Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

problems with my windows


  • Please log in to reply
16 replies to this topic

#1 thtasdopefoo

thtasdopefoo

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 19 April 2012 - 10:18 PM

Hey, I am running windows 7 profession 64-bit. I have a few problems.

When i download a song i download it to my desktop. I play the song and it works fine with winamp, windows mediaplayer etc.
I then move that song file into a folder on my desktop called "new music." When i try to open the song later from that folder
on my desktop it will open up a program but nothing will play. For instance it will open winamp and the song name will show up
but the time duration of the song and the song itselt does not play. When i try to take that song back out of the folder onto the
desktop to try it again, it says:
you need permission to perform this action
you require permission from thatsdopefoo-PC\thatsdopefoo to make changes to this file

(thatsdopefoo is the name of my computer)
Ive tried using other programs to play this file and came up the same problem. I checked the folders properties to see if there was
any special permissions i have set but nothing has been changed. When i download the same song and play it on my desktop it works and
then when i try to put it in that folder again it just puts it in without asking me to overwrite the name because it is the same exact file.
And it doesn't play again. I scanned the folder with avg and nothing came up.

Another problem i have is that when i click the windows start menu all my programs that are usually listed on start menu are gone. And when i
click further on to programs and try to open up itunes...it says empty. And someone program files are like that too. But if i go through my computer
and located the folder itself, then i can find it.

Any help would be much appreciated. thanks.

Edited by thtasdopefoo, 19 April 2012 - 10:29 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:26 PM

Posted 20 April 2012 - 12:21 AM

Hello,please DO NOT run a tempfile or registry cleaner now as we could lose those files.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.




Run RKill....


Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.




Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 thtasdopefoo

thtasdopefoo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 20 April 2012 - 07:17 PM

NVIDIA nForce Networking Controller = Local Area Connection 2 (Connected)
NVIDIA nForce Networking Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : thatsdopefoo-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Juniper Network Connect Virtual Adapter
Physical Address. . . . . . . . . : 00-FF-E0-39-4D-06
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller #2
Physical Address. . . . . . . . . : 00-04-4B-19-5F-80
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b8e0:9be0:b858:f4af%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, April 20, 2012 12:07:57 PM
Lease Expires . . . . . . . . . . : Friday, April 20, 2012 6:08:06 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 301990987
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-C6-E0-C4-00-04-4B-19-5F-7F
DNS Servers . . . . . . . . . . . : 68.190.192.35
71.9.127.107
24.205.224.36
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-04-4B-19-5F-7F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{2BADA60D-A177-44EC-B0C2-6964BB9B3A97}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{335EB333-2BAC-4A07-9558-D0586E9FAC39}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2c78:2ec2:b8a2:766d(Preferred)
Link-local IPv6 Address . . . . . : fe80::2c78:2ec2:b8a2:766d%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{83E79EB8-9294-47EA-A96D-16ECB39D6769}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: vip01rvsdca.rvsd.ca.charter.com
Address: 68.190.192.35

Name: google.com
Addresses: 74.125.224.233
74.125.224.228
74.125.224.238
74.125.224.225
74.125.224.227
74.125.224.231
74.125.224.232
74.125.224.224
74.125.224.226
74.125.224.230
74.125.224.229


Pinging google.com [74.125.224.238] with 32 bytes of data:
Reply from 74.125.224.238: bytes=32 time=23ms TTL=56
Reply from 74.125.224.238: bytes=32 time=12ms TTL=56

Ping statistics for 74.125.224.238:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 12ms, Maximum = 23ms, Average = 17ms
Server: vip01rvsdca.rvsd.ca.charter.com
Address: 68.190.192.35

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=110ms TTL=43
Reply from 98.139.183.24: bytes=32 time=120ms TTL=43

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 110ms, Maximum = 120ms, Average = 115ms
Server: vip01rvsdca.rvsd.ca.charter.com
Address: 68.190.192.35

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
===========================================================================
Interface List
13...00 ff e0 39 4d 06 ......Juniper Network Connect Virtual Adapter
11...00 04 4b 19 5f 80 ......NVIDIA nForce Networking Controller #2
10...00 04 4b 19 5f 7f ......NVIDIA nForce Networking Controller
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.4 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.4 266
192.168.0.4 255.255.255.255 On-link 192.168.0.4 266
192.168.0.255 255.255.255.255 On-link 192.168.0.4 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.4 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.4 266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:4137:9e76:2c78:2ec2:b8a2:766d/128
On-link
11 266 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::2c78:2ec2:b8a2:766d/128
On-link
11 266 fe80::b8e0:9be0:b858:f4af/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
11 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/20/2012 00:12:24 PM) (Source: Microsoft-Windows-LoadPerf) (User: SYSTEM)SYSTEM
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (04/20/2012 00:12:24 PM) (Source: Microsoft-Windows-LoadPerf) (User: SYSTEM)SYSTEM
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (04/19/2012 02:34:04 PM) (Source: Microsoft-Windows-LoadPerf) (User: SYSTEM)SYSTEM
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (04/19/2012 02:34:04 PM) (Source: Microsoft-Windows-LoadPerf) (User: SYSTEM)SYSTEM
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (04/18/2012 09:06:47 PM) (Source: Microsoft-Windows-LoadPerf) (User: SYSTEM)SYSTEM
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (04/18/2012 09:06:47 PM) (Source: Microsoft-Windows-LoadPerf) (User: SYSTEM)SYSTEM
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (04/12/2012 10:11:38 AM) (Source: Microsoft-Windows-LoadPerf) (User: SYSTEM)SYSTEM
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (04/12/2012 10:11:38 AM) (Source: Microsoft-Windows-LoadPerf) (User: SYSTEM)SYSTEM
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (04/11/2012 07:45:35 PM) (Source: Microsoft-Windows-LoadPerf) (User: SYSTEM)SYSTEM
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (04/11/2012 07:45:35 PM) (Source: Microsoft-Windows-LoadPerf) (User: SYSTEM)SYSTEM
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.


System errors:
=============
Error: (04/20/2012 02:54:56 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (04/20/2012 02:54:56 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (04/20/2012 02:54:56 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (04/20/2012 02:54:56 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (04/20/2012 02:54:56 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (04/20/2012 02:54:56 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (04/20/2012 02:20:57 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (04/20/2012 02:20:57 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (04/20/2012 02:20:57 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (04/20/2012 02:20:57 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535


Microsoft Office Sessions:
=========================
Error: (04/20/2012 00:12:24 PM) (Source: Microsoft-Windows-LoadPerf)(User: SYSTEM)SYSTEM
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (04/20/2012 00:12:24 PM) (Source: Microsoft-Windows-LoadPerf)(User: SYSTEM)SYSTEM
Description: Performance1637070000000000000000000009030000

Error: (04/19/2012 02:34:04 PM) (Source: Microsoft-Windows-LoadPerf)(User: SYSTEM)SYSTEM
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (04/19/2012 02:34:04 PM) (Source: Microsoft-Windows-LoadPerf)(User: SYSTEM)SYSTEM
Description: Performance1637070000000000000000000009030000

Error: (04/18/2012 09:06:47 PM) (Source: Microsoft-Windows-LoadPerf)(User: SYSTEM)SYSTEM
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (04/18/2012 09:06:47 PM) (Source: Microsoft-Windows-LoadPerf)(User: SYSTEM)SYSTEM
Description: Performance1637070000000000000000000009030000

Error: (04/12/2012 10:11:38 AM) (Source: Microsoft-Windows-LoadPerf)(User: SYSTEM)SYSTEM
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (04/12/2012 10:11:38 AM) (Source: Microsoft-Windows-LoadPerf)(User: SYSTEM)SYSTEM
Description: Performance1637070000000000000000000009030000

