Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Olmarik TDL 4 (Happili.com redirect)


  • This topic is locked This topic is locked
12 replies to this topic

#1 honky-kong-gorilla

honky-kong-gorilla

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 03 April 2012 - 09:11 AM

I believe I have been infected. Eset nod32 a/v 5 reports Olmarik.tdl4 in system memory, and can't be automatically cleaned. Some other information:

BIOS:AMD
OS: Win 7
Browser:Firefox
Anti-Virus: ESET Nod32 ver.5, Malwarebytes anti-malware, Hijackthis.


Here is my latest Hijackthis log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:11:13 AM, on 4/3/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TVService - Team MediaPortal - C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\TVService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10486 bytes

BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:16 AM

Posted 03 April 2012 - 02:36 PM

Good evening. :)

As HijackThis has not been seriously updated by Trend Micro in some time, it is now no longer considered to be an effective tool for malware removal. You will need to go here, follow steps 6, 7 and 8 and post accordingly into this thread.

So long, and thanks for all the fish.

 

 


#3 honky-kong-gorilla

honky-kong-gorilla
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 03 April 2012 - 05:17 PM

My apologies. I was actually looking for that thread. I did as requested, and here are the results:

DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by HackBox at 15:51:29 on 2012-04-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3692.1866 [GMT -5:00]
.
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\TVService.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [<NO NAME>]
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{246D3713-37DA-458F-A13A-9F5B306DA74D} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{246D3713-37DA-458F-A13A-9F5B306DA74D}\35368696C6C696E67602E4564777F627B6 : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{246D3713-37DA-458F-A13A-9F5B306DA74D}\65562796A7F6E6024425F49444850263835353 : DhcpNameServer = 192.168.42.1
TCP: Interfaces\{246D3713-37DA-458F-A13A-9F5B306DA74D}\C696E6B6379737 : DhcpNameServer = 209.124.193.101 209.124.193.100
TCP: Interfaces\{246D3713-37DA-458F-A13A-9F5B306DA74D}\D4963627F64556C6 : DhcpNameServer = 4.2.2.2 8.8.8.8 4.2.2.3
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun-x64: [(Default)]
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\HackBox\AppData\Roaming\Mozilla\Firefox\Profiles\2q7ozqv5.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?hl=en&tab=wm#inbox|http://www.facebook.com/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-7-5 365568]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-22 974944]
R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-4-21 514232]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-7-5 227384]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-6-14 26680]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-8-26 2375168]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-2 652360]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2011-12-6 386344]
R2 TVService;TVService;C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\TvService.exe [2011-9-24 212992]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 hwinterfacex64;hwinterfacex64;C:\Windows\system32\Drivers\hwinterfacex64.sys --> C:\Windows\system32\Drivers\hwinterfacex64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-5-23 1098296]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
S4 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-1-24 25824]
S4 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S4 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-03 16:42:20 20480 ----a-w- C:\Windows\svchost.exe
2012-04-03 13:46:46 388096 ----a-r- C:\Users\HackBox\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-03 13:46:46 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-04-03 09:29:57 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CD02BCE4-A151-4AE9-B0D8-E647D713F604}\mpengine.dll
2012-04-02 20:22:10 -------- d-----w- C:\Users\HackBox\AppData\Roaming\Malwarebytes
2012-04-02 20:22:02 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-02 20:22:00 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-02 20:21:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-31 20:33:17 -------- d-----w- C:\ProgramData\GoldWave
2012-03-31 20:30:12 -------- d-----w- C:\Program Files (x86)\GoldWave
2012-03-29 14:58:10 -------- d-----w- C:\Program Files (x86)\ADS Tech
2012-03-29 14:48:42 -------- d-----w- C:\Windows\SysWow64\PTV371 WHQL 1.0.0.50
2012-03-14 22:51:10 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-14 22:51:10 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 02:39:28 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 02:39:20 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 02:39:19 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 02:27:26 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 02:27:26 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 02:27:26 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 02:27:24 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 02:27:24 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-14 02:27:23 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 02:27:23 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-09 00:12:39 -------- d-----w- C:\Users\HackBox\AppData\Local\ESET
2012-03-08 20:05:33 86016 ----a-w- C:\Windows\unvise32.exe
2012-03-08 19:48:36 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes
2012-03-08 05:41:34 -------- d-----w- C:\Program Files\ESET
2012-03-08 04:59:18 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-03-07 23:35:02 -------- d-----w- C:\ProgramData\PreSonus
2012-03-07 23:35:00 -------- d-----w- C:\Users\HackBox\AppData\Roaming\PreSonus
2012-03-07 23:34:49 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-03-07 23:34:08 -------- d-----w- C:\Program Files\Common Files\Propellerhead Software
2012-03-07 23:34:05 -------- d-----w- C:\Program Files\PreSonus
2012-03-06 22:35:47 -------- d-----w- C:\Users\HackBox\AppData\Local\{128190D3-51CA-4B77-A406-84AA25A43274}
2012-03-05 02:28:03 -------- d-----w- C:\Users\HackBox\AppData\Local\{54FC2059-55F2-4454-97F5-BE72ED69AF8C}
2012-03-05 02:27:49 -------- d-----w- C:\Users\HackBox\AppData\Local\{9DD9A654-DF97-450A-B1F9-65396B5584D8}
2012-03-05 01:41:28 -------- d-----w- C:\Users\HackBox\AppData\Local\{7B4D6764-BA77-4EDD-802B-DC00E4B1F1A0}
2012-03-05 01:41:17 -------- d-----w- C:\Users\HackBox\AppData\Local\{4351DF51-721C-419E-AC41-22DF9FCDFE95}
2012-03-05 00:52:56 -------- d-----w- C:\Users\HackBox\AppData\Local\{16C62D03-7756-44EB-9B8D-C2EEFAF11501}
.
==================== Find3M ====================
.
2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-26 02:52:35 33019 ----a-w- C:\Windows\SysWow64\CoreAAC-uninstall.exe
.
============= FINISH: 15:53:45.97 ===============



GMER log:



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-03 17:12:48
Windows 6.1.7601 Service Pack 1
Running: gmer.exe


---- Files - GMER 1.0.15 ----

File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\ecstasy_0[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\Lab_Test[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\heart_story[1].jpg 10860 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\Herbs_and_Supplements[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\hg_1797[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\backcookie[2].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\log[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\the-matrix-revolutions_large[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\TogetherRx_Access[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\fpi[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\fpi[2].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\aspirin_9[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\217248_8029[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\feature-harry-potter-and-the-prisoner-of-azkaban-43895a4774d216b96eaacaf72dd9b470[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\feature-waynes-world-b904a2f488301c8104275602a79bfedd[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\fm[1].js 2859 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\crossdomain[1].xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\crossdomain[2].xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\dirty-harry_large[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\48296[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\5.2.11.300x250.rt_gs_cam[1].jpg 21491 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\groggy[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\Track[1].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\noimage[1].png 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\Pain[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\default[1].jpg 4706 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\coffeebeans[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\ros[1].js 2135 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\ros[2].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\blazing-saddles_large[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\sleep_3[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\smartad[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\dref=http%253A%252F%252Fwww.africa[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\dref=http%253A%252F%252Fwww.africa[2].js 619 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\mombaby_0[1].jpg 15018 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\whitepreggo[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\jarvis_300x250_2[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\estock_commonswiki_327501_o[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\fa[1].htm 505 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\fa[2].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\fa[4].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OAPKCX4\fa[5].htm 517 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9FOP6NIT\AdDisplayTrackerServlet[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9FOP6NIT\AdDisplayTrackerServlet[2].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9FOP6NIT\AdDisplayTrackerServlet[3].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9FOP6NIT\AdServerServlet[1].htm 1701 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9FOP6NIT\AdServerServlet[2].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9FOP6NIT\AdServerServlet[3].htm 1701 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TUJME8FP\PugTracker[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TUJME8FP\freq[1].htm 395 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U93ORL08\AdServerServlet[1].htm 1720 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\5YCOODMV.txt 97 bytes

---- EOF - GMER 1.0.15 ----

Attached Files



#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:16 AM

Posted 03 April 2012 - 05:37 PM

Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop.

  • You will then need to extract the file(s) from the zipped folder.
  • To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
    In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
    In the final window, click on Finish

  • Please close all open programs as this may result in a reboot being necessary.
  • Double click TDSSKiller.exe to begin.
  • Click Change parameters and check the two boxes under Additional Options.
  • Click Start scan and allow the tool to do just that.
  • One the scan has completed, if the tool has identified anything allow it to carry out it's default action(s) - you'll need to click Continue where appropriate.
  • Finally, if it prompts you to reboot your machine, please click Reboot Now and ensure that your machine does so.
  • If the scan finds nothing, please click the Report button and let me have a copy of the text file that opens.
  • If you reboot your machine, the log, which i'd like to see, will be located at the root of you hard drive as C:\TDSSKiller.Version_Date_Time_log.txt.
    Please check that you get the one with the right date and time. :)

So long, and thanks for all the fish.

 

 


#5 honky-kong-gorilla

honky-kong-gorilla
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 03 April 2012 - 06:51 PM

Sorry, multiple posts.

Edited by honky-kong-gorilla, 03 April 2012 - 06:56 PM.


#6 honky-kong-gorilla

honky-kong-gorilla
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 03 April 2012 - 06:52 PM

Thank you JESUS! You guys are so helpful... SO MANY would be lost without you. I ran TDSS killer, and it reported 2 infiltrations. Accordingly, it corrected these, and required a reboot.
Here is the log it saved before the reboot. If you need a new scan log, just let me know. Again, THANK YOU.


TDSSKiller log:


18:37:34.0331 5632 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
18:37:34.0765 5632 ============================================================
18:37:34.0765 5632 Current date / time: 2012/04/03 18:37:34.0765
18:37:34.0765 5632 SystemInfo:
18:37:34.0765 5632
18:37:34.0765 5632 OS Version: 6.1.7601 ServicePack: 1.0
18:37:34.0765 5632 Product type: Workstation
18:37:34.0765 5632 ComputerName: HACKBOXPC
18:37:34.0765 5632 UserName: HackBox
18:37:34.0765 5632 Windows directory: C:\Windows
18:37:34.0765 5632 System windows directory: C:\Windows
18:37:34.0765 5632 Running under WOW64
18:37:34.0765 5632 Processor architecture: Intel x64
18:37:34.0765 5632 Number of processors: 2
18:37:34.0765 5632 Page size: 0x1000
18:37:34.0765 5632 Boot type: Normal boot
18:37:34.0765 5632 ============================================================
18:37:35.0619 5632 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:37:35.0629 5632 \Device\Harddisk0\DR0:
18:37:35.0629 5632 MBR used
18:37:35.0629 5632 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
18:37:35.0629 5632 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x38585000
18:37:35.0629 5632 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x385E9000, BlocksNum 0x1D69000
18:37:35.0629 5632 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
18:37:35.0724 5632 Initialize success
18:37:35.0724 5632 ============================================================
18:37:51.0137 4544 ============================================================
18:37:51.0137 4544 Scan started
18:37:51.0137 4544 Mode: Manual; SigCheck; TDLFS;
18:37:51.0137 4544 ============================================================
18:37:51.0757 4544 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:37:51.0957 4544 1394ohci - ok
18:37:52.0017 4544 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:37:52.0047 4544 ACPI - ok
18:37:52.0127 4544 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:37:52.0267 4544 AcpiPmi - ok
18:37:52.0407 4544 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:37:52.0437 4544 AdobeARMservice - ok
18:37:52.0547 4544 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
18:37:52.0587 4544 adp94xx - ok
18:37:52.0637 4544 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
18:37:52.0677 4544 adpahci - ok
18:37:52.0777 4544 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
18:37:52.0807 4544 adpu320 - ok
18:37:52.0857 4544 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:37:53.0147 4544 AeLookupSvc - ok
18:37:53.0267 4544 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:37:53.0367 4544 AFD - ok
18:37:53.0467 4544 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:37:53.0497 4544 agp440 - ok
18:37:53.0547 4544 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:37:53.0617 4544 ALG - ok
18:37:53.0737 4544 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:37:53.0757 4544 aliide - ok
18:37:53.0907 4544 ALSysIO - ok
18:37:53.0997 4544 AMD External Events Utility (850f0c8034225fa3f50d551a905fa503) C:\Windows\system32\atiesrxx.exe
18:37:54.0137 4544 AMD External Events Utility - ok
18:37:54.0267 4544 AMD FUEL Service - ok
18:37:54.0367 4544 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:37:54.0387 4544 amdide - ok
18:37:54.0467 4544 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
18:37:54.0527 4544 amdiox64 - ok
18:37:54.0637 4544 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
18:37:54.0697 4544 AmdK8 - ok
18:37:55.0047 4544 amdkmdag (7979bf4a66efdadf3d00a052409609b1) C:\Windows\system32\DRIVERS\atikmdag.sys
18:37:55.0437 4544 amdkmdag - ok
18:37:55.0577 4544 amdkmdap (7d5cdb0161e91951d3dd99e55cea4d01) C:\Windows\system32\DRIVERS\atikmpag.sys
18:37:55.0647 4544 amdkmdap - ok
18:37:55.0707 4544 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:37:55.0757 4544 AmdPPM - ok
18:37:55.0857 4544 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:37:55.0887 4544 amdsata - ok
18:37:55.0927 4544 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
18:37:55.0957 4544 amdsbs - ok
18:37:55.0977 4544 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:37:56.0007 4544 amdxata - ok
18:37:56.0047 4544 amd_sata (f9d46b6b322708bd5afcc8767ebdc901) C:\Windows\system32\DRIVERS\amd_sata.sys
18:37:56.0067 4544 amd_sata - ok
18:37:56.0137 4544 amd_xata (329cc9c7e20deebcd4cd10816193ef14) C:\Windows\system32\DRIVERS\amd_xata.sys
18:37:56.0157 4544 amd_xata - ok
18:37:56.0217 4544 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:37:56.0467 4544 AppID - ok
18:37:56.0537 4544 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:37:56.0627 4544 AppIDSvc - ok
18:37:56.0667 4544 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:37:56.0757 4544 Appinfo - ok
18:37:56.0887 4544 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:37:56.0907 4544 Apple Mobile Device - ok
18:37:57.0009 4544 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
18:37:57.0039 4544 arc - ok
18:37:57.0059 4544 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
18:37:57.0079 4544 arcsas - ok
18:37:57.0129 4544 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:37:57.0219 4544 AsyncMac - ok
18:37:57.0339 4544 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:37:57.0359 4544 atapi - ok
18:37:57.0429 4544 AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys
18:37:57.0459 4544 AtiHDAudioService - ok
18:37:57.0539 4544 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
18:37:57.0569 4544 AtiHdmiService - ok
18:37:57.0629 4544 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:37:57.0729 4544 AudioEndpointBuilder - ok
18:37:57.0749 4544 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:37:57.0821 4544 AudioSrv - ok
18:37:57.0921 4544 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:37:58.0051 4544 AxInstSV - ok
18:37:58.0171 4544 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
18:37:58.0241 4544 b06bdrv - ok
18:37:58.0301 4544 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:37:58.0371 4544 b57nd60a - ok
18:37:58.0501 4544 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
18:37:58.0581 4544 BCM43XX - ok
18:37:58.0661 4544 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:37:58.0731 4544 BDESVC - ok
18:37:58.0791 4544 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:37:58.0881 4544 Beep - ok
18:37:58.0991 4544 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:37:59.0101 4544 BFE - ok
18:37:59.0161 4544 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
18:37:59.0281 4544 BITS - ok
18:37:59.0401 4544 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
18:37:59.0451 4544 blbdrive - ok
18:37:59.0551 4544 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
18:37:59.0591 4544 Bonjour Service - ok
18:37:59.0681 4544 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:37:59.0771 4544 bowser - ok
18:37:59.0821 4544 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
18:37:59.0851 4544 BrFiltLo - ok
18:37:59.0921 4544 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
18:37:59.0951 4544 BrFiltUp - ok
18:37:59.0981 4544 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:38:00.0071 4544 Browser - ok
18:38:00.0121 4544 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:38:00.0191 4544 Brserid - ok
18:38:00.0261 4544 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:38:00.0321 4544 BrSerWdm - ok
18:38:00.0401 4544 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:38:00.0451 4544 BrUsbMdm - ok
18:38:00.0531 4544 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:38:00.0581 4544 BrUsbSer - ok
18:38:00.0641 4544 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
18:38:00.0701 4544 BTHMODEM - ok
18:38:00.0811 4544 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:38:00.0901 4544 bthserv - ok
18:38:00.0961 4544 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:38:01.0051 4544 cdfs - ok
18:38:01.0151 4544 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:38:01.0201 4544 cdrom - ok
18:38:01.0261 4544 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:38:01.0351 4544 CertPropSvc - ok
18:38:01.0451 4544 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
18:38:01.0501 4544 circlass - ok
18:38:01.0571 4544 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:38:01.0601 4544 CLFS - ok
18:38:01.0691 4544 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:38:01.0711 4544 clr_optimization_v2.0.50727_32 - ok
18:38:01.0751 4544 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:38:01.0771 4544 clr_optimization_v2.0.50727_64 - ok
18:38:01.0831 4544 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:38:01.0851 4544 clr_optimization_v4.0.30319_32 - ok
18:38:01.0941 4544 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:38:01.0971 4544 clr_optimization_v4.0.30319_64 - ok
18:38:02.0041 4544 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
18:38:02.0061 4544 clwvd - ok
18:38:02.0131 4544 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
18:38:02.0191 4544 CmBatt - ok
18:38:02.0261 4544 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:38:02.0281 4544 cmdide - ok
18:38:02.0351 4544 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:38:02.0421 4544 CNG - ok
18:38:02.0511 4544 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
18:38:02.0531 4544 Compbatt - ok
18:38:02.0621 4544 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:38:02.0681 4544 CompositeBus - ok
18:38:02.0741 4544 COMSysApp - ok
18:38:02.0811 4544 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
18:38:02.0831 4544 crcdisk - ok
18:38:02.0891 4544 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
18:38:02.0981 4544 CryptSvc - ok
18:38:03.0091 4544 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:38:03.0201 4544 DcomLaunch - ok
18:38:03.0271 4544 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:38:03.0371 4544 defragsvc - ok
18:38:03.0462 4544 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:38:03.0552 4544 DfsC - ok
18:38:03.0612 4544 dg_ssudbus (388039f99ce8769024ee0438352aca99) C:\Windows\system32\DRIVERS\ssudbus.sys
18:38:03.0632 4544 dg_ssudbus - ok
18:38:03.0722 4544 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:38:03.0832 4544 Dhcp - ok
18:38:03.0882 4544 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:38:03.0972 4544 discache - ok
18:38:04.0062 4544 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
18:38:04.0092 4544 Disk - ok
18:38:04.0142 4544 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:38:04.0212 4544 Dnscache - ok
18:38:04.0282 4544 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:38:04.0392 4544 dot3svc - ok
18:38:04.0422 4544 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:38:04.0522 4544 DPS - ok
18:38:04.0612 4544 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:38:04.0672 4544 drmkaud - ok
18:38:04.0732 4544 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:38:04.0782 4544 DXGKrnl - ok
18:38:04.0882 4544 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys
18:38:04.0912 4544 eamonm - ok
18:38:04.0972 4544 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:38:05.0082 4544 EapHost - ok
18:38:05.0192 4544 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
18:38:05.0294 4544 ebdrv - ok
18:38:05.0374 4544 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:38:05.0454 4544 EFS - ok
18:38:05.0524 4544 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys
18:38:05.0544 4544 ehdrv - ok
18:38:05.0654 4544 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:38:05.0714 4544 ehRecvr - ok
18:38:05.0744 4544 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:38:05.0794 4544 ehSched - ok
18:38:05.0994 4544 ekrn (c7bb95cf9631aa401e4aded1648f6af7) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
18:38:06.0034 4544 ekrn - ok
18:38:06.0164 4544 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
18:38:06.0184 4544 ElbyCDIO - ok
18:38:06.0254 4544 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
18:38:06.0294 4544 elxstor - ok
18:38:06.0374 4544 epfwwfpr (2380976cf8a4a56611f35633acd2a74f) C:\Windows\system32\DRIVERS\epfwwfpr.sys
18:38:06.0404 4544 epfwwfpr - ok
18:38:06.0444 4544 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:38:06.0494 4544 ErrDev - ok
18:38:06.0614 4544 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:38:06.0714 4544 EventSystem - ok
18:38:06.0794 4544 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:38:06.0874 4544 exfat - ok
18:38:06.0944 4544 ezSharedSvc - ok
18:38:06.0964 4544 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:38:07.0054 4544 fastfat - ok
18:38:07.0124 4544 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:38:07.0214 4544 Fax - ok
18:38:07.0314 4544 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
18:38:07.0364 4544 fdc - ok
18:38:07.0414 4544 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:38:07.0495 4544 fdPHost - ok
18:38:07.0555 4544 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:38:07.0635 4544 FDResPub - ok
18:38:07.0675 4544 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:38:07.0705 4544 FileInfo - ok
18:38:07.0715 4544 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:38:07.0815 4544 Filetrace - ok
18:38:07.0875 4544 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
18:38:07.0905 4544 flpydisk - ok
18:38:07.0985 4544 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:38:08.0015 4544 FltMgr - ok
18:38:08.0075 4544 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:38:08.0155 4544 FontCache - ok
18:38:08.0245 4544 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:38:08.0265 4544 FontCache3.0.0.0 - ok
18:38:08.0325 4544 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:38:08.0355 4544 FsDepends - ok
18:38:08.0395 4544 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:38:08.0415 4544 Fs_Rec - ok
18:38:08.0465 4544 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:38:08.0505 4544 fvevol - ok
18:38:08.0595 4544 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
18:38:08.0615 4544 gagp30kx - ok
18:38:08.0675 4544 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:38:08.0695 4544 GEARAspiWDM - ok
18:38:08.0745 4544 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:38:08.0835 4544 gpsvc - ok
18:38:08.0896 4544 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:38:08.0946 4544 hcw85cir - ok
18:38:09.0016 4544 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:38:09.0076 4544 HdAudAddService - ok
18:38:09.0166 4544 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:38:09.0226 4544 HDAudBus - ok
18:38:09.0296 4544 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
18:38:09.0346 4544 HidBatt - ok
18:38:09.0416 4544 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
18:38:09.0476 4544 HidBth - ok
18:38:09.0526 4544 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
18:38:09.0566 4544 HidIr - ok
18:38:09.0616 4544 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
18:38:09.0706 4544 hidserv - ok
18:38:09.0816 4544 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:38:09.0846 4544 HidUsb - ok
18:38:09.0907 4544 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:38:10.0007 4544 hkmsvc - ok
18:38:10.0067 4544 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:38:10.0117 4544 HomeGroupListener - ok
18:38:10.0167 4544 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:38:10.0217 4544 HomeGroupProvider - ok
18:38:10.0347 4544 HP Health Check Service (45a12cacb97b4f15858fcfd59355a1e9) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
18:38:10.0387 4544 HP Health Check Service - ok
18:38:10.0517 4544 HPAuto (7b8c1b09c11e8db7c4480abd7d17e821) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
18:38:10.0557 4544 HPAuto - ok
18:38:10.0607 4544 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
18:38:10.0637 4544 HPClientSvc - ok
18:38:10.0747 4544 hpCMSrv (c5d2f308e1c12a5c328ef549696dbc05) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
18:38:10.0797 4544 hpCMSrv - ok
18:38:10.0857 4544 HPDrvMntSvc.exe (d17f9e527f01770bd04a9223bc40ec22) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
18:38:10.0887 4544 HPDrvMntSvc.exe - ok
18:38:10.0987 4544 hpqwmiex (0955c23c041451fb4e7099d6b2cf1c06) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
18:38:11.0037 4544 hpqwmiex - ok
18:38:11.0127 4544 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:38:11.0147 4544 HpSAMD - ok
18:38:11.0227 4544 HPWMISVC (171000873eb522e5ea3dd4c4e0b689b2) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
18:38:11.0247 4544 HPWMISVC - ok
18:38:11.0347 4544 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:38:11.0447 4544 HTTP - ok
18:38:11.0577 4544 hwinterfacex64 (7b481d27abff689de7ed6f556def4421) C:\Windows\system32\Drivers\hwinterfacex64.sys
18:38:11.0587 4544 hwinterfacex64 ( UnsignedFile.Multi.Generic ) - warning
18:38:11.0587 4544 hwinterfacex64 - detected UnsignedFile.Multi.Generic (1)
18:38:11.0627 4544 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:38:11.0647 4544 hwpolicy - ok
18:38:11.0757 4544 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:38:11.0787 4544 i8042prt - ok
18:38:11.0857 4544 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:38:11.0887 4544 iaStorV - ok
18:38:12.0047 4544 IconMan_R (3a0ff117b4adc5abe4d968e26a337158) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
18:38:12.0137 4544 IconMan_R ( UnsignedFile.Multi.Generic ) - warning
18:38:12.0137 4544 IconMan_R - detected UnsignedFile.Multi.Generic (1)
18:38:12.0277 4544 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:38:12.0327 4544 idsvc - ok
18:38:12.0417 4544 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
18:38:12.0437 4544 iirsp - ok
18:38:12.0507 4544 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:38:12.0627 4544 IKEEXT - ok
18:38:12.0707 4544 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:38:12.0727 4544 intelide - ok
18:38:12.0787 4544 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
18:38:12.0837 4544 intelppm - ok
18:38:12.0907 4544 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:38:12.0997 4544 IPBusEnum - ok
18:38:13.0057 4544 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:38:13.0127 4544 IpFilterDriver - ok
18:38:13.0218 4544 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:38:13.0328 4544 iphlpsvc - ok
18:38:13.0378 4544 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:38:13.0438 4544 IPMIDRV - ok
18:38:13.0518 4544 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:38:13.0618 4544 IPNAT - ok
18:38:13.0748 4544 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
18:38:13.0788 4544 iPod Service - ok
18:38:13.0898 4544 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:38:13.0938 4544 IRENUM - ok
18:38:13.0988 4544 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:38:14.0008 4544 isapnp - ok
18:38:14.0048 4544 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:38:14.0078 4544 iScsiPrt - ok
18:38:14.0178 4544 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
18:38:14.0198 4544 kbdclass - ok
18:38:14.0238 4544 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:38:14.0288 4544 kbdhid - ok
18:38:14.0378 4544 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:38:14.0408 4544 KeyIso - ok
18:38:14.0448 4544 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:38:14.0478 4544 KSecDD - ok
18:38:14.0508 4544 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:38:14.0538 4544 KSecPkg - ok
18:38:14.0628 4544 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:38:14.0728 4544 ksthunk - ok
18:38:14.0778 4544 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:38:14.0878 4544 KtmRm - ok
18:38:14.0988 4544 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
18:38:15.0098 4544 LanmanServer - ok
18:38:15.0128 4544 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:38:15.0229 4544 LanmanWorkstation - ok
18:38:15.0349 4544 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:38:15.0439 4544 lltdio - ok
18:38:15.0489 4544 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:38:15.0599 4544 lltdsvc - ok
18:38:15.0659 4544 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:38:15.0729 4544 lmhosts - ok
18:38:15.0799 4544 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
18:38:15.0829 4544 LSI_FC - ok
18:38:15.0869 4544 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
18:38:15.0889 4544 LSI_SAS - ok
18:38:15.0979 4544 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
18:38:15.0999 4544 LSI_SAS2 - ok
18:38:16.0049 4544 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
18:38:16.0069 4544 LSI_SCSI - ok
18:38:16.0089 4544 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:38:16.0189 4544 luafv - ok
18:38:16.0329 4544 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
18:38:16.0349 4544 MBAMProtector - ok
18:38:16.0419 4544 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:38:16.0469 4544 MBAMService - ok
18:38:16.0589 4544 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:38:16.0619 4544 Mcx2Svc - ok
18:38:16.0659 4544 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
18:38:16.0689 4544 megasas - ok
18:38:16.0799 4544 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
18:38:16.0829 4544 MegaSR - ok
18:38:16.0919 4544 MemeoBackgroundService (b7c1ba9b0256b66411f09d705117ae66) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
18:38:16.0969 4544 MemeoBackgroundService - ok
18:38:17.0049 4544 Microsoft SharePoint Workspace Audit Service - ok
18:38:17.0149 4544 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:38:17.0249 4544 MMCSS - ok
18:38:17.0299 4544 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:38:17.0399 4544 Modem - ok
18:38:17.0479 4544 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:38:17.0539 4544 monitor - ok
18:38:17.0629 4544 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:38:17.0649 4544 mouclass - ok
18:38:17.0729 4544 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:38:17.0779 4544 mouhid - ok
18:38:17.0849 4544 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:38:17.0879 4544 mountmgr - ok
18:38:17.0909 4544 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:38:17.0929 4544 mpio - ok
18:38:18.0069 4544 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:38:18.0139 4544 mpsdrv - ok
18:38:18.0199 4544 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:38:18.0309 4544 MpsSvc - ok
18:38:18.0369 4544 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:38:18.0429 4544 MRxDAV - ok
18:38:18.0519 4544 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:38:18.0589 4544 mrxsmb - ok
18:38:18.0619 4544 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:38:18.0659 4544 mrxsmb10 - ok
18:38:18.0729 4544 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:38:18.0769 4544 mrxsmb20 - ok
18:38:18.0789 4544 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:38:18.0819 4544 msahci - ok
18:38:18.0859 4544 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:38:18.0889 4544 msdsm - ok
18:38:18.0979 4544 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:38:19.0039 4544 MSDTC - ok
18:38:19.0079 4544 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:38:19.0159 4544 Msfs - ok
18:38:19.0199 4544 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:38:19.0289 4544 mshidkmdf - ok
18:38:19.0369 4544 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:38:19.0389 4544 msisadrv - ok
18:38:19.0429 4544 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:38:19.0519 4544 MSiSCSI - ok
18:38:19.0529 4544 msiserver - ok
18:38:19.0589 4544 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:38:19.0699 4544 MSKSSRV - ok
18:38:19.0779 4544 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:38:19.0869 4544 MSPCLOCK - ok
18:38:19.0919 4544 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:38:20.0009 4544 MSPQM - ok
18:38:20.0049 4544 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:38:20.0079 4544 MsRPC - ok
18:38:20.0169 4544 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:38:20.0199 4544 mssmbios - ok
18:38:20.0229 4544 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:38:20.0319 4544 MSTEE - ok
18:38:20.0359 4544 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
18:38:20.0389 4544 MTConfig - ok
18:38:20.0459 4544 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:38:20.0479 4544 Mup - ok
18:38:20.0639 4544 MySQL - ok
18:38:20.0749 4544 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:38:20.0839 4544 napagent - ok
18:38:20.0929 4544 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:38:21.0009 4544 NativeWifiP - ok
18:38:21.0109 4544 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:38:21.0169 4544 NDIS - ok
18:38:21.0219 4544 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:38:21.0309 4544 NdisCap - ok
18:38:21.0379 4544 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:38:21.0459 4544 NdisTapi - ok
18:38:21.0469 4544 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:38:21.0559 4544 Ndisuio - ok
18:38:21.0599 4544 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:38:21.0689 4544 NdisWan - ok
18:38:21.0729 4544 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:38:21.0799 4544 NDProxy - ok
18:38:21.0879 4544 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:38:21.0969 4544 NetBIOS - ok
18:38:22.0009 4544 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:38:22.0089 4544 NetBT - ok
18:38:22.0139 4544 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:38:22.0159 4544 Netlogon - ok
