3920 McShield - ok
23:27:34.0488 3920 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
23:27:34.0504 3920 Mcx2Svc - ok
23:27:35.0627 3920 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
23:27:35.0627 3920 megasas - ok
23:27:36.0844 3920 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
23:27:36.0860 3920 MegaSR - ok
23:27:37.0842 3920 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\windows\system32\DRIVERS\HECIx64.sys
23:27:37.0858 3920 MEIx64 - ok
23:27:39.0215 3920 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\windows\system32\drivers\mfeapfk.sys
23:27:39.0215 3920 mfeapfk - ok
23:27:40.0775 3920 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\windows\system32\drivers\mfeavfk.sys
23:27:40.0775 3920 mfeavfk - ok
23:27:41.0961 3920 mfeavfk01 - ok
23:27:42.0226 3920 mfefire (c53b7aba204d9f7e9568ec147a1485c5) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
23:27:42.0226 3920 mfefire - ok
23:27:43.0412 3920 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\windows\system32\drivers\mfefirek.sys
23:27:43.0412 3920 mfefirek - ok
23:27:45.0018 3920 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\windows\system32\drivers\mfehidk.sys
23:27:45.0034 3920 mfehidk - ok
23:27:46.0235 3920 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\windows\system32\DRIVERS\mfenlfk.sys
23:27:46.0235 3920 mfenlfk - ok
23:27:47.0187 3920 mferkdet (65776bd8029e409935b90de30bf99526) C:\windows\system32\drivers\mferkdet.sys
23:27:47.0202 3920 mferkdet - ok
23:27:47.0982 3920 mfevtp (8f3b3c3625e3aaa11d6d4db8423e1721) C:\Windows\system32\mfevtps.exe
23:27:47.0998 3920 mfevtp - ok
23:27:49.0246 3920 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\windows\system32\drivers\mfewfpk.sys
23:27:49.0262 3920 mfewfpk - ok
23:27:50.0151 3920 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
23:27:50.0166 3920 MMCSS - ok
23:27:51.0336 3920 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
23:27:51.0336 3920 Modem - ok
23:27:52.0506 3920 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
23:27:52.0506 3920 monitor - ok
23:27:53.0583 3920 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
23:27:53.0598 3920 mouclass - ok
23:27:54.0909 3920 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys
23:27:54.0909 3920 mouhid - ok
23:27:56.0063 3920 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
23:27:56.0079 3920 mountmgr - ok
23:27:57.0124 3920 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\windows\system32\DRIVERS\MpFilter.sys
23:27:57.0124 3920 MpFilter - ok
23:27:57.0795 3920 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
23:27:57.0795 3920 mpio - ok
23:27:58.0856 3920 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\windows\system32\DRIVERS\MpNWMon.sys
23:27:58.0856 3920 MpNWMon - ok
23:28:00.0057 3920 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
23:28:00.0072 3920 mpsdrv - ok
23:28:01.0008 3920 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
23:28:01.0024 3920 MpsSvc - ok
23:28:02.0319 3920 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
23:28:02.0319 3920 MRxDAV - ok
23:28:03.0224 3920 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
23:28:03.0224 3920 mrxsmb - ok
23:28:03.0910 3920 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
23:28:03.0926 3920 mrxsmb10 - ok
23:28:04.0784 3920 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
23:28:04.0784 3920 mrxsmb20 - ok
23:28:05.0860 3920 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
23:28:05.0860 3920 msahci - ok
23:28:06.0952 3920 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
23:28:06.0968 3920 msdsm - ok
23:28:07.0716 3920 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
23:28:07.0716 3920 MSDTC - ok
23:28:08.0715 3920 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
23:28:08.0730 3920 Msfs - ok
23:28:09.0838 3920 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
23:28:09.0838 3920 mshidkmdf - ok
23:28:11.0195 3920 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
23:28:11.0195 3920 msisadrv - ok
23:28:11.0975 3920 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
23:28:11.0975 3920 MSiSCSI - ok
23:28:12.0630 3920 msiserver - ok
23:28:12.0896 3920 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:28:12.0911 3920 MSK80Service - ok
23:28:14.0019 3920 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
23:28:14.0019 3920 MSKSSRV - ok
23:28:14.0331 3920 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
23:28:14.0331 3920 MsMpSvc - ok
23:28:15.0251 3920 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
23:28:15.0267 3920 MSPCLOCK - ok
23:28:16.0312 3920 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
23:28:16.0312 3920 MSPQM - ok
23:28:17.0217 3920 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
23:28:17.0217 3920 MsRPC - ok
23:28:18.0278 3920 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
23:28:18.0278 3920 mssmbios - ok
23:28:19.0323 3920 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
23:28:19.0323 3920 MSTEE - ok
23:28:20.0399 3920 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
23:28:20.0415 3920 MTConfig - ok