Error: (04/11/2012 07:45:35 PM) (Source: Microsoft-Windows-LoadPerf)(User: SYSTEM)SYSTEM
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (04/11/2012 07:45:35 PM) (Source: Microsoft-Windows-LoadPerf)(User: SYSTEM)SYSTEM
Description: Performance1637070000000000000000000009030000


=========================== Installed Programs ============================

µTorrent (Version: 2.0.2)
Acrobat.com (Version: 2.1.0)
Acrobat.com (Version: 2.1.0.0)
Adobe AIR (Version: 2.0.2.12610)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.233)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.2.202.233)
Adobe Reader 9.5.1 (Version: 9.5.1)
AIM 7
AMD Accelerated Video Transcoding (Version: 2.00.0001)
AMD APP SDK Runtime (Version: 10.0.898.1)
AMD Catalyst Install Manager (Version: 3.0.868.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.70214.2220)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Audiograbber 1.83 SE (Version: 1.83 SE )
AVG 9.0
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2012.0214.2218.39913)
Catalyst Control Center Graphics Previews Common (Version: 2012.0214.2218.39913)
Catalyst Control Center InstallProxy (Version: 2011.0908.1355.23115)
Catalyst Control Center InstallProxy (Version: 2012.0214.2218.39913)
Catalyst Control Center Localization All (Version: 2012.0214.2218.39913)
ccc-utility64 (Version: 2012.0214.2218.39913)
CCC Help Chinese Standard (Version: 2012.0214.2217.39913)
CCC Help Chinese Traditional (Version: 2012.0214.2217.39913)
CCC Help Czech (Version: 2012.0214.2217.39913)
CCC Help Danish (Version: 2012.0214.2217.39913)
CCC Help Dutch (Version: 2012.0214.2217.39913)
CCC Help English (Version: 2012.0214.2217.39913)
CCC Help Finnish (Version: 2012.0214.2217.39913)
CCC Help French (Version: 2012.0214.2217.39913)
CCC Help German (Version: 2012.0214.2217.39913)
CCC Help Greek (Version: 2012.0214.2217.39913)
CCC Help Hungarian (Version: 2012.0214.2217.39913)
CCC Help Italian (Version: 2012.0214.2217.39913)
CCC Help Japanese (Version: 2012.0214.2217.39913)
CCC Help Korean (Version: 2012.0214.2217.39913)
CCC Help Norwegian (Version: 2012.0214.2217.39913)
CCC Help Polish (Version: 2012.0214.2217.39913)
CCC Help Portuguese (Version: 2012.0214.2217.39913)
CCC Help Russian (Version: 2012.0214.2217.39913)
CCC Help Spanish (Version: 2012.0214.2217.39913)
CCC Help Swedish (Version: 2012.0214.2217.39913)
CCC Help Thai (Version: 2012.0214.2217.39913)
CCC Help Turkish (Version: 2012.0214.2217.39913)
CutePDF Writer 2.8
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Download Updater (AOL LLC)
eReg (Version: 1.20.138.34)
Google Earth Plug-in (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.111)
iTunes (Version: 10.6.1.7)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Juniper Networks Host Checker (Version: 7.0.0.16007)
Juniper Networks Network Connect 7.0.0 (Version: 7.0.0.16007)
Juniper Networks Setup Client (Version: 2.2.1.7797)
Juniper Networks Setup Client Activex Control (Version: 1.1.0.0)
Juniper Terminal Services Client (Version: 7.0.0.16007)
K-Lite Codec Pack 6.1.0 (Full) (Version: 6.1.0)
Logitech SetPoint 6.1 (Version: 6.10.65)
Logitech Unifying Software 2.00 (Version: 2.00.43)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (Version: 1.0.1.2)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 7 Ultra Edition (Version: 7.02.2620)
Nokia Connectivity Cable Driver (Version: 7.1.69.0)
Nokia Suite (Version: 3.3.89.0)
PC Connectivity Solution (Version: 11.5.29.0)
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
PMB (Version: 5.0.02.11130)
PowerISO (Version: 4.6)
StarCraft II (Version: 1.4.3.21029)
System Requirements Lab
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VC 9.0 Runtime (Version: 1.0.0)
Visual C++ 8.0 Runtime Setup Package (x64) (Version: 9.0.0.623)
VLC media player 2.0.1 (Version: 2.0.1)
Winamp (Version: 5.621 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
WinRAR archiver
ZoneAlarm Firewall (Version: 10.1.065.000)
ZoneAlarm Free (Version: 10.1.065.000)
ZoneAlarm Security (Version: 10.1.065.000)
ZoneAlarm Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 39%
Total physical RAM: 4094.54 MB
Available physical RAM: 2484.58 MB
Total Pagefile: 8187.27 MB
Available Pagefile: 6026.85 MB
Total Virtual: 4095.88 MB
Available Virtual: 3964.44 MB

========================= Partitions: =====================================

1 Drive b: (Supreme) (Fixed) (Total:931.51 GB) (Free:7.04 GB) NTFS
2 Drive c: () (Fixed) (Total:279.46 GB) (Free:6.8 GB) NTFS

========================= Users: ========================================

User accounts for \\THATSDOPEFOO-PC

Administrator Guest thatsdopefoo


**** End of log ****

#4 thtasdopefoo

thtasdopefoo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 20 April 2012 - 07:19 PM