18:38:22.0249 4544 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:38:22.0359 4544 Netman - ok
18:38:22.0399 4544 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:38:22.0509 4544 netprofm - ok
18:38:22.0679 4544 netr28x (8b5d2d7cb0ef5b1967860b8ab742a46c) C:\Windows\system32\DRIVERS\netr28x.sys
18:38:22.0739 4544 netr28x - ok
18:38:22.0819 4544 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:38:22.0839 4544 NetTcpPortSharing - ok
18:38:22.0929 4544 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
18:38:22.0949 4544 nfrd960 - ok
18:38:23.0019 4544 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:38:23.0119 4544 NlaSvc - ok
18:38:23.0240 4544 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:38:23.0310 4544 Npfs - ok
18:38:23.0350 4544 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:38:23.0440 4544 nsi - ok
18:38:23.0450 4544 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:38:23.0540 4544 nsiproxy - ok
18:38:23.0670 4544 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:38:23.0740 4544 Ntfs - ok
18:38:23.0780 4544 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:38:23.0860 4544 Null - ok
18:38:23.0950 4544 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
18:38:24.0010 4544 NVENETFD - ok
18:38:24.0070 4544 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:38:24.0100 4544 nvraid - ok
18:38:24.0180 4544 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:38:24.0200 4544 nvstor - ok
18:38:24.0250 4544 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:38:24.0280 4544 nv_agp - ok
18:38:24.0320 4544 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:38:24.0370 4544 ohci1394 - ok
18:38:24.0490 4544 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:38:24.0510 4544 ose - ok
18:38:24.0750 4544 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:38:24.0980 4544 osppsvc - ok
18:38:25.0080 4544 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:38:25.0130 4544 p2pimsvc - ok
18:38:25.0180 4544 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:38:25.0220 4544 p2psvc - ok
18:38:25.0300 4544 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
18:38:25.0340 4544 Parport - ok
18:38:25.0360 4544 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:38:25.0390 4544 partmgr - ok
18:38:25.0410 4544 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:38:25.0470 4544 PcaSvc - ok
18:38:25.0510 4544 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:38:25.0540 4544 pci - ok
18:38:25.0640 4544 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:38:25.0660 4544 pciide - ok
18:38:25.0700 4544 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
18:38:25.0730 4544 pcmcia - ok
18:38:25.0810 4544 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:38:25.0830 4544 pcw - ok
18:38:25.0880 4544 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:38:25.0980 4544 PEAUTH - ok
18:38:26.0070 4544 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:38:26.0120 4544 PerfHost - ok
18:38:26.0240 4544 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:38:26.0361 4544 pla - ok
18:38:26.0451 4544 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:38:26.0511 4544 PlugPlay - ok
18:38:26.0581 4544 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:38:26.0631 4544 PNRPAutoReg - ok
18:38:26.0671 4544 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:38:26.0711 4544 PNRPsvc - ok
18:38:26.0761 4544 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:38:26.0861 4544 PolicyAgent - ok
18:38:26.0931 4544 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:38:27.0041 4544 Power - ok
18:38:27.0121 4544 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:38:27.0211 4544 PptpMiniport - ok
18:38:27.0271 4544 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
18:38:27.0331 4544 Processor - ok
18:38:27.0401 4544 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
18:38:27.0491 4544 ProfSvc - ok
18:38:27.0561 4544 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:38:27.0591 4544 ProtectedStorage - ok
18:38:27.0681 4544 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:38:27.0771 4544 Psched - ok
18:38:27.0871 4544 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
18:38:27.0941 4544 ql2300 - ok
18:38:28.0001 4544 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
18:38:28.0021 4544 ql40xx - ok
18:38:28.0091 4544 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:38:28.0141 4544 QWAVE - ok
18:38:28.0181 4544 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:38:28.0241 4544 QWAVEdrv - ok
18:38:28.0291 4544 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:38:28.0381 4544 RasAcd - ok
18:38:28.0461 4544 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:38:28.0531 4544 RasAgileVpn - ok
18:38:28.0571 4544 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:38:28.0661 4544 RasAuto - ok
18:38:28.0761 4544 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:38:28.0851 4544 Rasl2tp - ok
18:38:28.0901 4544 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:38:28.0991 4544 RasMan - ok
18:38:29.0091 4544 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:38:29.0181 4544 RasPppoe - ok
18:38:29.0221 4544 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:38:29.0311 4544 RasSstp - ok
18:38:29.0411 4544 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:38:29.0511 4544 rdbss - ok
18:38:29.0561 4544 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
18:38:29.0611 4544 rdpbus - ok
18:38:29.0691 4544 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:38:29.0791 4544 RDPCDD - ok
18:38:29.0841 4544 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:38:29.0931 4544 RDPENCDD - ok
18:38:30.0021 4544 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:38:30.0091 4544 RDPREFMP - ok
18:38:30.0141 4544 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
18:38:30.0201 4544 RDPWD - ok
18:38:30.0251 4544 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:38:30.0281 4544 rdyboost - ok
18:38:30.0361 4544 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:38:30.0461 4544 RemoteAccess - ok
18:38:30.0501 4544 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:38:30.0601 4544 RemoteRegistry - ok
18:38:30.0751 4544 RichVideo64 (0b169fe016039571ecc6db70073f8979) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
18:38:30.0781 4544 RichVideo64 - ok
18:38:30.0871 4544 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
18:38:30.0911 4544 RoxioNow Service - ok
18:38:30.0991 4544 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:38:31.0091 4544 RpcEptMapper - ok
18:38:31.0131 4544 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:38:31.0161 4544 RpcLocator - ok
18:38:31.0191 4544 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:38:31.0271 4544 RpcSs - ok
18:38:31.0371 4544 RSPCIESTOR (cfdfd15d2d26bb50b6f4bf2d4fe6fa70) C:\Windows\system32\DRIVERS\RtsPStor.sys
18:38:31.0401 4544 RSPCIESTOR - ok
18:38:31.0461 4544 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:38:31.0541 4544 rspndr - ok
18:38:31.0641 4544 RTL8167 (e50cfb92986dcab49de93788fd695813) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:38:31.0671 4544 RTL8167 - ok
18:38:31.0711 4544 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:38:31.0741 4544 SamSs - ok
18:38:31.0791 4544 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:38:31.0811 4544 sbp2port - ok
18:38:31.0891 4544 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:38:31.0981 4544 SCardSvr - ok
18:38:32.0021 4544 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:38:32.0111 4544 scfilter - ok
18:38:32.0161 4544 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:38:32.0291 4544 Schedule - ok
18:38:32.0372 4544 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:38:32.0442 4544 SCPolicySvc - ok
18:38:32.0512 4544 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
18:38:32.0572 4544 sdbus - ok
18:38:32.0662 4544 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:38:32.0712 4544 SDRSVC - ok
18:38:32.0842 4544 SeagateDashboardService (16b44d246835eac156f8daf0aa4f530c) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
18:38:32.0862 4544 SeagateDashboardService - ok
18:38:32.0962 4544 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:38:33.0072 4544 secdrv - ok
18:38:33.0112 4544 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:38:33.0192 4544 seclogon - ok
18:38:33.0282 4544 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
18:38:33.0402 4544 SENS - ok
18:38:33.0452 4544 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:38:33.0512 4544 SensrSvc - ok
18:38:33.0622 4544 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
18:38:33.0672 4544 Serenum - ok
18:38:33.0702 4544 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
18:38:33.0762 4544 Serial - ok
18:38:33.0872 4544 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
18:38:33.0932 4544 sermouse - ok
18:38:33.0992 4544 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:38:34.0082 4544 SessionEnv - ok
18:38:34.0182 4544 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:38:34.0212 4544 sffdisk - ok
18:38:34.0232 4544 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:38:34.0292 4544 sffp_mmc - ok
18:38:34.0322 4544 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:38:34.0372 4544 sffp_sd - ok
18:38:34.0492 4544 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
18:38:34.0542 4544 sfloppy - ok
18:38:34.0582 4544 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:38:34.0662 4544 SharedAccess - ok
18:38:34.0762 4544 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:38:34.0862 4544 ShellHWDetection - ok
18:38:34.0932 4544 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
18:38:34.0962 4544 SiSRaid2 - ok
18:38:35.0042 4544 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
18:38:35.0062 4544 SiSRaid4 - ok
18:38:35.0122 4544 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:38:35.0214 4544 Smb - ok
18:38:35.0325 4544 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:38:35.0375 4544 SNMPTRAP - ok
18:38:35.0435 4544 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:38:35.0455 4544 spldr - ok
18:38:35.0495 4544 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:38:35.0575 4544 Spooler - ok
18:38:35.0735 4544 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:38:35.0955 4544 sppsvc - ok
18:38:36.0055 4544 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:38:36.0125 4544 sppuinotify - ok
18:38:36.0175 4544 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:38:36.0265 4544 srv - ok
18:38:36.0325 4544 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:38:36.0385 4544 srv2 - ok
18:38:36.0455 4544 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:38:36.0495 4544 SrvHsfHDA - ok
18:38:36.0595 4544 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:38:36.0675 4544 SrvHsfV92 - ok
18:38:36.0745 4544 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:38:36.0795 4544 SrvHsfWinac - ok
18:38:36.0865 4544 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:38:36.0895 4544 srvnet - ok
18:38:36.0955 4544 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:38:37.0055 4544 SSDPSRV - ok
18:38:37.0145 4544 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:38:37.0215 4544 SstpSvc - ok
18:38:37.0275 4544 ssudmdm (ad42ca614e086bcadbd53fffc404ac24) C:\Windows\system32\DRIVERS\ssudmdm.sys
18:38:37.0305 4544 ssudmdm - ok
18:38:37.0425 4544 STacSV (a6b2ec3a2b6ad7c3f7b2f3495cade4c0) C:\Program Files\IDT\WDM\STacSV64.exe
18:38:37.0485 4544 STacSV - ok
18:38:37.0575 4544 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
18:38:37.0595 4544 stexstor - ok
18:38:37.0655 4544 STHDA (eba98394a7d58f7552c52192bd8fa7e6) C:\Windows\system32\DRIVERS\stwrt64.sys
18:38:37.0715 4544 STHDA - ok
18:38:37.0845 4544 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:38:37.0895 4544 stisvc - ok
18:38:37.0945 4544 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:38:37.0975 4544 swenum - ok
18:38:38.0095 4544 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
18:38:38.0145 4544 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
18:38:38.0145 4544 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
18:38:38.0235 4544 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:38:38.0345 4544 swprv - ok
18:38:38.0445 4544 SynTP (ac3cc98b1bdb6540021d3ffb105ac2b9) C:\Windows\system32\DRIVERS\SynTP.sys
18:38:38.0475 4544 SynTP - ok
18:38:38.0585 4544 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:38:38.0685 4544 SysMain - ok
18:38:38.0715 4544 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:38:38.0785 4544 TabletInputService - ok
18:38:38.0855 4544 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:38:38.0965 4544 TapiSrv - ok
18:38:38.0995 4544 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:38:39.0065 4544 TBS - ok
18:38:39.0175 4544 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:38:39.0255 4544 Tcpip - ok
18:38:39.0405 4544 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:38:39.0475 4544 TCPIP6 - ok
18:38:39.0525 4544 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:38:39.0615 4544 tcpipreg - ok
18:38:39.0695 4544 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:38:39.0725 4544 TDPIPE - ok
18:38:39.0765 4544 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:38:39.0815 4544 TDTCP - ok
18:38:39.0875 4544 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:38:39.0955 4544 tdx - ok
18:38:40.0045 4544 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:38:40.0075 4544 TermDD - ok
18:38:40.0115 4544 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:38:40.0235 4544 TermService - ok
18:38:40.0295 4544 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:38:40.0345 4544 Themes - ok
18:38:40.0385 4544 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:38:40.0455 4544 THREADORDER - ok
18:38:40.0505 4544 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:38:40.0615 4544 TrkWks - ok
18:38:40.0695 4544 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:38:40.0795 4544 TrustedInstaller - ok
18:38:40.0865 4544 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:38:40.0955 4544 tssecsrv - ok
18:38:41.0025 4544 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:38:41.0055 4544 TsUsbFlt - ok
18:38:41.0095 4544 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
18:38:41.0145 4544 TsUsbGD - ok
18:38:41.0235 4544 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:38:41.0326 4544 tunnel - ok
18:38:41.0426 4544 TVService (6698580e36e45d16592696fcf1e5f60e) C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\TVService.exe
18:38:41.0456 4544 TVService ( UnsignedFile.Multi.Generic ) - warning
18:38:41.0456 4544 TVService - detected UnsignedFile.Multi.Generic (1)
18:38:41.0556 4544 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
18:38:41.0576 4544 uagp35 - ok
18:38:41.0606 4544 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:38:41.0706 4544 udfs - ok
18:38:41.0766 4544 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:38:41.0796 4544 UI0Detect - ok
18:38:41.0906 4544 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:38:41.0926 4544 uliagpkx - ok
18:38:41.0976 4544 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
18:38:42.0026 4544 umbus - ok
18:38:42.0126 4544 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
18:38:42.0176 4544 UmPass - ok
18:38:42.0216 4544 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:38:42.0326 4544 upnphost - ok
18:38:42.0436 4544 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
18:38:42.0476 4544 USBAAPL64 - ok
18:38:42.0506 4544 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:38:42.0536 4544 usbccgp - ok
18:38:42.0566 4544 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:38:42.0606 4544 usbcir - ok
18:38:42.0686 4544 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:38:42.0726 4544 usbehci - ok
18:38:42.0766 4544 usbfilter (76e2ffad301490ba27b947c6507752fb) C:\Windows\system32\DRIVERS\usbfilter.sys
18:38:42.0786 4544 usbfilter - ok
18:38:42.0846 4544 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:38:42.0906 4544 usbhub - ok
18:38:42.0986 4544 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
18:38:43.0026 4544 usbohci - ok
18:38:43.0076 4544 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
18:38:43.0126 4544 usbprint - ok
18:38:43.0176 4544 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:38:43.0216 4544 USBSTOR - ok
18:38:43.0296 4544 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:38:43.0346 4544 usbuhci - ok
18:38:43.0406 4544 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
18:38:43.0446 4544 usbvideo - ok
18:38:43.0516 4544 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:38:43.0606 4544 UxSms - ok
18:38:43.0656 4544 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:38:43.0686 4544 VaultSvc - ok
18:38:43.0766 4544 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
18:38:43.0836 4544 VClone - ok
18:38:43.0916 4544 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:38:43.0936 4544 vdrvroot - ok
18:38:43.0986 4544 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:38:44.0086 4544 vds - ok
18:38:44.0196 4544 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:38:44.0226 4544 vga - ok
18:38:44.0236 4544 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:38:44.0337 4544 VgaSave - ok
18:38:44.0387 4544 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:38:44.0407 4544 vhdmp - ok
18:38:44.0497 4544 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:38:44.0517 4544 viaide - ok
18:38:44.0567 4544 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:38:44.0587 4544 volmgr - ok
18:38:44.0627 4544 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:38:44.0657 4544 volmgrx - ok
18:38:44.0767 4544 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:38:44.0797 4544 volsnap - ok
18:38:44.0867 4544 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
18:38:44.0887 4544 vsmraid - ok
18:38:44.0997 4544 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:38:45.0127 4544 VSS - ok
18:38:45.0177 4544 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:38:45.0237 4544 vwifibus - ok
18:38:45.0297 4544 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:38:45.0357 4544 vwififlt - ok
18:38:45.0437 4544 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
18:38:45.0477 4544 vwifimp - ok
18:38:45.0557 4544 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:38:45.0647 4544 W32Time - ok
18:38:45.0707 4544 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
18:38:45.0757 4544 WacomPen - ok
18:38:45.0867 4544 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:38:45.0957 4544 WANARP - ok
18:38:45.0967 4544 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:38:46.0037 4544 Wanarpv6 - ok
18:38:46.0117 4544 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:38:46.0197 4544 WatAdminSvc - ok
18:38:46.0317 4544 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:38:46.0397 4544 wbengine - ok
18:38:46.0417 4544 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:38:46.0467 4544 WbioSrvc - ok
18:38:46.0497 4544 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:38:46.0567 4544 wcncsvc - ok
18:38:46.0647 4544 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:38:46.0677 4544 WcsPlugInService - ok
18:38:46.0717 4544 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
18:38:46.0737 4544 Wd - ok
18:38:46.0777 4544 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:38:46.0817 4544 Wdf01000 - ok
18:38:46.0897 4544 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:38:46.0967 4544 WdiServiceHost - ok
18:38:46.0977 4544 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:38:47.0017 4544 WdiSystemHost - ok
18:38:47.0047 4544 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:38:47.0127 4544 WebClient - ok
18:38:47.0157 4544 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:38:47.0257 4544 Wecsvc - ok
18:38:47.0347 4544 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:38:47.0427 4544 wercplsupport - ok
18:38:47.0467 4544 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:38:47.0567 4544 WerSvc - ok
18:38:47.0627 4544 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:38:47.0697 4544 WfpLwf - ok
18:38:47.0757 4544 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:38:47.0777 4544 WIMMount - ok
18:38:47.0797 4544 WinDefend - ok
18:38:47.0817 4544 WinHttpAutoProxySvc - ok
18:38:47.0907 4544 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:38:47.0987 4544 Winmgmt - ok
18:38:48.0117 4544 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:38:48.0237 4544 WinRM - ok
18:38:48.0347 4544 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:38:48.0387 4544 WinUsb - ok
18:38:48.0437 4544 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:38:48.0517 4544 Wlansvc - ok
18:38:48.0617 4544 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:38:48.0657 4544 wlcrasvc - ok
18:38:48.0757 4544 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:38:48.0847 4544 wlidsvc - ok
18:38:48.0937 4544 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:38:48.0987 4544 WmiAcpi - ok
18:38:49.0107 4544 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:38:49.0157 4544 wmiApSrv - ok
18:38:49.0217 4544 WMPNetworkSvc - ok
18:38:49.0307 4544 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:38:49.0337 4544 WPCSvc - ok
18:38:49.0347 4544 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:38:49.0387 4544 WPDBusEnum - ok
18:38:49.0437 4544 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:38:49.0517 4544 ws2ifsl - ok
18:38:49.0537 4544 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
18:38:49.0607 4544 wscsvc - ok
18:38:49.0667 4544 WSearch - ok
18:38:49.0767 4544 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
18:38:49.0907 4544 wuauserv - ok
18:38:50.0007 4544 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:38:50.0107 4544 WudfPf - ok
18:38:50.0227 4544 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:38:50.0307 4544 WUDFRd - ok
18:38:50.0357 4544 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:38:50.0427 4544 wudfsvc - ok
18:38:50.0447 4544 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:38:50.0517 4544 WwanSvc - ok
18:38:50.0597 4544 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
18:38:50.0627 4544 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
18:38:50.0627 4544 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
18:38:50.0677 4544 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:38:50.0677 4544 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:38:50.0717 4544 Boot (0x1200) (1ba4108c1acbdac027b98a5874f4f17b) \Device\Harddisk0\DR0\Partition0
18:38:50.0717 4544 \Device\Harddisk0\DR0\Partition0 - ok
18:38:50.0737 4544 Boot (0x1200) (5fc585f549b6f82027bef76e73d28840) \Device\Harddisk0\DR0\Partition1
18:38:50.0737 4544 \Device\Harddisk0\DR0\Partition1 - ok
18:38:50.0777 4544 Boot (0x1200) (1cdcc0011efd12d1effd2ce840134717) \Device\Harddisk0\DR0\Partition2
18:38:50.0777 4544 \Device\Harddisk0\DR0\Partition2 - ok
18:38:50.0797 4544 Boot (0x1200) (84161f182db810ceed4ebae192103607) \Device\Harddisk0\DR0\Partition3
18:38:50.0797 4544 \Device\Harddisk0\DR0\Partition3 - ok
18:38:50.0807 4544 ============================================================
18:38:50.0807 4544 Scan finished
18:38:50.0807 4544 ============================================================
18:38:50.0827 3840 Detected object count: 6
18:38:50.0827 3840 Actual detected object count: 6
18:38:59.0459 3840 hwinterfacex64 ( UnsignedFile.Multi.Generic ) - skipped by user
18:38:59.0459 3840 hwinterfacex64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:38:59.0472 3840 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
18:38:59.0472 3840 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:38:59.0479 3840 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
18:38:59.0479 3840 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:38:59.0485 3840 TVService ( UnsignedFile.Multi.Generic ) - skipped by user
18:38:59.0485 3840 TVService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:38:59.0541 3840 \Device\Harddisk0\DR0\# - copied to quarantine
18:38:59.0541 3840 \Device\Harddisk0\DR0 - copied to quarantine
18:38:59.0621 3840 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
18:39:00.0151 3840 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
18:39:00.0793 3840 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
18:39:01.0333 3840 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
18:39:01.0903 3840 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
18:39:02.0493 3840 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
18:39:03.0023 3840 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
18:39:03.0033 3840 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
18:39:03.0043 3840 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
18:39:03.0053 3840 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
18:39:03.0583 3840 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
18:39:04.0165 3840 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
18:39:04.0175 3840 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
18:39:04.0175 3840 \Device\Harddisk0\DR0 - ok
18:39:05.0015 3840 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
18:39:05.0015 3840 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:39:05.0015 3840 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
18:39:19.0079 5104 Deinitialize success