23:28:21.0413 3920 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
23:28:21.0413 3920 Mup - ok
23:28:21.0741 3920 MyWiFiDHCPDNS (8f57db74bf5407a4cda6c8b005dc8dd0) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
23:28:21.0741 3920 MyWiFiDHCPDNS - ok
23:28:22.0661 3920 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
23:28:22.0677 3920 napagent - ok
23:28:23.0878 3920 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
23:28:23.0894 3920 NativeWifiP - ok
23:28:25.0110 3920 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
23:28:25.0142 3920 NDIS - ok
23:28:26.0312 3920 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
23:28:26.0312 3920 NdisCap - ok
23:28:27.0154 3920 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
23:28:27.0170 3920 NdisTapi - ok
23:28:27.0918 3920 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
23:28:27.0918 3920 Ndisuio - ok
23:28:29.0244 3920 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
23:28:29.0244 3920 NdisWan - ok
23:28:30.0524 3920 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
23:28:30.0524 3920 NDProxy - ok
23:28:31.0772 3920 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
23:28:31.0772 3920 NetBIOS - ok
23:28:32.0988 3920 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
23:28:32.0988 3920 NetBT - ok
23:28:33.0862 3920 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
23:28:33.0862 3920 Netlogon - ok
23:28:34.0845 3920 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
23:28:34.0860 3920 Netman - ok
23:28:35.0656 3920 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:28:35.0656 3920 NetMsmqActivator - ok
23:28:35.0672 3920 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:28:35.0672 3920 NetPipeActivator - ok
23:28:36.0561 3920 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
23:28:36.0592 3920 netprofm - ok
23:28:37.0232 3920 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:28:37.0232 3920 NetTcpActivator - ok
23:28:37.0247 3920 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:28:37.0247 3920 NetTcpPortSharing - ok
23:28:38.0979 3920 NETwNs64 (50ad7f7040c22bb7caa59a0880875a21) C:\windows\system32\DRIVERS\NETwNs64.sys
23:28:39.0166 3920 NETwNs64 - ok
23:28:40.0196 3920 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
23:28:40.0196 3920 nfrd960 - ok
23:28:41.0163 3920 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\windows\system32\DRIVERS\NisDrvWFP.sys
23:28:41.0163 3920 NisDrv - ok
23:28:41.0288 3920 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
23:28:41.0288 3920 NisSrv - ok
23:28:42.0005 3920 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
23:28:42.0021 3920 NlaSvc - ok
23:28:42.0988 3920 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
23:28:42.0988 3920 Npfs - ok
23:28:43.0581 3920 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
23:28:43.0596 3920 nsi - ok
23:28:44.0408 3920 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
23:28:44.0408 3920 nsiproxy - ok
23:28:45.0437 3920 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
23:28:45.0500 3920 Ntfs - ok
23:28:46.0295 3920 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
23:28:46.0295 3920 Null - ok
23:28:47.0294 3920 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\windows\system32\DRIVERS\nusb3hub.sys
23:28:47.0294 3920 nusb3hub - ok
23:28:48.0386 3920 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\windows\system32\DRIVERS\nusb3xhc.sys
23:28:48.0386 3920 nusb3xhc - ok
23:28:49.0431 3920 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
23:28:49.0446 3920 nvraid - ok
23:28:50.0476 3920 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
23:28:50.0476 3920 nvstor - ok
23:28:51.0287 3920 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
23:28:51.0287 3920 nv_agp - ok
23:28:52.0208 3920 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
23:28:52.0208 3920 ohci1394 - ok
23:28:52.0411 3920 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:28:52.0426 3920 ose - ok
23:28:53.0097 3920 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:28:53.0300 3920 osppsvc - ok
23:28:54.0017 3920 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
23:28:54.0033 3920 p2pimsvc - ok
23:28:54.0407 3920 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
23:28:54.0439 3920 p2psvc - ok
23:28:54.0891 3920 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
23:28:54.0891 3920 Parport - ok
23:28:55.0484 3920 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
23:28:55.0484 3920 partmgr - ok
23:28:56.0264 3920 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
23:28:56.0279 3920 PcaSvc - ok
23:28:56.0950 3920 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
23:28:56.0950 3920 pci - ok
23:28:57.0839 3920 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
23:28:57.0839 3920 pciide - ok
23:28:58.0791 3920 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
23:28:58.0807 3920 pcmcia - ok
23:28:59.0524 3920 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
23:28:59.0524 3920 pcw - ok
23:29:00.0538 3920 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
23:29:00.0554 3920 PEAUTH - ok
23:29:01.0147 3920 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
