Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Happili Redirect


  • Please log in to reply
13 replies to this topic

#1 vercingetorix237

vercingetorix237

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 22 April 2012 - 09:36 AM

Hi, all. I guess I haven't been very careful about security, and I've managed to pick up the Happili redirect virus. I was hoping that my security software would update and be able to fix the problem, but that hasn't happened. Any guidance you'd be willing to provide would be sincerely appreciated.

* Windows 7 w/ service pack 1
* Intel core i-5 2500-k @3.3
* I use MS Security Essentials for anti-viral and malware defense.
* I also run CCleaner, if that's relevant.

Happy to provide any other details that might be useful.

Thanks in advance!

v

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:48 AM

Posted 22 April 2012 - 12:42 PM

Welcome..
Are you using Firefox and/or Chrome?


Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).



Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 vercingetorix237

vercingetorix237
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 22 April 2012 - 03:05 PM

Hi, Boopme. Thanks very much for your response. No, I don't use Firefox or Chrome -- only IE.

Per your request:

Mini Tool Box

MiniToolBox by Farbar Version: 18-01-2012
Ran by Sean (administrator) on 22-04-2012 at 15:46:43
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Vespasian
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Dougherty2

Ethernet adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Juniper Network Connect Virtual Adapter
Physical Address. . . . . . . . . : 00-FF-A0-C3-12-07
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : Dougherty2
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 14-DA-E9-F5-D7-0C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f95f:8ef2:bc64:9f%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.105(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, April 21, 2012 9:27:01 AM
Lease Expires . . . . . . . . . . : Monday, April 23, 2012 9:27:06 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 236247785
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-5D-1E-03-14-DA-E9-F5-D7-0C
DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.Dougherty2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Dougherty2
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{09443C66-8378-4F55-91EA-CDBCED8F6B37}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1c45:898:bbc8:2581(Preferred)
Link-local IPv6 Address . . . . . : fe80::1c45:898:bbc8:2581%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 173.194.43.32
173.194.43.38
173.194.43.46
173.194.43.35
173.194.43.36
173.194.43.41
173.194.43.33
173.194.43.40
173.194.43.37
173.194.43.34
173.194.43.39


Pinging google.com [173.194.43.8] with 32 bytes of data:
Reply from 173.194.43.8: bytes=32 time=34ms TTL=53
Reply from 173.194.43.8: bytes=32 time=18ms TTL=53

Ping statistics for 173.194.43.8:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 18ms, Maximum = 34ms, Average = 26ms
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=108ms TTL=48
Reply from 72.30.38.140: bytes=32 time=104ms TTL=48

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 104ms, Maximum = 108ms, Average = 106ms
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
15...00 ff a0 c3 12 07 ......Juniper Network Connect Virtual Adapter
11...14 da e9 f5 d7 0c ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.105 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.105 276
192.168.1.105 255.255.255.255 On-link 192.168.1.105 276
192.168.1.255 255.255.255.255 On-link 192.168.1.105 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.105 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.105 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 58 ::/0 On-link
1 306 ::1/128 On-link
14 58 2001::/32 On-link
14 306 2001:0:4137:9e76:1c45:898:bbc8:2581/128
On-link
11 276 fe80::/64 On-link
14 306 fe80::/64 On-link
14 306 fe80::1c45:898:bbc8:2581/128
On-link
11 276 fe80::f95f:8ef2:bc64:9f/128
On-link
1 306 ff00::/8 On-link
14 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/22/2012 01:26:45 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3.
The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.

Error: (04/21/2012 02:08:10 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16421 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 16ac

Start Time: 01cd1fe83246d74d

Termination Time: 46

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

Error: (04/21/2012 09:57:07 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16421 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1354

Start Time: 01cd1fc403b32f4a

Termination Time: 21

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

Error: (04/21/2012 09:47:10 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16421 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1394

Start Time: 01cd1fc380014034

Termination Time: 28

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

Error: (04/21/2012 09:28:38 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/20/2012 10:55:59 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16421, time stamp: 0x4d76255d
Faulting module name: Flash32_11_2_202_233.ocx, version: 11.2.202.233, time stamp: 0x4f85ff58
Exception code: 0xc0000005
Fault offset: 0x001c4cec
Faulting process id: 0x650
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (04/20/2012 10:11:50 PM) (Source: Application Error) (User: )
Description: Faulting application name: wmplayer.exe, version: 12.0.7601.17514, time stamp: 0x4ce7a485
Faulting module name: wmplayer.exe, version: 12.0.7601.17514, time stamp: 0x4ce7a485
Exception code: 0xc0000005
Fault offset: 0x00025a52
Faulting process id: 0x14a8
Faulting application start time: 0xwmplayer.exe0
Faulting application path: wmplayer.exe1
Faulting module path: wmplayer.exe2
Report Id: wmplayer.exe3

Error: (04/20/2012 08:53:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2012 10:56:36 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16421, time stamp: 0x4d76255d
Faulting module name: IEFRAME.dll, version: 9.0.8112.16443, time stamp: 0x4f4c2cfa
Exception code: 0xc0000005
Fault offset: 0x000fc88b
Faulting process id: 0x10c8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (04/18/2012 09:57:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/21/2012 09:27:25 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%842

Error: (04/21/2012 09:27:25 AM) (Source: WMPNetworkSvc) (User: )
Description: 0x800700b7

Error: (04/21/2012 09:27:25 AM) (Source: WMPNetworkSvc) (User: )
Description: 00x800700b7http://+:10243/WMPNSSv4/2811996591/

Error: (04/21/2012 09:27:25 AM) (Source: WMPNetworkSvc) (User: )
Description: 0x800700b7

Error: (04/21/2012 09:27:25 AM) (Source: WMPNetworkSvc) (User: )
Description: 00x800700b7http://+:10243/WMPNSSv4/2811996591/

Error: (04/21/2012 09:27:24 AM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (04/21/2012 09:27:24 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (04/21/2012 09:27:05 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (04/21/2012 09:27:00 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147014847

Error: (04/20/2012 08:51:58 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x800700b7


Microsoft Office Sessions:
=========================
Error: (04/22/2012 01:26:45 AM) (Source: SideBySide)(User: )
Description: imagingurn:schemas-microsoft-com:asm.v1^assemblyc:\program files\microsoft security client\MSESysprep.dllc:\program files\microsoft security client\MSESysprep.dll10

Error: (04/21/2012 02:08:10 PM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.1642116ac01cd1fe83246d74d46C:\Program Files (x86)\Internet Explorer\iexplore.exe

Error: (04/21/2012 09:57:07 AM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.16421135401cd1fc403b32f4a21C:\Program Files (x86)\Internet Explorer\iexplore.exe

Error: (04/21/2012 09:47:10 AM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.16421139401cd1fc38001403428C:\Program Files (x86)\Internet Explorer\iexplore.exe

Error: (04/21/2012 09:28:38 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/20/2012 10:55:59 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.164214d76255dFlash32_11_2_202_233.ocx11.2.202.2334f85ff58c0000005001c4cec65001cd1f65c7db65f9C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\Flash32_11_2_202_233.ocx859e9d61-8b5d-11e1-831e-14dae9f5d70c

Error: (04/20/2012 10:11:50 PM) (Source: Application Error)(User: )
Description: wmplayer.exe12.0.7601.175144ce7a485wmplayer.exe12.0.7601.175144ce7a485c000000500025a5214a801cd1f641bf11663C:\Program Files (x86)\Windows Media Player\wmplayer.exeC:\Program Files (x86)\Windows Media Player\wmplayer.exe5acbf006-8b57-11e1-831e-14dae9f5d70c

Error: (04/20/2012 08:53:07 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2012 10:56:36 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.164214d76255dIEFRAME.dll9.0.8112.164434f4c2cfac0000005000fc88b10c801cd1dcfb42ad425C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\system32\IEFRAME.dll46991225-89cb-11e1-a4c0-14dae9f5d70c