#7 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:16 AM

Posted 04 April 2012 - 02:02 PM

Good evening. :)

Will you run TDSSKiler again, but this time I want you to change one action - will you allow the tool to fix any TDSS File System detections this time around. Leave any other actions for the tool to decide and then let me have the log once again and also let me know if there are still any redirect issues.

So long, and thanks for all the fish.

 

 


#8 honky-kong-gorilla

honky-kong-gorilla
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 04 April 2012 - 02:30 PM

Thanks, again. I did as you said, changed the parameters to detect TDLFS File system. It found one object, (a rootkit, I'm assuming) which I deleted by quarantine. I haven't had a redirect problem yet, and my pc is running faster. It appears that the infection was localized to svchost, which is used in networking services, correct? It appears to be ok, now. Once again, I can't think you enough for all your effort. Here is the newest log, as requested:


14:20:36.0529 4796 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
14:20:36.0947 4796 ============================================================
14:20:36.0947 4796 Current date / time: 2012/04/04 14:20:36.0947
14:20:36.0947 4796 SystemInfo:
14:20:36.0947 4796
14:20:36.0947 4796 OS Version: 6.1.7601 ServicePack: 1.0
14:20:36.0947 4796 Product type: Workstation
14:20:36.0947 4796 ComputerName: HACKBOXPC
14:20:36.0947 4796 UserName: HackBox
14:20:36.0947 4796 Windows directory: C:\Windows
14:20:36.0947 4796 System windows directory: C:\Windows
14:20:36.0947 4796 Running under WOW64
14:20:36.0947 4796 Processor architecture: Intel x64
14:20:36.0947 4796 Number of processors: 2
14:20:36.0947 4796 Page size: 0x1000
14:20:36.0947 4796 Boot type: Normal boot
14:20:36.0947 4796 ============================================================
14:20:38.0123 4796 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:20:38.0133 4796 \Device\Harddisk0\DR0:
14:20:38.0133 4796 MBR used
14:20:38.0133 4796 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
14:20:38.0133 4796 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x38585000
14:20:38.0133 4796 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x385E9000, BlocksNum 0x1D69000
14:20:38.0133 4796 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
14:20:38.0217 4796 Initialize success
14:20:38.0217 4796 ============================================================
14:21:10.0761 1864 ============================================================
14:21:10.0761 1864 Scan started
14:21:10.0761 1864 Mode: Manual;
14:21:10.0761 1864 ============================================================
14:21:11.0451 1864 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:21:11.0531 1864 1394ohci - ok
14:21:11.0571 1864 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:21:11.0581 1864 ACPI - ok
14:21:11.0611 1864 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:21:11.0651 1864 AcpiPmi - ok
14:21:11.0781 1864 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:21:11.0791 1864 AdobeARMservice - ok
14:21:11.0891 1864 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
14:21:11.0981 1864 adp94xx - ok
14:21:12.0031 1864 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
14:21:12.0111 1864 adpahci - ok
14:21:12.0221 1864 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
14:21:12.0231 1864 adpu320 - ok
14:21:12.0271 1864 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:21:12.0271 1864 AeLookupSvc - ok
14:21:12.0341 1864 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:21:12.0391 1864 AFD - ok
14:21:12.0501 1864 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:21:12.0551 1864 agp440 - ok
14:21:12.0611 1864 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:21:12.0611 1864 ALG - ok
14:21:12.0731 1864 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:21:12.0761 1864 aliide - ok
14:21:12.0911 1864 ALSysIO - ok
14:21:12.0992 1864 AMD External Events Utility (850f0c8034225fa3f50d551a905fa503) C:\Windows\system32\atiesrxx.exe
14:21:13.0002 1864 AMD External Events Utility - ok
14:21:13.0122 1864 AMD FUEL Service - ok
14:21:13.0222 1864 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:21:13.0262 1864 amdide - ok
14:21:13.0322 1864 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
14:21:13.0362 1864 amdiox64 - ok
14:21:13.0462 1864 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
14:21:13.0502 1864 AmdK8 - ok
14:21:13.0762 1864 amdkmdag (7979bf4a66efdadf3d00a052409609b1) C:\Windows\system32\DRIVERS\atikmdag.sys
14:21:14.0062 1864 amdkmdag - ok
14:21:14.0192 1864 amdkmdap (7d5cdb0161e91951d3dd99e55cea4d01) C:\Windows\system32\DRIVERS\atikmpag.sys
14:21:14.0212 1864 amdkmdap - ok
14:21:14.0262 1864 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:21:14.0302 1864 AmdPPM - ok
14:21:14.0352 1864 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:21:14.0432 1864 amdsata - ok
14:21:14.0522 1864 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
14:21:14.0562 1864 amdsbs - ok
14:21:14.0582 1864 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:21:14.0632 1864 amdxata - ok
14:21:14.0662 1864 amd_sata (f9d46b6b322708bd5afcc8767ebdc901) C:\Windows\system32\DRIVERS\amd_sata.sys
14:21:14.0662 1864 amd_sata - ok
14:21:14.0682 1864 amd_xata (329cc9c7e20deebcd4cd10816193ef14) C:\Windows\system32\DRIVERS\amd_xata.sys
14:21:14.0722 1864 amd_xata - ok
14:21:14.0842 1864 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:21:14.0892 1864 AppID - ok
14:21:14.0924 1864 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:21:14.0934 1864 AppIDSvc - ok
14:21:14.0964 1864 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:21:14.0964 1864 Appinfo - ok
14:21:15.0074 1864 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:21:15.0074 1864 Apple Mobile Device - ok
14:21:15.0174 1864 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
14:21:15.0224 1864 arc - ok
14:21:15.0244 1864 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
14:21:15.0254 1864 arcsas - ok
14:21:15.0274 1864 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:21:15.0274 1864 AsyncMac - ok
14:21:15.0384 1864 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:21:15.0424 1864 atapi - ok
14:21:15.0474 1864 AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys
14:21:15.0474 1864 AtiHDAudioService - ok
14:21:15.0514 1864 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
14:21:15.0524 1864 AtiHdmiService - ok
14:21:15.0624 1864 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:21:15.0634 1864 AudioEndpointBuilder - ok
14:21:15.0644 1864 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:21:15.0654 1864 AudioSrv - ok
14:21:15.0694 1864 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:21:15.0704 1864 AxInstSV - ok
14:21:15.0814 1864 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
14:21:15.0824 1864 b06bdrv - ok
14:21:15.0874 1864 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:21:15.0924 1864 b57nd60a - ok
14:21:16.0034 1864 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
14:21:16.0084 1864 BCM43XX - ok
14:21:16.0134 1864 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:21:16.0134 1864 BDESVC - ok
14:21:16.0214 1864 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:21:16.0224 1864 Beep - ok
14:21:16.0274 1864 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:21:16.0294 1864 BFE - ok
14:21:16.0344 1864 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
14:21:16.0364 1864 BITS - ok
14:21:16.0454 1864 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
14:21:16.0494 1864 blbdrive - ok
14:21:16.0604 1864 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
14:21:16.0614 1864 Bonjour Service - ok
14:21:16.0704 1864 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:21:16.0804 1864 bowser - ok
14:21:16.0844 1864 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
14:21:16.0844 1864 BrFiltLo - ok
14:21:16.0854 1864 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
14:21:16.0864 1864 BrFiltUp - ok
14:21:16.0904 1864 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:21:16.0904 1864 Browser - ok
14:21:16.0994 1864 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:21:17.0034 1864 Brserid - ok
14:21:17.0054 1864 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:21:17.0094 1864 BrSerWdm - ok
14:21:17.0124 1864 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:21:17.0164 1864 BrUsbMdm - ok
14:21:17.0264 1864 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:21:17.0264 1864 BrUsbSer - ok
14:21:17.0284 1864 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
14:21:17.0324 1864 BTHMODEM - ok
14:21:17.0384 1864 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:21:17.0384 1864 bthserv - ok
14:21:17.0474 1864 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:21:17.0484 1864 cdfs - ok
14:21:17.0524 1864 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:21:17.0594 1864 cdrom - ok
14:21:17.0684 1864 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:21:17.0694 1864 CertPropSvc - ok
14:21:17.0754 1864 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
14:21:17.0754 1864 circlass - ok
14:21:17.0794 1864 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:21:17.0884 1864 CLFS - ok
14:21:17.0934 1864 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:21:17.0944 1864 clr_optimization_v2.0.50727_32 - ok
14:21:18.0014 1864 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:21:18.0014 1864 clr_optimization_v2.0.50727_64 - ok
14:21:18.0084 1864 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:21:18.0084 1864 clr_optimization_v4.0.30319_32 - ok
14:21:18.0134 1864 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:21:18.0144 1864 clr_optimization_v4.0.30319_64 - ok
14:21:18.0224 1864 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
14:21:18.0304 1864 clwvd - ok
14:21:18.0344 1864 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
14:21:18.0374 1864 CmBatt - ok
14:21:18.0414 1864 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:21:19.0434 1864 cmdide - ok
14:21:19.0544 1864 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:21:19.0594 1864 CNG - ok
14:21:19.0674 1864 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
14:21:19.0714 1864 Compbatt - ok
14:21:19.0824 1864 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:21:19.0824 1864 CompositeBus - ok
14:21:19.0844 1864 COMSysApp - ok
14:21:19.0874 1864 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
14:21:19.0884 1864 crcdisk - ok
14:21:19.0994 1864 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:21:20.0014 1864 CryptSvc - ok
14:21:20.0124 1864 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:21:20.0144 1864 DcomLaunch - ok
14:21:20.0224 1864 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:21:20.0234 1864 defragsvc - ok
14:21:20.0314 1864 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:21:20.0314 1864 DfsC - ok
14:21:20.0434 1864 dg_ssudbus (388039f99ce8769024ee0438352aca99) C:\Windows\system32\DRIVERS\ssudbus.sys
14:21:20.0514 1864 dg_ssudbus - ok
14:21:20.0584 1864 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:21:20.0594 1864 Dhcp - ok
14:21:20.0694 1864 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:21:20.0774 1864 discache - ok
14:21:20.0834 1864 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
14:21:20.0874 1864 Disk - ok
14:21:20.0975 1864 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:21:20.0975 1864 Dnscache - ok
14:21:21.0025 1864 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:21:21.0035 1864 dot3svc - ok
14:21:21.0045 1864 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:21:21.0055 1864 DPS - ok
14:21:21.0135 1864 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:21:21.0175 1864 drmkaud - ok
14:21:21.0215 1864 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:21:21.0225 1864 DXGKrnl - ok
14:21:21.0335 1864 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys
14:21:21.0345 1864 eamonm - ok
14:21:21.0385 1864 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:21:21.0395 1864 EapHost - ok
14:21:21.0495 1864 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
14:21:21.0575 1864 ebdrv - ok
14:21:21.0675 1864 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:21:21.0675 1864 EFS - ok
14:21:21.0745 1864 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys
14:21:21.0785 1864 ehdrv - ok
14:21:21.0895 1864 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:21:21.0905 1864 ehRecvr - ok
14:21:21.0925 1864 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:21:21.0925 1864 ehSched - ok
14:21:22.0115 1864 ekrn (c7bb95cf9631aa401e4aded1648f6af7) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
14:21:22.0135 1864 ekrn - ok
14:21:22.0265 1864 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
14:21:22.0305 1864 ElbyCDIO - ok
14:21:22.0355 1864 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
14:21:22.0365 1864 elxstor - ok
14:21:22.0415 1864 epfwwfpr (2380976cf8a4a56611f35633acd2a74f) C:\Windows\system32\DRIVERS\epfwwfpr.sys
14:21:22.0415 1864 epfwwfpr - ok
14:21:22.0495 1864 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:21:22.0535 1864 ErrDev - ok
14:21:22.0595 1864 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:21:22.0605 1864 EventSystem - ok
14:21:22.0635 1864 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:21:22.0715 1864 exfat - ok
14:21:22.0785 1864 ezSharedSvc - ok
14:21:22.0835 1864 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:21:22.0905 1864 fastfat - ok
14:21:22.0965 1864 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:21:22.0985 1864 Fax - ok
14:21:23.0005 1864 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
14:21:23.0085 1864 fdc - ok
14:21:23.0165 1864 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:21:23.0175 1864 fdPHost - ok
14:21:23.0185 1864 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:21:23.0185 1864 FDResPub - ok
14:21:23.0245 1864 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:21:23.0295 1864 FileInfo - ok
14:21:23.0305 1864 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:21:23.0355 1864 Filetrace - ok
14:21:23.0425 1864 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
14:21:23.0425 1864 flpydisk - ok
14:21:23.0575 1864 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:21:23.0665 1864 FltMgr - ok
14:21:23.0725 1864 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:21:23.0745 1864 FontCache - ok
14:21:23.0845 1864 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:21:23.0855 1864 FontCache3.0.0.0 - ok
14:21:23.0915 1864 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:21:23.0955 1864 FsDepends - ok
14:21:23.0995 1864 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:21:24.0035 1864 Fs_Rec - ok
14:21:24.0065 1864 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:21:24.0135 1864 fvevol - ok
14:21:24.0165 1864 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
14:21:24.0285 1864 gagp30kx - ok
14:21:24.0355 1864 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:21:24.0355 1864 GEARAspiWDM - ok
14:21:24.0435 1864 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:21:24.0455 1864 gpsvc - ok
14:21:24.0515 1864 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:21:24.0525 1864 hcw85cir - ok
14:21:24.0605 1864 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:21:24.0615 1864 HdAudAddService - ok
14:21:24.0655 1864 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:21:24.0655 1864 HDAudBus - ok
14:21:24.0725 1864 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
14:21:24.0805 1864 HidBatt - ok
14:21:24.0855 1864 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
14:21:24.0895 1864 HidBth - ok
14:21:24.0955 1864 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
14:21:25.0025 1864 HidIr - ok
14:21:25.0095 1864 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
14:21:25.0095 1864 hidserv - ok
14:21:25.0185 1864 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:21:25.0225 1864 HidUsb - ok
14:21:25.0305 1864 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:21:25.0315 1864 hkmsvc - ok
14:21:25.0365 1864 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:21:25.0375 1864 HomeGroupListener - ok
14:21:25.0435 1864 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:21:25.0445 1864 HomeGroupProvider - ok
14:21:25.0545 1864 HP Health Check Service (45a12cacb97b4f15858fcfd59355a1e9) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
14:21:25.0545 1864 HP Health Check Service - ok
14:21:25.0655 1864 HPAuto (7b8c1b09c11e8db7c4480abd7d17e821) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
14:21:25.0685 1864 HPAuto - ok
14:21:25.0745 1864 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
14:21:25.0755 1864 HPClientSvc - ok
14:21:25.0875 1864 hpCMSrv (c5d2f308e1c12a5c328ef549696dbc05) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
14:21:25.0895 1864 hpCMSrv - ok
14:21:25.0966 1864 HPDrvMntSvc.exe (d17f9e527f01770bd04a9223bc40ec22) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
14:21:25.0966 1864 HPDrvMntSvc.exe - ok
14:21:26.0066 1864 hpqwmiex (0955c23c041451fb4e7099d6b2cf1c06) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
14:21:26.0076 1864 hpqwmiex - ok
14:21:26.0176 1864 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:21:26.0186 1864 HpSAMD - ok
14:21:26.0266 1864 HPWMISVC (171000873eb522e5ea3dd4c4e0b689b2) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
14:21:26.0276 1864 HPWMISVC - ok
14:21:26.0386 1864 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:21:26.0436 1864 HTTP - ok
14:21:26.0476 1864 hwinterfacex64 (7b481d27abff689de7ed6f556def4421) C:\Windows\system32\Drivers\hwinterfacex64.sys
14:21:26.0516 1864 hwinterfacex64 - ok
14:21:26.0596 1864 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:21:26.0636 1864 hwpolicy - ok
14:21:26.0686 1864 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:21:26.0726 1864 i8042prt - ok
14:21:26.0796 1864 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:21:26.0846 1864 iaStorV - ok
14:21:26.0986 1864 IconMan_R (3a0ff117b4adc5abe4d968e26a337158) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
14:21:27.0016 1864 IconMan_R - ok
14:21:27.0126 1864 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:21:27.0146 1864 idsvc - ok
14:21:27.0226 1864 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
14:21:27.0226 1864 iirsp - ok
14:21:27.0296 1864 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:21:27.0316 1864 IKEEXT - ok
14:21:27.0396 1864 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:21:27.0406 1864 intelide - ok
14:21:27.0456 1864 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
14:21:27.0496 1864 intelppm - ok
14:21:27.0536 1864 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:21:27.0566 1864 IPBusEnum - ok
14:21:27.0646 1864 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:21:27.0656 1864 IpFilterDriver - ok
14:21:27.0736 1864 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:21:27.0746 1864 iphlpsvc - ok
14:21:27.0826 1864 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:21:27.0836 1864 IPMIDRV - ok
14:21:27.0896 1864 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:21:27.0946 1864 IPNAT - ok
14:21:28.0066 1864 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
14:21:28.0086 1864 iPod Service - ok
14:21:28.0186 1864 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:21:28.0196 1864 IRENUM - ok
14:21:28.0226 1864 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:21:28.0256 1864 isapnp - ok
14:21:28.0296 1864 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:21:28.0346 1864 iScsiPrt - ok
14:21:28.0436 1864 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
14:21:28.0436 1864 kbdclass - ok
14:21:28.0466 1864 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
14:21:28.0466 1864 kbdhid - ok
14:21:28.0506 1864 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:21:28.0506 1864 KeyIso - ok
14:21:28.0536 1864 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:21:28.0556 1864 KSecDD - ok
14:21:28.0636 1864 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:21:28.0676 1864 KSecPkg - ok
14:21:28.0726 1864 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:21:28.0766 1864 ksthunk - ok
14:21:28.0816 1864 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:21:28.0856 1864 KtmRm - ok
14:21:28.0956 1864 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
14:21:28.0966 1864 LanmanServer - ok
14:21:29.0006 1864 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:21:29.0016 1864 LanmanWorkstation - ok
14:21:29.0086 1864 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:21:29.0126 1864 lltdio - ok
14:21:29.0216 1864 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:21:29.0226 1864 lltdsvc - ok
14:21:29.0256 1864 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:21:29.0256 1864 lmhosts - ok
14:21:29.0316 1864 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
14:21:29.0356 1864 LSI_FC - ok
14:21:29.0436 1864 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
14:21:29.0476 1864 LSI_SAS - ok
14:21:29.0526 1864 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
14:21:29.0566 1864 LSI_SAS2 - ok
14:21:29.0616 1864 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
14:21:29.0656 1864 LSI_SCSI - ok
14:21:29.0736 1864 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:21:29.0746 1864 luafv - ok
14:21:29.0806 1864 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
14:21:29.0846 1864 MBAMProtector - ok
14:21:29.0916 1864 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:21:29.0926 1864 MBAMService - ok
14:21:30.0046 1864 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:21:30.0056 1864 Mcx2Svc - ok
14:21:30.0096 1864 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
14:21:30.0186 1864 megasas - ok
14:21:30.0226 1864 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
14:21:30.0276 1864 MegaSR - ok
14:21:30.0366 1864 MemeoBackgroundService (b7c1ba9b0256b66411f09d705117ae66) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
14:21:30.0406 1864 MemeoBackgroundService - ok
14:21:30.0486 1864 Microsoft SharePoint Workspace Audit Service - ok
14:21:30.0566 1864 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:21:30.0566 1864 MMCSS - ok
14:21:30.0616 1864 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:21:30.0626 1864 Modem - ok
14:21:30.0646 1864 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:21:30.0686 1864 monitor - ok
14:21:30.0726 1864 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:21:30.0746 1864 mouclass - ok
14:21:30.0836 1864 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:21:30.0846 1864 mouhid - ok
14:21:30.0876 1864 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:21:30.0926 1864 mountmgr - ok
14:21:30.0957 1864 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:21:30.0967 1864 mpio - ok
14:21:30.0987 1864 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:21:31.0027 1864 mpsdrv - ok
14:21:31.0067 1864 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:21:31.0087 1864 MpsSvc - ok
14:21:31.0177 1864 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:21:31.0177 1864 MRxDAV - ok
14:21:31.0217 1864 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:21:31.0227 1864 mrxsmb - ok
14:21:31.0247 1864 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:21:31.0327 1864 mrxsmb10 - ok
14:21:31.0347 1864 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:21:31.0387 1864 mrxsmb20 - ok
14:21:31.0467 1864 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:21:31.0507 1864 msahci - ok
14:21:31.0547 1864 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:21:31.0587 1864 msdsm - ok
14:21:31.0637 1864 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:21:31.0637 1864 MSDTC - ok
14:21:31.0717 1864 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:21:31.0727 1864 Msfs - ok
14:21:31.0767 1864 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:21:31.0767 1864 mshidkmdf - ok
14:21:31.0817 1864 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:21:31.0857 1864 msisadrv - ok
14:21:31.0897 1864 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:21:31.0927 1864 MSiSCSI - ok
14:21:31.0997 1864 msiserver - ok