I DID NOT HAVE TO REBOOT

17:17:31.0136 2300 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
17:17:33.0147 2300 ============================================================
17:17:33.0147 2300 Current date / time: 2012/04/20 17:17:33.0147
17:17:33.0147 2300 SystemInfo:
17:17:33.0147 2300
17:17:33.0147 2300 OS Version: 6.1.7601 ServicePack: 1.0
17:17:33.0147 2300 Product type: Workstation
17:17:33.0147 2300 ComputerName: THATSDOPEFOO-PC
17:17:33.0148 2300 UserName: thatsdopefoo
17:17:33.0148 2300 Windows directory: C:\Windows
17:17:33.0148 2300 System windows directory: C:\Windows
17:17:33.0148 2300 Running under WOW64
17:17:33.0148 2300 Processor architecture: Intel x64
17:17:33.0148 2300 Number of processors: 4
17:17:33.0148 2300 Page size: 0x1000
17:17:33.0148 2300 Boot type: Normal boot
17:17:33.0148 2300 ============================================================
17:17:33.0928 2300 Drive \Device\Harddisk0\DR0 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:17:33.0946 2300 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:17:34.0010 2300 \Device\Harddisk0\DR0:
17:17:34.0010 2300 MBR partitions:
17:17:34.0010 2300 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x22EEB000
17:17:34.0011 2300 \Device\Harddisk1\DR1:
17:17:34.0011 2300 MBR partitions:
17:17:34.0011 2300 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
17:17:34.0021 2300 C: <-> \Device\Harddisk0\DR0\Partition0
17:17:34.0034 2300 B: <-> \Device\Harddisk1\DR1\Partition0
17:17:34.0034 2300 Initialize success
17:17:34.0034 2300 ============================================================
17:17:54.0553 5888 ============================================================
17:17:54.0553 5888 Scan started
17:17:54.0553 5888 Mode: Manual; TDLFS;
17:17:54.0553 5888 ============================================================
17:17:55.0482 5888 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:17:55.0484 5888 1394ohci - ok
17:17:55.0527 5888 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:17:55.0530 5888 ACPI - ok
17:17:55.0545 5888 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:17:55.0547 5888 AcpiPmi - ok
17:17:55.0628 5888 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:17:55.0629 5888 AdobeFlashPlayerUpdateSvc - ok
17:17:55.0665 5888 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:17:55.0677 5888 adp94xx - ok
17:17:55.0698 5888 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:17:55.0708 5888 adpahci - ok
17:17:55.0720 5888 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:17:55.0723 5888 adpu320 - ok
17:17:55.0738 5888 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:17:55.0739 5888 AeLookupSvc - ok
17:17:55.0767 5888 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:17:55.0778 5888 AFD - ok
17:17:55.0800 5888 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:17:55.0809 5888 agp440 - ok
17:17:55.0850 5888 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:17:55.0852 5888 ALG - ok
17:17:55.0890 5888 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:17:55.0891 5888 aliide - ok
17:17:55.0933 5888 AMD External Events Utility (b5e2434fc851698c1f119cf1c3935a50) C:\Windows\system32\atiesrxx.exe
17:17:56.0008 5888 AMD External Events Utility - ok
17:17:56.0018 5888 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:17:56.0025 5888 amdide - ok
17:17:56.0050 5888 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:17:56.0053 5888 AmdK8 - ok
17:17:56.0362 5888 amdkmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
17:17:56.0552 5888 amdkmdag - ok
17:17:56.0618 5888 amdkmdap (b9e1c7b7f1865f99b16ff2e1bb94edb6) C:\Windows\system32\DRIVERS\atikmpag.sys
17:17:56.0641 5888 amdkmdap - ok
17:17:56.0671 5888 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:17:56.0673 5888 AmdPPM - ok
17:17:56.0704 5888 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:17:56.0706 5888 amdsata - ok
17:17:56.0723 5888 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:17:56.0738 5888 amdsbs - ok
17:17:56.0751 5888 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:17:56.0751 5888 amdxata - ok
17:17:56.0783 5888 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:17:56.0785 5888 AppID - ok
17:17:56.0800 5888 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:17:56.0803 5888 AppIDSvc - ok
17:17:56.0821 5888 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:17:56.0824 5888 Appinfo - ok
17:17:56.0880 5888 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:17:56.0881 5888 Apple Mobile Device - ok
17:17:56.0911 5888 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
17:17:56.0914 5888 AppMgmt - ok
17:17:56.0927 5888 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:17:56.0929 5888 arc - ok
17:17:56.0941 5888 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:17:56.0951 5888 arcsas - ok
17:17:57.0054 5888 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:17:57.0055 5888 AsyncMac - ok
17:17:57.0118 5888 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:17:57.0118 5888 atapi - ok
17:17:57.0158 5888 AtiHDAudioService (230cf51113cd4b830b3bfd09b0d4c066) C:\Windows\system32\drivers\AtihdW76.sys
17:17:57.0160 5888 AtiHDAudioService - ok
17:17:57.0191 5888 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:17:57.0203 5888 AudioEndpointBuilder - ok
17:17:57.0211 5888 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:17:57.0214 5888 AudioSrv - ok
17:17:57.0267 5888 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe
17:17:57.0269 5888 AVG Security Toolbar Service - ok
17:17:57.0318 5888 avg9emc (aa054cd537357f03d5ba6aba7562b35f) C:\Program Files (x86)\AVG\AVG9\avgemc.exe
17:17:57.0337 5888 avg9emc - ok
17:17:57.0353 5888 avg9wd (c4d15594db5be042d3346ea58df87d89) C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
17:17:57.0355 5888 avg9wd - ok
17:17:57.0366 5888 Avgfwfd (b611370218f2a7dd6d0f089781eb8eae) C:\Windows\system32\DRIVERS\avgfwd6a.sys
17:17:57.0367 5888 Avgfwfd - ok
17:17:57.0414 5888 avgfws9 (0f38e92d794df187ba060939c552484f) C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
17:17:57.0425 5888 avgfws9 - ok
17:17:57.0541 5888 AVGIDSAgent (abc81401a433f90414168e027aa6cc48) C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
17:17:57.0566 5888 AVGIDSAgent - ok
17:17:57.0589 5888 AVGIDSDriverw7a (0bd9d87bd41ce736d3096097dd4065b7) C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys
17:17:57.0592 5888 AVGIDSDriverw7a - ok
17:17:57.0630 5888 AVGIDSErHrw7a (673703efcf80b548fab88d7dc536f727) C:\Windows\system32\Drivers\AVGIDSwa.sys
17:17:57.0630 5888 AVGIDSErHrw7a - ok
17:17:57.0639 5888 AVGIDSFilterw7a (96feb9648b1db7a012a4e2f9c149abc4) C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys
17:17:57.0641 5888 AVGIDSFilterw7a - ok
17:17:57.0660 5888 AvgLdx64 (b447db072bf939db9e07bef2adf4ecbd) C:\Windows\System32\Drivers\avgldx64.sys
17:17:57.0663 5888 AvgLdx64 - ok
17:17:57.0698 5888 AvgMfx64 (0db5a749acd8e66091736f88c40207bd) C:\Windows\System32\Drivers\avgmfx64.sys
17:17:57.0699 5888 AvgMfx64 - ok
17:17:57.0726 5888 AvgRkx64 (5e7f0f9cbe0f7823371a4d51df29f7ff) C:\Windows\system32\Drivers\avgrkx64.sys
17:17:57.0727 5888 AvgRkx64 - ok
17:17:57.0768 5888 AvgTdiA (8aa68c0ba2b84fd7eb3e1f10bbfc825b) C:\Windows\System32\Drivers\avgtdia.sys
17:17:57.0779 5888 AvgTdiA - ok
17:17:57.0806 5888 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:17:57.0809 5888 AxInstSV - ok
17:17:57.0834 5888 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:17:57.0846 5888 b06bdrv - ok
17:17:57.0879 5888 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:17:57.0883 5888 b57nd60a - ok
17:17:57.0910 5888 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:17:57.0912 5888 BDESVC - ok
17:17:57.0922 5888 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:17:57.0923 5888 Beep - ok
17:17:57.0959 5888 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:17:57.0978 5888 BFE - ok
17:17:58.0025 5888 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
17:17:58.0044 5888 BITS - ok
17:17:58.0079 5888 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:17:58.0081 5888 blbdrive - ok
17:17:58.0100 5888 BlueletAudio - ok
17:17:58.0117 5888 BlueletSCOAudio - ok
17:17:58.0179 5888 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
17:17:58.0189 5888 Bonjour Service - ok
17:17:58.0259 5888 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:17:58.0260 5888 bowser - ok
17:17:58.0281 5888 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:17:58.0283 5888 BrFiltLo - ok
17:17:58.0291 5888 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:17:58.0292 5888 BrFiltUp - ok
17:17:58.0317 5888 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:17:58.0319 5888 Browser - ok
17:17:58.0339 5888 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:17:58.0344 5888 Brserid - ok
17:17:58.0356 5888 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:17:58.0357 5888 BrSerWdm - ok
17:17:58.0363 5888 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:17:58.0365 5888 BrUsbMdm - ok
17:17:58.0378 5888 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:17:58.0379 5888 BrUsbSer - ok
17:17:58.0393 5888 BT - ok
17:17:58.0399 5888 BTCOM - ok
17:17:58.0406 5888 BTCOMBUS - ok
17:17:58.0429 5888 Btcsrusb - ok
17:17:58.0457 5888 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
17:17:58.0459 5888 BthEnum - ok
17:17:58.0497 5888 BtHidBus (901f25fe9d0b0e9a693968d0556aa6da) C:\Windows\system32\Drivers\BtHidBus.sys
17:17:58.0497 5888 BtHidBus - ok
17:17:58.0508 5888 BTHidEnum - ok
17:17:58.0520 5888 BTHidMgr - ok
17:17:58.0533 5888 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:17:58.0536 5888 BTHMODEM - ok
17:17:58.0572 5888 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
17:17:58.0574 5888 BthPan - ok
17:17:58.0604 5888 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
17:17:58.0623 5888 BTHPORT - ok
17:17:58.0644 5888 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:17:58.0646 5888 bthserv - ok
17:17:58.0667 5888 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
17:17:58.0669 5888 BTHUSB - ok