23:29:01.0365 3920 PerfHost - ok
23:29:02.0254 3920 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
23:29:02.0270 3920 pla - ok
23:29:03.0128 3920 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
23:29:03.0143 3920 PlugPlay - ok
23:29:03.0783 3920 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
23:29:03.0799 3920 PNRPAutoReg - ok
23:29:04.0423 3920 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
23:29:04.0438 3920 PNRPsvc - ok
23:29:05.0343 3920 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
23:29:05.0374 3920 PolicyAgent - ok
23:29:06.0279 3920 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
23:29:06.0279 3920 Power - ok
23:29:07.0106 3920 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
23:29:07.0121 3920 PptpMiniport - ok
23:29:08.0135 3920 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
23:29:08.0135 3920 Processor - ok
23:29:08.0853 3920 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
23:29:08.0884 3920 ProfSvc - ok
23:29:09.0836 3920 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
23:29:09.0883 3920 ProtectedStorage - ok
23:29:10.0819 3920 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
23:29:10.0819 3920 Psched - ok
23:29:11.0755 3920 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\windows\system32\Drivers\PxHlpa64.sys
23:29:11.0770 3920 PxHlpa64 - ok
23:29:13.0034 3920 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
23:29:13.0081 3920 ql2300 - ok
23:29:14.0095 3920 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
23:29:14.0095 3920 ql40xx - ok
23:29:14.0781 3920 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
23:29:14.0797 3920 QWAVE - ok
23:29:16.0076 3920 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
23:29:16.0076 3920 QWAVEdrv - ok
23:29:17.0074 3920 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
23:29:17.0074 3920 RasAcd - ok
23:29:18.0041 3920 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
23:29:18.0041 3920 RasAgileVpn - ok
23:29:18.0728 3920 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
23:29:18.0728 3920 RasAuto - ok
23:29:19.0742 3920 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
23:29:19.0742 3920 Rasl2tp - ok
23:29:20.0506 3920 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
23:29:20.0506 3920 RasMan - ok
23:29:21.0770 3920 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
23:29:21.0785 3920 RasPppoe - ok
23:29:22.0909 3920 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
23:29:22.0909 3920 RasSstp - ok
23:29:23.0907 3920 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
23:29:23.0907 3920 rdbss - ok
23:29:24.0781 3920 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
23:29:24.0781 3920 rdpbus - ok
23:29:25.0717 3920 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
23:29:25.0717 3920 RDPCDD - ok
23:29:26.0762 3920 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
23:29:26.0762 3920 RDPENCDD - ok
23:29:27.0573 3920 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
23:29:27.0573 3920 RDPREFMP - ok
23:29:28.0493 3920 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
23:29:28.0493 3920 RDPWD - ok
23:29:30.0147 3920 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
23:29:30.0147 3920 rdyboost - ok
23:29:30.0397 3920 RegSrvc (fd11c1287d38a46fb72353e14d50089c) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
23:29:30.0412 3920 RegSrvc - ok
23:29:31.0177 3920 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
23:29:31.0177 3920 RemoteAccess - ok
23:29:31.0863 3920 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
23:29:31.0863 3920 RemoteRegistry - ok
23:29:32.0955 3920 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
23:29:32.0955 3920 RFCOMM - ok
23:29:33.0595 3920 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
23:29:33.0641 3920 RoxMediaDB12OEM - ok
23:29:34.0156 3920 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
23:29:34.0172 3920 RoxWatch12 - ok
23:29:34.0983 3920 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
23:29:34.0999 3920 RpcEptMapper - ok
23:29:35.0732 3920 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
23:29:35.0732 3920 RpcLocator - ok
23:29:36.0637 3920 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
23:29:36.0668 3920 RpcSs - ok
23:29:37.0682 3920 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
23:29:37.0682 3920 rspndr - ok
23:29:38.0836 3920 RSUSBSTOR (be29b0a3ac1e8bd02ffab8cee86badfa) C:\windows\system32\Drivers\RtsUStor.sys
23:29:38.0836 3920 RSUSBSTOR - ok
23:29:39.0944 3920 RTL8167 (2777226ee8bf50b059d7a7c90177e99c) C:\windows\system32\DRIVERS\Rt64win7.sys
23:29:39.0944 3920 RTL8167 - ok
23:29:40.0693 3920 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
23:29:40.0693 3920 SamSs - ok
23:29:41.0753 3920 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
23:29:41.0753 3920 sbp2port - ok
23:29:42.0409 3920 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
23:29:42.0409 3920 SCardSvr - ok
23:29:43.0423 3920 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
23:29:43.0454 3920 scfilter - ok
23:29:44.0374 3920 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