Error: (04/18/2012 09:57:09 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

Ad-Aware Browsing Protection (Version: 0.9.0.2)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.233)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.2.202.233)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11.6 (Version: 11.6.4.634)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
BOINC (Version: 6.12.34)
Bonjour (Version: 3.0.0.10)
CameraHelperMsi (Version: 13.31.1038.0)
CCleaner (Version: 3.13)
Creative Audio Control Panel (Version: 3.00)
Creative Software AutoUpdate (Version: 1.40)
Creative Sound Blaster Properties x64 Edition
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.45.1.0236)
erLT (Version: 1.20.138.34)
Host OpenAL (Version: 1.00)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 7.0.0.1144)
iTunes (Version: 10.5.3.3)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (64-bit) (Version: 6.0.310)
Java™ 6 Update 31 (Version: 6.0.310)
Juniper Networks Host Checker (Version: 7.1.0.19757)
Juniper Networks Network Connect 7.1.0 (Version: 7.1.0.19757)
Juniper Networks, Inc. Setup Client (Version: 7.1.5.14305)
Junk Mail filter update (Version: 15.4.3502.0922)
LeapFrog Connect (Version: 3.2.19.13664)
LeapFrog My Pals Plugin (Version: 3.2.19.13664)
Logitech Webcam Software (Version: 2.30)
LWS Facebook (Version: 13.31.1038.0)
LWS Gallery (Version: 13.31.1038.0)
LWS Help_main (Version: 13.31.1044.0)
LWS Launcher (Version: 13.31.1038.0)
LWS Video Mask Maker (Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (Version: 13.31.1038.0)
LWS WLM Plugin (Version: 1.30.1201.0)
LWS YouTube Plugin (Version: 13.31.1038.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Home and Student 2010 - English (Version: 14.0.6114.5002)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
NVIDIA 3D Vision Controller Driver 285.62 (Version: 285.62)
NVIDIA 3D Vision Driver 285.62 (Version: 285.62)
NVIDIA Control Panel 285.62 (Version: 285.62)
NVIDIA Graphics Driver 285.62 (Version: 285.62)
NVIDIA HD Audio Driver 1.2.24.0 (Version: 1.2.24.0)
NVIDIA Install Application (Version: 2.1002.46.235)
NVIDIA PhysX (Version: 9.11.0621)
NVIDIA PhysX System Software 9.11.0621 (Version: 9.11.0621)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.8562)
NVIDIA Update 1.5.20 (Version: 1.5.20)
NVIDIA Update Components (Version: 1.5.20)
Realtek Ethernet Controller Driver (Version: 7.31.1025.2010)
Relativity Web Client 7.2 (Version: 7.2.30605)
Relativity Web Client Manager 7.2 (Version: 7.2.30605)
Secunia PSI (2.0.0.4003) (Version: 2.0.0.4003)
Skype Click to Call (Version: 5.10.9560)
Skype™ 5.8 (Version: 5.8.158)
Steam (Version: 1.0.0.0)
swMSM (Version: 12.0.0.1)
The Elder Scrolls V: Skyrim
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
VLC media player 2.0.1 (Version: 2.0.1)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR 4.01 (32-bit) (Version: 4.01.0)

========================= Memory info: ===================================

Percentage of memory in use: 56%
Total physical RAM: 8173.22 MB
Available physical RAM: 3551.8 MB
Total Pagefile: 16344.64 MB
Available Pagefile: 11087.2 MB
Total Virtual: 4095.88 MB
Available Virtual: 3955.63 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:931.51 GB) (Free:827.95 GB) NTFS
2 Drive d: () (Fixed) (Total:698.62 GB) (Free:96.02 GB) NTFS
3 Drive e: (SKYRIM_EN) (CDROM) (Total:5.1 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\VESPASIAN

Administrator Guest Sean
UpdatusUser


**** End of log ****


MBAM


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.22.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Sean :: VESPASIAN [administrator]

4/22/2012 3:51:06 PM
mbam-log-2012-04-22 (15-52-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233667
Time elapsed: 1 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Users\Sean\AppData\Roaming\Apple Computer\Apple Computer\vmvsz.dll (Trojan.Agent.GMAGen) -> No action taken.

Registry Keys Detected: 1
HKCU\Software\DC3_FEXEC (Malware.Trace) -> No action taken.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Update (Trojan.Agent.GMAGen) -> Data: rundll32.exe "C:\Users\Sean\AppData\Roaming\Apple Computer\Apple Computer\vmvsz.dll",DllRegisterServer -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java .exe (Backdoor.Agent.DC) -> No action taken.
C:\Users\Sean\AppData\Roaming\Apple Computer\Apple Computer\vmvsz.dll (Trojan.Agent.GMAGen) -> No action taken.

(end)