17:17:58.0707 5888 btnetBUs (809b63eb22ca285fc22ae2238df65efd) C:\Windows\system32\Drivers\btnetBus.sys
17:17:58.0717 5888 btnetBUs - ok
17:17:58.0734 5888 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:17:58.0736 5888 cdfs - ok
17:17:58.0770 5888 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
17:17:58.0773 5888 cdrom - ok
17:17:58.0795 5888 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:17:58.0797 5888 CertPropSvc - ok
17:17:58.0811 5888 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:17:58.0812 5888 circlass - ok
17:17:58.0827 5888 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:17:58.0832 5888 CLFS - ok
17:17:58.0872 5888 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:17:58.0875 5888 clr_optimization_v2.0.50727_32 - ok
17:17:58.0899 5888 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:17:58.0901 5888 clr_optimization_v2.0.50727_64 - ok
17:17:58.0944 5888 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:17:58.0945 5888 clr_optimization_v4.0.30319_32 - ok
17:17:58.0971 5888 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:17:58.0973 5888 clr_optimization_v4.0.30319_64 - ok
17:17:59.0003 5888 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:17:59.0004 5888 CmBatt - ok
17:17:59.0027 5888 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:17:59.0028 5888 cmdide - ok
17:17:59.0054 5888 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:17:59.0063 5888 CNG - ok
17:17:59.0080 5888 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:17:59.0082 5888 Compbatt - ok
17:17:59.0114 5888 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:17:59.0116 5888 CompositeBus - ok
17:17:59.0127 5888 COMSysApp - ok
17:17:59.0140 5888 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:17:59.0141 5888 crcdisk - ok
17:17:59.0160 5888 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
17:17:59.0164 5888 CryptSvc - ok
17:17:59.0202 5888 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
17:17:59.0214 5888 CSC - ok
17:17:59.0240 5888 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
17:17:59.0252 5888 CscService - ok
17:17:59.0271 5888 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:17:59.0283 5888 DcomLaunch - ok
17:17:59.0315 5888 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:17:59.0318 5888 defragsvc - ok
17:17:59.0344 5888 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:17:59.0345 5888 DfsC - ok
17:17:59.0367 5888 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:17:59.0377 5888 Dhcp - ok
17:17:59.0417 5888 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:17:59.0419 5888 discache - ok
17:17:59.0439 5888 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:17:59.0440 5888 Disk - ok
17:17:59.0459 5888 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:17:59.0462 5888 Dnscache - ok
17:17:59.0491 5888 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:17:59.0495 5888 dot3svc - ok
17:17:59.0515 5888 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:17:59.0517 5888 DPS - ok
17:17:59.0544 5888 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:17:59.0545 5888 drmkaud - ok
17:17:59.0569 5888 dsNcAdpt (3eef0b3489edbf725564e17c77cabafd) C:\Windows\system32\DRIVERS\dsNcAdpt.sys
17:17:59.0571 5888 dsNcAdpt - ok
17:17:59.0616 5888 dsNcService (3c2971dee117da4d4c147b6737b3463e) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
17:17:59.0646 5888 dsNcService - ok
17:17:59.0702 5888 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:17:59.0721 5888 DXGKrnl - ok
17:17:59.0737 5888 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:17:59.0740 5888 EapHost - ok
17:17:59.0933 5888 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:17:59.0983 5888 ebdrv - ok
17:18:00.0010 5888 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:18:00.0012 5888 EFS - ok
17:18:00.0036 5888 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:18:00.0048 5888 ehRecvr - ok
17:18:00.0068 5888 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:18:00.0070 5888 ehSched - ok
17:18:00.0097 5888 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:18:00.0108 5888 elxstor - ok
17:18:00.0185 5888 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:18:00.0187 5888 ErrDev - ok
17:18:00.0220 5888 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:18:00.0231 5888 EventSystem - ok
17:18:00.0253 5888 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:18:00.0256 5888 exfat - ok
17:18:00.0269 5888 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:18:00.0273 5888 fastfat - ok
17:18:00.0301 5888 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:18:00.0314 5888 Fax - ok
17:18:00.0324 5888 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:18:00.0326 5888 fdc - ok
17:18:00.0339 5888 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:18:00.0341 5888 fdPHost - ok
17:18:00.0351 5888 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:18:00.0353 5888 FDResPub - ok
17:18:00.0370 5888 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:18:00.0371 5888 FileInfo - ok
17:18:00.0381 5888 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:18:00.0382 5888 Filetrace - ok
17:18:00.0393 5888 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:18:00.0395 5888 flpydisk - ok
17:18:00.0445 5888 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:18:00.0448 5888 FltMgr - ok
17:18:00.0475 5888 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:18:00.0494 5888 FontCache - ok
17:18:00.0529 5888 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:18:00.0530 5888 FontCache3.0.0.0 - ok
17:18:00.0552 5888 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:18:00.0554 5888 FsDepends - ok
17:18:00.0577 5888 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
17:18:00.0578 5888 Fs_Rec - ok
17:18:00.0607 5888 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:18:00.0609 5888 fvevol - ok
17:18:00.0629 5888 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:18:00.0631 5888 gagp30kx - ok
17:18:00.0684 5888 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:18:00.0686 5888 GEARAspiWDM - ok
17:18:00.0716 5888 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:18:00.0729 5888 gpsvc - ok
17:18:00.0782 5888 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:18:00.0783 5888 gupdate - ok
17:18:00.0807 5888 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:18:00.0807 5888 gupdatem - ok
17:18:00.0826 5888 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:18:00.0828 5888 hcw85cir - ok
17:18:00.0865 5888 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:18:00.0875 5888 HdAudAddService - ok
17:18:00.0954 5888 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:18:00.0955 5888 HDAudBus - ok
17:18:00.0975 5888 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:18:00.0977 5888 HidBatt - ok
17:18:00.0994 5888 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:18:00.0996 5888 HidBth - ok
17:18:01.0008 5888 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:18:01.0010 5888 HidIr - ok
17:18:01.0029 5888 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
17:18:01.0030 5888 hidserv - ok
17:18:01.0066 5888 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:18:01.0068 5888 HidUsb - ok
17:18:01.0093 5888 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:18:01.0095 5888 hkmsvc - ok
17:18:01.0117 5888 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:18:01.0121 5888 HomeGroupListener - ok
17:18:01.0143 5888 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:18:01.0154 5888 HomeGroupProvider - ok
17:18:01.0187 5888 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:18:01.0189 5888 HpSAMD - ok
17:18:01.0217 5888 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:18:01.0236 5888 HTTP - ok
17:18:01.0256 5888 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:18:01.0256 5888 hwpolicy - ok
17:18:01.0269 5888 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:18:01.0271 5888 i8042prt - ok
17:18:01.0298 5888 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:18:01.0308 5888 iaStorV - ok
17:18:01.0350 5888 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:18:01.0369 5888 idsvc - ok
17:18:01.0425 5888 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:18:01.0426 5888 iirsp - ok
17:18:01.0450 5888 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:18:01.0468 5888 IKEEXT - ok
17:18:01.0496 5888 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:18:01.0497 5888 intelide - ok
17:18:01.0514 5888 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:18:01.0515 5888 intelppm - ok
17:18:01.0535 5888 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:18:01.0538 5888 IPBusEnum - ok
17:18:01.0555 5888 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:18:01.0557 5888 IpFilterDriver - ok
17:18:01.0585 5888 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:18:01.0598 5888 iphlpsvc - ok
17:18:01.0626 5888 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:18:01.0628 5888 IPMIDRV - ok
17:18:01.0651 5888 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:18:01.0654 5888 IPNAT - ok
17:18:01.0694 5888 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
17:18:01.0712 5888 iPod Service - ok
17:18:01.0733 5888 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:18:01.0734 5888 IRENUM - ok
17:18:01.0745 5888 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:18:01.0746 5888 isapnp - ok
17:18:01.0771 5888 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:18:01.0774 5888 iScsiPrt - ok
17:18:01.0827 5888 ISWKL (bf65e6d039ae37c988d5b2b680e7d718) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
17:18:01.0828 5888 ISWKL - ok
17:18:01.0874 5888 IswSvc (99148599fe4d0a5cd7c7eb74ed5a63e4) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
17:18:01.0898 5888 IswSvc - ok
17:18:01.0951 5888 IvtBtBUs (51fc0be21618b57af581cd29cf8d9636) C:\Windows\system32\Drivers\IvtBtBus.sys
17:18:01.0952 5888 IvtBtBUs - ok
17:18:01.0968 5888 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:18:01.0969 5888 kbdclass - ok
17:18:01.0985 5888 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