23:29:44.0421 3920 Schedule - ok
23:29:45.0248 3920 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
23:29:45.0248 3920 SCPolicySvc - ok
23:29:45.0965 3920 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
23:29:45.0981 3920 SDRSVC - ok
23:29:46.0168 3920 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
23:29:46.0215 3920 SeaPort - ok
23:29:47.0245 3920 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
23:29:47.0245 3920 secdrv - ok
23:29:47.0947 3920 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
23:29:47.0947 3920 seclogon - ok
23:29:48.0633 3920 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
23:29:48.0649 3920 SENS - ok
23:29:49.0397 3920 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
23:29:49.0397 3920 SensrSvc - ok
23:29:50.0396 3920 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
23:29:50.0396 3920 Serenum - ok
23:29:51.0457 3920 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
23:29:51.0472 3920 Serial - ok
23:29:52.0673 3920 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
23:29:52.0673 3920 sermouse - ok
23:29:53.0781 3920 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
23:29:53.0781 3920 SessionEnv - ok
23:29:54.0405 3920 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
23:29:54.0405 3920 sffdisk - ok
23:29:54.0904 3920 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
23:29:54.0904 3920 sffp_mmc - ok
23:29:55.0341 3920 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
23:29:55.0341 3920 sffp_sd - ok
23:29:56.0371 3920 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
23:29:56.0386 3920 sfloppy - ok
23:29:57.0416 3920 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
23:29:57.0447 3920 Sftfs - ok
23:29:57.0759 3920 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
23:29:57.0790 3920 sftlist - ok
23:29:58.0726 3920 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
23:29:58.0726 3920 Sftplay - ok
23:29:59.0522 3920 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
23:29:59.0522 3920 Sftredir - ok
23:30:00.0130 3920 SftService (6f36ee03af65de9aeb024809866d19b1) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
23:30:00.0193 3920 SftService - ok
23:30:01.0331 3920 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
23:30:01.0331 3920 Sftvol - ok
23:30:01.0675 3920 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
23:30:01.0675 3920 sftvsa - ok
23:30:03.0079 3920 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
23:30:03.0094 3920 SharedAccess - ok
23:30:03.0812 3920 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
23:30:03.0859 3920 ShellHWDetection - ok
23:30:05.0247 3920 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
23:30:05.0263 3920 SiSRaid2 - ok
23:30:06.0620 3920 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
23:30:06.0635 3920 SiSRaid4 - ok
23:30:08.0086 3920 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
23:30:08.0086 3920 Smb - ok
23:30:09.0085 3920 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
23:30:09.0100 3920 SNMPTRAP - ok
23:30:10.0021 3920 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
23:30:10.0021 3920 spldr - ok
23:30:10.0801 3920 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
23:30:10.0801 3920 Spooler - ok
23:30:11.0877 3920 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
23:30:11.0971 3920 sppsvc - ok
23:30:12.0860 3920 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
23:30:12.0891 3920 sppuinotify - ok
23:30:13.0687 3920 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
23:30:13.0702 3920 srv - ok
23:30:14.0139 3920 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
23:30:14.0139 3920 srv2 - ok
23:30:14.0623 3920 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
23:30:14.0638 3920 srvnet - ok
23:30:15.0075 3920 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
23:30:15.0091 3920 SSDPSRV - ok
23:30:15.0465 3920 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
23:30:15.0465 3920 SstpSvc - ok
23:30:15.0605 3920 STacSV (b2d8b364a831427a5741f6c408fa8ae3) C:\Program Files\IDT\WDM\STacSV64.exe
23:30:15.0652 3920 STacSV - ok
23:30:16.0089 3920 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
23:30:16.0089 3920 stexstor - ok
23:30:16.0588 3920 STHDA (ef5acde92ba3f691bbfef781cb063501) C:\windows\system32\DRIVERS\stwrt64.sys
23:30:16.0588 3920 STHDA - ok
23:30:17.0103 3920 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
23:30:17.0103 3920 stisvc - ok
23:30:17.0243 3920 stllssvr (7731f46ec0d687a931cba063e8f90ef0) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
23:30:17.0259 3920 stllssvr - ok
23:30:17.0711 3920 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
23:30:17.0711 3920 swenum - ok
23:30:18.0055 3920 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
23:30:18.0070 3920 swprv - ok
23:30:18.0569 3920 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
23:30:18.0663 3920 SysMain - ok
23:30:19.0022 3920 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
23:30:19.0037 3920 TabletInputService - ok
23:30:19.0396 3920 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
23:30:19.0396 3920 TapiSrv - ok