TDSSKiller

15:58:43.0362 4320 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
15:58:43.0628 4320 ============================================================
15:58:43.0628 4320 Current date / time: 2012/04/22 15:58:43.0628
15:58:43.0628 4320 SystemInfo:
15:58:43.0628 4320
15:58:43.0628 4320 OS Version: 6.1.7601 ServicePack: 1.0
15:58:43.0628 4320 Product type: Workstation
15:58:43.0628 4320 ComputerName: VESPASIAN
15:58:43.0628 4320 UserName: Sean
15:58:43.0628 4320 Windows directory: C:\Windows
15:58:43.0628 4320 System windows directory: C:\Windows
15:58:43.0628 4320 Running under WOW64
15:58:43.0628 4320 Processor architecture: Intel x64
15:58:43.0628 4320 Number of processors: 4
15:58:43.0628 4320 Page size: 0x1000
15:58:43.0628 4320 Boot type: Normal boot
15:58:43.0628 4320 ============================================================
15:58:45.0344 4320 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8A00000 (698.63 Gb), SectorSize: 0x200, Cylinders: 0x16440, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:58:45.0359 4320 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:58:45.0375 4320 \Device\Harddisk0\DR0:
15:58:45.0375 4320 MBR partitions:
15:58:45.0375 4320 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x5753D540
15:58:45.0375 4320 \Device\Harddisk1\DR1:
15:58:45.0375 4320 MBR partitions:
15:58:45.0375 4320 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
15:58:45.0406 4320 C: <-> \Device\Harddisk1\DR1\Partition0
15:58:45.0422 4320 D: <-> \Device\Harddisk0\DR0\Partition0
15:58:45.0422 4320 Initialize success
15:58:45.0422 4320 ============================================================
15:59:03.0237 4784 ============================================================
15:59:03.0237 4784 Scan started
15:59:03.0237 4784 Mode: Manual; TDLFS;
15:59:03.0237 4784 ============================================================
15:59:03.0518 4784 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
15:59:03.0518 4784 1394ohci - ok
15:59:03.0565 4784 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:59:03.0565 4784 ACPI - ok
15:59:03.0580 4784 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:59:03.0580 4784 AcpiPmi - ok
15:59:03.0658 4784 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:59:03.0658 4784 AdobeARMservice - ok
15:59:03.0689 4784 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:59:03.0689 4784 AdobeFlashPlayerUpdateSvc - ok
15:59:03.0705 4784 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
15:59:03.0705 4784 adp94xx - ok
15:59:03.0721 4784 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
15:59:03.0721 4784 adpahci - ok
15:59:03.0736 4784 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
15:59:03.0736 4784 adpu320 - ok
15:59:03.0767 4784 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:59:03.0767 4784 AeLookupSvc - ok
15:59:03.0799 4784 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:59:03.0799 4784 AFD - ok
15:59:03.0814 4784 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:59:03.0814 4784 agp440 - ok
15:59:03.0861 4784 ahcix64s (dada9751964a7d217a762c873c332b0e) C:\Windows\system32\drivers\ahcix64s.sys
15:59:03.0861 4784 ahcix64s - ok
15:59:03.0877 4784 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:59:03.0877 4784 ALG - ok
15:59:03.0908 4784 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:59:03.0908 4784 aliide - ok
15:59:03.0923 4784 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:59:03.0923 4784 amdide - ok
15:59:03.0939 4784 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
15:59:03.0939 4784 AmdK8 - ok
15:59:03.0955 4784 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
15:59:03.0955 4784 AmdPPM - ok
15:59:03.0986 4784 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:59:03.0986 4784 amdsata - ok
15:59:03.0986 4784 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
15:59:04.0001 4784 amdsbs - ok
15:59:04.0001 4784 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:59:04.0001 4784 amdxata - ok
15:59:04.0017 4784 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:59:04.0033 4784 AppID - ok
15:59:04.0048 4784 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:59:04.0048 4784 AppIDSvc - ok
15:59:04.0064 4784 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:59:04.0064 4784 Appinfo - ok
15:59:04.0126 4784 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:59:04.0126 4784 Apple Mobile Device - ok
15:59:04.0142 4784 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
15:59:04.0142 4784 arc - ok
15:59:04.0157 4784 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
15:59:04.0157 4784 arcsas - ok
15:59:04.0189 4784 asmthub3 (e3b9c89d2ed4a538ab2fc6ec76fa2b17) C:\Windows\system32\DRIVERS\asmthub3.sys
15:59:04.0189 4784 asmthub3 - ok
15:59:04.0235 4784 asmtxhci (88ce83be5176020be39194a6369af2c2) C:\Windows\system32\DRIVERS\asmtxhci.sys
15:59:04.0235 4784 asmtxhci - ok
15:59:04.0282 4784 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:59:04.0298 4784 aspnet_state - ok
15:59:04.0329 4784 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:59:04.0329 4784 AsyncMac - ok
15:59:04.0345 4784 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:59:04.0345 4784 atapi - ok
15:59:04.0376 4784 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:59:04.0376 4784 AudioEndpointBuilder - ok
15:59:04.0391 4784 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:59:04.0391 4784 AudioSrv - ok
15:59:04.0454 4784 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:59:04.0454 4784 AxInstSV - ok
15:59:04.0485 4784 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
15:59:04.0501 4784 b06bdrv - ok
15:59:04.0532 4784 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:59:04.0532 4784 b57nd60a - ok
15:59:04.0547 4784 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:59:04.0547 4784 BDESVC - ok
15:59:04.0563 4784 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:59:04.0563 4784 Beep - ok
15:59:04.0594 4784 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:59:04.0594 4784 BFE - ok
15:59:04.0625 4784 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:59:04.0641 4784 BITS - ok
15:59:04.0657 4784 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:59:04.0657 4784 blbdrive - ok
15:59:04.0703 4784 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:59:04.0719 4784 Bonjour Service - ok
15:59:04.0735 4784 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:59:04.0735 4784 bowser - ok
15:59:04.0750 4784 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
15:59:04.0766 4784 BrFiltLo - ok
15:59:04.0766 4784 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
15:59:04.0781 4784 BrFiltUp - ok
15:59:04.0781 4784 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:59:04.0781 4784 Browser - ok
15:59:04.0797 4784 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:59:04.0797 4784 Brserid - ok
15:59:04.0813 4784 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:59:04.0813 4784 BrSerWdm - ok
15:59:04.0828 4784 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:59:04.0828 4784 BrUsbMdm - ok
15:59:04.0844 4784 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:59:04.0859 4784 BrUsbSer - ok
15:59:04.0859 4784 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
15:59:04.0859 4784 BTHMODEM - ok
15:59:04.0875 4784 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:59:04.0875 4784 bthserv - ok
15:59:04.0891 4784 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:59:04.0891 4784 cdfs - ok
15:59:04.0906 4784 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:59:04.0922 4784 cdrom - ok
15:59:04.0922 4784 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:59:04.0922 4784 CertPropSvc - ok
15:59:04.0937 4784 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
15:59:04.0953 4784 circlass - ok
15:59:04.0953 4784 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:59:04.0969 4784 CLFS - ok
15:59:04.0984 4784 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:59:04.0984 4784 clr_optimization_v2.0.50727_32 - ok
15:59:05.0015 4784 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:59:05.0015 4784 clr_optimization_v2.0.50727_64 - ok
15:59:05.0093 4784 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:59:05.0187 4784 clr_optimization_v4.0.30319_32 - ok
15:59:05.0203 4784 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:59:05.0203 4784 clr_optimization_v4.0.30319_64 - ok
15:59:05.0218 4784 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
15:59:05.0218 4784 CmBatt - ok
15:59:05.0234 4784 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:59:05.0234 4784 cmdide - ok
15:59:05.0265 4784 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:59:05.0265 4784 CNG - ok
15:59:05.0281 4784 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
15:59:05.0296 4784 Compbatt - ok
15:59:05.0312 4784 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:59:05.0312 4784 CompositeBus - ok
15:59:05.0312 4784 COMSysApp - ok
15:59:05.0327 4784 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
15:59:05.0327 4784 crcdisk - ok
15:59:05.0374 4784 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
15:59:05.0374 4784 Creative Audio Engine Licensing Service - ok
15:59:05.0390 4784 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:59:05.0390 4784 CryptSvc - ok
15:59:05.0437 4784 CTAudSvcService (07ba6d17e66879018b30b6c3f976ebed) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
15:59:05.0483 4784 CTAudSvcService - ok
15:59:05.0530 4784 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
15:59:05.0530 4784 cvhsvc - ok
15:59:05.0561 4784 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:59:05.0561 4784 DcomLaunch - ok
15:59:05.0593 4784 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:59:05.0593 4784 defragsvc - ok
15:59:05.0608 4784 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:59:05.0608 4784 DfsC - ok