14:21:32.0047 1864 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:21:32.0077 1864 MSKSSRV - ok
14:21:32.0107 1864 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:21:32.0107 1864 MSPCLOCK - ok
14:21:32.0127 1864 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:21:32.0167 1864 MSPQM - ok
14:21:32.0197 1864 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:21:32.0207 1864 MsRPC - ok
14:21:32.0247 1864 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:21:32.0247 1864 mssmbios - ok
14:21:32.0317 1864 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:21:32.0327 1864 MSTEE - ok
14:21:32.0347 1864 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
14:21:32.0357 1864 MTConfig - ok
14:21:32.0387 1864 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:21:32.0427 1864 Mup - ok
14:21:32.0557 1864 MySQL - ok
14:21:32.0717 1864 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:21:32.0737 1864 napagent - ok
14:21:32.0837 1864 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:21:32.0917 1864 NativeWifiP - ok
14:21:33.0017 1864 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:21:33.0027 1864 NDIS - ok
14:21:33.0067 1864 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:21:33.0107 1864 NdisCap - ok
14:21:33.0137 1864 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:21:33.0147 1864 NdisTapi - ok
14:21:33.0157 1864 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:21:33.0157 1864 Ndisuio - ok
14:21:33.0177 1864 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:21:33.0217 1864 NdisWan - ok
14:21:33.0237 1864 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:21:33.0317 1864 NDProxy - ok
14:21:33.0357 1864 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:21:33.0397 1864 NetBIOS - ok
14:21:33.0427 1864 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:21:33.0467 1864 NetBT - ok
14:21:33.0507 1864 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:21:33.0507 1864 Netlogon - ok
14:21:33.0557 1864 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:21:33.0567 1864 Netman - ok
14:21:33.0647 1864 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:21:33.0657 1864 netprofm - ok
14:21:33.0767 1864 netr28x (8b5d2d7cb0ef5b1967860b8ab742a46c) C:\Windows\system32\DRIVERS\netr28x.sys
14:21:33.0817 1864 netr28x - ok
14:21:33.0917 1864 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:21:33.0917 1864 NetTcpPortSharing - ok
14:21:33.0998 1864 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
14:21:34.0088 1864 nfrd960 - ok
14:21:34.0318 1864 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:21:34.0328 1864 NlaSvc - ok
14:21:34.0408 1864 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:21:34.0458 1864 Npfs - ok
14:21:34.0518 1864 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:21:34.0528 1864 nsi - ok
14:21:34.0538 1864 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:21:34.0568 1864 nsiproxy - ok
14:21:34.0658 1864 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:21:34.0718 1864 Ntfs - ok
14:21:34.0768 1864 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:21:34.0808 1864 Null - ok
14:21:34.0878 1864 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
14:21:34.0928 1864 NVENETFD - ok
14:21:34.0978 1864 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:21:35.0018 1864 nvraid - ok
14:21:35.0058 1864 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:21:35.0148 1864 nvstor - ok
14:21:35.0208 1864 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:21:35.0258 1864 nv_agp - ok
14:21:35.0308 1864 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:21:35.0348 1864 ohci1394 - ok
14:21:35.0448 1864 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:21:35.0458 1864 ose - ok
14:21:35.0688 1864 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:21:35.0848 1864 osppsvc - ok
14:21:35.0948 1864 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:21:35.0958 1864 p2pimsvc - ok
14:21:35.0998 1864 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:21:36.0008 1864 p2psvc - ok
14:21:36.0048 1864 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
14:21:36.0088 1864 Parport - ok
14:21:36.0158 1864 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:21:36.0198 1864 partmgr - ok
14:21:36.0208 1864 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:21:36.0218 1864 PcaSvc - ok
14:21:36.0248 1864 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:21:36.0258 1864 pci - ok
14:21:36.0288 1864 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:21:36.0328 1864 pciide - ok
14:21:36.0378 1864 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
14:21:36.0418 1864 pcmcia - ok
14:21:36.0498 1864 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:21:36.0548 1864 pcw - ok
14:21:36.0568 1864 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:21:36.0618 1864 PEAUTH - ok
14:21:36.0688 1864 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:21:36.0698 1864 PerfHost - ok
14:21:36.0828 1864 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:21:36.0848 1864 pla - ok
14:21:36.0908 1864 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:21:36.0918 1864 PlugPlay - ok
14:21:36.0998 1864 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:21:36.0998 1864 PNRPAutoReg - ok
14:21:37.0018 1864 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:21:37.0028 1864 PNRPsvc - ok
14:21:37.0078 1864 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:21:37.0098 1864 PolicyAgent - ok
14:21:37.0128 1864 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:21:37.0138 1864 Power - ok
14:21:37.0228 1864 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:21:37.0338 1864 PptpMiniport - ok
14:21:37.0378 1864 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
14:21:37.0418 1864 Processor - ok
14:21:37.0458 1864 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:21:37.0468 1864 ProfSvc - ok
14:21:37.0508 1864 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:21:37.0508 1864 ProtectedStorage - ok
14:21:37.0608 1864 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:21:37.0608 1864 Psched - ok
14:21:37.0698 1864 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
14:21:37.0728 1864 ql2300 - ok
14:21:37.0808 1864 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
14:21:37.0808 1864 ql40xx - ok
14:21:37.0848 1864 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:21:37.0858 1864 QWAVE - ok
14:21:37.0908 1864 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:21:37.0948 1864 QWAVEdrv - ok
14:21:37.0958 1864 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:21:37.0998 1864 RasAcd - ok
14:21:38.0088 1864 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:21:38.0088 1864 RasAgileVpn - ok
14:21:38.0128 1864 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:21:38.0138 1864 RasAuto - ok
14:21:38.0148 1864 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:21:38.0238 1864 Rasl2tp - ok
14:21:38.0278 1864 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:21:38.0288 1864 RasMan - ok
14:21:38.0378 1864 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:21:38.0378 1864 RasPppoe - ok
14:21:38.0408 1864 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:21:38.0448 1864 RasSstp - ok
14:21:38.0468 1864 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:21:38.0498 1864 rdbss - ok
14:21:38.0528 1864 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
14:21:38.0608 1864 rdpbus - ok
14:21:38.0688 1864 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:21:38.0688 1864 RDPCDD - ok
14:21:38.0708 1864 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:21:38.0718 1864 RDPENCDD - ok
14:21:38.0738 1864 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:21:38.0738 1864 RDPREFMP - ok
14:21:38.0788 1864 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
14:21:38.0828 1864 RDPWD - ok
14:21:38.0878 1864 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:21:38.0878 1864 rdyboost - ok
14:21:38.0978 1864 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:21:38.0988 1864 RemoteAccess - ok
14:21:39.0028 1864 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:21:39.0038 1864 RemoteRegistry - ok
14:21:39.0158 1864 RichVideo64 (0b169fe016039571ecc6db70073f8979) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
14:21:39.0168 1864 RichVideo64 - ok
14:21:39.0278 1864 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
14:21:39.0308 1864 RoxioNow Service - ok
14:21:39.0378 1864 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:21:39.0388 1864 RpcEptMapper - ok
14:21:39.0428 1864 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:21:39.0438 1864 RpcLocator - ok
14:21:39.0458 1864 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:21:39.0468 1864 RpcSs - ok
14:21:39.0538 1864 RSPCIESTOR (cfdfd15d2d26bb50b6f4bf2d4fe6fa70) C:\Windows\system32\DRIVERS\RtsPStor.sys
14:21:39.0598 1864 RSPCIESTOR - ok
14:21:39.0668 1864 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:21:39.0708 1864 rspndr - ok
14:21:39.0758 1864 RTL8167 (e50cfb92986dcab49de93788fd695813) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:21:39.0768 1864 RTL8167 - ok
14:21:39.0808 1864 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:21:39.0808 1864 SamSs - ok
14:21:39.0898 1864 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:21:39.0938 1864 sbp2port - ok
14:21:39.0989 1864 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:21:39.0999 1864 SCardSvr - ok
14:21:40.0029 1864 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:21:40.0059 1864 scfilter - ok
14:21:40.0099 1864 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:21:40.0119 1864 Schedule - ok
14:21:40.0189 1864 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:21:40.0189 1864 SCPolicySvc - ok
14:21:40.0259 1864 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
14:21:40.0259 1864 sdbus - ok
14:21:40.0299 1864 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:21:40.0299 1864 SDRSVC - ok
14:21:40.0379 1864 SeagateDashboardService (16b44d246835eac156f8daf0aa4f530c) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
14:21:40.0379 1864 SeagateDashboardService - ok
14:21:40.0489 1864 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:21:40.0529 1864 secdrv - ok
14:21:40.0569 1864 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:21:40.0569 1864 seclogon - ok
14:21:40.0609 1864 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:21:40.0609 1864 SENS - ok
14:21:40.0689 1864 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:21:40.0699 1864 SensrSvc - ok
14:21:40.0749 1864 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
14:21:40.0779 1864 Serenum - ok
14:21:40.0809 1864 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
14:21:40.0949 1864 Serial - ok
14:21:40.0989 1864 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
14:21:41.0029 1864 sermouse - ok
14:21:41.0129 1864 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:21:41.0139 1864 SessionEnv - ok
14:21:41.0189 1864 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:21:41.0239 1864 sffdisk - ok
14:21:41.0259 1864 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:21:41.0299 1864 sffp_mmc - ok
14:21:41.0319 1864 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:21:41.0319 1864 sffp_sd - ok
14:21:41.0399 1864 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
14:21:41.0439 1864 sfloppy - ok
14:21:41.0489 1864 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:21:41.0499 1864 SharedAccess - ok
14:21:41.0539 1864 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:21:41.0549 1864 ShellHWDetection - ok
14:21:41.0649 1864 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
14:21:41.0729 1864 SiSRaid2 - ok
14:21:41.0769 1864 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
14:21:41.0809 1864 SiSRaid4 - ok
14:21:41.0859 1864 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:21:41.0859 1864 Smb - ok
14:21:41.0980 1864 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:21:41.0980 1864 SNMPTRAP - ok
14:21:42.0010 1864 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:21:42.0050 1864 spldr - ok
14:21:42.0080 1864 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:21:42.0100 1864 Spooler - ok
14:21:42.0200 1864 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:21:42.0250 1864 sppsvc - ok
14:21:42.0320 1864 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:21:42.0330 1864 sppuinotify - ok
14:21:42.0370 1864 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:21:42.0460 1864 srv - ok
14:21:42.0490 1864 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:21:42.0530 1864 srv2 - ok
14:21:42.0630 1864 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
14:21:42.0640 1864 SrvHsfHDA - ok
14:21:42.0700 1864 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
14:21:42.0760 1864 SrvHsfV92 - ok
14:21:42.0860 1864 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
14:21:43.0390 1864 SrvHsfWinac - ok
14:21:43.0490 1864 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:21:43.0500 1864 srvnet - ok
14:21:43.0920 1864 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:21:43.0930 1864 SSDPSRV - ok
14:21:44.0020 1864 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:21:44.0030 1864 SstpSvc - ok
14:21:44.0080 1864 ssudmdm (ad42ca614e086bcadbd53fffc404ac24) C:\Windows\system32\DRIVERS\ssudmdm.sys
14:21:44.0120 1864 ssudmdm - ok
14:21:44.0240 1864 STacSV (a6b2ec3a2b6ad7c3f7b2f3495cade4c0) C:\Program Files\IDT\WDM\STacSV64.exe
14:21:44.0250 1864 STacSV - ok
14:21:44.0340 1864 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
14:21:44.0350 1864 stexstor - ok
14:21:44.0390 1864 STHDA (eba98394a7d58f7552c52192bd8fa7e6) C:\Windows\system32\DRIVERS\stwrt64.sys
14:21:44.0480 1864 STHDA - ok
14:21:44.0580 1864 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:21:44.0590 1864 stisvc - ok
14:21:44.0650 1864 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:21:44.0690 1864 swenum - ok
14:21:44.0820 1864 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
14:21:44.0840 1864 SwitchBoard - ok
14:21:44.0930 1864 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:21:44.0940 1864 swprv - ok
14:21:45.0020 1864 SynTP (ac3cc98b1bdb6540021d3ffb105ac2b9) C:\Windows\system32\DRIVERS\SynTP.sys
14:21:45.0070 1864 SynTP - ok
14:21:45.0190 1864 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:21:45.0220 1864 SysMain - ok
14:21:45.0240 1864 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:21:45.0240 1864 TabletInputService - ok
14:21:45.0270 1864 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:21:45.0280 1864 TapiSrv - ok
14:21:45.0350 1864 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:21:45.0360 1864 TBS - ok
14:21:45.0450 1864 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:21:45.0480 1864 Tcpip - ok
14:21:45.0630 1864 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:21:45.0650 1864 TCPIP6 - ok
14:21:45.0700 1864 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:21:45.0720 1864 tcpipreg - ok
14:21:45.0790 1864 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:21:45.0830 1864 TDPIPE - ok
14:21:45.0860 1864 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:21:45.0880 1864 TDTCP - ok
14:21:45.0900 1864 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:21:45.0940 1864 tdx - ok
14:21:46.0000 1864 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:21:46.0040 1864 TermDD - ok
14:21:46.0120 1864 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:21:46.0140 1864 TermService - ok
14:21:46.0160 1864 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:21:46.0160 1864 Themes - ok
14:21:46.0200 1864 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:21:46.0200 1864 THREADORDER - ok
14:21:46.0220 1864 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:21:46.0230 1864 TrkWks - ok
14:21:46.0310 1864 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:21:46.0320 1864 TrustedInstaller - ok
14:21:46.0380 1864 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:21:46.0390 1864 tssecsrv - ok
14:21:46.0440 1864 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:21:46.0520 1864 TsUsbFlt - ok
14:21:46.0550 1864 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
14:21:46.0560 1864 TsUsbGD - ok
14:21:46.0630 1864 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:21:46.0670 1864 tunnel - ok
14:21:46.0750 1864 TVService (6698580e36e45d16592696fcf1e5f60e) C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\TVService.exe
14:21:46.0760 1864 TVService - ok
14:21:46.0860 1864 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
14:21:46.0900 1864 uagp35 - ok
14:21:46.0930 1864 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:21:46.0940 1864 udfs - ok
14:21:46.0991 1864 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:21:47.0001 1864 UI0Detect - ok
14:21:47.0101 1864 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:21:47.0141 1864 uliagpkx - ok
14:21:47.0191 1864 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:21:47.0231 1864 umbus - ok
14:21:47.0261 1864 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
14:21:47.0291 1864 UmPass - ok
14:21:47.0331 1864 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:21:47.0351 1864 upnphost - ok
14:21:47.0451 1864 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
14:21:47.0451 1864 USBAAPL64 - ok
14:21:47.0481 1864 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:21:47.0521 1864 usbccgp - ok
14:21:47.0551 1864 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:21:47.0551 1864 usbcir - ok
14:21:47.0581 1864 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:21:47.0621 1864 usbehci - ok
14:21:47.0711 1864 usbfilter (76e2ffad301490ba27b947c6507752fb) C:\Windows\system32\DRIVERS\usbfilter.sys
14:21:47.0751 1864 usbfilter - ok
14:21:47.0791 1864 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:21:47.0831 1864 usbhub - ok
14:21:47.0861 1864 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
14:21:47.0891 1864 usbohci - ok
14:21:47.0933 1864 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
14:21:47.0973 1864 usbprint - ok
14:21:48.0053 1864 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:21:48.0133 1864 USBSTOR - ok
14:21:48.0173 1864 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:21:48.0173 1864 usbuhci - ok
14:21:48.0223 1864 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
14:21:48.0263 1864 usbvideo - ok
14:21:48.0303 1864 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:21:48.0303 1864 UxSms - ok
14:21:48.0383 1864 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:21:48.0383 1864 VaultSvc - ok
14:21:48.0453 1864 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
14:21:48.0493 1864 VClone - ok
14:21:48.0523 1864 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:21:48.0603 1864 vdrvroot - ok
14:21:48.0683 1864 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:21:48.0693 1864 vds - ok
14:21:48.0743 1864 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:21:48.0743 1864 vga - ok
14:21:48.0793 1864 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:21:48.0833 1864 VgaSave - ok
14:21:48.0863 1864 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:21:48.0923 1864 vhdmp - ok
14:21:49.0083 1864 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:21:49.0183 1864 viaide - ok
14:21:49.0223 1864 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:21:49.0293 1864 volmgr - ok
14:21:49.0363 1864 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:21:49.0373 1864 volmgrx - ok
14:21:49.0413 1864 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:21:49.0473 1864 volsnap - ok
14:21:49.0543 1864 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
14:21:49.0593 1864 vsmraid - ok
14:21:49.0693 1864 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:21:49.0723 1864 VSS - ok
14:21:49.0773 1864 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:21:49.0833 1864 vwifibus - ok
14:21:49.0913 1864 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:21:49.0923 1864 vwififlt - ok
14:21:49.0953 1864 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
14:21:49.0983 1864 vwifimp - ok
14:21:50.0033 1864 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:21:50.0043 1864 W32Time - ok
14:21:50.0113 1864 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
14:21:50.0113 1864 WacomPen - ok
14:21:50.0213 1864 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:21:50.0253 1864 WANARP - ok
14:21:50.0263 1864 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:21:50.0263 1864 Wanarpv6 - ok
14:21:50.0343 1864 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:21:50.0363 1864 WatAdminSvc - ok
14:21:50.0483 1864 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:21:50.0503 1864 wbengine - ok
14:21:50.0523 1864 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:21:50.0533 1864 WbioSrvc - ok
14:21:50.0553 1864 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:21:50.0563 1864 wcncsvc - ok
14:21:50.0583 1864 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:21:50.0593 1864 WcsPlugInService - ok
14:21:50.0673 1864 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
14:21:50.0683 1864 Wd - ok
14:21:50.0713 1864 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:21:50.0723 1864 Wdf01000 - ok
14:21:50.0773 1864 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:21:50.0773 1864 WdiServiceHost - ok
14:21:50.0783 1864 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:21:50.0783 1864 WdiSystemHost - ok
14:21:50.0823 1864 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:21:50.0833 1864 WebClient - ok
14:21:50.0903 1864 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:21:50.0913 1864 Wecsvc - ok
14:21:50.0933 1864 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:21:50.0943 1864 wercplsupport - ok
14:21:50.0984 1864 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:21:50.0994 1864 WerSvc - ok
14:21:51.0064 1864 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:21:51.0104 1864 WfpLwf - ok
14:21:51.0154 1864 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:21:51.0194 1864 WIMMount - ok
14:21:51.0214 1864 WinDefend - ok
14:21:51.0234 1864 WinHttpAutoProxySvc - ok
14:21:51.0304 1864 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:21:51.0324 1864 Winmgmt - ok
14:21:51.0414 1864 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:21:51.0444 1864 WinRM - ok
14:21:51.0564 1864 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:21:51.0564 1864 WinUsb - ok
14:21:51.0624 1864 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:21:51.0644 1864 Wlansvc - ok
14:21:51.0734 1864 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:21:51.0734 1864 wlcrasvc - ok
14:21:51.0834 1864 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:21:51.0864 1864 wlidsvc - ok
14:21:51.0954 1864 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:21:51.0994 1864 WmiAcpi - ok
14:21:52.0064 1864 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:21:52.0074 1864 wmiApSrv - ok
14:21:52.0114 1864 WMPNetworkSvc - ok
14:21:52.0184 1864 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:21:52.0194 1864 WPCSvc - ok
14:21:52.0204 1864 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:21:52.0214 1864 WPDBusEnum - ok
14:21:52.0264 1864 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:21:52.0304 1864 ws2ifsl - ok
14:21:52.0334 1864 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
14:21:52.0344 1864 wscsvc - ok
14:21:52.0354 1864 WSearch - ok
14:21:52.0444 1864 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:21:52.0484 1864 wuauserv - ok
14:21:52.0564 1864 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:21:52.0614 1864 WudfPf - ok
14:21:52.0634 1864 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:21:52.0644 1864 WUDFRd - ok
14:21:52.0684 1864 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:21:52.0684 1864 wudfsvc - ok
14:21:52.0704 1864 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:21:52.0724 1864 WwanSvc - ok
14:21:52.0784 1864 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:21:52.0854 1864 \Device\Harddisk0\DR0 - ok
14:21:52.0864 1864 Boot (0x1200) (1ba4108c1acbdac027b98a5874f4f17b) \Device\Harddisk0\DR0\Partition0
14:21:52.0864 1864 \Device\Harddisk0\DR0\Partition0 - ok
14:21:52.0884 1864 Boot (0x1200) (5fc585f549b6f82027bef76e73d28840) \Device\Harddisk0\DR0\Partition1