17:18:01.0986 5888 kbdhid - ok
17:18:02.0002 5888 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:18:02.0003 5888 KeyIso - ok
17:18:02.0013 5888 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:18:02.0014 5888 KSecDD - ok
17:18:02.0028 5888 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:18:02.0030 5888 KSecPkg - ok
17:18:02.0046 5888 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:18:02.0048 5888 ksthunk - ok
17:18:02.0075 5888 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:18:02.0087 5888 KtmRm - ok
17:18:02.0151 5888 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
17:18:02.0156 5888 LanmanServer - ok
17:18:02.0179 5888 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:18:02.0182 5888 LanmanWorkstation - ok
17:18:02.0243 5888 LBTServ (7447f069ce66633dafa0b2deee7af5ba) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
17:18:02.0253 5888 LBTServ - ok
17:18:02.0273 5888 LEqdUsb (8817aba3a9180f6c4b8938842925b1e1) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
17:18:02.0275 5888 LEqdUsb - ok
17:18:02.0302 5888 LHidEqd (8bcb069c2b6da65b5f6f561293ee447c) C:\Windows\system32\DRIVERS\LHidEqd.Sys
17:18:02.0303 5888 LHidEqd - ok
17:18:02.0377 5888 LHidFilt (0a7d6ed578d85f0c35353424ee3f5245) C:\Windows\system32\DRIVERS\LHidFilt.Sys
17:18:02.0379 5888 LHidFilt - ok
17:18:02.0398 5888 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:18:02.0400 5888 lltdio - ok
17:18:02.0424 5888 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:18:02.0429 5888 lltdsvc - ok
17:18:02.0443 5888 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:18:02.0445 5888 lmhosts - ok
17:18:02.0470 5888 LMouFilt (6542e2e6db58118fbb1b82a68ce3aff9) C:\Windows\system32\DRIVERS\LMouFilt.Sys
17:18:02.0472 5888 LMouFilt - ok
17:18:02.0488 5888 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:18:02.0490 5888 LSI_FC - ok
17:18:02.0502 5888 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:18:02.0504 5888 LSI_SAS - ok
17:18:02.0515 5888 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:18:02.0517 5888 LSI_SAS2 - ok
17:18:02.0530 5888 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:18:02.0532 5888 LSI_SCSI - ok
17:18:02.0555 5888 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:18:02.0557 5888 luafv - ok
17:18:02.0575 5888 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:18:02.0588 5888 Mcx2Svc - ok
17:18:02.0607 5888 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:18:02.0609 5888 megasas - ok
17:18:02.0623 5888 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:18:02.0627 5888 MegaSR - ok
17:18:02.0688 5888 Microsoft SharePoint Workspace Audit Service - ok
17:18:02.0705 5888 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:18:02.0707 5888 MMCSS - ok
17:18:02.0719 5888 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:18:02.0721 5888 Modem - ok
17:18:02.0733 5888 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:18:02.0734 5888 monitor - ok
17:18:02.0781 5888 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:18:02.0782 5888 mouclass - ok
17:18:02.0803 5888 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:18:02.0815 5888 mouhid - ok
17:18:02.0843 5888 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:18:02.0844 5888 mountmgr - ok
17:18:02.0862 5888 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:18:02.0865 5888 mpio - ok
17:18:02.0879 5888 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:18:02.0881 5888 mpsdrv - ok
17:18:02.0906 5888 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:18:02.0925 5888 MpsSvc - ok
17:18:02.0945 5888 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:18:02.0947 5888 MRxDAV - ok
17:18:02.0970 5888 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:18:02.0971 5888 mrxsmb - ok
17:18:02.0995 5888 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:18:02.0998 5888 mrxsmb10 - ok
17:18:03.0011 5888 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:18:03.0012 5888 mrxsmb20 - ok
17:18:03.0023 5888 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:18:03.0025 5888 msahci - ok
17:18:03.0072 5888 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:18:03.0075 5888 msdsm - ok
17:18:03.0085 5888 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:18:03.0088 5888 MSDTC - ok
17:18:03.0100 5888 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:18:03.0100 5888 Msfs - ok
17:18:03.0113 5888 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:18:03.0115 5888 mshidkmdf - ok
17:18:03.0137 5888 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:18:03.0137 5888 msisadrv - ok
17:18:03.0158 5888 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:18:03.0161 5888 MSiSCSI - ok
17:18:03.0167 5888 msiserver - ok
17:18:03.0183 5888 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:18:03.0184 5888 MSKSSRV - ok
17:18:03.0231 5888 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:18:03.0232 5888 MSPCLOCK - ok
17:18:03.0242 5888 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:18:03.0243 5888 MSPQM - ok
17:18:03.0269 5888 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:18:03.0293 5888 MsRPC - ok
17:18:03.0317 5888 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:18:03.0317 5888 mssmbios - ok
17:18:03.0339 5888 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:18:03.0341 5888 MSTEE - ok
17:18:03.0352 5888 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:18:03.0353 5888 MTConfig - ok
17:18:03.0369 5888 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:18:03.0370 5888 Mup - ok
17:18:03.0392 5888 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:18:03.0404 5888 napagent - ok
17:18:03.0428 5888 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:18:03.0432 5888 NativeWifiP - ok
17:18:03.0500 5888 NBService (87a00faedd703d8d2bdcb29ce5eeea6b) C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
17:18:03.0508 5888 NBService - ok
17:18:03.0556 5888 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:18:03.0574 5888 NDIS - ok
17:18:03.0586 5888 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:18:03.0587 5888 NdisCap - ok
17:18:03.0602 5888 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:18:03.0603 5888 NdisTapi - ok
17:18:03.0625 5888 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:18:03.0626 5888 Ndisuio - ok
17:18:03.0677 5888 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:18:03.0680 5888 NdisWan - ok
17:18:03.0697 5888 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:18:03.0698 5888 NDProxy - ok
17:18:03.0710 5888 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:18:03.0711 5888 NetBIOS - ok
17:18:03.0734 5888 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:18:03.0738 5888 NetBT - ok
17:18:03.0778 5888 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:18:03.0779 5888 Netlogon - ok
17:18:03.0807 5888 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:18:03.0819 5888 Netman - ok
17:18:03.0834 5888 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:18:03.0846 5888 netprofm - ok
17:18:03.0882 5888 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:18:03.0884 5888 NetTcpPortSharing - ok
17:18:03.0903 5888 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:18:03.0904 5888 nfrd960 - ok
17:18:03.0934 5888 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:18:03.0946 5888 NlaSvc - ok
17:18:03.0967 5888 nmwcd (5fe6f8c05f0769bbb74afac11453b182) C:\Windows\system32\drivers\ccdcmbx64.sys
17:18:03.0980 5888 nmwcd - ok
17:18:04.0009 5888 nmwcdc (73c929945c0850b8d1fe2fea05fdf05d) C:\Windows\system32\drivers\ccdcmbox64.sys
17:18:04.0010 5888 nmwcdc - ok
17:18:04.0025 5888 nmwcdnsucx64 (697ca586209e022d15dd0c838b235d6a) C:\Windows\system32\drivers\nmwcdnsucx64.sys
17:18:04.0027 5888 nmwcdnsucx64 - ok
17:18:04.0049 5888 nmwcdnsux64 (292ddf13f91f2cb2482b57aacd6aeb9b) C:\Windows\system32\drivers\nmwcdnsux64.sys
17:18:04.0053 5888 nmwcdnsux64 - ok
17:18:04.0071 5888 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:18:04.0071 5888 Npfs - ok
17:18:04.0107 5888 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:18:04.0109 5888 nsi - ok
17:18:04.0126 5888 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:18:04.0127 5888 nsiproxy - ok
17:18:04.0182 5888 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:18:04.0208 5888 Ntfs - ok
17:18:04.0243 5888 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:18:04.0244 5888 Null - ok
17:18:04.0266 5888 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
17:18:04.0277 5888 NVENETFD - ok
17:18:04.0291 5888 nvlddmkm - ok
17:18:04.0323 5888 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:18:04.0326 5888 nvraid - ok
17:18:04.0341 5888 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:18:04.0342 5888 nvstor - ok
17:18:04.0359 5888 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:18:04.0361 5888 nv_agp - ok
17:18:04.0383 5888 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:18:04.0384 5888 ohci1394 - ok
17:18:04.0442 5888 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:18:04.0450 5888 ose - ok
17:18:04.0548 5888 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:18:04.0570 5888 osppsvc - ok
17:18:04.0612 5888 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:18:04.0621 5888 p2pimsvc - ok
17:18:04.0635 5888 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:18:04.0647 5888 p2psvc - ok
17:18:04.0676 5888 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:18:04.0687 5888 Parport - ok
17:18:04.0707 5888 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:18:04.0708 5888 partmgr - ok
17:18:04.0755 5888 pbfilter (7c0582921913d00180ec2b8518ba135c) C:\Program Files\PeerBlock\pbfilter.sys
17:18:04.0756 5888 pbfilter - ok
17:18:04.0768 5888 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:18:04.0772 5888 PcaSvc - ok
17:18:04.0793 5888 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
17:18:04.0794 5888 pccsmcfd - ok
17:18:04.0815 5888 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:18:04.0816 5888 pci - ok