15:59:05.0624 4784 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:59:05.0624 4784 Dhcp - ok
15:59:05.0639 4784 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:59:05.0639 4784 discache - ok
15:59:05.0655 4784 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
15:59:05.0655 4784 Disk - ok
15:59:05.0686 4784 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:59:05.0686 4784 Dnscache - ok
15:59:05.0702 4784 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:59:05.0702 4784 dot3svc - ok
15:59:05.0733 4784 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:59:05.0733 4784 DPS - ok
15:59:05.0749 4784 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:59:05.0749 4784 drmkaud - ok
15:59:05.0780 4784 dsNcAdpt (0040a0132aac1004e50055f8fbb14c08) C:\Windows\system32\DRIVERS\dsNcAdpt.sys
15:59:05.0780 4784 dsNcAdpt - ok
15:59:05.0842 4784 dsNcService (ce235d0af501d4a622b0b8cfe7963b32) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
15:59:05.0842 4784 dsNcService - ok
15:59:05.0873 4784 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:59:05.0873 4784 dtsoftbus01 - ok
15:59:05.0905 4784 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:59:05.0905 4784 DXGKrnl - ok
15:59:05.0936 4784 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:59:05.0936 4784 EapHost - ok
15:59:05.0998 4784 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
15:59:06.0076 4784 ebdrv - ok
15:59:06.0092 4784 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:59:06.0107 4784 EFS - ok
15:59:06.0139 4784 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:59:06.0154 4784 ehRecvr - ok
15:59:06.0170 4784 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:59:06.0185 4784 ehSched - ok
15:59:06.0201 4784 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
15:59:06.0201 4784 elxstor - ok
15:59:06.0217 4784 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:59:06.0217 4784 ErrDev - ok
15:59:06.0248 4784 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:59:06.0248 4784 EventSystem - ok
15:59:06.0263 4784 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:59:06.0279 4784 exfat - ok
15:59:06.0279 4784 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:59:06.0279 4784 fastfat - ok
15:59:06.0310 4784 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:59:06.0310 4784 Fax - ok
15:59:06.0341 4784 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
15:59:06.0341 4784 fdc - ok
15:59:06.0341 4784 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:59:06.0341 4784 fdPHost - ok
15:59:06.0357 4784 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:59:06.0357 4784 FDResPub - ok
15:59:06.0373 4784 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:59:06.0373 4784 FileInfo - ok
15:59:06.0388 4784 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:59:06.0388 4784 Filetrace - ok
15:59:06.0419 4784 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
15:59:06.0419 4784 flpydisk - ok
15:59:06.0435 4784 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:59:06.0435 4784 FltMgr - ok
15:59:06.0482 4784 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:59:06.0497 4784 FontCache - ok
15:59:06.0529 4784 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:59:06.0529 4784 FontCache3.0.0.0 - ok
15:59:06.0544 4784 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:59:06.0544 4784 FsDepends - ok
15:59:06.0575 4784 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:59:06.0575 4784 Fs_Rec - ok
15:59:06.0591 4784 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:59:06.0591 4784 fvevol - ok
15:59:06.0607 4784 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
15:59:06.0607 4784 gagp30kx - ok
15:59:06.0653 4784 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:59:06.0653 4784 GEARAspiWDM - ok
15:59:06.0669 4784 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:59:06.0669 4784 gpsvc - ok
15:59:06.0685 4784 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:59:06.0685 4784 hcw85cir - ok
15:59:06.0731 4784 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:59:06.0731 4784 HdAudAddService - ok
15:59:06.0747 4784 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:59:06.0763 4784 HDAudBus - ok
15:59:06.0763 4784 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
15:59:06.0778 4784 HidBatt - ok
15:59:06.0794 4784 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
15:59:06.0794 4784 HidBth - ok
15:59:06.0809 4784 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
15:59:06.0809 4784 HidIr - ok
15:59:06.0809 4784 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:59:06.0809 4784 hidserv - ok
15:59:06.0856 4784 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:59:06.0856 4784 HidUsb - ok
15:59:06.0872 4784 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:59:06.0872 4784 hkmsvc - ok
15:59:06.0887 4784 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:59:06.0887 4784 HomeGroupListener - ok
15:59:06.0903 4784 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:59:06.0903 4784 HomeGroupProvider - ok
15:59:06.0919 4784 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:59:06.0919 4784 HpSAMD - ok
15:59:06.0950 4784 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:59:06.0950 4784 HTTP - ok
15:59:06.0965 4784 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:59:06.0965 4784 hwpolicy - ok
15:59:06.0981 4784 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:59:06.0981 4784 i8042prt - ok
15:59:07.0012 4784 iaStor (26cf4275034214ecedd8ec17b0a18a99) C:\Windows\system32\drivers\iaStor.sys
15:59:07.0012 4784 iaStor - ok
15:59:07.0028 4784 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:59:07.0028 4784 iaStorV - ok
15:59:07.0075 4784 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:59:07.0075 4784 idsvc - ok
15:59:07.0106 4784 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
15:59:07.0106 4784 iirsp - ok
15:59:07.0121 4784 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:59:07.0137 4784 IKEEXT - ok
15:59:07.0153 4784 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:59:07.0153 4784 intelide - ok
15:59:07.0168 4784 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:59:07.0168 4784 intelppm - ok
15:59:07.0184 4784 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:59:07.0184 4784 IPBusEnum - ok
15:59:07.0199 4784 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:59:07.0199 4784 IpFilterDriver - ok
15:59:07.0215 4784 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:59:07.0215 4784 iphlpsvc - ok
15:59:07.0231 4784 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:59:07.0231 4784 IPMIDRV - ok
15:59:07.0246 4784 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:59:07.0246 4784 IPNAT - ok
15:59:07.0309 4784 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
15:59:07.0309 4784 iPod Service - ok
15:59:07.0324 4784 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:59:07.0324 4784 IRENUM - ok
15:59:07.0340 4784 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:59:07.0340 4784 isapnp - ok
15:59:07.0371 4784 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:59:07.0371 4784 iScsiPrt - ok
15:59:07.0387 4784 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:59:07.0387 4784 kbdclass - ok
15:59:07.0402 4784 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:59:07.0402 4784 kbdhid - ok
15:59:07.0433 4784 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:59:07.0433 4784 KeyIso - ok
15:59:07.0449 4784 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:59:07.0449 4784 KSecDD - ok
15:59:07.0465 4784 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:59:07.0465 4784 KSecPkg - ok
15:59:07.0480 4784 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:59:07.0480 4784 ksthunk - ok
15:59:07.0511 4784 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:59:07.0511 4784 KtmRm - ok
15:59:07.0527 4784 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:59:07.0543 4784 LanmanServer - ok
15:59:07.0558 4784 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:59:07.0558 4784 LanmanWorkstation - ok
15:59:07.0667 4784 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
15:59:07.0777 4784 LeapFrog Connect Device Service - ok
15:59:07.0823 4784 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:59:07.0823 4784 lltdio - ok
15:59:07.0839 4784 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:59:07.0839 4784 lltdsvc - ok
15:59:07.0855 4784 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:59:07.0855 4784 lmhosts - ok
15:59:07.0870 4784 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
15:59:07.0870 4784 LSI_FC - ok
15:59:07.0886 4784 LSI_SAS (1a2a5085f88a8e2fff68cd20b680bbeb) C:\Windows\system32\drivers\lsi_sas.sys
15:59:07.0901 4784 LSI_SAS - ok
15:59:07.0917 4784 LSI_SAS2 (5de6f510ed4e08c2a204fcc63d49b9eb) C:\Windows\system32\drivers\lsi_sas2.sys
15:59:07.0917 4784 LSI_SAS2 - ok
15:59:07.0948 4784 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
15:59:07.0948 4784 LSI_SCSI - ok
15:59:07.0979 4784 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:59:07.0979 4784 luafv - ok
15:59:07.0995 4784 LVRS64 (0c85b2b6fb74b36a251792d45e0ef860) C:\Windows\system32\DRIVERS\lvrs64.sys
15:59:07.0995 4784 LVRS64 - ok
15:59:08.0089 4784 LVUVC64 (ff3a488924b0032b1a9ca6948c1fa9e8) C:\Windows\system32\DRIVERS\lvuvc64.sys
15:59:08.0104 4784 LVUVC64 - ok
15:59:08.0135 4784 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:59:08.0135 4784 Mcx2Svc - ok
15:59:08.0151 4784 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
15:59:08.0151 4784 megasas - ok
15:59:08.0167 4784 megasas2 (008d431ebbc5102ae4e7210eced5492d) C:\Windows\system32\drivers\megasas2.sys
15:59:08.0167 4784 megasas2 - ok
15:59:08.0182 4784 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
15:59:08.0182 4784 MegaSR - ok