23:30:19.0755 3920 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
23:30:19.0771 3920 TBS - ok
23:30:20.0239 3920 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
23:30:20.0285 3920 Tcpip - ok
23:30:20.0847 3920 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
23:30:20.0847 3920 TCPIP6 - ok
23:30:21.0752 3920 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
23:30:21.0752 3920 tcpipreg - ok
23:30:22.0766 3920 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
23:30:22.0781 3920 TDPIPE - ok
23:30:23.0468 3920 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
23:30:23.0468 3920 TDTCP - ok
23:30:24.0092 3920 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
23:30:24.0092 3920 tdx - ok
23:30:24.0529 3920 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
23:30:24.0529 3920 TermDD - ok
23:30:24.0934 3920 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
23:30:24.0965 3920 TermService - ok
23:30:25.0324 3920 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
23:30:25.0324 3920 Themes - ok
23:30:25.0667 3920 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
23:30:25.0667 3920 THREADORDER - ok
23:30:26.0151 3920 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
23:30:26.0151 3920 TrkWks - ok
23:30:26.0369 3920 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
23:30:26.0369 3920 TrustedInstaller - ok
23:30:26.0791 3920 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
23:30:26.0791 3920 tssecsrv - ok
23:30:27.0274 3920 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
23:30:27.0274 3920 TsUsbFlt - ok
23:30:27.0477 3920 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
23:30:27.0477 3920 TsUsbGD - ok
23:30:27.0976 3920 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
23:30:27.0992 3920 tunnel - ok
23:30:28.0304 3920 TurboB (fd24f98d2898be093fe926604be7db99) C:\windows\system32\DRIVERS\TurboB.sys
23:30:28.0319 3920 TurboB - ok
23:30:28.0413 3920 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
23:30:28.0460 3920 TurboBoost - ok
23:30:28.0897 3920 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
23:30:28.0897 3920 uagp35 - ok
23:30:29.0333 3920 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
23:30:29.0333 3920 udfs - ok
23:30:29.0677 3920 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
23:30:29.0692 3920 UI0Detect - ok
23:30:30.0207 3920 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
23:30:30.0223 3920 uliagpkx - ok
23:30:30.0691 3920 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
23:30:30.0691 3920 umbus - ok
23:30:31.0283 3920 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
23:30:31.0283 3920 UmPass - ok
23:30:31.0471 3920 UNS (eb79c6c91a99930015ef29ae7fa802d1) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
23:30:31.0549 3920 UNS - ok
23:30:31.0923 3920 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
23:30:31.0939 3920 upnphost - ok
23:30:32.0687 3920 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\windows\system32\DRIVERS\usbccgp.sys
23:30:32.0687 3920 usbccgp - ok
23:30:33.0436 3920 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
23:30:33.0436 3920 usbcir - ok
23:30:33.0920 3920 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
23:30:33.0920 3920 usbehci - ok
23:30:34.0497 3920 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
23:30:34.0497 3920 usbhub - ok
23:30:34.0949 3920 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\windows\system32\drivers\usbohci.sys
23:30:34.0949 3920 usbohci - ok
23:30:35.0542 3920 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
23:30:35.0542 3920 usbprint - ok
23:30:36.0073 3920 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
23:30:36.0073 3920 USBSTOR - ok
23:30:36.0525 3920 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\windows\system32\drivers\usbuhci.sys
23:30:36.0525 3920 usbuhci - ok
23:30:37.0009 3920 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
23:30:37.0009 3920 usbvideo - ok
23:30:37.0383 3920 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
23:30:37.0383 3920 UxSms - ok
23:30:37.0430 3920 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
23:30:37.0430 3920 VaultSvc - ok
23:30:37.0867 3920 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
23:30:37.0882 3920 vdrvroot - ok
23:30:38.0241 3920 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
23:30:38.0272 3920 vds - ok
23:30:38.0771 3920 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
23:30:38.0771 3920 vga - ok
23:30:39.0208 3920 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
23:30:39.0208 3920 VgaSave - ok
23:30:39.0458 3920 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
23:30:39.0458 3920 vhdmp - ok
23:30:39.0505 3920 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
23:30:39.0505 3920 viaide - ok
23:30:39.0551 3920 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
23:30:39.0629 3920 volmgr - ok
23:30:39.0645 3920 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
23:30:39.0692 3920 volmgrx - ok
23:30:40.0160 3920 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
23:30:40.0175 3920 volsnap - ok
23:30:40.0612 3920 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