17:18:04.0827 5888 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:18:04.0827 5888 pciide - ok
17:18:04.0845 5888 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:18:04.0848 5888 pcmcia - ok
17:18:04.0862 5888 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:18:04.0863 5888 pcw - ok
17:18:04.0882 5888 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:18:04.0894 5888 PEAUTH - ok
17:18:04.0937 5888 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
17:18:04.0961 5888 PeerDistSvc - ok
17:18:05.0000 5888 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:18:05.0002 5888 PerfHost - ok
17:18:05.0051 5888 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:18:05.0076 5888 pla - ok
17:18:05.0108 5888 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:18:05.0127 5888 PlugPlay - ok
17:18:05.0179 5888 PMBDeviceInfoProvider (627fa58adc043704f9d14ca44340956f) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
17:18:05.0181 5888 PMBDeviceInfoProvider - ok
17:18:05.0199 5888 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:18:05.0201 5888 PNRPAutoReg - ok
17:18:05.0218 5888 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:18:05.0220 5888 PNRPsvc - ok
17:18:05.0246 5888 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:18:05.0258 5888 PolicyAgent - ok
17:18:05.0282 5888 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:18:05.0286 5888 Power - ok
17:18:05.0318 5888 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:18:05.0320 5888 PptpMiniport - ok
17:18:05.0336 5888 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:18:05.0338 5888 Processor - ok
17:18:05.0386 5888 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
17:18:05.0389 5888 ProfSvc - ok
17:18:05.0404 5888 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:18:05.0405 5888 ProtectedStorage - ok
17:18:05.0438 5888 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:18:05.0441 5888 Psched - ok
17:18:05.0470 5888 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:18:05.0495 5888 ql2300 - ok
17:18:05.0508 5888 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:18:05.0510 5888 ql40xx - ok
17:18:05.0528 5888 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:18:05.0539 5888 QWAVE - ok
17:18:05.0551 5888 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:18:05.0553 5888 QWAVEdrv - ok
17:18:05.0565 5888 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:18:05.0566 5888 RasAcd - ok
17:18:05.0590 5888 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:18:05.0592 5888 RasAgileVpn - ok
17:18:05.0614 5888 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:18:05.0618 5888 RasAuto - ok
17:18:05.0638 5888 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:18:05.0641 5888 Rasl2tp - ok
17:18:05.0664 5888 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:18:05.0675 5888 RasMan - ok
17:18:05.0686 5888 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:18:05.0689 5888 RasPppoe - ok
17:18:05.0711 5888 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:18:05.0713 5888 RasSstp - ok
17:18:05.0737 5888 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:18:05.0740 5888 rdbss - ok
17:18:05.0757 5888 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:18:05.0759 5888 rdpbus - ok
17:18:05.0782 5888 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:18:05.0783 5888 RDPCDD - ok
17:18:05.0806 5888 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
17:18:05.0816 5888 RDPDR - ok
17:18:05.0844 5888 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:18:05.0845 5888 RDPENCDD - ok
17:18:05.0853 5888 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:18:05.0854 5888 RDPREFMP - ok
17:18:05.0878 5888 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
17:18:05.0885 5888 RDPWD - ok
17:18:05.0901 5888 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:18:05.0903 5888 rdyboost - ok
17:18:05.0926 5888 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:18:05.0928 5888 RemoteAccess - ok
17:18:05.0942 5888 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:18:05.0946 5888 RemoteRegistry - ok
17:18:05.0975 5888 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
17:18:05.0978 5888 RFCOMM - ok
17:18:05.0990 5888 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
17:18:05.0992 5888 ROOTMODEM - ok
17:18:06.0016 5888 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:18:06.0019 5888 RpcEptMapper - ok
17:18:06.0042 5888 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:18:06.0052 5888 RpcLocator - ok
17:18:06.0081 5888 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:18:06.0084 5888 RpcSs - ok
17:18:06.0103 5888 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:18:06.0105 5888 rspndr - ok
17:18:06.0124 5888 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
17:18:06.0126 5888 s3cap - ok
17:18:06.0142 5888 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:18:06.0143 5888 SamSs - ok
17:18:06.0167 5888 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:18:06.0169 5888 sbp2port - ok
17:18:06.0185 5888 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:18:06.0189 5888 SCardSvr - ok
17:18:06.0231 5888 SCDEmu (07237c66e05da6778e9f3cb67fa00736) C:\Windows\system32\drivers\SCDEmu.sys
17:18:06.0233 5888 SCDEmu - ok
17:18:06.0252 5888 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:18:06.0292 5888 scfilter - ok
17:18:06.0331 5888 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:18:06.0350 5888 Schedule - ok
17:18:06.0373 5888 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:18:06.0374 5888 SCPolicySvc - ok
17:18:06.0395 5888 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:18:06.0399 5888 SDRSVC - ok
17:18:06.0415 5888 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:18:06.0417 5888 secdrv - ok
17:18:06.0437 5888 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:18:06.0440 5888 seclogon - ok
17:18:06.0451 5888 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
17:18:06.0454 5888 SENS - ok
17:18:06.0465 5888 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:18:06.0467 5888 SensrSvc - ok
17:18:06.0489 5888 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:18:06.0491 5888 Serenum - ok
17:18:06.0516 5888 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:18:06.0523 5888 Serial - ok
17:18:06.0544 5888 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:18:06.0546 5888 sermouse - ok
17:18:06.0597 5888 ServiceLayer (f31e9531af225ca25350d5e87e999b31) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
17:18:06.0600 5888 ServiceLayer - ok
17:18:06.0628 5888 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:18:06.0631 5888 SessionEnv - ok
17:18:06.0658 5888 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:18:06.0659 5888 sffdisk - ok
17:18:06.0681 5888 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:18:06.0682 5888 sffp_mmc - ok
17:18:06.0696 5888 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:18:06.0697 5888 sffp_sd - ok
17:18:06.0710 5888 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:18:06.0712 5888 sfloppy - ok
17:18:06.0741 5888 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:18:06.0751 5888 SharedAccess - ok
17:18:06.0773 5888 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:18:06.0784 5888 ShellHWDetection - ok
17:18:06.0807 5888 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:18:06.0809 5888 SiSRaid2 - ok
17:18:06.0823 5888 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:18:06.0824 5888 SiSRaid4 - ok
17:18:06.0848 5888 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:18:06.0850 5888 Smb - ok
17:18:06.0879 5888 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:18:06.0882 5888 SNMPTRAP - ok
17:18:06.0891 5888 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:18:06.0891 5888 spldr - ok
17:18:06.0925 5888 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:18:06.0937 5888 Spooler - ok
17:18:07.0017 5888 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:18:07.0074 5888 sppsvc - ok
17:18:07.0102 5888 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:18:07.0105 5888 sppuinotify - ok
17:18:07.0134 5888 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:18:07.0144 5888 srv - ok
17:18:07.0157 5888 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:18:07.0161 5888 srv2 - ok
17:18:07.0174 5888 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:18:07.0176 5888 srvnet - ok
17:18:07.0208 5888 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:18:07.0214 5888 SSDPSRV - ok
17:18:07.0223 5888 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:18:07.0226 5888 SstpSvc - ok
17:18:07.0244 5888 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:18:07.0245 5888 stexstor - ok
17:18:07.0277 5888 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:18:07.0289 5888 stisvc - ok
17:18:07.0310 5888 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
17:18:07.0310 5888 storflt - ok
17:18:07.0328 5888 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
17:18:07.0331 5888 StorSvc - ok
17:18:07.0344 5888 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
17:18:07.0346 5888 storvsc - ok
17:18:07.0360 5888 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:18:07.0361 5888 swenum - ok
17:18:07.0386 5888 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:18:07.0397 5888 swprv - ok
17:18:07.0464 5888 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:18:07.0495 5888 SysMain - ok
17:18:07.0528 5888 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:18:07.0531 5888 TabletInputService - ok
17:18:07.0550 5888 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:18:07.0562 5888 TapiSrv - ok
17:18:07.0574 5888 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:18:07.0577 5888 TBS - ok
17:18:07.0625 5888 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
17:18:07.0662 5888 Tcpip - ok
17:18:07.0696 5888 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
17:18:07.0705 5888 TCPIP6 - ok
17:18:07.0726 5888 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:18:07.0728 5888 tcpipreg - ok
17:18:07.0748 5888 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:18:07.0749 5888 TDPIPE - ok