15:59:08.0213 4784 MegaSR1 (9fa1f3778a6d464e0f083cda7d172c41) C:\Windows\system32\drivers\MegaSR1.sys
15:59:08.0213 4784 MegaSR1 - ok
15:59:08.0245 4784 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
15:59:08.0245 4784 MEIx64 - ok
15:59:08.0276 4784 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:59:08.0276 4784 MMCSS - ok
15:59:08.0276 4784 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:59:08.0291 4784 Modem - ok
15:59:08.0307 4784 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:59:08.0307 4784 monitor - ok
15:59:08.0338 4784 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:59:08.0338 4784 mouclass - ok
15:59:08.0338 4784 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:59:08.0354 4784 mouhid - ok
15:59:08.0354 4784 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:59:08.0369 4784 mountmgr - ok
15:59:08.0385 4784 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
15:59:08.0385 4784 MpFilter - ok
15:59:08.0416 4784 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:59:08.0416 4784 mpio - ok
15:59:08.0432 4784 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
15:59:08.0432 4784 MpNWMon - ok
15:59:08.0432 4784 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:59:08.0447 4784 mpsdrv - ok
15:59:08.0463 4784 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:59:08.0479 4784 MpsSvc - ok
15:59:08.0494 4784 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:59:08.0494 4784 MRxDAV - ok
15:59:08.0510 4784 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:59:08.0510 4784 mrxsmb - ok
15:59:08.0525 4784 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:59:08.0525 4784 mrxsmb10 - ok
15:59:08.0541 4784 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:59:08.0557 4784 mrxsmb20 - ok
15:59:08.0572 4784 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:59:08.0572 4784 msahci - ok
15:59:08.0588 4784 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:59:08.0588 4784 msdsm - ok
15:59:08.0603 4784 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:59:08.0619 4784 MSDTC - ok
15:59:08.0635 4784 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:59:08.0635 4784 Msfs - ok
15:59:08.0650 4784 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:59:08.0650 4784 mshidkmdf - ok
15:59:08.0650 4784 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:59:08.0650 4784 msisadrv - ok
15:59:08.0681 4784 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:59:08.0681 4784 MSiSCSI - ok
15:59:08.0697 4784 msiserver - ok
15:59:08.0713 4784 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:59:08.0713 4784 MSKSSRV - ok
15:59:08.0759 4784 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
15:59:08.0759 4784 MsMpSvc - ok
15:59:08.0775 4784 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:59:08.0775 4784 MSPCLOCK - ok
15:59:08.0806 4784 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:59:08.0806 4784 MSPQM - ok
15:59:08.0837 4784 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:59:08.0837 4784 MsRPC - ok
15:59:08.0853 4784 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:59:08.0853 4784 mssmbios - ok
15:59:08.0884 4784 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:59:08.0884 4784 MSTEE - ok
15:59:08.0900 4784 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
15:59:08.0900 4784 MTConfig - ok
15:59:08.0915 4784 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:59:08.0915 4784 Mup - ok
15:59:08.0947 4784 mv91cons (baa293f089077fe71f855ba5649648d9) C:\Windows\system32\drivers\mv91cons.sys
15:59:08.0947 4784 mv91cons - ok
15:59:08.0978 4784 mv91xx (34d08c9c64f657d194961e96c47e9c69) C:\Windows\system32\drivers\mv91xx.sys
15:59:08.0978 4784 mv91xx - ok
15:59:08.0993 4784 mvs91xx (a986dc81534582fa478c286e8f57a877) C:\Windows\system32\drivers\mvs91xx.sys
15:59:08.0993 4784 mvs91xx - ok
15:59:09.0025 4784 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:59:09.0025 4784 napagent - ok
15:59:09.0040 4784 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:59:09.0040 4784 NativeWifiP - ok
15:59:09.0071 4784 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:59:09.0071 4784 NDIS - ok
15:59:09.0103 4784 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:59:09.0103 4784 NdisCap - ok
15:59:09.0118 4784 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:59:09.0118 4784 NdisTapi - ok
15:59:09.0134 4784 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:59:09.0134 4784 Ndisuio - ok
15:59:09.0149 4784 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:59:09.0149 4784 NdisWan - ok
15:59:09.0165 4784 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:59:09.0165 4784 NDProxy - ok
15:59:09.0181 4784 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:59:09.0181 4784 NetBIOS - ok
15:59:09.0196 4784 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:59:09.0196 4784 NetBT - ok
15:59:09.0227 4784 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:59:09.0227 4784 Netlogon - ok
15:59:09.0259 4784 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:59:09.0259 4784 Netman - ok
15:59:09.0321 4784 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:59:09.0337 4784 NetMsmqActivator - ok
15:59:09.0337 4784 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:59:09.0337 4784 NetPipeActivator - ok
15:59:09.0352 4784 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:59:09.0352 4784 netprofm - ok
15:59:09.0352 4784 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:59:09.0352 4784 NetTcpActivator - ok
15:59:09.0352 4784 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:59:09.0352 4784 NetTcpPortSharing - ok
15:59:09.0383 4784 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
15:59:09.0383 4784 nfrd960 - ok
15:59:09.0399 4784 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:59:09.0399 4784 NisDrv - ok
15:59:09.0446 4784 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
15:59:09.0446 4784 NisSrv - ok
15:59:09.0477 4784 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:59:09.0477 4784 NlaSvc - ok
15:59:09.0493 4784 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:59:09.0493 4784 Npfs - ok
15:59:09.0524 4784 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:59:09.0524 4784 nsi - ok
15:59:09.0524 4784 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:59:09.0539 4784 nsiproxy - ok
15:59:09.0586 4784 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:59:09.0602 4784 Ntfs - ok
15:59:09.0617 4784 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:59:09.0617 4784 Null - ok
15:59:09.0649 4784 nusb3hub (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\drivers\nusb3hub.sys
15:59:09.0649 4784 nusb3hub - ok
15:59:09.0664 4784 nusb3xhc (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\drivers\nusb3xhc.sys
15:59:09.0664 4784 nusb3xhc - ok
15:59:09.0711 4784 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
15:59:09.0711 4784 NVHDA - ok
15:59:09.0883 4784 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:59:09.0929 4784 nvlddmkm - ok
15:59:09.0992 4784 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:59:09.0992 4784 nvraid - ok
15:59:10.0023 4784 nvrd64 (8787d3eece88611a313de7608c44c04d) C:\Windows\system32\drivers\nvrd64.sys
15:59:10.0023 4784 nvrd64 - ok
15:59:10.0039 4784 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:59:10.0039 4784 nvstor - ok
15:59:10.0054 4784 nvstor64 (f3d7b0ede156583f6fd3d2b5e898e2b6) C:\Windows\system32\drivers\nvstor64.sys
15:59:10.0054 4784 nvstor64 - ok
15:59:10.0101 4784 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
15:59:10.0132 4784 nvsvc - ok
15:59:10.0195 4784 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
15:59:10.0226 4784 nvUpdatusService - ok
15:59:10.0241 4784 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:59:10.0241 4784 nv_agp - ok
15:59:10.0257 4784 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:59:10.0257 4784 ohci1394 - ok
15:59:10.0288 4784 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:59:10.0288 4784 ose - ok
15:59:10.0366 4784 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:59:10.0429 4784 osppsvc - ok
15:59:10.0444 4784 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:59:10.0460 4784 p2pimsvc - ok
15:59:10.0475 4784 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:59:10.0491 4784 p2psvc - ok
15:59:10.0491 4784 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
15:59:10.0491 4784 Parport - ok
15:59:10.0507 4784 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:59:10.0522 4784 partmgr - ok
15:59:10.0538 4784 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:59:10.0538 4784 PcaSvc - ok
15:59:10.0553 4784 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:59:10.0553 4784 pci - ok
15:59:10.0569 4784 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:59:10.0569 4784 pciide - ok
15:59:10.0585 4784 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
15:59:10.0600 4784 pcmcia - ok
15:59:10.0600 4784 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:59:10.0616 4784 pcw - ok
15:59:10.0631 4784 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:59:10.0631 4784 PEAUTH - ok
15:59:10.0678 4784 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:59:10.0678 4784 PerfHost - ok
15:59:10.0725 4784 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:59:10.0741 4784 pla - ok
15:59:10.0772 4784 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:59:10.0772 4784 PlugPlay - ok
15:59:10.0787 4784 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:59:10.0787 4784 PNRPAutoReg - ok
15:59:10.0803 4784 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:59:10.0803 4784 PNRPsvc - ok
15:59:10.0819 4784 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:59:10.0834 4784 PolicyAgent - ok
15:59:10.0850 4784 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:59:10.0850 4784 Power - ok