23:30:40.0628 3920 vsmraid - ok
23:30:41.0049 3920 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
23:30:41.0111 3920 VSS - ok
23:30:41.0236 3920 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
23:30:41.0236 3920 vwifibus - ok
23:30:41.0689 3920 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
23:30:41.0689 3920 vwififlt - ok
23:30:42.0125 3920 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
23:30:42.0125 3920 vwifimp - ok
23:30:42.0484 3920 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
23:30:42.0500 3920 W32Time - ok
23:30:42.0952 3920 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
23:30:42.0952 3920 WacomPen - ok
23:30:43.0451 3920 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
23:30:43.0467 3920 WANARP - ok
23:30:43.0467 3920 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
23:30:43.0483 3920 Wanarpv6 - ok
23:30:43.0888 3920 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
23:30:43.0935 3920 WatAdminSvc - ok
23:30:44.0575 3920 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
23:30:44.0637 3920 wbengine - ok
23:30:45.0012 3920 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
23:30:45.0012 3920 WbioSrvc - ok
23:30:45.0370 3920 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
23:30:45.0386 3920 wcncsvc - ok
23:30:45.0760 3920 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
23:30:45.0760 3920 WcsPlugInService - ok
23:30:45.0916 3920 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
23:30:45.0916 3920 Wd - ok
23:30:46.0384 3920 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
23:30:46.0400 3920 Wdf01000 - ok
23:30:46.0759 3920 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
23:30:46.0774 3920 WdiServiceHost - ok
23:30:46.0774 3920 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
23:30:46.0774 3920 WdiSystemHost - ok
23:30:47.0118 3920 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
23:30:47.0133 3920 WebClient - ok
23:30:47.0476 3920 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
23:30:47.0492 3920 Wecsvc - ok
23:30:47.0882 3920 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
23:30:47.0898 3920 wercplsupport - ok
23:30:48.0241 3920 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
23:30:48.0241 3920 WerSvc - ok
23:30:48.0693 3920 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
23:30:48.0693 3920 WfpLwf - ok
23:30:49.0146 3920 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
23:30:49.0146 3920 WimFltr - ok
23:30:49.0629 3920 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
23:30:49.0629 3920 WIMMount - ok
23:30:49.0816 3920 WinDefend - ok
23:30:49.0816 3920 WinHttpAutoProxySvc - ok
23:30:50.0362 3920 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
23:30:50.0378 3920 Winmgmt - ok
23:30:50.0784 3920 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
23:30:50.0846 3920 WinRM - ok
23:30:51.0220 3920 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
23:30:51.0236 3920 Wlansvc - ok
23:30:51.0330 3920 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:30:51.0392 3920 wlcrasvc - ok
23:30:51.0579 3920 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:30:51.0626 3920 wlidsvc - ok
23:30:52.0063 3920 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
23:30:52.0063 3920 WmiAcpi - ok
23:30:52.0531 3920 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
23:30:52.0531 3920 wmiApSrv - ok
23:30:52.0609 3920 WMPNetworkSvc - ok
23:30:52.0999 3920 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
23:30:52.0999 3920 WPCSvc - ok
23:30:53.0030 3920 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
23:30:53.0030 3920 WPDBusEnum - ok
23:30:53.0170 3920 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
23:30:53.0170 3920 ws2ifsl - ok
23:30:53.0529 3920 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
23:30:53.0529 3920 wscsvc - ok
23:30:53.0560 3920 WSearch - ok
23:30:53.0638 3920 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
23:30:53.0685 3920 wuauserv - ok
23:30:54.0153 3920 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
23:30:54.0153 3920 WudfPf - ok
23:30:54.0621 3920 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
23:30:54.0621 3920 WUDFRd - ok
23:30:54.0980 3920 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
23:30:54.0996 3920 wudfsvc - ok
23:30:55.0339 3920 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
23:30:55.0354 3920 WwanSvc - ok
23:30:55.0448 3920 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:30:55.0666 3920 \Device\Harddisk0\DR0 - ok
23:30:55.0666 3920 Boot (0x1200) (17e6064b18aa88ed8319b3238fe06a25) \Device\Harddisk0\DR0\Partition0
23:30:55.0666 3920 \Device\Harddisk0\DR0\Partition0 - ok
23:30:55.0698 3920 Boot (0x1200) (9353cf31a6ec515e78353d1600509a2f) \Device\Harddisk0\DR0\Partition1
23:30:55.0698 3920 \Device\Harddisk0\DR0\Partition1 - ok
23:30:55.0698 3920 ============================================================
23:30:55.0698 3920 Scan finished
23:30:55.0698 3920 ============================================================
23:30:55.0713 6348 Detected object count: 0
23:30:55.0713 6348 Actual detected object count: 0