17:18:07.0779 5888 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:18:07.0780 5888 TDTCP - ok
17:18:07.0813 5888 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:18:07.0815 5888 tdx - ok
17:18:07.0834 5888 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:18:07.0835 5888 TermDD - ok
17:18:07.0854 5888 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:18:07.0866 5888 TermService - ok
17:18:07.0897 5888 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:18:07.0900 5888 Themes - ok
17:18:07.0913 5888 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:18:07.0914 5888 THREADORDER - ok
17:18:07.0925 5888 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:18:07.0929 5888 TrkWks - ok
17:18:07.0961 5888 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:18:07.0964 5888 TrustedInstaller - ok
17:18:08.0000 5888 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:18:08.0001 5888 tssecsrv - ok
17:18:08.0048 5888 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:18:08.0049 5888 TsUsbFlt - ok
17:18:08.0079 5888 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:18:08.0082 5888 tunnel - ok
17:18:08.0097 5888 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:18:08.0117 5888 uagp35 - ok
17:18:08.0151 5888 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:18:08.0161 5888 udfs - ok
17:18:08.0180 5888 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:18:08.0183 5888 UI0Detect - ok
17:18:08.0194 5888 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:18:08.0196 5888 uliagpkx - ok
17:18:08.0218 5888 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
17:18:08.0220 5888 umbus - ok
17:18:08.0230 5888 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:18:08.0231 5888 UmPass - ok
17:18:08.0247 5888 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
17:18:08.0259 5888 UmRdpService - ok
17:18:08.0274 5888 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:18:08.0287 5888 upnphost - ok
17:18:08.0311 5888 upperdev (34afb83c7bba370e404e52cc2290350c) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
17:18:08.0312 5888 upperdev - ok
17:18:08.0352 5888 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
17:18:08.0371 5888 USBAAPL64 - ok
17:18:08.0390 5888 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:18:08.0393 5888 usbccgp - ok
17:18:08.0432 5888 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:18:08.0434 5888 usbcir - ok
17:18:08.0455 5888 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
17:18:08.0457 5888 usbehci - ok
17:18:08.0479 5888 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:18:08.0489 5888 usbhub - ok
17:18:08.0501 5888 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
17:18:08.0502 5888 usbohci - ok
17:18:08.0518 5888 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:18:08.0519 5888 usbprint - ok
17:18:08.0549 5888 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
17:18:08.0550 5888 usbser - ok
17:18:08.0588 5888 UsbserFilt (aa75e1efbee7186b4cbaaacf1f15e6ca) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
17:18:08.0590 5888 UsbserFilt - ok
17:18:08.0622 5888 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:18:08.0624 5888 USBSTOR - ok
17:18:08.0635 5888 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:18:08.0637 5888 usbuhci - ok
17:18:08.0653 5888 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:18:08.0656 5888 UxSms - ok
17:18:08.0674 5888 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:18:08.0675 5888 VaultSvc - ok
17:18:08.0682 5888 VComm - ok
17:18:08.0689 5888 VcommMgr - ok
17:18:08.0708 5888 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:18:08.0709 5888 vdrvroot - ok
17:18:08.0734 5888 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:18:08.0747 5888 vds - ok
17:18:08.0760 5888 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:18:08.0762 5888 vga - ok
17:18:08.0773 5888 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:18:08.0774 5888 VgaSave - ok
17:18:08.0791 5888 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:18:08.0794 5888 vhdmp - ok
17:18:08.0837 5888 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:18:08.0839 5888 viaide - ok
17:18:08.0860 5888 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
17:18:08.0862 5888 vmbus - ok
17:18:08.0882 5888 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
17:18:08.0884 5888 VMBusHID - ok
17:18:08.0894 5888 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:18:08.0895 5888 volmgr - ok
17:18:08.0919 5888 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:18:08.0923 5888 volmgrx - ok
17:18:08.0943 5888 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:18:08.0946 5888 volsnap - ok
17:18:08.0971 5888 Vsdatant (239d8d72730226cd460bdc8ca0a23d43) C:\Windows\system32\DRIVERS\vsdatant.sys
17:18:08.0983 5888 Vsdatant - ok
17:18:09.0022 5888 vsmon - ok
17:18:09.0079 5888 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:18:09.0082 5888 vsmraid - ok
17:18:09.0123 5888 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:18:09.0131 5888 VSS - ok
17:18:09.0205 5888 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
17:18:09.0208 5888 vToolbarUpdater10.2.0 - ok
17:18:09.0218 5888 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
17:18:09.0219 5888 vwifibus - ok
17:18:09.0241 5888 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:18:09.0253 5888 W32Time - ok
17:18:09.0307 5888 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:18:09.0309 5888 WacomPen - ok
17:18:09.0331 5888 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:18:09.0332 5888 WANARP - ok
17:18:09.0342 5888 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:18:09.0342 5888 Wanarpv6 - ok
17:18:09.0386 5888 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:18:09.0411 5888 WatAdminSvc - ok
17:18:09.0445 5888 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:18:09.0476 5888 wbengine - ok
17:18:09.0488 5888 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:18:09.0499 5888 WbioSrvc - ok
17:18:09.0553 5888 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:18:09.0564 5888 wcncsvc - ok
17:18:09.0576 5888 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:18:09.0579 5888 WcsPlugInService - ok
17:18:09.0592 5888 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:18:09.0594 5888 Wd - ok
17:18:09.0615 5888 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:18:09.0626 5888 Wdf01000 - ok
17:18:09.0637 5888 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:18:09.0640 5888 WdiServiceHost - ok
17:18:09.0642 5888 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:18:09.0644 5888 WdiSystemHost - ok
17:18:09.0667 5888 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:18:09.0678 5888 WebClient - ok
17:18:09.0698 5888 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:18:09.0709 5888 Wecsvc - ok
17:18:09.0738 5888 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:18:09.0751 5888 wercplsupport - ok
17:18:09.0774 5888 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:18:09.0777 5888 WerSvc - ok
17:18:09.0796 5888 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:18:09.0797 5888 WfpLwf - ok
17:18:09.0812 5888 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:18:09.0813 5888 WIMMount - ok
17:18:09.0830 5888 WinDefend - ok
17:18:09.0833 5888 WinHttpAutoProxySvc - ok
17:18:09.0869 5888 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:18:09.0872 5888 Winmgmt - ok
17:18:09.0921 5888 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:18:09.0952 5888 WinRM - ok
17:18:10.0021 5888 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
17:18:10.0023 5888 WinUsb - ok
17:18:10.0045 5888 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:18:10.0065 5888 Wlansvc - ok
17:18:10.0081 5888 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:18:10.0083 5888 WmiAcpi - ok
17:18:10.0109 5888 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:18:10.0112 5888 wmiApSrv - ok
17:18:10.0122 5888 WMPNetworkSvc - ok
17:18:10.0143 5888 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:18:10.0145 5888 WPCSvc - ok
17:18:10.0166 5888 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:18:10.0170 5888 WPDBusEnum - ok
17:18:10.0185 5888 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:18:10.0186 5888 ws2ifsl - ok
17:18:10.0243 5888 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
17:18:10.0255 5888 wscsvc - ok
17:18:10.0261 5888 WSearch - ok
17:18:10.0315 5888 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
17:18:10.0353 5888 wuauserv - ok
17:18:10.0372 5888 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:18:10.0374 5888 WudfPf - ok
17:18:10.0389 5888 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:18:10.0392 5888 WUDFRd - ok
17:18:10.0421 5888 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:18:10.0424 5888 wudfsvc - ok
17:18:10.0436 5888 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:18:10.0442 5888 WwanSvc - ok
17:18:10.0510 5888 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:18:10.0533 5888 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:18:10.0533 5888 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:18:10.0552 5888 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
17:18:10.0598 5888 \Device\Harddisk1\DR1 - ok
17:18:10.0608 5888 Boot (0x1200) (5a664e012405e4fca9bc484e23063bc4) \Device\Harddisk0\DR0\Partition0
17:18:10.0609 5888 \Device\Harddisk0\DR0\Partition0 - ok
17:18:10.0611 5888 Boot (0x1200) (1baa8f3a785d7aa6305630ccbd358dc8) \Device\Harddisk1\DR1\Partition0
17:18:10.0612 5888 \Device\Harddisk1\DR1\Partition0 - ok
17:18:10.0612 5888 ============================================================
17:18:10.0612 5888 Scan finished
17:18:10.0612 5888 ============================================================
17:18:10.0619 1260 Detected object count: 1
17:18:10.0619 1260 Actual detected object count: 1
17:18:47.0479 1260 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:18:47.0479 1260 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:26 PM