15:59:10.0865 4784 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:59:10.0865 4784 PptpMiniport - ok
15:59:10.0881 4784 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
15:59:10.0881 4784 Processor - ok
15:59:10.0912 4784 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:59:10.0912 4784 ProfSvc - ok
15:59:10.0943 4784 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:59:10.0943 4784 ProtectedStorage - ok
15:59:10.0959 4784 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:59:10.0959 4784 Psched - ok
15:59:11.0021 4784 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
15:59:11.0037 4784 PSI - ok
15:59:11.0053 4784 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
15:59:11.0084 4784 ql2300 - ok
15:59:11.0099 4784 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
15:59:11.0099 4784 ql40xx - ok
15:59:11.0115 4784 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:59:11.0115 4784 QWAVE - ok
15:59:11.0131 4784 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:59:11.0146 4784 QWAVEdrv - ok
15:59:11.0177 4784 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:59:11.0177 4784 RasAcd - ok
15:59:11.0209 4784 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:59:11.0209 4784 RasAgileVpn - ok
15:59:11.0209 4784 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:59:11.0209 4784 RasAuto - ok
15:59:11.0224 4784 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:59:11.0224 4784 Rasl2tp - ok
15:59:11.0240 4784 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:59:11.0240 4784 RasMan - ok
15:59:11.0255 4784 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:59:11.0255 4784 RasPppoe - ok
15:59:11.0287 4784 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:59:11.0287 4784 RasSstp - ok
15:59:11.0302 4784 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:59:11.0302 4784 rdbss - ok
15:59:11.0318 4784 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
15:59:11.0318 4784 rdpbus - ok
15:59:11.0333 4784 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:59:11.0333 4784 RDPCDD - ok
15:59:11.0349 4784 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:59:11.0349 4784 RDPENCDD - ok
15:59:11.0365 4784 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:59:11.0380 4784 RDPREFMP - ok
15:59:11.0443 4784 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
15:59:11.0443 4784 RDPWD - ok
15:59:11.0458 4784 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:59:11.0458 4784 rdyboost - ok
15:59:11.0474 4784 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:59:11.0474 4784 RemoteAccess - ok
15:59:11.0489 4784 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:59:11.0489 4784 RemoteRegistry - ok
15:59:11.0536 4784 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
15:59:11.0536 4784 RimUsb - ok
15:59:11.0552 4784 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:59:11.0552 4784 RpcEptMapper - ok
15:59:11.0567 4784 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:59:11.0583 4784 RpcLocator - ok
15:59:11.0599 4784 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:59:11.0599 4784 RpcSs - ok
15:59:11.0614 4784 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:59:11.0614 4784 rspndr - ok
15:59:11.0645 4784 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:59:11.0645 4784 RTL8167 - ok
15:59:11.0677 4784 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:59:11.0677 4784 SamSs - ok
15:59:11.0723 4784 SbFw (cdb954c736d51dc5fa712c039af4f683) C:\Windows\system32\drivers\SbFw.sys
15:59:11.0723 4784 SbFw - ok
15:59:11.0755 4784 SBFWIMCL (5de22e3cb6140213da2e0599b08d525c) C:\Windows\system32\DRIVERS\sbfwim.sys
15:59:11.0755 4784 SBFWIMCL - ok
15:59:11.0755 4784 SBFWIMCLMP (5de22e3cb6140213da2e0599b08d525c) C:\Windows\system32\DRIVERS\SBFWIM.sys
15:59:11.0755 4784 SBFWIMCLMP - ok
15:59:11.0786 4784 sbhips (a5bc45f8c2f30350e7566799c86b2f5d) C:\Windows\system32\drivers\sbhips.sys
15:59:11.0801 4784 sbhips - ok
15:59:11.0801 4784 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:59:11.0801 4784 sbp2port - ok
15:59:11.0817 4784 SBRE - ok
15:59:11.0848 4784 SbTis (f9955774a6bf0a5ca696f591c7b80a79) C:\Windows\system32\drivers\sbtis.sys
15:59:11.0848 4784 SbTis - ok
15:59:11.0864 4784 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:59:11.0864 4784 SCardSvr - ok
15:59:11.0879 4784 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:59:11.0879 4784 scfilter - ok
15:59:11.0911 4784 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:59:11.0926 4784 Schedule - ok
15:59:11.0942 4784 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:59:11.0942 4784 SCPolicySvc - ok
15:59:11.0942 4784 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:59:11.0957 4784 SDRSVC - ok
15:59:11.0973 4784 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:59:11.0973 4784 secdrv - ok
15:59:11.0989 4784 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:59:11.0989 4784 seclogon - ok
15:59:12.0051 4784 Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
15:59:12.0098 4784 Secunia PSI Agent - ok
15:59:12.0113 4784 Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) C:\Program Files (x86)\Secunia\PSI\sua.exe
15:59:12.0160 4784 Secunia Update Agent - ok
15:59:12.0176 4784 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:59:12.0176 4784 SENS - ok
15:59:12.0191 4784 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:59:12.0191 4784 SensrSvc - ok
15:59:12.0207 4784 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
15:59:12.0223 4784 Serenum - ok
15:59:12.0223 4784 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
15:59:12.0223 4784 Serial - ok
15:59:12.0238 4784 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
15:59:12.0238 4784 sermouse - ok
15:59:12.0238 4784 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:59:12.0254 4784 SessionEnv - ok
15:59:12.0254 4784 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:59:12.0254 4784 sffdisk - ok
15:59:12.0269 4784 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:59:12.0269 4784 sffp_mmc - ok
15:59:12.0269 4784 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:59:12.0269 4784 sffp_sd - ok
15:59:12.0285 4784 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
15:59:12.0285 4784 sfloppy - ok
15:59:12.0332 4784 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
15:59:12.0332 4784 Sftfs - ok
15:59:12.0379 4784 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
15:59:12.0379 4784 sftlist - ok
15:59:12.0410 4784 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
15:59:12.0410 4784 Sftplay - ok
15:59:12.0425 4784 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
15:59:12.0425 4784 Sftredir - ok
15:59:12.0441 4784 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
15:59:12.0441 4784 Sftvol - ok
15:59:12.0441 4784 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
15:59:12.0441 4784 sftvsa - ok
15:59:12.0472 4784 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:59:12.0472 4784 SharedAccess - ok
15:59:12.0488 4784 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:59:12.0488 4784 ShellHWDetection - ok
15:59:12.0519 4784 Si3124r5 (da492c8305434ec6f9bdd60c8b83b10e) C:\Windows\system32\drivers\Si3124r5.sys
15:59:12.0519 4784 Si3124r5 - ok
15:59:12.0535 4784 SiFilter (8d10887a1699cf61e74467694b929b09) C:\Windows\system32\drivers\SiWinAcc.sys
15:59:12.0535 4784 SiFilter - ok
15:59:12.0550 4784 SiRemFil (94e1eda9a0b305a67ee1bbd0a68ce21a) C:\Windows\system32\drivers\SiRemFil.sys
15:59:12.0550 4784 SiRemFil - ok
15:59:12.0566 4784 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
15:59:12.0566 4784 SiSRaid2 - ok
15:59:12.0581 4784 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
15:59:12.0581 4784 SiSRaid4 - ok
15:59:12.0597 4784 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
15:59:12.0597 4784 SkypeUpdate - ok
15:59:12.0628 4784 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:59:12.0628 4784 Smb - ok
15:59:12.0659 4784 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:59:12.0659 4784 SNMPTRAP - ok
15:59:12.0659 4784 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:59:12.0659 4784 spldr - ok
15:59:12.0675 4784 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:59:12.0691 4784 Spooler - ok
15:59:12.0737 4784 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:59:12.0784 4784 sppsvc - ok
15:59:12.0800 4784 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:59:12.0815 4784 sppuinotify - ok
15:59:12.0862 4784 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:59:12.0862 4784 srv - ok
15:59:12.0893 4784 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:59:12.0893 4784 srv2 - ok
15:59:12.0909 4784 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:59:12.0909 4784 srvnet - ok
15:59:12.0925 4784 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:59:12.0925 4784 SSDPSRV - ok
15:59:12.0940 4784 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:59:12.0940 4784 SstpSvc - ok
15:59:12.0956 4784 Steam Client Service - ok
15:59:12.0987 4784 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:59:12.0987 4784 Stereo Service - ok
15:59:13.0003 4784 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
15:59:13.0003 4784 stexstor - ok
15:59:13.0049 4784 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:59:13.0049 4784 stisvc - ok
15:59:13.0065 4784 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:59:13.0065 4784 swenum - ok
15:59:13.0081 4784 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:59:13.0081 4784 swprv - ok
15:59:13.0112 4784 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:59:13.0143 4784 SysMain - ok
15:59:13.0205 4784 t3 (6b153e518dbe6ef59191152e1ecf7ed4) C:\Windows\system32\drivers\t3.sys
15:59:13.0205 4784 t3 - ok
15:59:13.0221 4784 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:59:13.0221 4784 TabletInputService - ok