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:57 AM

Posted 02 April 2012 - 10:46 PM

Edit,,,Yes that machine..

The problem is actually based in your router and that in turn is infecting all the other computers on your network.
Here is the entire fix(from the beginning) that you will need to run on each PC.

Please download Malwarebytes' Anti-Malware from Here or Here

Next disconnect your system from the internet, and your router, then…

Double Click mbam-setup.exe to install the application.
  • Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you don’t know the router's default password, you can look it up HERE

However, if there are other Zlob-infected machines using the same router, they will need to be cleared with the above steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings. You also need to reconfigure any security settings you had in place prior to the reset. Check out this site here for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Once you have ran Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router. Then return to this site to post your logs.


I have to go now,will look back in the morning.

Edited by boopme, 02 April 2012 - 10:48 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 montrealerdowner

montrealerdowner
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 02 April 2012 - 11:28 PM

Boopme,

Before following your instructions, I took the liberty to go back on the tennis forum that caused the redirection and went in its subforum that reported bugs and errors. There was a thread opened regarding the redirection. So I wasn't the only one experiencing the problem.

All three computers that were connected either by cable or wifi came up clean with Malwarebytes.

Here is my own log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.03.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
David :: DAVID-PC [administrator]

02/04/2012 11:51:29 PM
mbam-log-2012-04-02 (23-51-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 192422
Time elapsed: 2 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Edited by montrealerdowner, 02 April 2012 - 11:32 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:57 AM

Posted 03 April 2012 - 11:59 AM

Did you reset the router and is it still happening?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 montrealerdowner

montrealerdowner
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 03 April 2012 - 12:09 PM

1) Yes, I did reset the router.
2) I went back on the tennis forum and I did not get redirected!

Thank you so much Boopme!

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:57 AM

Posted 03 April 2012 - 12:39 PM

You're welcome.. I only see a Java update is needed.

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u3-windows-i586.exe (or jre-7u3-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 montrealerdowner

montrealerdowner
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 03 April 2012 - 02:22 PM

I have installed Java 7.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:57 AM

Posted 03 April 2012 - 02:26 PM

Excellent!!

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 montrealerdowner

montrealerdowner
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 03 April 2012 - 04:32 PM

I have created a new restore point and deleted all the restore points except the most recent one.

Edited by montrealerdowner, 03 April 2012 - 04:33 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users