Posted 20 April 2012 - 07:37 PM

Hello, somehow we lost this part of the MINI log/
•Flush DNS

•Report IE Proxy Settings

•Reset IE Proxy Settings

•Report FF Proxy Settings

•Reset FF Proxy Settings

•List content of Hosts



Looksa like we need to run this TDSS
Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.


And MBAM
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 thtasdopefoo

thtasdopefoo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 20 April 2012 - 07:44 PM

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.20.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
thatsdopefoo :: THATSDOPEFOO-PC [administrator]

Protection: Enabled

4/20/2012 5:37:10 PM
mbam-log-2012-04-20 (17-37-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226511
Time elapsed: 5 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Policies (Backdoor.Agent.PGen) -> Data: C:\Windows\system32\systems\server.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\thatsdopefoo\AppData\Roaming\cglogs.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\thatsdopefoo\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\thatsdopefoo\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.

(end)

#7 thtasdopefoo

thtasdopefoo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 20 April 2012 - 08:20 PM

Hey, i didnt see your reply while i was in the middle of malware scan...so i let that finish and rebooted. Should i still run fixtdss?

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:26 PM

Posted 20 April 2012 - 08:33 PM

Yes please
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 thtasdopefoo

thtasdopefoo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 20 April 2012 - 08:44 PM

After fixtdss i rebooted

then it showed this when windows started...

Scan results:
Suspicious use of kernel callback but MBR appears intact. Repair not done.

#10 thtasdopefoo

thtasdopefoo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 20 April 2012 - 08:46 PM

sorry got cut off

No infections were found.

Do i still continue MBAM after this?

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:26 PM

Posted 20 April 2012 - 09:38 PM

lets look at this then.. Its quick

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

EDIT>>> no MBAM

Edited by boopme, 20 April 2012 - 09:40 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 thtasdopefoo

thtasdopefoo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 20 April 2012 - 09:52 PM

When i opened aswMBR it says:
This application can use the Avast! Free Antivirus for scanning. It is recommended to download it for better detection results.
Would you like to download latest Avast!virus definitions?

Should i click no and continue?

#13 thtasdopefoo

thtasdopefoo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 20 April 2012 - 10:09 PM

i went ahead and clicked no.


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-20 19:50:55
-----------------------------
19:50:55.902 OS Version: Windows x64 6.1.7601 Service Pack 1
19:50:55.902 Number of processors: 4 586 0x170A
19:50:55.903 ComputerName: THATSDOPEFOO-PC UserName: thatsdopefoo
19:50:56.670 Initialize success
20:08:52.910 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
20:08:52.913 Disk 0 Vendor: WDC_WD30 03.0 Size: 286168MB BusType: 3
20:08:52.914 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000060
20:08:52.916 Disk 1 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 3
20:08:52.921 Disk 0 MBR read successfully
20:08:52.923 Disk 0 MBR scan
20:08:52.926 Disk 0 Windows XP default MBR code
20:08:52.930 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 286166 MB offset 2048
20:08:52.936 Disk 0 scanning C:\Windows\system32\drivers
20:08:56.507 Service scanning
20:09:05.271 Modules scanning
20:09:05.276 Disk 0 trace - called modules:
20:09:05.287 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys
20:09:05.290 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004fc8060]
20:09:05.618 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8004d92e40]
20:09:05.622 5 ACPI.sys[fffff88000f967a1] -> nt!IofCallDriver -> \Device\0000005f[0xfffffa8004d80510]
20:09:05.626 Scan finished successfully
20:09:18.848 Disk 0 MBR has been saved successfully to "C:\Users\thatsdopefoo\Desktop\MBR.dat"
20:09:18.852 The log file has been saved successfully to "C:\Users\thatsdopefoo\Desktop\aswMBR.txt"

#14 thtasdopefoo

thtasdopefoo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 21 April 2012 - 01:20 PM

What shall i do next?

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:26 PM

Posted 22 April 2012 - 12:33 PM

Another problem i have is that when i click the windows start menu all my programs that are usually listed on start menu are gone.
This infection family will also hide all the files on your computer from being seen. To make your files visible again, please download the following program to your desktop:

Unhide.exe

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users