14:21:52.0884 1864 \Device\Harddisk0\DR0\Partition1 - ok
14:21:52.0924 1864 Boot (0x1200) (1cdcc0011efd12d1effd2ce840134717) \Device\Harddisk0\DR0\Partition2
14:21:52.0924 1864 \Device\Harddisk0\DR0\Partition2 - ok
14:21:52.0944 1864 Boot (0x1200) (84161f182db810ceed4ebae192103607) \Device\Harddisk0\DR0\Partition3
14:21:52.0954 1864 \Device\Harddisk0\DR0\Partition3 - ok
14:21:52.0954 1864 ============================================================
14:21:52.0954 1864 Scan finished
14:21:52.0954 1864 ============================================================
14:21:52.0974 4916 Detected object count: 0
14:21:52.0974 4916 Actual detected object count: 0
14:22:04.0356 1336 ============================================================
14:22:04.0356 1336 Scan started
14:22:04.0356 1336 Mode: Manual; TDLFS;
14:22:04.0356 1336 ============================================================
14:22:04.0776 1336 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:22:04.0776 1336 1394ohci - ok
14:22:04.0816 1336 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:22:04.0816 1336 ACPI - ok
14:22:04.0846 1336 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:22:04.0846 1336 AcpiPmi - ok
14:22:04.0966 1336 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:22:04.0966 1336 AdobeARMservice - ok
14:22:05.0056 1336 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
14:22:05.0056 1336 adp94xx - ok
14:22:05.0126 1336 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
14:22:05.0126 1336 adpahci - ok
14:22:05.0166 1336 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
14:22:05.0166 1336 adpu320 - ok
14:22:05.0246 1336 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:22:05.0246 1336 AeLookupSvc - ok
14:22:05.0316 1336 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:22:05.0316 1336 AFD - ok
14:22:05.0366 1336 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:22:05.0366 1336 agp440 - ok
14:22:05.0436 1336 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:22:05.0436 1336 ALG - ok
14:22:05.0476 1336 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:22:05.0476 1336 aliide - ok
14:22:05.0596 1336 ALSysIO - ok
14:22:05.0676 1336 AMD External Events Utility (850f0c8034225fa3f50d551a905fa503) C:\Windows\system32\atiesrxx.exe
14:22:05.0676 1336 AMD External Events Utility - ok
14:22:05.0756 1336 AMD FUEL Service - ok
14:22:05.0816 1336 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:22:05.0816 1336 amdide - ok
14:22:05.0856 1336 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
14:22:05.0856 1336 amdiox64 - ok
14:22:05.0886 1336 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
14:22:05.0886 1336 AmdK8 - ok
14:22:06.0126 1336 amdkmdag (7979bf4a66efdadf3d00a052409609b1) C:\Windows\system32\DRIVERS\atikmdag.sys
14:22:06.0216 1336 amdkmdag - ok
14:22:06.0566 1336 amdkmdap (7d5cdb0161e91951d3dd99e55cea4d01) C:\Windows\system32\DRIVERS\atikmpag.sys
14:22:06.0566 1336 amdkmdap - ok
14:22:06.0646 1336 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:22:06.0656 1336 AmdPPM - ok
14:22:06.0686 1336 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:22:06.0696 1336 amdsata - ok
14:22:06.0736 1336 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
14:22:06.0736 1336 amdsbs - ok
14:22:06.0766 1336 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:22:06.0766 1336 amdxata - ok
14:22:06.0836 1336 amd_sata (f9d46b6b322708bd5afcc8767ebdc901) C:\Windows\system32\DRIVERS\amd_sata.sys
14:22:06.0846 1336 amd_sata - ok
14:22:06.0866 1336 amd_xata (329cc9c7e20deebcd4cd10816193ef14) C:\Windows\system32\DRIVERS\amd_xata.sys
14:22:06.0876 1336 amd_xata - ok
14:22:06.0916 1336 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:22:06.0916 1336 AppID - ok
14:22:06.0937 1336 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:22:06.0947 1336 AppIDSvc - ok
14:22:06.0997 1336 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:22:06.0997 1336 Appinfo - ok
14:22:07.0087 1336 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:22:07.0087 1336 Apple Mobile Device - ok
14:22:07.0177 1336 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
14:22:07.0177 1336 arc - ok
14:22:07.0197 1336 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
14:22:07.0197 1336 arcsas - ok
14:22:07.0217 1336 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:22:07.0217 1336 AsyncMac - ok
14:22:07.0237 1336 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:22:07.0237 1336 atapi - ok
14:22:07.0287 1336 AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys
14:22:07.0287 1336 AtiHDAudioService - ok
14:22:07.0377 1336 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
14:22:07.0377 1336 AtiHdmiService - ok
14:22:07.0417 1336 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:22:07.0427 1336 AudioEndpointBuilder - ok
14:22:07.0447 1336 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:22:07.0457 1336 AudioSrv - ok
14:22:07.0477 1336 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:22:07.0477 1336 AxInstSV - ok
14:22:07.0527 1336 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
14:22:07.0527 1336 b06bdrv - ok
14:22:07.0617 1336 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:22:07.0627 1336 b57nd60a - ok
14:22:07.0667 1336 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
14:22:07.0687 1336 BCM43XX - ok
14:22:07.0707 1336 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:22:07.0717 1336 BDESVC - ok
14:22:07.0787 1336 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:22:07.0787 1336 Beep - ok
14:22:07.0857 1336 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:22:07.0867 1336 BFE - ok
14:22:07.0927 1336 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
14:22:07.0937 1336 BITS - ok
14:22:08.0037 1336 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
14:22:08.0037 1336 blbdrive - ok
14:22:08.0127 1336 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
14:22:08.0137 1336 Bonjour Service - ok
14:22:08.0207 1336 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:22:08.0207 1336 bowser - ok
14:22:08.0247 1336 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
14:22:08.0247 1336 BrFiltLo - ok
14:22:08.0257 1336 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
14:22:08.0257 1336 BrFiltUp - ok
14:22:08.0297 1336 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:22:08.0307 1336 Browser - ok
14:22:08.0347 1336 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:22:08.0357 1336 Brserid - ok
14:22:08.0437 1336 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:22:08.0437 1336 BrSerWdm - ok
14:22:08.0467 1336 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:22:08.0477 1336 BrUsbMdm - ok
14:22:08.0497 1336 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:22:08.0497 1336 BrUsbSer - ok
14:22:08.0517 1336 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
14:22:08.0517 1336 BTHMODEM - ok
14:22:08.0557 1336 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:22:08.0557 1336 bthserv - ok
14:22:08.0647 1336 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:22:08.0647 1336 cdfs - ok
14:22:08.0677 1336 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:22:08.0687 1336 cdrom - ok
14:22:08.0707 1336 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:22:08.0707 1336 CertPropSvc - ok
14:22:08.0727 1336 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
14:22:08.0737 1336 circlass - ok
14:22:08.0777 1336 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:22:08.0777 1336 CLFS - ok
14:22:08.0877 1336 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:22:08.0877 1336 clr_optimization_v2.0.50727_32 - ok
14:22:08.0927 1336 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:22:08.0927 1336 clr_optimization_v2.0.50727_64 - ok
14:22:08.0967 1336 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:22:08.0977 1336 clr_optimization_v4.0.30319_32 - ok
14:22:09.0057 1336 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:22:09.0067 1336 clr_optimization_v4.0.30319_64 - ok
14:22:09.0127 1336 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
14:22:09.0127 1336 clwvd - ok
14:22:09.0157 1336 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
14:22:09.0157 1336 CmBatt - ok
14:22:09.0217 1336 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:22:09.0217 1336 cmdide - ok
14:22:09.0297 1336 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:22:09.0297 1336 CNG - ok
14:22:09.0337 1336 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
14:22:09.0337 1336 Compbatt - ok
14:22:09.0397 1336 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:22:09.0407 1336 CompositeBus - ok
14:22:09.0437 1336 COMSysApp - ok
14:22:09.0467 1336 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
14:22:09.0467 1336 crcdisk - ok
14:22:09.0507 1336 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:22:09.0507 1336 CryptSvc - ok
14:22:09.0587 1336 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:22:09.0597 1336 DcomLaunch - ok
14:22:09.0657 1336 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:22:09.0667 1336 defragsvc - ok
14:22:09.0717 1336 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:22:09.0717 1336 DfsC - ok
14:22:09.0787 1336 dg_ssudbus (388039f99ce8769024ee0438352aca99) C:\Windows\system32\DRIVERS\ssudbus.sys
14:22:09.0797 1336 dg_ssudbus - ok
14:22:09.0857 1336 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:22:09.0857 1336 Dhcp - ok
14:22:09.0907 1336 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:22:09.0907 1336 discache - ok
14:22:09.0958 1336 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
14:22:09.0958 1336 Disk - ok
14:22:10.0028 1336 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:22:10.0028 1336 Dnscache - ok
14:22:10.0068 1336 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:22:10.0068 1336 dot3svc - ok
14:22:10.0128 1336 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:22:10.0128 1336 DPS - ok
14:22:10.0198 1336 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:22:10.0198 1336 drmkaud - ok
14:22:10.0238 1336 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:22:10.0248 1336 DXGKrnl - ok
14:22:10.0328 1336 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys
14:22:10.0328 1336 eamonm - ok
14:22:10.0388 1336 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:22:10.0388 1336 EapHost - ok
14:22:10.0508 1336 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
14:22:10.0538 1336 ebdrv - ok
14:22:10.0618 1336 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:22:10.0618 1336 EFS - ok
14:22:10.0678 1336 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys
14:22:10.0678 1336 ehdrv - ok
14:22:10.0748 1336 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:22:10.0748 1336 ehRecvr - ok
14:22:10.0788 1336 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:22:10.0798 1336 ehSched - ok
14:22:10.0988 1336 ekrn (c7bb95cf9631aa401e4aded1648f6af7) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
14:22:10.0998 1336 ekrn - ok
14:22:11.0098 1336 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
14:22:11.0098 1336 ElbyCDIO - ok
14:22:11.0158 1336 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
14:22:11.0158 1336 elxstor - ok
14:22:11.0208 1336 epfwwfpr (2380976cf8a4a56611f35633acd2a74f) C:\Windows\system32\DRIVERS\epfwwfpr.sys
14:22:11.0208 1336 epfwwfpr - ok
14:22:11.0288 1336 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:22:11.0288 1336 ErrDev - ok
14:22:11.0338 1336 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:22:11.0348 1336 EventSystem - ok
14:22:11.0378 1336 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:22:11.0378 1336 exfat - ok
14:22:11.0398 1336 ezSharedSvc - ok
14:22:11.0408 1336 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:22:11.0418 1336 fastfat - ok
14:22:11.0488 1336 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:22:11.0498 1336 Fax - ok
14:22:11.0538 1336 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
14:22:11.0548 1336 fdc - ok
14:22:11.0578 1336 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:22:11.0578 1336 fdPHost - ok
14:22:11.0638 1336 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:22:11.0638 1336 FDResPub - ok
14:22:11.0658 1336 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:22:11.0668 1336 FileInfo - ok
14:22:11.0678 1336 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:22:11.0678 1336 Filetrace - ok
14:22:11.0698 1336 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
14:22:11.0698 1336 flpydisk - ok
14:22:11.0748 1336 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:22:11.0748 1336 FltMgr - ok
14:22:11.0818 1336 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:22:11.0828 1336 FontCache - ok
14:22:11.0918 1336 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:22:11.0918 1336 FontCache3.0.0.0 - ok
14:22:11.0978 1336 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:22:11.0978 1336 FsDepends - ok
14:22:12.0018 1336 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:22:12.0018 1336 Fs_Rec - ok
14:22:12.0038 1336 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:22:12.0038 1336 fvevol - ok
14:22:12.0068 1336 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
14:22:12.0068 1336 gagp30kx - ok
14:22:12.0108 1336 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:22:12.0108 1336 GEARAspiWDM - ok
14:22:12.0198 1336 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:22:12.0208 1336 gpsvc - ok
14:22:12.0258 1336 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:22:12.0268 1336 hcw85cir - ok
14:22:12.0298 1336 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:22:12.0298 1336 HdAudAddService - ok
14:22:12.0358 1336 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:22:12.0358 1336 HDAudBus - ok
14:22:12.0378 1336 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
14:22:12.0378 1336 HidBatt - ok
14:22:12.0448 1336 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
14:22:12.0448 1336 HidBth - ok
14:22:12.0488 1336 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
14:22:12.0488 1336 HidIr - ok
14:22:12.0548 1336 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
14:22:12.0548 1336 hidserv - ok
14:22:12.0628 1336 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:22:12.0628 1336 HidUsb - ok
14:22:12.0648 1336 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:22:12.0658 1336 hkmsvc - ok
14:22:12.0678 1336 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:22:12.0688 1336 HomeGroupListener - ok
14:22:12.0758 1336 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:22:12.0758 1336 HomeGroupProvider - ok
14:22:12.0858 1336 HP Health Check Service (45a12cacb97b4f15858fcfd59355a1e9) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
14:22:12.0858 1336 HP Health Check Service - ok
14:22:12.0958 1336 HPAuto (7b8c1b09c11e8db7c4480abd7d17e821) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
14:22:12.0968 1336 HPAuto - ok
14:22:12.0998 1336 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
14:22:13.0008 1336 HPClientSvc - ok
14:22:13.0108 1336 hpCMSrv (c5d2f308e1c12a5c328ef549696dbc05) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
14:22:13.0118 1336 hpCMSrv - ok
14:22:13.0168 1336 HPDrvMntSvc.exe (d17f9e527f01770bd04a9223bc40ec22) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
14:22:13.0168 1336 HPDrvMntSvc.exe - ok
14:22:13.0268 1336 hpqwmiex (0955c23c041451fb4e7099d6b2cf1c06) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
14:22:13.0278 1336 hpqwmiex - ok
14:22:13.0358 1336 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:22:13.0358 1336 HpSAMD - ok
14:22:13.0428 1336 HPWMISVC (171000873eb522e5ea3dd4c4e0b689b2) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
14:22:13.0428 1336 HPWMISVC - ok
14:22:13.0528 1336 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:22:13.0538 1336 HTTP - ok
14:22:13.0568 1336 hwinterfacex64 (7b481d27abff689de7ed6f556def4421) C:\Windows\system32\Drivers\hwinterfacex64.sys
14:22:13.0568 1336 hwinterfacex64 - ok
14:22:13.0588 1336 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:22:13.0588 1336 hwpolicy - ok
14:22:13.0628 1336 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:22:13.0638 1336 i8042prt - ok
14:22:13.0728 1336 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:22:13.0738 1336 iaStorV - ok
14:22:13.0858 1336 IconMan_R (3a0ff117b4adc5abe4d968e26a337158) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
14:22:13.0888 1336 IconMan_R - ok
14:22:14.0010 1336 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:22:14.0020 1336 idsvc - ok
14:22:14.0080 1336 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
14:22:14.0080 1336 iirsp - ok
14:22:14.0150 1336 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:22:14.0160 1336 IKEEXT - ok
14:22:14.0230 1336 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:22:14.0230 1336 intelide - ok
14:22:14.0290 1336 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
14:22:14.0290 1336 intelppm - ok
14:22:14.0330 1336 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:22:14.0330 1336 IPBusEnum - ok
14:22:14.0410 1336 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:22:14.0410 1336 IpFilterDriver - ok
14:22:14.0460 1336 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:22:14.0470 1336 iphlpsvc - ok
14:22:14.0510 1336 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:22:14.0510 1336 IPMIDRV - ok
14:22:14.0580 1336 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:22:14.0580 1336 IPNAT - ok
14:22:14.0690 1336 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
14:22:14.0700 1336 iPod Service - ok
14:22:14.0790 1336 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:22:14.0790 1336 IRENUM - ok
14:22:14.0820 1336 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:22:14.0820 1336 isapnp - ok
14:22:14.0860 1336 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:22:14.0860 1336 iScsiPrt - ok
14:22:14.0880 1336 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
14:22:14.0880 1336 kbdclass - ok
14:22:14.0962 1336 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
14:22:14.0962 1336 kbdhid - ok
14:22:15.0012 1336 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:22:15.0012 1336 KeyIso - ok
14:22:15.0042 1336 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:22:15.0052 1336 KSecDD - ok
14:22:15.0092 1336 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:22:15.0092 1336 KSecPkg - ok
14:22:15.0132 1336 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:22:15.0132 1336 ksthunk - ok
14:22:15.0212 1336 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:22:15.0212 1336 KtmRm - ok
14:22:15.0252 1336 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
14:22:15.0262 1336 LanmanServer - ok
14:22:15.0292 1336 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:22:15.0302 1336 LanmanWorkstation - ok
14:22:15.0352 1336 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:22:15.0352 1336 lltdio - ok
14:22:15.0442 1336 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:22:15.0452 1336 lltdsvc - ok
14:22:15.0462 1336 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:22:15.0462 1336 lmhosts - ok
14:22:15.0502 1336 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
14:22:15.0512 1336 LSI_FC - ok
14:22:15.0562 1336 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
14:22:15.0562 1336 LSI_SAS - ok
14:22:15.0632 1336 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
14:22:15.0642 1336 LSI_SAS2 - ok
14:22:15.0662 1336 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
14:22:15.0672 1336 LSI_SCSI - ok
14:22:15.0682 1336 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:22:15.0692 1336 luafv - ok
14:22:15.0742 1336 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
14:22:15.0742 1336 MBAMProtector - ok
14:22:15.0822 1336 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:22:15.0822 1336 MBAMService - ok
14:22:15.0902 1336 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:22:15.0912 1336 Mcx2Svc - ok
14:22:15.0962 1336 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
14:22:15.0962 1336 megasas - ok
14:22:16.0002 1336 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
14:22:16.0012 1336 MegaSR - ok
14:22:16.0072 1336 MemeoBackgroundService (b7c1ba9b0256b66411f09d705117ae66) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
14:22:16.0072 1336 MemeoBackgroundService - ok
14:22:16.0132 1336 Microsoft SharePoint Workspace Audit Service - ok
14:22:16.0212 1336 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:22:16.0212 1336 MMCSS - ok
14:22:16.0262 1336 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:22:16.0262 1336 Modem - ok
14:22:16.0272 1336 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:22:16.0282 1336 monitor - ok
14:22:16.0432 1336 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:22:16.0442 1336 mouclass - ok
14:22:16.0492 1336 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:22:16.0492 1336 mouhid - ok
14:22:16.0532 1336 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:22:16.0532 1336 mountmgr - ok
14:22:16.0572 1336 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:22:16.0572 1336 mpio - ok
14:22:16.0592 1336 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:22:16.0592 1336 mpsdrv - ok
14:22:16.0642 1336 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:22:16.0652 1336 MpsSvc - ok
14:22:16.0742 1336 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:22:16.0742 1336 MRxDAV - ok
14:22:16.0792 1336 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:22:16.0792 1336 mrxsmb - ok
14:22:16.0812 1336 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:22:16.0822 1336 mrxsmb10 - ok
14:22:16.0882 1336 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:22:16.0882 1336 mrxsmb20 - ok
14:22:16.0912 1336 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:22:16.0912 1336 msahci - ok
14:22:16.0962 1336 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:22:16.0962 1336 msdsm - ok
14:22:17.0022 1336 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:22:17.0032 1336 MSDTC - ok
14:22:17.0082 1336 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:22:17.0082 1336 Msfs - ok
14:22:17.0112 1336 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:22:17.0112 1336 mshidkmdf - ok
14:22:17.0152 1336 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:22:17.0152 1336 msisadrv - ok
14:22:17.0202 1336 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:22:17.0202 1336 MSiSCSI - ok
14:22:17.0252 1336 msiserver - ok
14:22:17.0292 1336 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:22:17.0302 1336 MSKSSRV - ok
14:22:17.0322 1336 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:22:17.0322 1336 MSPCLOCK - ok
14:22:17.0342 1336 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:22:17.0342 1336 MSPQM - ok
14:22:17.0372 1336 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:22:17.0382 1336 MsRPC - ok
14:22:17.0422 1336 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:22:17.0422 1336 mssmbios - ok
14:22:17.0472 1336 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:22:17.0472 1336 MSTEE - ok
14:22:17.0512 1336 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
14:22:17.0512 1336 MTConfig - ok
14:22:17.0522 1336 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:22:17.0522 1336 Mup - ok
14:22:17.0622 1336 MySQL - ok
14:22:17.0672 1336 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:22:17.0672 1336 napagent - ok
14:22:17.0752 1336 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:22:17.0752 1336 NativeWifiP - ok
14:22:17.0802 1336 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:22:17.0812 1336 NDIS - ok
14:22:17.0832 1336 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:22:17.0842 1336 NdisCap - ok
14:22:17.0852 1336 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:22:17.0852 1336 NdisTapi - ok
14:22:17.0872 1336 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:22:17.0872 1336 Ndisuio - ok
14:22:17.0892 1336 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:22:17.0892 1336 NdisWan - ok
14:22:17.0922 1336 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:22:17.0922 1336 NDProxy - ok
14:22:17.0982 1336 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:22:17.0982 1336 NetBIOS - ok