15:59:13.0237 4784 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:59:13.0237 4784 TapiSrv - ok
15:59:13.0252 4784 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:59:13.0252 4784 TBS - ok
15:59:13.0299 4784 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:59:13.0315 4784 Tcpip - ok
15:59:13.0361 4784 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:59:13.0361 4784 TCPIP6 - ok
15:59:13.0393 4784 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:59:13.0393 4784 tcpipreg - ok
15:59:13.0408 4784 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:59:13.0408 4784 TDPIPE - ok
15:59:13.0439 4784 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:59:13.0439 4784 TDTCP - ok
15:59:13.0455 4784 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:59:13.0471 4784 tdx - ok
15:59:13.0471 4784 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
15:59:13.0471 4784 TermDD - ok
15:59:13.0486 4784 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:59:13.0502 4784 TermService - ok
15:59:13.0517 4784 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:59:13.0517 4784 Themes - ok
15:59:13.0533 4784 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:59:13.0549 4784 THREADORDER - ok
15:59:13.0549 4784 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:59:13.0564 4784 TrkWks - ok
15:59:13.0580 4784 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:59:13.0580 4784 TrustedInstaller - ok
15:59:13.0595 4784 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:59:13.0595 4784 tssecsrv - ok
15:59:13.0611 4784 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:59:13.0611 4784 TsUsbFlt - ok
15:59:13.0627 4784 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
15:59:13.0627 4784 TsUsbGD - ok
15:59:13.0658 4784 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:59:13.0658 4784 tunnel - ok
15:59:13.0673 4784 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
15:59:13.0673 4784 uagp35 - ok
15:59:13.0689 4784 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:59:13.0689 4784 udfs - ok
15:59:13.0705 4784 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:59:13.0705 4784 UI0Detect - ok
15:59:13.0720 4784 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:59:13.0720 4784 uliagpkx - ok
15:59:13.0736 4784 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:59:13.0736 4784 umbus - ok
15:59:13.0751 4784 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
15:59:13.0751 4784 UmPass - ok
15:59:13.0814 4784 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
15:59:13.0814 4784 UMVPFSrv - ok
15:59:13.0845 4784 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:59:13.0845 4784 upnphost - ok
15:59:13.0876 4784 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
15:59:13.0876 4784 USBAAPL64 - ok
15:59:13.0907 4784 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:59:13.0907 4784 usbaudio - ok
15:59:13.0939 4784 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:59:13.0939 4784 usbccgp - ok
15:59:13.0970 4784 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:59:13.0970 4784 usbcir - ok
15:59:13.0970 4784 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
15:59:13.0970 4784 usbehci - ok
15:59:14.0001 4784 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:59:14.0001 4784 usbhub - ok
15:59:14.0017 4784 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:59:14.0017 4784 usbohci - ok
15:59:14.0032 4784 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
15:59:14.0032 4784 usbprint - ok
15:59:14.0048 4784 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:59:14.0048 4784 USBSTOR - ok
15:59:14.0063 4784 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:59:14.0063 4784 usbuhci - ok
15:59:14.0079 4784 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
15:59:14.0079 4784 usbvideo - ok
15:59:14.0079 4784 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:59:14.0095 4784 UxSms - ok
15:59:14.0110 4784 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:59:14.0110 4784 VaultSvc - ok
15:59:14.0126 4784 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:59:14.0126 4784 vdrvroot - ok
15:59:14.0157 4784 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:59:14.0157 4784 vds - ok
15:59:14.0173 4784 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:59:14.0173 4784 vga - ok
15:59:14.0173 4784 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:59:14.0173 4784 VgaSave - ok
15:59:14.0188 4784 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:59:14.0188 4784 vhdmp - ok
15:59:14.0204 4784 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:59:14.0204 4784 viaide - ok
15:59:14.0219 4784 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:59:14.0219 4784 volmgr - ok
15:59:14.0235 4784 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:59:14.0251 4784 volmgrx - ok
15:59:14.0251 4784 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:59:14.0266 4784 volsnap - ok
15:59:14.0266 4784 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
15:59:14.0282 4784 vsmraid - ok
15:59:14.0297 4784 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:59:14.0329 4784 VSS - ok
15:59:14.0344 4784 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:59:14.0344 4784 vwifibus - ok
15:59:14.0360 4784 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:59:14.0360 4784 W32Time - ok
15:59:14.0375 4784 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
15:59:14.0375 4784 WacomPen - ok
15:59:14.0391 4784 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:59:14.0391 4784 WANARP - ok
15:59:14.0391 4784 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:59:14.0391 4784 Wanarpv6 - ok
15:59:14.0438 4784 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:59:14.0453 4784 WatAdminSvc - ok
15:59:14.0500 4784 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:59:14.0516 4784 wbengine - ok
15:59:14.0531 4784 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:59:14.0547 4784 WbioSrvc - ok
15:59:14.0563 4784 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:59:14.0563 4784 wcncsvc - ok
15:59:14.0578 4784 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:59:14.0578 4784 WcsPlugInService - ok
15:59:14.0594 4784 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
15:59:14.0594 4784 Wd - ok
15:59:14.0609 4784 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:59:14.0609 4784 Wdf01000 - ok
15:59:14.0625 4784 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:59:14.0625 4784 WdiServiceHost - ok
15:59:14.0625 4784 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:59:14.0625 4784 WdiSystemHost - ok
15:59:14.0656 4784 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:59:14.0656 4784 WebClient - ok
15:59:14.0672 4784 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:59:14.0672 4784 Wecsvc - ok
15:59:14.0687 4784 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:59:14.0687 4784 wercplsupport - ok
15:59:14.0703 4784 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:59:14.0719 4784 WerSvc - ok
15:59:14.0719 4784 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:59:14.0734 4784 WfpLwf - ok
15:59:14.0734 4784 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:59:14.0750 4784 WIMMount - ok
15:59:14.0750 4784 WinDefend - ok
15:59:14.0750 4784 WinHttpAutoProxySvc - ok
15:59:14.0781 4784 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:59:14.0797 4784 Winmgmt - ok
15:59:14.0828 4784 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:59:14.0859 4784 WinRM - ok
15:59:14.0890 4784 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:59:14.0890 4784 WinUsb - ok
15:59:14.0921 4784 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:59:14.0921 4784 Wlansvc - ok
15:59:14.0984 4784 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:59:15.0015 4784 wlidsvc - ok
15:59:15.0031 4784 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:59:15.0031 4784 WmiAcpi - ok
15:59:15.0046 4784 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:59:15.0046 4784 wmiApSrv - ok
15:59:15.0062 4784 WMPNetworkSvc - ok
15:59:15.0077 4784 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:59:15.0077 4784 WPCSvc - ok
15:59:15.0093 4784 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:59:15.0093 4784 WPDBusEnum - ok
15:59:15.0109 4784 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:59:15.0109 4784 ws2ifsl - ok
15:59:15.0124 4784 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
15:59:15.0124 4784 wscsvc - ok
15:59:15.0155 4784 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:59:15.0187 4784 wuauserv - ok
15:59:15.0202 4784 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:59:15.0218 4784 WudfPf - ok
15:59:15.0249 4784 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:59:15.0249 4784 WUDFRd - ok
15:59:15.0265 4784 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:59:15.0265 4784 wudfsvc - ok
15:59:15.0280 4784 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:59:15.0296 4784 WwanSvc - ok
15:59:15.0296 4784 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:59:15.0405 4784 \Device\Harddisk0\DR0 - ok
15:59:15.0405 4784 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
15:59:16.0201 4784 \Device\Harddisk1\DR1 - ok
15:59:16.0201 4784 Boot (0x1200) (59786cd57304932c0422adc6c7d1158f) \Device\Harddisk0\DR0\Partition0
15:59:16.0201 4784 \Device\Harddisk0\DR0\Partition0 - ok
15:59:16.0201 4784 Boot (0x1200) (64b0b45b16944a4861b7ef78640e6f3c) \Device\Harddisk1\DR1\Partition0
15:59:16.0201 4784 \Device\Harddisk1\DR1\Partition0 - ok
15:59:16.0201 4784 ============================================================
15:59:16.0201 4784 Scan finished
15:59:16.0201 4784 ============================================================
15:59:16.0201 3416 Detected object count: 0
15:59:16.0201 3416 Actual detected object count: 0