14:22:18.0012 1336 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:22:18.0022 1336 NetBT - ok
14:22:18.0062 1336 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:22:18.0062 1336 Netlogon - ok
14:22:18.0112 1336 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:22:18.0122 1336 Netman - ok
14:22:18.0182 1336 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:22:18.0192 1336 netprofm - ok
14:22:18.0262 1336 netr28x (8b5d2d7cb0ef5b1967860b8ab742a46c) C:\Windows\system32\DRIVERS\netr28x.sys
14:22:18.0282 1336 netr28x - ok
14:22:18.0382 1336 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:22:18.0382 1336 NetTcpPortSharing - ok
14:22:18.0462 1336 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
14:22:18.0462 1336 nfrd960 - ok
14:22:18.0522 1336 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:22:18.0532 1336 NlaSvc - ok
14:22:18.0572 1336 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:22:18.0572 1336 Npfs - ok
14:22:18.0592 1336 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:22:18.0592 1336 nsi - ok
14:22:18.0642 1336 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:22:18.0652 1336 nsiproxy - ok
14:22:18.0742 1336 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:22:18.0762 1336 Ntfs - ok
14:22:18.0822 1336 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:22:18.0822 1336 Null - ok
14:22:18.0882 1336 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
14:22:18.0882 1336 NVENETFD - ok
14:22:18.0922 1336 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:22:18.0922 1336 nvraid - ok
14:22:18.0982 1336 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:22:18.0982 1336 nvstor - ok
14:22:19.0052 1336 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:22:19.0052 1336 nv_agp - ok
14:22:19.0092 1336 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:22:19.0092 1336 ohci1394 - ok
14:22:19.0172 1336 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:22:19.0172 1336 ose - ok
14:22:19.0382 1336 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:22:19.0422 1336 osppsvc - ok
14:22:19.0532 1336 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:22:19.0532 1336 p2pimsvc - ok
14:22:19.0582 1336 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:22:19.0582 1336 p2psvc - ok
14:22:19.0632 1336 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
14:22:19.0632 1336 Parport - ok
14:22:19.0702 1336 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:22:19.0702 1336 partmgr - ok
14:22:19.0712 1336 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:22:19.0722 1336 PcaSvc - ok
14:22:19.0772 1336 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:22:19.0782 1336 pci - ok
14:22:19.0822 1336 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:22:19.0822 1336 pciide - ok
14:22:19.0882 1336 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
14:22:19.0882 1336 pcmcia - ok
14:22:19.0963 1336 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:22:19.0963 1336 pcw - ok
14:22:19.0983 1336 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:22:19.0993 1336 PEAUTH - ok
14:22:20.0063 1336 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:22:20.0063 1336 PerfHost - ok
14:22:20.0233 1336 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:22:20.0243 1336 pla - ok
14:22:20.0283 1336 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:22:20.0293 1336 PlugPlay - ok
14:22:20.0373 1336 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:22:20.0373 1336 PNRPAutoReg - ok
14:22:20.0393 1336 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:22:20.0403 1336 PNRPsvc - ok
14:22:20.0453 1336 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:22:20.0463 1336 PolicyAgent - ok
14:22:20.0493 1336 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:22:20.0503 1336 Power - ok
14:22:20.0593 1336 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:22:20.0593 1336 PptpMiniport - ok
14:22:20.0633 1336 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
14:22:20.0633 1336 Processor - ok
14:22:20.0673 1336 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:22:20.0673 1336 ProfSvc - ok
14:22:20.0723 1336 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:22:20.0723 1336 ProtectedStorage - ok
14:22:20.0803 1336 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:22:20.0803 1336 Psched - ok
14:22:20.0873 1336 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
14:22:20.0893 1336 ql2300 - ok
14:22:20.0913 1336 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
14:22:20.0923 1336 ql40xx - ok
14:22:21.0003 1336 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:22:21.0003 1336 QWAVE - ok
14:22:21.0053 1336 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:22:21.0053 1336 QWAVEdrv - ok
14:22:21.0063 1336 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:22:21.0073 1336 RasAcd - ok
14:22:21.0113 1336 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:22:21.0113 1336 RasAgileVpn - ok
14:22:21.0193 1336 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:22:21.0203 1336 RasAuto - ok
14:22:21.0223 1336 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:22:21.0233 1336 Rasl2tp - ok
14:22:21.0263 1336 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:22:21.0273 1336 RasMan - ok
14:22:21.0303 1336 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:22:21.0303 1336 RasPppoe - ok
14:22:21.0323 1336 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:22:21.0323 1336 RasSstp - ok
14:22:21.0403 1336 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:22:21.0403 1336 rdbss - ok
14:22:21.0453 1336 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
14:22:21.0453 1336 rdpbus - ok
14:22:21.0463 1336 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:22:21.0463 1336 RDPCDD - ok
14:22:21.0493 1336 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:22:21.0493 1336 RDPENCDD - ok
14:22:21.0513 1336 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:22:21.0513 1336 RDPREFMP - ok
14:22:21.0563 1336 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
14:22:21.0563 1336 RDPWD - ok
14:22:21.0623 1336 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:22:21.0633 1336 rdyboost - ok
14:22:21.0673 1336 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:22:21.0673 1336 RemoteAccess - ok
14:22:21.0703 1336 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:22:21.0713 1336 RemoteRegistry - ok
14:22:21.0823 1336 RichVideo64 (0b169fe016039571ecc6db70073f8979) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
14:22:21.0833 1336 RichVideo64 - ok
14:22:21.0913 1336 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
14:22:21.0923 1336 RoxioNow Service - ok
14:22:21.0993 1336 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:22:22.0003 1336 RpcEptMapper - ok
14:22:22.0033 1336 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:22:22.0033 1336 RpcLocator - ok
14:22:22.0063 1336 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:22:22.0073 1336 RpcSs - ok
14:22:22.0133 1336 RSPCIESTOR (cfdfd15d2d26bb50b6f4bf2d4fe6fa70) C:\Windows\system32\DRIVERS\RtsPStor.sys
14:22:22.0133 1336 RSPCIESTOR - ok
14:22:22.0213 1336 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:22:22.0213 1336 rspndr - ok
14:22:22.0263 1336 RTL8167 (e50cfb92986dcab49de93788fd695813) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:22:22.0273 1336 RTL8167 - ok
14:22:22.0303 1336 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:22:22.0313 1336 SamSs - ok
14:22:22.0413 1336 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:22:22.0423 1336 sbp2port - ok
14:22:22.0453 1336 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:22:22.0463 1336 SCardSvr - ok
14:22:22.0503 1336 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:22:22.0503 1336 scfilter - ok
14:22:22.0553 1336 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:22:22.0573 1336 Schedule - ok
14:22:22.0643 1336 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:22:22.0643 1336 SCPolicySvc - ok
14:22:22.0693 1336 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
14:22:22.0693 1336 sdbus - ok
14:22:22.0733 1336 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:22:22.0733 1336 SDRSVC - ok
14:22:22.0793 1336 SeagateDashboardService (16b44d246835eac156f8daf0aa4f530c) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
14:22:22.0793 1336 SeagateDashboardService - ok
14:22:22.0873 1336 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:22:22.0873 1336 secdrv - ok
14:22:22.0913 1336 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:22:22.0913 1336 seclogon - ok
14:22:22.0933 1336 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:22:22.0933 1336 SENS - ok
14:22:22.0953 1336 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:22:22.0953 1336 SensrSvc - ok
14:22:23.0033 1336 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
14:22:23.0033 1336 Serenum - ok
14:22:23.0063 1336 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
14:22:23.0063 1336 Serial - ok
14:22:23.0103 1336 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
14:22:23.0103 1336 sermouse - ok
14:22:23.0163 1336 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:22:23.0173 1336 SessionEnv - ok
14:22:23.0263 1336 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:22:23.0263 1336 sffdisk - ok
14:22:23.0283 1336 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:22:23.0283 1336 sffp_mmc - ok
14:22:23.0303 1336 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:22:23.0313 1336 sffp_sd - ok
14:22:23.0333 1336 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
14:22:23.0343 1336 sfloppy - ok
14:22:23.0373 1336 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:22:23.0383 1336 SharedAccess - ok
14:22:23.0473 1336 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:22:23.0483 1336 ShellHWDetection - ok
14:22:23.0533 1336 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
14:22:23.0533 1336 SiSRaid2 - ok
14:22:23.0563 1336 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
14:22:23.0573 1336 SiSRaid4 - ok
14:22:23.0653 1336 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:22:23.0663 1336 Smb - ok
14:22:23.0713 1336 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:22:23.0713 1336 SNMPTRAP - ok
14:22:23.0763 1336 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:22:23.0763 1336 spldr - ok
14:22:23.0813 1336 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:22:23.0823 1336 Spooler - ok
14:22:23.0957 1336 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:22:23.0992 1336 sppsvc - ok
14:22:24.0062 1336 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:22:24.0072 1336 sppuinotify - ok
14:22:24.0122 1336 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:22:24.0122 1336 srv - ok
14:22:24.0142 1336 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:22:24.0152 1336 srv2 - ok
14:22:24.0182 1336 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
14:22:24.0192 1336 SrvHsfHDA - ok
14:22:24.0292 1336 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
14:22:24.0302 1336 SrvHsfV92 - ok
14:22:24.0342 1336 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
14:22:24.0342 1336 SrvHsfWinac - ok
14:22:24.0392 1336 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:22:24.0392 1336 srvnet - ok
14:22:24.0482 1336 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:22:24.0482 1336 SSDPSRV - ok
14:22:24.0512 1336 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:22:24.0522 1336 SstpSvc - ok
14:22:24.0562 1336 ssudmdm (ad42ca614e086bcadbd53fffc404ac24) C:\Windows\system32\DRIVERS\ssudmdm.sys
14:22:24.0562 1336 ssudmdm - ok
14:22:24.0662 1336 STacSV (a6b2ec3a2b6ad7c3f7b2f3495cade4c0) C:\Program Files\IDT\WDM\STacSV64.exe
14:22:24.0672 1336 STacSV - ok
14:22:24.0752 1336 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
14:22:24.0752 1336 stexstor - ok
14:22:24.0792 1336 STHDA (eba98394a7d58f7552c52192bd8fa7e6) C:\Windows\system32\DRIVERS\stwrt64.sys
14:22:24.0802 1336 STHDA - ok
14:22:24.0842 1336 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:22:24.0862 1336 stisvc - ok
14:22:24.0952 1336 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:22:24.0952 1336 swenum - ok
14:22:25.0062 1336 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
14:22:25.0072 1336 SwitchBoard - ok
14:22:25.0152 1336 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:22:25.0162 1336 swprv - ok
14:22:25.0222 1336 SynTP (ac3cc98b1bdb6540021d3ffb105ac2b9) C:\Windows\system32\DRIVERS\SynTP.sys
14:22:25.0232 1336 SynTP - ok
14:22:25.0302 1336 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:22:25.0322 1336 SysMain - ok
14:22:25.0402 1336 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:22:25.0412 1336 TabletInputService - ok
14:22:25.0442 1336 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:22:25.0452 1336 TapiSrv - ok
14:22:25.0472 1336 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:22:25.0482 1336 TBS - ok
14:22:25.0562 1336 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:22:25.0582 1336 Tcpip - ok
14:22:25.0662 1336 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:22:25.0682 1336 TCPIP6 - ok
14:22:25.0732 1336 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:22:25.0732 1336 tcpipreg - ok
14:22:25.0782 1336 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:22:25.0782 1336 TDPIPE - ok
14:22:25.0812 1336 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:22:25.0812 1336 TDTCP - ok
14:22:25.0832 1336 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:22:25.0832 1336 tdx - ok
14:22:25.0872 1336 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:22:25.0872 1336 TermDD - ok
14:22:25.0952 1336 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:22:25.0962 1336 TermService - ok
14:22:25.0983 1336 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:22:25.0983 1336 Themes - ok
14:22:26.0023 1336 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:22:26.0033 1336 THREADORDER - ok
14:22:26.0043 1336 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:22:26.0053 1336 TrkWks - ok
14:22:26.0123 1336 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:22:26.0123 1336 TrustedInstaller - ok
14:22:26.0193 1336 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:22:26.0193 1336 tssecsrv - ok
14:22:26.0213 1336 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:22:26.0213 1336 TsUsbFlt - ok
14:22:26.0253 1336 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
14:22:26.0253 1336 TsUsbGD - ok
14:22:26.0303 1336 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:22:26.0303 1336 tunnel - ok
14:22:26.0383 1336 TVService (6698580e36e45d16592696fcf1e5f60e) C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\TVService.exe
14:22:26.0393 1336 TVService - ok
14:22:26.0453 1336 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
14:22:26.0453 1336 uagp35 - ok
14:22:26.0513 1336 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:22:26.0513 1336 udfs - ok
14:22:26.0573 1336 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:22:26.0573 1336 UI0Detect - ok
14:22:26.0633 1336 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:22:26.0633 1336 uliagpkx - ok
14:22:26.0673 1336 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:22:26.0673 1336 umbus - ok
14:22:26.0733 1336 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
14:22:26.0733 1336 UmPass - ok
14:22:26.0773 1336 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:22:26.0773 1336 upnphost - ok
14:22:26.0843 1336 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
14:22:26.0843 1336 USBAAPL64 - ok
14:22:26.0893 1336 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:22:26.0893 1336 usbccgp - ok
14:22:26.0923 1336 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:22:26.0933 1336 usbcir - ok
14:22:26.0983 1336 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:22:26.0983 1336 usbehci - ok
14:22:27.0024 1336 usbfilter (76e2ffad301490ba27b947c6507752fb) C:\Windows\system32\DRIVERS\usbfilter.sys
14:22:27.0024 1336 usbfilter - ok
14:22:27.0074 1336 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:22:27.0084 1336 usbhub - ok
14:22:27.0134 1336 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
14:22:27.0134 1336 usbohci - ok
14:22:27.0164 1336 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
14:22:27.0164 1336 usbprint - ok
14:22:27.0214 1336 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:22:27.0214 1336 USBSTOR - ok
14:22:27.0274 1336 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:22:27.0274 1336 usbuhci - ok
14:22:27.0344 1336 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
14:22:27.0344 1336 usbvideo - ok
14:22:27.0374 1336 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:22:27.0384 1336 UxSms - ok
14:22:27.0454 1336 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:22:27.0454 1336 VaultSvc - ok
14:22:27.0524 1336 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
14:22:27.0524 1336 VClone - ok
14:22:27.0554 1336 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:22:27.0554 1336 vdrvroot - ok
14:22:27.0634 1336 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:22:27.0644 1336 vds - ok
14:22:27.0724 1336 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:22:27.0724 1336 vga - ok
14:22:27.0734 1336 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:22:27.0734 1336 VgaSave - ok
14:22:27.0774 1336 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:22:27.0784 1336 vhdmp - ok
14:22:27.0834 1336 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:22:27.0844 1336 viaide - ok
14:22:27.0884 1336 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:22:27.0884 1336 volmgr - ok
14:22:27.0954 1336 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:22:27.0954 1336 volmgrx - ok
14:22:28.0025 1336 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:22:28.0025 1336 volsnap - ok
14:22:28.0085 1336 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
14:22:28.0085 1336 vsmraid - ok
14:22:28.0165 1336 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:22:28.0185 1336 VSS - ok
14:22:28.0265 1336 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:22:28.0265 1336 vwifibus - ok
14:22:28.0295 1336 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:22:28.0295 1336 vwififlt - ok
14:22:28.0315 1336 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
14:22:28.0315 1336 vwifimp - ok
14:22:28.0355 1336 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:22:28.0365 1336 W32Time - ok
14:22:28.0415 1336 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
14:22:28.0415 1336 WacomPen - ok
14:22:28.0505 1336 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:22:28.0505 1336 WANARP - ok
14:22:28.0515 1336 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:22:28.0515 1336 Wanarpv6 - ok
14:22:28.0595 1336 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:22:28.0615 1336 WatAdminSvc - ok
14:22:28.0715 1336 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:22:28.0735 1336 wbengine - ok
14:22:28.0765 1336 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:22:28.0765 1336 WbioSrvc - ok
14:22:28.0805 1336 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:22:28.0815 1336 wcncsvc - ok
14:22:28.0885 1336 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:22:28.0885 1336 WcsPlugInService - ok
14:22:28.0935 1336 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
14:22:28.0935 1336 Wd - ok
14:22:28.0985 1336 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:22:28.0985 1336 Wdf01000 - ok
14:22:29.0045 1336 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:22:29.0055 1336 WdiServiceHost - ok
14:22:29.0055 1336 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:22:29.0065 1336 WdiSystemHost - ok
14:22:29.0095 1336 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:22:29.0105 1336 WebClient - ok
14:22:29.0135 1336 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:22:29.0145 1336 Wecsvc - ok
14:22:29.0175 1336 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:22:29.0185 1336 wercplsupport - ok
14:22:29.0205 1336 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:22:29.0215 1336 WerSvc - ok
14:22:29.0295 1336 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:22:29.0305 1336 WfpLwf - ok
14:22:29.0315 1336 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:22:29.0315 1336 WIMMount - ok
14:22:29.0345 1336 WinDefend - ok
14:22:29.0365 1336 WinHttpAutoProxySvc - ok
14:22:29.0435 1336 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:22:29.0435 1336 Winmgmt - ok
14:22:29.0535 1336 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:22:29.0565 1336 WinRM - ok
14:22:29.0635 1336 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:22:29.0635 1336 WinUsb - ok
14:22:29.0725 1336 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:22:29.0735 1336 Wlansvc - ok
14:22:29.0835 1336 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:22:29.0835 1336 wlcrasvc - ok
14:22:29.0925 1336 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:22:29.0945 1336 wlidsvc - ok
14:22:30.0026 1336 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:22:30.0026 1336 WmiAcpi - ok
14:22:30.0096 1336 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:22:30.0106 1336 wmiApSrv - ok
14:22:30.0136 1336 WMPNetworkSvc - ok
14:22:30.0206 1336 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:22:30.0216 1336 WPCSvc - ok
14:22:30.0226 1336 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:22:30.0236 1336 WPDBusEnum - ok
14:22:30.0276 1336 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:22:30.0286 1336 ws2ifsl - ok
14:22:30.0306 1336 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
14:22:30.0306 1336 wscsvc - ok
14:22:30.0316 1336 WSearch - ok
14:22:30.0416 1336 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:22:30.0436 1336 wuauserv - ok
14:22:30.0536 1336 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:22:30.0536 1336 WudfPf - ok
14:22:30.0556 1336 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:22:30.0556 1336 WUDFRd - ok
14:22:30.0596 1336 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:22:30.0596 1336 wudfsvc - ok
14:22:30.0616 1336 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:22:30.0626 1336 WwanSvc - ok
14:22:30.0676 1336 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:22:30.0796 1336 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:22:30.0796 1336 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:22:30.0796 1336 Boot (0x1200) (1ba4108c1acbdac027b98a5874f4f17b) \Device\Harddisk0\DR0\Partition0
14:22:30.0796 1336 \Device\Harddisk0\DR0\Partition0 - ok
14:22:30.0846 1336 Boot (0x1200) (5fc585f549b6f82027bef76e73d28840) \Device\Harddisk0\DR0\Partition1
14:22:30.0846 1336 \Device\Harddisk0\DR0\Partition1 - ok
14:22:30.0886 1336 Boot (0x1200) (1cdcc0011efd12d1effd2ce840134717) \Device\Harddisk0\DR0\Partition2
14:22:30.0886 1336 \Device\Harddisk0\DR0\Partition2 - ok
14:22:30.0906 1336 Boot (0x1200) (84161f182db810ceed4ebae192103607) \Device\Harddisk0\DR0\Partition3
14:22:30.0906 1336 \Device\Harddisk0\DR0\Partition3 - ok
14:22:30.0906 1336 ============================================================
14:22:30.0906 1336 Scan finished
14:22:30.0906 1336 ============================================================
14:22:30.0926 0520 Detected object count: 1
14:22:30.0926 0520 Actual detected object count: 1
14:22:58.0652 0520 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
14:23:01.0914 0520 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
14:23:02.0594 0520 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
14:23:03.0226 0520 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
14:23:03.0866 0520 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
14:23:04.0526 0520 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
14:23:05.0136 0520 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
14:23:05.0146 0520 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
14:23:05.0156 0520 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
14:23:05.0166 0520 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
14:23:05.0776 0520 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
14:23:06.0366 0520 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
14:23:06.0366 0520 \Device\Harddisk0\DR0\TDLFS - deleted
14:23:06.0366 0520 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:16 AM