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:48 AM

Posted 22 April 2012 - 05:19 PM

Your MBAM log shows "No action taken" did you click the Remove Selected button?

I take you still have Happili/

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 vercingetorix237

vercingetorix237
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 22 April 2012 - 07:42 PM

Sorry, I hit the save log button before I had MBAM remove selected. I did remove the files just after I saved the log.

Actually, that's a good question -- do I still have the redirect? I've been running a number of different Google searches, and am not getting redirected. I presume that means that one of the scans you prescribed fixed my problem. Just in case, I've run aswMBR like you asked. Here's what I get:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-22 19:44:07
-----------------------------
19:44:07.651 OS Version: Windows x64 6.1.7601 Service Pack 1
19:44:07.651 Number of processors: 4 586 0x2A07
19:44:07.651 ComputerName: VESPASIAN UserName: Sean
19:44:10.068 Initialize success
19:44:50.956 AVAST engine defs: 12042201
19:45:00.747 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
19:45:00.749 Disk 0 Vendor: Intel___ 1.0. Size: 715402MB BusType: 8
19:45:00.750 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
19:45:00.751 Disk 1 Vendor: ST310005 CC3E Size: 953869MB BusType: 3
19:45:00.758 Disk 1 MBR read successfully
19:45:00.759 Disk 1 MBR scan
19:45:00.788 Disk 1 Windows 7 default MBR code
19:45:00.790 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 2048
19:45:00.827 Disk 1 scanning C:\Windows\system32\drivers
19:45:10.589 Service scanning
19:45:29.328 Modules scanning
19:45:29.328 Disk 1 trace - called modules:
19:45:29.340 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:45:29.341 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800ab75060]
19:45:29.341 3 CLASSPNP.SYS[fffff8800100443f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8008763050]
19:45:31.124 AVAST engine scan C:\Windows
19:45:33.176 AVAST engine scan C:\Windows\system32
19:47:49.572 AVAST engine scan C:\Windows\system32\drivers
19:47:59.654 AVAST engine scan C:\Users\Sean
19:48:24.678 File: C:\Users\Sean\AppData\Roaming\Apple Computer\Apple Computer\tceskqa.dll **INFECTED** Win32:Trojan-gen
19:54:18.311 AVAST engine scan C:\ProgramData
19:56:24.945 Scan finished successfully
20:39:16.462 Disk 1 MBR has been saved successfully to "C:\Users\Sean\Downloads\MBR.dat"
20:39:16.492 The log file has been saved successfully to "C:\Users\Sean\Downloads\aswMBR.txt"

Thanks for your help.

v

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:48 AM

Posted 22 April 2012 - 08:33 PM

Re-Run aswMBR

  • Click Scan
  • On completion of the scan, click the FIX button,
  • There is a slight pause after clicking the 'Fix' button.
  • Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
  • Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.

    Note:After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.
  • Save the log as before and post in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 vercingetorix237

vercingetorix237
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 23 April 2012 - 07:25 AM

Boopme,

Here's the log. Thanks!

v

________________________________

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-23 08:19:19
-----------------------------
08:19:19.589 OS Version: Windows x64 6.1.7601 Service Pack 1
08:19:19.589 Number of processors: 4 586 0x2A07
08:19:19.589 ComputerName: VESPASIAN UserName: Sean
08:19:21.461 Initialize success
08:19:25.174 AVAST engine defs: 12042201
08:19:28.388 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
08:19:28.388 Disk 0 Vendor: Intel___ 1.0. Size: 715402MB BusType: 8
08:19:28.388 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
08:19:28.388 Disk 1 Vendor: ST310005 CC3E Size: 953869MB BusType: 3
08:19:28.403 Disk 1 MBR read successfully
08:19:28.403 Disk 1 MBR scan
08:19:28.434 Disk 1 Windows 7 default MBR code
08:19:28.450 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 2048
08:19:28.481 Disk 1 scanning C:\Windows\system32\drivers
08:19:37.993 Service scanning
08:19:54.345 Modules scanning
08:19:54.348 Disk 1 trace - called modules:
08:19:54.348 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
08:19:54.348 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800ab95060]
08:19:54.348 3 CLASSPNP.SYS[fffff8800102a43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800719b050]
08:20:02.514 AVAST engine scan C:\Windows
08:20:04.480 AVAST engine scan C:\Windows\system32
08:22:14.537 AVAST engine scan C:\Windows\system32\drivers
08:22:27.189 AVAST engine scan C:\Users\Sean
08:22:51.946 File: C:\Users\Sean\AppData\Roaming\Apple Computer\Apple Computer\tceskqa.dll **INFECTED** Win32:Trojan-gen
08:23:07.925 Verifying
08:23:17.940 Disk 1 Windows 601 MBR fixed successfully
08:23:54.881 Disk 1 MBR has been saved successfully to "C:\Users\Sean\Downloads\MBR.dat"
08:23:54.896 The log file has been saved successfully to "C:\Users\Sean\Downloads\aswMBR.txt"
08:24:17.404 Disk 1 MBR has been saved successfully to "C:\Users\Sean\Downloads\MBR.dat"
08:24:17.419 The log file has been saved successfully to "C:\Users\Sean\Downloads\aswMBR.txt"

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:48 AM

Posted 23 April 2012 - 09:35 AM

How is it now??

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 vercingetorix237

vercingetorix237
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 23 April 2012 - 08:54 PM

Hi. I've run the program, and here's what it found:

C:\Users\Sean\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\548af199-47f8d0f0 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Users\Sean\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\144d702c-1d4801a8 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Users\Sean\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\4bd3cb9a-19c60ec9 Java/Exploit.Agent.NAX trojan cleaned by deleting - quarantined
C:\Users\Sean\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\1b0b81d-523989d5 multiple threats deleted - quarantined


Thanks,

v

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:48 AM

Posted 23 April 2012 - 09:08 PM

You're welcome// Another look please,it not long.
What type of Apple software are you running?



Please download mbr.exe and save it to the root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe >>"C:\mbr.log"
  • press Enter.
  • The process is automatic...a black DOS window will open and quickly disappear. This is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.
If you have a problem using the command prompt, you can just double-click on mbr.exe to run the tool.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 vercingetorix237

vercingetorix237
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 24 April 2012 - 07:29 PM

Sorry, boopme -- I tried to run MBR, both via the command line and by double-clicking, but didn't manage to get the program to run:

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601

device: opened successfully
user: error reading MBR
error: Read The handle is invalid.
kernel: error reading MBR

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:48 AM

Posted 24 April 2012 - 08:38 PM

How is it running now? I believe that was a fail due to its difficulty with 64 bit systems.

Edited by boopme, 24 April 2012 - 08:39 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 vercingetorix237

vercingetorix237
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 24 April 2012 - 10:31 PM

boopme,

I've run a number of searches, and no redirects. I think you've fixed the problem.

Thanks so much for your help. This is a great website, and you've been generous with your expertise. I appreciate it.

v

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:48 AM

Posted 25 April 2012 - 01:00 PM

Great!! looks god and you're welcome.

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users