Posted 04 April 2012 - 02:34 PM

I'd like you to run the PC for a day or two, throwing in at least one reboot, and then do the following:

Download Malwarebytes' Anti-Malware from here and save it to your Desktop - unless you already have it, in which case skip to the "updating" bit below.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • Ensure a checkmark is placed next to both Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware and then click Finish.
  • If an update is found, it will download and install the latest version - you'll need to clear it with your firewall.
  • Once the program has loaded, select Perform full scan and then Scan.
  • When the scan has finished, click OK and then Show Results to view the results - no surprise there!
  • If MBAM finds anything, check the box(es) and click Remove Selected.
  • Please note - Leave unchecked any boxes that have \System Volume Information\ in the filepath. These pose no immediate risk to your PC unless you use System Restore and will be dealt with later.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Let me have the MBAM log, a fresh DDS log AND a description of how your PC is behaving.

Assuming that there is nothing major, a little housekeeping and you'll be on your way shortly thereafter.

So long, and thanks for all the fish.

 

 


#10 honky-kong-gorilla

honky-kong-gorilla
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 04 April 2012 - 09:12 PM

Thank you so much. Will do. I'll report tomorrow.

#11 honky-kong-gorilla

honky-kong-gorilla
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 08 April 2012 - 06:41 PM

Hello, again. My PC seems to be okay now. I haven't had a re-direct problem since. It seems to be running correctly, but I guess the logs will tell. Well, here they are.


MBAM Log:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.07.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
HackBox :: HACKBOXPC [administrator]

Protection: Disabled

4/8/2012 4:44:32 PM
mbam-log-2012-04-08 (16-44-32).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 503571
Time elapsed: 1 hour(s), 48 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by HackBox at 18:34:23 on 2012-04-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3692.1871 [GMT -5:00]
.
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\TVService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [<NO NAME>]
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{246D3713-37DA-458F-A13A-9F5B306DA74D} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{246D3713-37DA-458F-A13A-9F5B306DA74D}\35368696C6C696E67602E4564777F627B6 : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{246D3713-37DA-458F-A13A-9F5B306DA74D}\65562796A7F6E6024425F49444850263835353 : DhcpNameServer = 192.168.42.1
TCP: Interfaces\{246D3713-37DA-458F-A13A-9F5B306DA74D}\C696E6B6379737 : DhcpNameServer = 209.124.193.101 209.124.193.100
TCP: Interfaces\{246D3713-37DA-458F-A13A-9F5B306DA74D}\D4963627F64556C6 : DhcpNameServer = 4.2.2.2 8.8.8.8 4.2.2.3
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun-x64: [(Default)]
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\HackBox\AppData\Roaming\Mozilla\Firefox\Profiles\2q7ozqv5.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?hl=en&tab=wm#inbox|http://www.facebook.com/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-7-5 365568]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-22 974944]
R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-4-21 514232]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-7-5 227384]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-6-14 26680]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-8-26 2375168]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-2 652360]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2011-12-6 386344]
R2 TVService;TVService;C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\TvService.exe [2011-9-24 212992]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 hwinterfacex64;hwinterfacex64;C:\Windows\system32\Drivers\hwinterfacex64.sys --> C:\Windows\system32\Drivers\hwinterfacex64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-5-23 1098296]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
S4 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-1-24 25824]
S4 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S4 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-06 10:41:52 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{60D5A0C0-A476-4625-9131-8BCF3E402E52}\mpengine.dll
2012-04-04 18:28:42 -------- d-----w- C:\Program Files (x86)\ASIO4ALL v2
2012-04-04 14:30:35 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-04-04 14:30:00 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-04-04 14:21:38 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-04 14:21:34 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-04 14:21:30 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-03 23:38:59 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-03 13:46:46 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-04-02 20:22:10 -------- d-----w- C:\Users\HackBox\AppData\Roaming\Malwarebytes
2012-04-02 20:22:02 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-02 20:22:00 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-02 20:21:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-31 20:33:17 -------- d-----w- C:\ProgramData\GoldWave
2012-03-31 20:30:12 -------- d-----w- C:\Program Files (x86)\GoldWave
2012-03-29 14:58:10 -------- d-----w- C:\Program Files (x86)\ADS Tech
2012-03-29 14:48:42 -------- d-----w- C:\Windows\SysWow64\PTV371 WHQL 1.0.0.50
2012-03-14 22:51:10 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-14 22:51:10 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 02:39:28 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 02:39:20 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 02:39:19 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 02:27:26 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 02:27:26 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 02:27:26 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 02:27:24 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 02:27:24 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-14 02:27:23 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 02:27:23 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
.
==================== Find3M ====================
.
2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-26 02:52:35 33019 ----a-w- C:\Windows\SysWow64\CoreAAC-uninstall.exe
.
============= FINISH: 18:36:12.08 ===============




Thank you again for all your help, Noviciate.

Attached Files



#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:16 AM

Posted 09 April 2012 - 02:35 PM

Good evening. :)

All looks OK to me, so as long as the PC is playing nicely i'd say you were about done.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sun Java needs updating, but sometimes it doesn't go according to plan, so for this I like to use a free utility available here called Revo Uninstaller - you want the Freeware version.

Install it, run it and select the following and have it remove them, accepting the default options:

Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 24


Once done:

  • Go here and click on the appropriate link, either Windows Offline (32-bit) or Windows Offline (64-bit) depending on your operating system, in the Windows section near the top.
  • Save the file somewhere accessible and one downloaded double click the file to install the latest version of Java.
  • I suggest that you save the installation file, as long as you have the disc space, as it will save you downloading it again should you need to reinstall for some reason. You can also use it on any other computers you have to save bandwidth.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I want you to run your PC as normal for a few days and when you are happy that everything is fine, do the following:

Create a new Restore Point with a memorable name - this will give a clean one should you need it in the future. If you use a Restore Point from before this point you may reinstall any infection that was present at the time, so only do so if using this latest one doesn't solve any issues.
A tutorial for System Restore is available here.

Some bedtime reading: This is a very good tutorial about keeping your computer safe and secure on the internet. It's a little old, but still contains some good ideas.

So long, and thanks for all the fish.

 

 


#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:16 AM

Posted 14 April 2012 - 05:21 PM

s this issue appears to have been resolved, this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users